Ok, second post, second question asked "Besides being federated, what advantages does this have over Reddit?" and their answer is "live-updates, federation, and RES-like mod abilities". Plus a...
Ok, second post, second question asked "Besides being federated, what advantages does this have over Reddit?" and their answer is "live-updates, federation, and RES-like mod abilities". Plus a dump of technical features.
What I like about Tildes is that the answer to why it exists is basically "not for reasons that redditors generally care about", which is exactly why it attracts the people who create the kind of content I like.
I think this is because the question they are answering is "what advantages does lemmy the software" have over reddit rather than "what advantages does the flag ship instance dev.lemmy.ml have".
I think this is because the question they are answering is "what advantages does lemmy the software" have over reddit rather than "what advantages does the flag ship instance dev.lemmy.ml have".
Which is exactly the kind of thinking that dooms so many open source projects. At one point, you have to connect them with reality, which is always seen as an unimportant afterthought.
Which is exactly the kind of thinking that dooms so many open source projects. At one point, you have to connect them with reality, which is always seen as an unimportant afterthought.
The ones setting up the application (developers) for the community are not the real target audience; the community intended to use it is. They want to know that it has the features they like to...
The ones setting up the application (developers) for the community are not the real target audience; the community intended to use it is. They want to know that it has the features they like to use, and if you want them to switch from another platform, what better features meaningful to them the new service provides. Between an technically/ideologically "better" platform that lacks stand-out user features and a platform making some technical compromises but has the features users want (or is the existing popular choice), people are going to go with the latter.
You don't need the specific community like DIY woodworkers. "Social link aggregator", "personal photo sharing", "discussion platform", "real time chat", "collaborative business communication" etc....
It isn't reasonable to expect developers to know who the end users of their software will be to that level of specificity. Yes, they should target features at those end users, but it's not up to them to build communities. When they take on that responsibility, you get centralized cesspits.
You don't need the specific community like DIY woodworkers. "Social link aggregator", "personal photo sharing", "discussion platform", "real time chat", "collaborative business communication" etc. all have day-to-day non-technical administrative and end-user features (many overlapping) that are more or less requirements at this point based on what people have come to expect from the established players. A new offering is going to have to distinguish themselves in a way that has a visible impact for the people using it.
The underlying assumption here is that technical or ideological superiority cannot be, itself, a stand-out user feature.
For most people, technical superiority under the hood simply isn't. It's worth mentioning for those that care, but I've yet to see it be successful as the headliner. I may have been unclear what I meant by "Ideological"; i meant it in terms of the tech (since we're talking about the tech), like the kind of points RMS proselytizes or academic like "this is a more memory efficient algorithm".
Having spent a while as a web developer at a consulting firm, interacting with clients, I've seen first hand the disconnect that can sometimes come up between developers' priorities and the end user/client priorities. As a developer it is essential to connect and justify the technical decisions to the user's priorities, ideally with concrete numbers or situations that have actually happened, otherwise it's an uphill battle to get them on board. When it comes to things with network effects, making those connections is even more important.
People are allowed to write and market software that you, personally, don't want to use. They are not asking you to use it, at least not in this thread.
Sure, and we are still allowed to comment on and criticize, especially if we'd like to see alternatives actually see wider adoption.
So, it makes sense, as federation is really the main feature. One of the problems of Reddit is that it creates that central authority, and if Reddit goes down all of Reddit goes down. But there...
So, it makes sense, as federation is really the main feature. One of the problems of Reddit is that it creates that central authority, and if Reddit goes down all of Reddit goes down.
But there are some key features I like:
Clean, mobile-friendly interface. I despise that everything demands an App. Apps should be optional, not mandatory.
RSS / Atom feeds. It's a great system that has largely been abandoned, and would love to see a resurgence.
A similar post search when creating new posts. This is a huge feature. I would like to see it used so that X-Posts all merge to one comment thread. Also could be used to identify dupe content to weed out 'karma farmers'
Containerized Rust app that supports arm64 / Raspberry Pi. This is important for self-hosting, a Raspberry Pi can easily host a medium-sized community with a good net connection.
I do dislike that it's an SPA, but very few non-technical users care about things like that anyway.
Maybe not most, but I've certainly seen my fair share of 'oh god reddit was down' posts. Being federated also makes it harder to block the whole ecosystem in the case of censorship.
Maybe not most, but I've certainly seen my fair share of 'oh god reddit was down' posts.
Being federated also makes it harder to block the whole ecosystem in the case of censorship.
I guess Reddit has been down for probably 10x more than say, youtube, but that's not really saying much, I'm sure it still has 99.9% uptime, probably more 9s there. Reddit censorship is almost...
I guess Reddit has been down for probably 10x more than say, youtube, but that's not really saying much, I'm sure it still has 99.9% uptime, probably more 9s there.
Being federated also makes it harder to block the whole ecosystem in the case of censorship.
Reddit censorship is almost entirely from moderators of specific subs, though. Honestly, if anything Reddit's big issue (imo) is not enough central censorship. The admins consistently allow vile, hateful subs which quite clearly break site rule by doxxing... for some reason. Section 230 exists for a reason!
Idk, I feel like based on my Reddit experience more federation will make it more censored, by giving the mod-equivalents full power.
r/watchpeopledie getting banned is not a result of the sub's lack of moderation but the fact that the content of the sub is not advertiser friendly. If I remember correctly, some members of the...
Reddit censorship is almost entirely from moderators of specific subs, though. Honestly, if anything Reddit's big issue (imo) is not enough central censorship
r/watchpeopledie getting banned is not a result of the sub's lack of moderation but the fact that the content of the sub is not advertiser friendly. If I remember correctly, some members of the subreddit are posting the video of Christchurch shooting, the mods imposed strict ban for anyone posting the video.
The moderators have the ultimate power of what content is shown and member of the subreddit are basically powerless against any mod abuse. Those angers and frustration are channelled into subs such as r/watchredditdie. The admins are the only one in power that can remove moderators, and they did, half assly by remove half of TD's moderators.
Little known fact: you can take over any subreddit if the creator/mods haven't had had public activity in 60 days.
How? Just ask: https://old.reddit.com/r/redditrequest/
I took over some big subreddits this way and I've had big subreddits taken away from me because I forgot to log in and comment on the account I used to create it. Even though I was active on a non-creator/non-mod account. It's actually how I found out about the "feature".
A very poorly implemented feature given the potential value of subreddits and all the work it takes to grow one.
So if you run a subreddit that you care about, remember to assign some active mods even just to avoid someone taking over your subreddit.
I feel like based on my Reddit experience more federation will make it more censored, by giving the mod-equivalents full power.
As you can see reddit mods already have that power.
Speculation: Reddit has long past the point of a community run discussion board to become a profit driven website, one that is like facebook, where the moderation is driven by public outcry. Reddit will maximize traffic by maintaining a certain degree of controversial topic on the front page, only stepping in when said topic gone out of hand and getting reported by mainstream media, and hurts the site's advertisement.
Just a speculation.
One of reddit's attraction is the various interest-centrict subs. Back when reddit first came out it only has one front page and you could post anything there. As users grow, the sub feature was added. Without a user mass the sub feature will not see much use.
Lemmy is not reddit alternative, no community driven project will grow to the size of reddit without substantial financial backing. When you see the existing reddit alternative they are all exiles from the banned subreddit such that you have people with extreme opinions. Lemmy would at least allow those who wish not to get involved with the alternatives to establish their own smaller reddit circle with their own moderation rules.
https://old.reddit.com/r/linux/comments/guklhr/we_are_the_devs_behind_lemmy_an_open_source/fsj77bn/?context=1 And therein lies the problem with federated social media for me. It doesn't actually...
A few reddit clones have been made to cater for the alt-right and/or Cult45, how will Lemmy avoid becoming similar (or i guess what I mean is how will Lemmy remain usable for those that don't want that)?
I feel ya, I almost cringe whenever I hear the term "reddit alternative" because of how infested with bigots these alternatives become. On the instances we control at least, we have a very strict code of conduct against bigotry of all forms, and we will never allow nazis on the ones we control. But unfortunately, its open-source software, and we can't prevent people from starting bigoted instances. The best we can do (and we currently have this in our federation builds), is to make sure federation has whitelist and a blacklist for blocking these instances.
And therein lies the problem with federated social media for me. It doesn't actually solve the problem of giving the alt-right and hatemongers a platform to spread their bullshit, it continues to enable them, and their only answer is to try to sweep the problem under the rug.
This is not a problem with federated social media: that's a problem with social media. You can't control how people use open-source software. I'm looking at it not much as a user but as a...
This is not a problem with federated social media: that's a problem with social media.
You can't control how people use open-source software. I'm looking at it not much as a user but as a developer. If someone starts a notebook saying terrible things about a particular person, than share said notebook for others to see... fuck am I supposed to do about that?
Of course I'd hate to see that happen. Bullying is bullshit. No one deserves any. But, as a developer of the kind of software that's by its very nature open to use, I can't go about and police all the notebooks ever created. Not only is it ridiculously time-consuming, but I also have no real leverage over the end user.
Suppose I create some form of security layer to Intergrid that prevents certain people from accessing it. If I use cookies, the malicious user could simply clear their cookies and do whatever they wanted to do prior, with no restriction (until I ban them again, and don't get me started on the cat-and-mouse chase that is this bullshit). If I use localStorage, they might have to lose all their notes to get back onto the service, but they've already shared it, so just copy everything from an ally. If I ban them with IP blocking, I'm just scattershooting everyone in the vicinity; I don't need to explain to you how graceless that is.
Now. If I ever have a public notebook of my own – that others can access and write to – I absolutely do get to police it. In fact, I figure I must: it's my place to keep clean. If I have a forum of my own, you bet I'm going to broom that place up with regularity. But if someone uses the myBB engine to create a Nazi supporter forum, is that myBB's fault? Should they start licencing their product and check customers on Nazi sympathies before giving a license away? If so, how? Which way is going to be so effective yet so non-intrusive that it would be perfectly fine with everyone? If you know of any, you might well be ready to solve one of the biggest issues of the 21st century: allowing security that maintains privacy.
The fact that Lemmy creators even bother with lists is step forward from Reddit's libertarian-until-press-catches-on approach. It's not a 100% solution, but if anything short of that is not enough for you, you'll soon find yourself living under a rock.
Well said and I do see your dilemma as a developer, but I honestly still feel like the "I can't control how my software is used" argument is a bit of an excuse, and/or attempt by programmers to...
Well said and I do see your dilemma as a developer, but I honestly still feel like the "I can't control how my software is used" argument is a bit of an excuse, and/or attempt by programmers to absolve themselves of ethical responsibility... which is why I fully support the new attempts to craft ethical source software licenses, e.g. The Hippocratic License
An Ethical License for Open Source Projects
For too long, we as software developers have divorced ourselves from the consequences of the code that we write. We have told ourselves that development is a pure and abstract pursuit, and have spent our careers writing programs with the goals of clarity, conciseness, readability, performance, and elegance.
But we are starting to realize that the software that we create has a real and lasting impact on the world in which we live.
Politics and software are so tangled that they cannot be reasonably separated. Consider the GPS software that tells you how to get to a restaurant; it’s also used to direct military drones to their targets. The facial recognition software that unlocks your phone? It’s being used to record, track, and target the activities of political dissenters.
All of these technologies are inherently political. There is no neutral political position in technology. You can’t build systems that can be weaponized against marginalized people and take no responsibility for them.
One of the delightful things about code is discovering its utility in novel situations. But if those novel situations involve harming other people, we can and should feel responsible. So what can we do about it?
Open source licenses have long been the primary tool for promoting the use of our software under our own rules and conditions. In the past these licenses were used to allow the free distribution, modification, and use of our software. But there is nothing stopping us from taking this further.
Introducing the Hippocratic License: an Ethical Source license that specifically prohibits the use of software to violate universal standards of human rights, and embodying the principles of Ethical Source Software.
This seems almost entirely unlike open source, though? Open source, at one extreme, is like putting a note in a bottle and throwing it into the ocean. You often have no relationship with your...
This seems almost entirely unlike open source, though?
Open source, at one extreme, is like putting a note in a bottle and throwing it into the ocean. You often have no relationship with your users; you don't even know who they are. They might not stumble across your code for years after you wrote it. You could put conditions in the license, but how will the license be enforced? Often, they aren't. But we have licenses to reassure businesses about the risks they're taking by using the code.
The opposite would be something like the know your customer requirements for financial services. Nobody gets an account without showing their ID, and banks are increasingly required to do due diligence by getting financial records from their business customers and making sure they know what business they're in. (This doesn't always happen, but that's the intent.)
So the question I have is why any volunteer group would want to do all that work? Policing your customers, or even keeping track of them and maintaining relationships, is tedious. It doesn't seem like the sort of unpaid labor that many programmers working in their free time would be interested in?
And what business is going to let itself be policed by random programmers somewhere on the Internet, just because they want to use a software library?
You can write terms in a license but it doesn't solve the social problem.
So, it seems like absolving open source programmers of this ethical responsibility is a baseline requirement for having an open source community at all. (This is also why all open source software comes with no warranty. How could it be otherwise? Do you want to have to pay damages for bugs in code you gave away for free?)
I remember a hunk of years ago in KDE during an Akademy where this came up and many of the core points that came up where basically mirroring yours but one counter argument is that there is a form...
I remember a hunk of years ago in KDE during an Akademy where this came up and many of the core points that came up where basically mirroring yours but one counter argument is that there is a form of policing in place already in the form of GPL variants where the people editing need to share the source code. Which is not the same, but have a similar effect since the license includes more than just "use as you wish". The alternative BSD license isn't or wasn't very popular in comparison in that group which was why the argument was put forward. It didn't win out though.
Now personally I would probably avoid anything ethically licensed. Not because I disagree with it - but because I worry about it since "ethics" is way vaguer and even though universal human rights is a hefty document it still demands interpretation and it also includes the right of free speech and many of the stand points held by extreme right wing groups - and with some finagling all of their stand points.
Having someone open a bug report saying "This group is using your thing against the license requirements" and having to mull through another debate of keyboard-lawyering and high school philosophy debate styled argumentation bores me to tears. Having to actually hire a proper lawyer with insight in UN human rights laws would be costly AF.
One of the more interesting effects was how the development crews looked at discouraging the absurd cultists from using our software though. Saying that "the developer of that software library is a transgendered person" could cause meltdowns since that in many of their ideologies ment that someone part of a larger conspiracy against [insert fantasy here] had had a finger in the deeper more integral parts of what they used.
But that was far from 100%. Being clear about our motivations as a group helped a bit too - also not 100%.
Do hatespeech laws in Canada mean free speech does not exist here? Why must opensource only be defined in one particularly absolutist, and totally ethically neutral way? From the license:...
This seems almost entirely unlike open source, though? ... So, it seems like absolving open source programmers of this ethical responsibility is a baseline requirement for having an open source community at all.
Do hatespeech laws in Canada mean free speech does not exist here? Why must opensource only be defined in one particularly absolutist, and totally ethically neutral way?
but how will the license be enforced?
From the license:
Failure to Comply. Any failure of Licensee to act according to the terms and conditions of this License is both a breach of the License and an infringement of the intellectual property rights of the Licensor (subject to exceptions under Laws, e.g., fair use). In the event of a breach or infringement, the terms and conditions of this License may be enforced by Licensor under the Laws of any jurisdiction to which Licensee is subject. Licensee also agrees that the Licensor may enforce the terms and conditions of this License against Licensee through specific performance (or similar remedy under Laws) to the extent permitted by Laws. For clarity, except in the event of a breach of this License, infringement, or as otherwise stated in this License, Licensor may not terminate this License with Licensee.
IANAL.... but AFAIK most of these ethical source software licenses are attempting to flip the enforcement method from being entirely contract law based (which requires litigation to enforce) like most others, to that of copyright/IP law based (which doesn't necessarily require litigation thanks to the DMCA and other existing IP infringing content takedown laws).
So the question I have is why any volunteer group would want to do all that work? Policing your customers, or even keeping track of them and maintaining relationships, is tedious. It doesn't seem like the sort of unpaid labor that many programmers working in their free time would be interested in?
Again IANAL, but AFAIK there is no obligation under the license for adopters to police all their customers/users, but if they are made aware of someone using their software for unethical purposes (in this particular case, those that contravene the Universal Declaration of Human Rights), at least these licenses try to give developers a method of disputing its continued use by those users.
A side issue: unlike most broad terms, "open source" has an official definition. With a lot of different licenses coming out, they wanted to make clear which licenses allow sharing code with...
Why must opensource only be defined in one particularly absolutist, and totally ethically neutral way?
A side issue: unlike most broad terms, "open source" has an official definition. With a lot of different licenses coming out, they wanted to make clear which licenses allow sharing code with everyone for any purpose. (The danger is commercial vendors causing confusion.)
Of course people often don't agree with official definitions, but I don't want to see it watered down to become a mere buzzword, like "agile", "open", or similar words. Do you? I think trying to change the definition now would just lead to it being a buzzword.
"Open source" isn't a synonym for "good," it's a particular approach to sharing software. There are other licenses and other ways of sharing that might be good ideas. For clarity I think they need their own names. "Ethical source" is at least clearly different, though I don't agree with the implication that other ways of sharing are unethical.
AFAIK there is no obligation under the license for adopters to police all their customers/users
Yes, you're right. I said that incorrectly.
at least these licenses try to give developers a method of disputing its continued use by those users.
Do not want! I'm wary of having even optional ways to terminate a license. As an author I don't like the idea of having a legal "kill switch" because I don't want to have that sort of power relationship over people I don't know. Sometimes it's necessary, but I want to minimize that. I think it poisons the relationship between author and user if they think I'm trying to control them (which is why the "right to fork" is important). I don't want to be the cop, particularly not for free, and so this isn't an option that appeals to me.
And as a user I'm not interested in collecting extra obligations to comply with other people's licenses. Particularly when using package management to download large collections of interconnected libraries, I think we should be able to pick useful packages without having to worry too much about their licenses or their dependencies' licenses.
With something like the GPL, it's at least very well-established and clear what you need to do to avoid getting your license terminated, so I accept that, though I wouldn't pick the GPL for my own project and I don't think it should be used for libraries.
It's already the case that doing license compliance properly can take a lot of work. For example, there are scanning tools that the big companies use to make sure they don't inadvertently pick up any licenses they don't want to comply with. I would guess most users ignore this (like we mostly don't pay attention to shrinkwrap licenses) but when we're talking about whether a license is a good idea or not, I want it to be based on what happens if we try to follow the license agreements strictly.
I'm not the parent, but yes. I abandoned to OSI's definition years ago because it's just not used that way in the real world. It's for the same reason that we don't insist other's say "facial...
Of course people often don't agree with official definitions, but I don't want to see it watered down to become a mere buzzword, like "agile", "open", or similar words. Do you?
I'm not the parent, but yes. I abandoned to OSI's definition years ago because it's just not used that way in the real world. It's for the same reason that we don't insist other's say "facial tissue" instead of Kleenex - we know what they mean, and it's commonly understood.
I might grumble every time somebody says "hashtag" to refer to an octothorpe, but that's just the way it works. Words change, and they always have. In my opinion the only reason the OSD has held sway this long is because programmers (myself included) are a particularly pedantic breed of people.
Prescriptivism is frowned upon in linguistics, and for good reason. It comes across as dogmatic and inflexible. It describes what "ought to be", but not what actually is. That might work in the world of APIs and standards, but not for something as fluid as language.
Besides, I never thought the arguments for insisting on the OSI's definition were very good. Why does it matter if "open-source" is a precise term? That's exactly what licenses are for. They spell out the usage rights in no uncertain terms.
It matters in the sense that if it's an OSI approved license, you know that the license confers the rights to modify and redistribute. Part of the reason that 'open source' was coined was to...
Why does it matter if "open-source" is a precise term? That's exactly what licenses are for. They spell out the usage rights in no uncertain terms.
It matters in the sense that if it's an OSI approved license, you know that the license confers the rights to modify and redistribute.
Part of the reason that 'open source' was coined was to distinguish it from 'free software', where people often confused 'right to modify and redistribute' and 'free of charge.'
Languages do evolve, but there are some substantial issues with that when taken to extremes. 'Literally' is one example, where the definition became the opposite because of incredibe misuse, and I have yet to find a term that equates to 'no I'm not being hyperbolic'.
Open Source needs to have a firm definition to prevent it from being co-opted and abused, as an 'open source' license (as defined by the OSI) confers certain rights to the end users. If a company declares their license as open source, but doesn't include these rights, it dilutes the term into a mere buzzword and muddies the waters.
It's the same reason I support a legal definition of milk as 'lactation from an animal'. Or chocolate as 'must contain at least X% cacao.'
Without any sort of enforcements, it becomes easy for companies to decieve people into thinking they're getting something they aren't.
Look at the whole gluten-free fad. Many gluten free products were being made that weren't safe for Celiacs to eat because they didn't follow proper precautions during preparation.
I wouldn't put it past any of the largest tech companies to try to rebrand a 'look but don't touch' license as open source, which is antithical to the whole purpose of it. See Microsoft's bullshit about Office files being an 'open standard' when they were not anything of the sort when governments started requiring it.
This seems like a shortcut that isn't altogether necessary anymore. For instance, if we look at Tildes' license on either Github or Gitlab, it lists exactly the freedoms they confer....
It matters in the sense that if it's an OSI approved license, you know that the license confers the rights to modify and redistribute.
This seems like a shortcut that isn't altogether necessary anymore. For instance, if we look at Tildes' license on either Github or Gitlab, it lists exactly the freedoms they confer.
Even if these features weren't available, almost all licenses have their permissions spelled out from services like tldrlegal.com. Licenses are not hard to parse these days.
If a company declares their license as open source, but doesn't include these rights, it dilutes the term into a mere buzzword and muddies the waters.
What I'm suggesting is that this has already happened. It happened long ago. A significant portion of the uses of "open-source" online do not meet the OSI's definition. We can either stop and object every time somebody uses the term "incorrectly", or we can get with the program and accept that this battle has long been over.
Without any sort of enforcements, it becomes easy for companies to decieve people into thinking they're getting something they aren't.
I don't think most people, in the sense of non-techies, are aware of what the OSI actually is. And those savvy enough will surely be checking the license themselves anyway.
I don't think the comparison to Celiacs really applies. Food safety requirements are a very different ballgame to language fluidity.
A statement of principles can be useful for groups making decisions about which licenses to accept. For example, it's helpful for distributions like Debian, where they decide which licenses are...
A statement of principles can be useful for groups making decisions about which licenses to accept. For example, it's helpful for distributions like Debian, where they decide which licenses are allowed in the distribution. (Debian doesn't incorporate the open source definition, preferring their own, which is similarly precise. See guidelines 5 and 6 which are identical to the open source definition.)
But that's different from what a dictionary usually does, which is just to document common usage as a guide to understanding what other people are saying.
I'm not usually a prescriptionist, but I don't think the battle is lost on this one. When I say "open source" that's the definition I mean. In formal writing, I might link to the open source definition to avoid any confusion. Using terms loosely annoys specialists, and I guess that's what's going on here?
This I am totally okay with. In this example you're defining a specific subset of permissions to allow, be it for reasons of legality, ethics, or compatibility. If you wanted to ask, "Does this...
A statement of principles can be useful for groups making decisions about which licenses to accept.
This I am totally okay with. In this example you're defining a specific subset of permissions to allow, be it for reasons of legality, ethics, or compatibility. If you wanted to ask, "Does this project meet the OSD's requirements?", then that's a perfectly valid question.
Similarly, asking "Does this project meet Debian's requirements?" is just as valid as the question above, at least in the context of Debian. If you're trying to land some software in a Debian repo, then those are the requirements you need to meet.
In some cases it will make sense to create a set of requirements, and give them a name like above. A statement of values can be useful for a project. I'm even okay with referring to "the OSI's definition of open-source", as that has a specific meaning. In fact, my only objection is insisting that this is the only definition of the phrase, as I believe that is no longer the case.
Even the question of "does this meet the OSD?" is not particularly useful anymore, I'd argue, as many companies have made the decision to avoid GPL software for fear of accidentally having to expose internal code. Those companies would have their own sets of requirements which do not align with the OSD.
We may differ on this, but I find open-source is most useful as an umbrella term. That includes everything from WTFPL to a basic visible-source license. That's how it's used most commonly today, and I say, why not?
Remember, we're not losing anything. The OSD still exists if you want to refer to it. The license itself will be more precise than anyone's specific list of requirements. I think it's time to move forward on this one.
Well, the place this debate usually comes up is when companies claim they are open source, and when you look into it, their source code license is more restrictive. This is controversial and I...
Well, the place this debate usually comes up is when companies claim they are open source, and when you look into it, their source code license is more restrictive. This is controversial and I think it should be controversial. I don't want to let them get away with it. As a term used in advertising, I think it should stay the way it is.
But then, I remember whenever every company said they were "open" and it didn't mean anything.
I'm not going to get into a pedantic argument about the definition of open source, because as you said, that is a side issue, and is a bit of a red herring IMO. Yes, I know you don't, and neither...
I'm not going to get into a pedantic argument about the definition of open source, because as you said, that is a side issue, and is a bit of a red herring IMO.
Do not want! I'm wary of having even optional ways to terminate a license. As an author I don't like the idea of having a legal "kill switch" because I don't want to have that sort of power relationship over people I don't know.
Yes, I know you don't, and neither do the vast majority of programmers, which is why my opinion here is incredibly unpopular. As I said right from the start, programmers want to absolve themselves of all ethical responsibility for how their software is used.
I can understand why it's problematic for major core libraries and dependencies to be ethically licensed (though IMO it's likely not unsolvable), but social media in particular is being weaponized by hatemongers these days, and at the very least I think that open-source social media software makers should seriously start to consider supporting and adopting ethical source licenses so their product can't be used by those hatemongers.
I think it would be reasonable in the case of a social media server to use an alternative license for the top-level repo. However, licenses of any kind are mainly for business and in-community...
I think it would be reasonable in the case of a social media server to use an alternative license for the top-level repo. However, licenses of any kind are mainly for business and in-community disputes. Outside hackers aren't going to read and follow license agreements. They will do what they like.
So, if you're really concerned, maybe you shouldn't release the source code at all? As far as I know, Hacker News doesn't release their source code, probably due to concerns about how it might be misused.
And this is also what companies do. They're careful not to release stuff as open source unless they are fine with the consequences of everyone seeing and using it. As programmers, maybe we should be careful about what we release too?
OpenAI tried to start a conversation about this with GPT-2, but it was quite controversial. The scientific community is built on openness but there are things that might be too dangerous to share openly.
You can't stop hackers and pirates from using even closed source software if they're motivated enough to do so, but the vast majority of people are usually willing to abide by licenses. But that's...
Outside hackers aren't going to read and follow license agreements. They will do what they like.
You can't stop hackers and pirates from using even closed source software if they're motivated enough to do so, but the vast majority of people are usually willing to abide by licenses. But that's not really the purpose/point of these ethical source licenses anyways. Their purpose is to provide legal redress and a means to stop continued misuse when people are identified and caught violating the terms of the license. Don't let perfect be the enemy of good.
So, if you're really concerned, maybe you shouldn't release the source code at all?
There are plenty of reasons, other than absolutist adherence to FOSS principles, to open the source code of a project, e.g. so the devs and others can still get the benefits of the code being open, visible, available, able to be publicly reviewed/audited, accept contributions from the public, able to be forked, ensuring the devs are held accountable, etc. etc. etc. etc.
So maybe programmers at large should stop gatekeeping using their sacred definitions of what makes something "open source", and start accepting responsibility for their software being misused by bad actors? Or at the very least, IMO they should start trying to accept the fact that others are trying to do just that, and stop fighting those efforts so much.
For servers, not releasing the source tends to be pretty useful in stopping misuse, since they can only go through your API and that gives you a lot of options. For client-side code, yeah, it's...
For servers, not releasing the source tends to be pretty useful in stopping misuse, since they can only go through your API and that gives you a lot of options.
For client-side code, yeah, it's not going to matter for a determined hacker since they can disassemble the code. But it's a speedbump and it avoids secrets leaking through comments and unused code (that would get compiled away).
And this is why we always do input validation on the server; you should never trust the client.
With respect to legal redress, I have never gotten lawyers involved for my personal hacking and I hope never to need to do that. I would prefer not to release code if there's a risk of getting into a legal dispute. Maybe that's different for organizations who can afford lawyers, though.
Maybe an alternative would be to work on code that's less dangerous. Unpaid work is supposed to be for fun, after all.
So I guess my conclusion is that, yes, you could use a different license, but there aren't that many situations where it helps? It seems rather specialized.
Unless you're Nostrodamus, good luck predicting what software can be made dangerous or misused. And isn't that sort of attitude of "don't work on anything dangerous" simply letting yourself be...
Unless you're Nostrodamus, good luck predicting what software can be made dangerous or misused. And isn't that sort of attitude of "don't work on anything dangerous" simply letting yourself be held hostage by bad actors anyways?
Here is a crazy idea, but hear me out... instead of never working on any "open source" software that can potentially be dangerous/misused, how about we try to craft some sort of, I dunno, "ethical" open source software license that allows us to dispute its use by those bad actors? ;)
It's not a crazy idea, but I'm not sure how effective it would be. If you don't have any idea what they're going to do (which is often the case for general-purpose software), it seems tough to...
It's not a crazy idea, but I'm not sure how effective it would be. If you don't have any idea what they're going to do (which is often the case for general-purpose software), it seems tough to figure out which license restrictions would be effective? It seems like you need some kind of threat model that you want to talk to your lawyer about?
In some cases it might be safer to release code under a more restrictive license (for example, no commercial use at all, like with Creative Commons Noncommercial licenses) and have them come to you for permission.
Or perhaps a new license could be promoted as a standard. I think it would need to be carefully drafted though (with input from lawyers) for people to trust it. There are a lot of licenses that don't get much traction.
TBH, I'm not sure how effective these ethical source licenses will be either. And at this point I am unsure of if there is any legal precedent to back up what they are attempting to do, but I very...
TBH, I'm not sure how effective these ethical source licenses will be either. And at this point I am unsure of if there is any legal precedent to back up what they are attempting to do, but I very much doubt there is. And yes, it's certainly possible that non-commercial/permission-required licenses may ultimately be the best ones to adopt as a developer concerned with bad actors abusing their software, but I still think these attempts at ethical software licenses are worth exploring too.
I think it would need to be carefully drafted though (with input from lawyers) for people to trust it.
Has the Hippocratic License been subject to legal review?
Yes. We worked with a team of talented and specialized IP lawyers to create versions 2.0 and later of the license.
Now, that doesn't necessarily mean they were particularly good lawyers, or that they were correct in their assessment. :P But at least that particular license has seemed to make a legit attempt to find a viable solution, legally speaking.
Are there any examples of any of those licenses ever being successfully used to stop someone from using a piece of software? (I'm not trying to be dismissive about it, I just don't know if it's...
Are there any examples of any of those licenses ever being successfully used to stop someone from using a piece of software?
(I'm not trying to be dismissive about it, I just don't know if it's ever happened in practice)
I am personally not aware of any yet... but given how new these license efforts are, how few of them there are to choose from at the moment, and how few opensource projects have actually adopted...
I am personally not aware of any yet... but given how new these license efforts are, how few of them there are to choose from at the moment, and how few opensource projects have actually adopted them so far, I imagine how effective they can be is likely still an open question, and I doubt there is any legal precedent to back them up yet.
p.s. And for the record, I am fully aware that these licenses may not be ready for large-scale adoption yet, nor am I advocating Tildes (or @ThatFanficGuy) adopt them in their current forms... but I applaud the license authors' efforts, think what they are attempting to accomplish is worthwhile, and it's definitely an idea worth exploring further as a possibility.
This issue may not be exclusive to federated platforms, but it’s clearly more fluid and complex for them. With the right leadership, a centralized platform can more easily keep the community free...
This is not a problem with federated social media: that's a problem with social media.
This issue may not be exclusive to federated platforms, but it’s clearly more fluid and complex for them. With the right leadership, a centralized platform can more easily keep the community free from bigotry.
You're conflating a centralized platform with centralized moderation. Twitter, Facebook, Youtube, etc are centralized platforms with centralized moderation, which is why they fail at effectively...
You're conflating a centralized platform with centralized moderation. Twitter, Facebook, Youtube, etc are centralized platforms with centralized moderation, which is why they fail at effectively moderating and likely always will. Whereas Reddit is a centralized platform with decentralized moderation, which is working decent-ish. And you're literally on a platform right now that has plans to try to make that centralized platform, decentralized moderation even more effective: https://docs.tildes.net/future-plans#trustreputation-system-for-moderation
...given the right tools.
Bingo! And therein lies the rub. But that same maxim applies to centralized platforms as well as decentralized ones so long as the moderation is decentralized. However the key difference and strength of centralized platforms is that they can ban certain people from using them at all, but decentralized ones cannot, they can only attempt to sweep them under the rug with instances blocking other instances.
Good to know you have faith in the platform and person/people behind it. :( But if it makes you feel any better, AFAIK nothing has really been decided yet regarding Tildes ever fully opening to...
Good to know you have faith in the platform and person/people behind it. :(
But if it makes you feel any better, AFAIK nothing has really been decided yet regarding Tildes ever fully opening to public registration. A lot of alternate ideas have even been talked about in the past of various ways in which it could be partially opened instead. E.g. Temporary accounts for AMAs and the like, probationary accounts with limited access (e.g. 0 trust to start, and no ability to vote or label) which then maybe even require sponsorship from another community member to gain full status, etc.
I actually completely agree with you that moderation of large platforms is impossible to do well. I'm not sure that I've ever explicitly posted it before, but I've believed for years now that the...
I actually completely agree with you that moderation of large platforms is impossible to do well. I'm not sure that I've ever explicitly posted it before, but I've believed for years now that the single largest problem on the internet comes down to treating "we built a platform too large for us to effectively manage" as something to be proud of, instead of the failure that it should be recognized as.
So I feel like the misconception that you have is that I want Tildes to be large. I don't. I definitely want it to be larger than it is now, but my ideal size for it is far, far smaller than any mainstream site. Reddit claims something like 430 million unique users a month. I think Tildes could be great at like... 40,000 active, high-quality users. That's somewhere around 0.00001% of Reddit's size.
Even when registration opens up more, it's never going to be done in a way that just lets the site grow uncontrollably. I'm completely aware that would destroy it, and that's a big part of why I've made almost no effort to bring in a lot of new users.
Care to elaborate? Automoderator is pretty powerful on it's own and I imagine a thousand or 3 mods for an askreddit-sized sub would only require 3 or 4 levels of 'internet bureaucracy' between...
I actually completely agree with you that moderation of large platforms is impossible to do well.
Care to elaborate? Automoderator is pretty powerful on it's own and I imagine a thousand or 3 mods for an askreddit-sized sub would only require 3 or 4 levels of 'internet bureaucracy' between them and a central figure and a lot of the burden is lifted with the democratization of moderation by allowing anyone to label comments and other things, right? I'm not very knowledgeable on moderation.
(8/1/21 Edit:)
Reddit claims something like 430 million unique users a month. I think Tildes could be great at like... 40,000 active, high-quality users. That's somewhere around 0.00001% of Reddit's size.
That's just over 4 orders of magnitude, so more like 0.01%. Sorry foe the pedantry.
AutoModerator and other automated tools can really only deal with simple cases. All of the difficult moderation decisions really need human judgment, and it's crucial that the people making the...
AutoModerator and other automated tools can really only deal with simple cases. All of the difficult moderation decisions really need human judgment, and it's crucial that the people making the judgment have a solid understanding of the whole community and its culture. That's just not possible, beyond a certain scale.
Fair enough. And despite my not trusting decentralized platforms since I think they don't actually solve the problem, they merely hide them, I still wish them luck (and hope they do succeed) since...
Fair enough. And despite my not trusting decentralized platforms since I think they don't actually solve the problem, they merely hide them, I still wish them luck (and hope they do succeed) since we're all basically trying to work towards the same end. :)
I have tinkered with some, but yes, I generally avoid most federated social software, since IMO centralized platforms have a lot of upsides so long as their leadership is not compromised (think...
I have tinkered with some, but yes, I generally avoid most federated social software, since IMO centralized platforms have a lot of upsides so long as their leadership is not compromised (think benevolent dictator), and decentralized platforms will likely never be the choice of the overwhelming majority of people. So instead of wasting effort on overly complicated federation systems that will likely never see significant adoption (compared to the centralized platforms), and don't really solve the issue of bad actors using/abusing them, IMO we should instead focus on finding means to better the centralized platforms instead. E.g. By basically doing everything Tildes is doing; Making them donation driven non-profits, with no investors or advertisers, so they are only beholden to their own users. Focusing on creating better tooling for more effective crowdsourced moderation. Etc.
Precisely. Sensible enforceable rules, principles and guidelines are characteristics of good leadership. We’re talking about different things. I’m referring to global governing principles that...
Our rules are not the same as the rules of other instances
Precisely. Sensible enforceable rules, principles and guidelines are characteristics of good leadership.
A federation of many small communities will always have an easier time applying moderation in an effective way than a single centralized community with the same number of users, given the right tools.
We’re talking about different things. I’m referring to global governing principles that should be applied to all instances. Moderating a single instance would be more equivalent to moderating one subreddit or one Tildes group. Of course that’s easier. But a centralized platform can directly intervene and dissolve a group, while in a federation a group can remain in existence regardless of the opinions of the creators the platform.
That’s quite simple for me: if I ever get to make a platform, I don’t want Nazis in there. Ever. It doesn’t matter if they don’t talk to me anymore, because the mere existence of their online...
That’s quite simple for me: if I ever get to make a platform, I don’t want Nazis in there. Ever. It doesn’t matter if they don’t talk to me anymore, because the mere existence of their online community is a direct consequence of the rules I put forth. I wouldn’t want to provide them with a platform to harm society with their hate speech.
That’s of course a rhetorical exaggeration but I believe the point remains.
It seems to me that both paradigms can be equally dangerous in the wrong hands, but centralized platforms will only propagate bigotry with bad leadership while federated platforms are meant to be...
It seems to me that both paradigms can be equally dangerous in the wrong hands, but centralized platforms will only propagate bigotry with bad leadership while federated platforms are meant to be freely used in all forms and shapes — which includes bigotry.
I don’t say it cannot be beneficial at all, but I believe federation is the target of an unwarranted degree of fascination. Discussions tend to focus on the technological challenge more than anything.
That may be true of you personally, but for a large organization providing a free service funded through advertising, morals will often get thrown out the window if it will reduce userbase or...
if I ever get to make a platform, I don’t want Nazis in there. Ever. It doesn’t matter if they don’t talk to me anymore, because the mere existence of their online community is a direct consequence of the rules I put forth. I wouldn’t want to provide them with a platform to harm society with their hate speech.
That may be true of you personally, but for a large organization providing a free service funded through advertising, morals will often get thrown out the window if it will reduce userbase or interaction. This is doubly true for any publicly traded company, where duty to shareholders is priority #1.
Reddit has no incentive to kick out the bigots unless a big enough PR disaster hits. Last major banwave for communities came after a huge amount of media attention, but little was done to prevent re-forming these groups after the hammer came down.
Ignoring bigotry and bigots doesn’t make bigotry go away, it allows it to fester. Perpetually blocking and silencing bigots doesn't make the problem go away, if anything it makes it worse as it...
It doesn't actually solve the problem of giving the alt-right and hatemongers a platform to spread their bullshit, it continues to enable them, and their only answer is to try to sweep the problem under the rug.
Perpetually blocking and silencing bigots doesn't make the problem go away, if anything it makes it worse as it gives them conspiracy fodder about how they're being repressed. It's not an easy problem to solve online, because of echo chambers and willful ignorance. I'll have conversations, and be instantly dismissed because my sources are too long and boring. I think it takes genuine, face-to-face interaction with the bigot's targeted outgroup, because that's how I got away from being a bigot.
I grew up in a Fox News household. Rush Limbaugh playing on every car trip. I was a horrible bigot. It didn't get better at all until I escaped that bubble and began interacting with people I was bigoted against and it clicked for me 'I've been lied to for years, and every belief I held needs to be re-evaluated because I've been brainwashed with hate.' Two decades later, I still struggle with avoiding 'bigotry mindset,' where my brain wants to take shortcuts to justify an existing belief.
I also believe this journey is what led me away from being a staunch neo-con to being a hard-left anarchist over the course of a decade. As I questioned and shed my bigotry, I also questioned and shed many other things I had been taught.
Others have explained the whole invasive, cat-and-mouse nature of stopping bad folk while allowing good folk. I'd like to raise another point. Reddit clones aren't new. They exist and are as open...
Others have explained the whole invasive, cat-and-mouse nature of stopping bad folk while allowing good folk. I'd like to raise another point.
Reddit clones aren't new. They exist and are as open source as the above. Anyone can create one - hell, it even happened with Voat. We all know how that turned out.
Just like how good people seek out places to go to for positive discussion, these bad actors won't just give up due to lack of resource. Sure, they will be stopped for some time, but those who are persistent will continue to create places for like minded people, and that means alt-right, nazis, hatemongers, etc.
The thing that gives me a peace of mind is they seemed to have control over how the federated instances can be accessed through other instances. It's not a perfect solution, but it's the most basic requirement to prevent people accidentally stumbling into toxic communities like so many people on Reddit do with the communities like red pill etc.
Mastodon has a similar system, and it works pretty well. I remember an alt-right website (my mind says Gab, but truth be told I have little incentive to look it up and verify) tried to use Mastodon to host their own Twitter like instance after they got kicked off Twitter (and nearly every other platform). They are currently blocked from Mastodon instances, and if you go on Mastodon and try to register to a different mastodon instance, it doesn't show up. I believe it's the same situation with Graham Lineham's failed mastodon instance.
I agree, it's not a flawless solution, but solutions are rarely flawless, especially when the problem increases in complexity.
Whitelisting and blacklisting aren’t nothing. The main reason reddit and Facebook are such fertile grounds for them is because it gives them direct access to vulnerable people in normal hobby...
It doesn't actually solve the problem of giving the alt-right and hatemongers a platform to spread their bullshit, it continues to enable them, and their only answer is to try to sweep the problem under the rug.
Whitelisting and blacklisting aren’t nothing. The main reason reddit and Facebook are such fertile grounds for them is because it gives them direct access to vulnerable people in normal hobby groups, like gaming. Breaking the connection between the hate sub and regular subs cuts off that channel and effectively blunts the worst of the insidious propaganda. They still have a base to organize, but as we see whenever Reddit bans a sub like FatPeopleHate, not having a regular way to cross pollinate between regular subs makes them unable to spread.
It works even for edgy but proximally good communities. Like the ChapoTrapHouse sub used to be a pretty good space for leftist discourse with people across the spectrum. After being quarantined, though, it’s pickled itself in it’s own juices and the anarkiddie and edgelord factor has dialed up considerably. They also never hit /r/all anymore due to quarantine, but when you look in on it there’s nothing there that would even appeal to the broader Reddit user base anymore.
How much of that is the sub being quarantined vs. the show itself dialing up the edgelord factor is hard to disentangle, but it’s hard to argue against the idea that shedding the normies also atrophies the community’s ability to create content that appeals to normies. Reddit basically works as a large genetic algorithm to surface appealing viral content. If you quarantine a sub it creates a negative feedback loop that denies them the necessary information and selective pressures to be effective at going viral. This effect is even stronger with a straight ban (or blacklist) that severs them from the instance completely.
Ok, second post, second question asked "Besides being federated, what advantages does this have over Reddit?" and their answer is "live-updates, federation, and RES-like mod abilities". Plus a dump of technical features.
What I like about Tildes is that the answer to why it exists is basically "not for reasons that redditors generally care about", which is exactly why it attracts the people who create the kind of content I like.
I think this is because the question they are answering is "what advantages does lemmy the software" have over reddit rather than "what advantages does the flag ship instance dev.lemmy.ml have".
Which is exactly the kind of thinking that dooms so many open source projects. At one point, you have to connect them with reality, which is always seen as an unimportant afterthought.
The ones setting up the application (developers) for the community are not the real target audience; the community intended to use it is. They want to know that it has the features they like to use, and if you want them to switch from another platform, what better features meaningful to them the new service provides. Between an technically/ideologically "better" platform that lacks stand-out user features and a platform making some technical compromises but has the features users want (or is the existing popular choice), people are going to go with the latter.
You don't need the specific community like DIY woodworkers. "Social link aggregator", "personal photo sharing", "discussion platform", "real time chat", "collaborative business communication" etc. all have day-to-day non-technical administrative and end-user features (many overlapping) that are more or less requirements at this point based on what people have come to expect from the established players. A new offering is going to have to distinguish themselves in a way that has a visible impact for the people using it.
For most people, technical superiority under the hood simply isn't. It's worth mentioning for those that care, but I've yet to see it be successful as the headliner. I may have been unclear what I meant by "Ideological"; i meant it in terms of the tech (since we're talking about the tech), like the kind of points RMS proselytizes or academic like "this is a more memory efficient algorithm".
Having spent a while as a web developer at a consulting firm, interacting with clients, I've seen first hand the disconnect that can sometimes come up between developers' priorities and the end user/client priorities. As a developer it is essential to connect and justify the technical decisions to the user's priorities, ideally with concrete numbers or situations that have actually happened, otherwise it's an uphill battle to get them on board. When it comes to things with network effects, making those connections is even more important.
Sure, and we are still allowed to comment on and criticize, especially if we'd like to see alternatives actually see wider adoption.
So, it makes sense, as federation is really the main feature. One of the problems of Reddit is that it creates that central authority, and if Reddit goes down all of Reddit goes down.
But there are some key features I like:
I do dislike that it's an SPA, but very few non-technical users care about things like that anyway.
I mean, is that really a practical problem for most users?
Maybe not most, but I've certainly seen my fair share of 'oh god reddit was down' posts.
Being federated also makes it harder to block the whole ecosystem in the case of censorship.
I guess Reddit has been down for probably 10x more than say, youtube, but that's not really saying much, I'm sure it still has 99.9% uptime, probably more 9s there.
Reddit censorship is almost entirely from moderators of specific subs, though. Honestly, if anything Reddit's big issue (imo) is not enough central censorship. The admins consistently allow vile, hateful subs which quite clearly break site rule by doxxing... for some reason. Section 230 exists for a reason!
Idk, I feel like based on my Reddit experience more federation will make it more censored, by giving the mod-equivalents full power.
r/watchpeopledie getting banned is not a result of the sub's lack of moderation but the fact that the content of the sub is not advertiser friendly. If I remember correctly, some members of the subreddit are posting the video of Christchurch shooting, the mods imposed strict ban for anyone posting the video.
r/watchpeopledie has been banned please discuss
On the other end you have sub that no moderation like r/worldpolitics, which looks just like any other top subs at this point.
What reddit really needs is a mechanism to retire unqualified moderators.
Back in March there is a post showing how 92 of the mods controls some top 500 subs.
Any and all relevant discussions from that post has been deleted.
Pointing out how much power few people have gets you removed from this sub apparently.
The moderators have the ultimate power of what content is shown and member of the subreddit are basically powerless against any mod abuse. Those angers and frustration are channelled into subs such as r/watchredditdie. The admins are the only one in power that can remove moderators, and they did, half assly by remove half of TD's moderators.
One on hackernews points out:
https://www.cnbc.com/2019/02/11/reddit-raises-300-million-at-3-billion-valuation.html
Speculation: Reddit has long past the point of a community run discussion board to become a profit driven website, one that is like facebook, where the moderation is driven by public outcry. Reddit will maximize traffic by maintaining a certain degree of controversial topic on the front page, only stepping in when said topic gone out of hand and getting reported by mainstream media, and hurts the site's advertisement.
Just a speculation.
One of reddit's attraction is the various interest-centrict subs. Back when reddit first came out it only has one front page and you could post anything there. As users grow, the sub feature was added. Without a user mass the sub feature will not see much use.
Lemmy is not reddit alternative, no community driven project will grow to the size of reddit without substantial financial backing. When you see the existing reddit alternative they are all exiles from the banned subreddit such that you have people with extreme opinions. Lemmy would at least allow those who wish not to get involved with the alternatives to establish their own smaller reddit circle with their own moderation rules.
I think that's a good thing.
https://old.reddit.com/r/linux/comments/guklhr/we_are_the_devs_behind_lemmy_an_open_source/fsj77bn/?context=1
And therein lies the problem with federated social media for me. It doesn't actually solve the problem of giving the alt-right and hatemongers a platform to spread their bullshit, it continues to enable them, and their only answer is to try to sweep the problem under the rug.
This is not a problem with federated social media: that's a problem with social media.
You can't control how people use open-source software. I'm looking at it not much as a user but as a developer. If someone starts a notebook saying terrible things about a particular person, than share said notebook for others to see... fuck am I supposed to do about that?
Of course I'd hate to see that happen. Bullying is bullshit. No one deserves any. But, as a developer of the kind of software that's by its very nature open to use, I can't go about and police all the notebooks ever created. Not only is it ridiculously time-consuming, but I also have no real leverage over the end user.
Suppose I create some form of security layer to Intergrid that prevents certain people from accessing it. If I use cookies, the malicious user could simply clear their cookies and do whatever they wanted to do prior, with no restriction (until I ban them again, and don't get me started on the cat-and-mouse chase that is this bullshit). If I use
localStorage, they might have to lose all their notes to get back onto the service, but they've already shared it, so just copy everything from an ally. If I ban them with IP blocking, I'm just scattershooting everyone in the vicinity; I don't need to explain to you how graceless that is.Now. If I ever have a public notebook of my own – that others can access and write to – I absolutely do get to police it. In fact, I figure I must: it's my place to keep clean. If I have a forum of my own, you bet I'm going to broom that place up with regularity. But if someone uses the myBB engine to create a Nazi supporter forum, is that myBB's fault? Should they start licencing their product and check customers on Nazi sympathies before giving a license away? If so, how? Which way is going to be so effective yet so non-intrusive that it would be perfectly fine with everyone? If you know of any, you might well be ready to solve one of the biggest issues of the 21st century: allowing security that maintains privacy.
The fact that Lemmy creators even bother with lists is step forward from Reddit's libertarian-until-press-catches-on approach. It's not a 100% solution, but if anything short of that is not enough for you, you'll soon find yourself living under a rock.
Well said and I do see your dilemma as a developer, but I honestly still feel like the "I can't control how my software is used" argument is a bit of an excuse, and/or attempt by programmers to absolve themselves of ethical responsibility... which is why I fully support the new attempts to craft ethical source software licenses, e.g. The Hippocratic License
This seems almost entirely unlike open source, though?
Open source, at one extreme, is like putting a note in a bottle and throwing it into the ocean. You often have no relationship with your users; you don't even know who they are. They might not stumble across your code for years after you wrote it. You could put conditions in the license, but how will the license be enforced? Often, they aren't. But we have licenses to reassure businesses about the risks they're taking by using the code.
The opposite would be something like the know your customer requirements for financial services. Nobody gets an account without showing their ID, and banks are increasingly required to do due diligence by getting financial records from their business customers and making sure they know what business they're in. (This doesn't always happen, but that's the intent.)
So the question I have is why any volunteer group would want to do all that work? Policing your customers, or even keeping track of them and maintaining relationships, is tedious. It doesn't seem like the sort of unpaid labor that many programmers working in their free time would be interested in?
And what business is going to let itself be policed by random programmers somewhere on the Internet, just because they want to use a software library?
You can write terms in a license but it doesn't solve the social problem.
So, it seems like absolving open source programmers of this ethical responsibility is a baseline requirement for having an open source community at all. (This is also why all open source software comes with no warranty. How could it be otherwise? Do you want to have to pay damages for bugs in code you gave away for free?)
I remember a hunk of years ago in KDE during an Akademy where this came up and many of the core points that came up where basically mirroring yours but one counter argument is that there is a form of policing in place already in the form of GPL variants where the people editing need to share the source code. Which is not the same, but have a similar effect since the license includes more than just "use as you wish". The alternative BSD license isn't or wasn't very popular in comparison in that group which was why the argument was put forward. It didn't win out though.
Now personally I would probably avoid anything ethically licensed. Not because I disagree with it - but because I worry about it since "ethics" is way vaguer and even though universal human rights is a hefty document it still demands interpretation and it also includes the right of free speech and many of the stand points held by extreme right wing groups - and with some finagling all of their stand points.
Having someone open a bug report saying "This group is using your thing against the license requirements" and having to mull through another debate of keyboard-lawyering and high school philosophy debate styled argumentation bores me to tears. Having to actually hire a proper lawyer with insight in UN human rights laws would be costly AF.
One of the more interesting effects was how the development crews looked at discouraging the absurd cultists from using our software though. Saying that "the developer of that software library is a transgendered person" could cause meltdowns since that in many of their ideologies ment that someone part of a larger conspiracy against [insert fantasy here] had had a finger in the deeper more integral parts of what they used.
But that was far from 100%. Being clear about our motivations as a group helped a bit too - also not 100%.
Do hatespeech laws in Canada mean free speech does not exist here? Why must opensource only be defined in one particularly absolutist, and totally ethically neutral way?
From the license:
IANAL.... but AFAIK most of these ethical source software licenses are attempting to flip the enforcement method from being entirely contract law based (which requires litigation to enforce) like most others, to that of copyright/IP law based (which doesn't necessarily require litigation thanks to the DMCA and other existing IP infringing content takedown laws).
Again IANAL, but AFAIK there is no obligation under the license for adopters to police all their customers/users, but if they are made aware of someone using their software for unethical purposes (in this particular case, those that contravene the Universal Declaration of Human Rights), at least these licenses try to give developers a method of disputing its continued use by those users.
A side issue: unlike most broad terms, "open source" has an official definition. With a lot of different licenses coming out, they wanted to make clear which licenses allow sharing code with everyone for any purpose. (The danger is commercial vendors causing confusion.)
Of course people often don't agree with official definitions, but I don't want to see it watered down to become a mere buzzword, like "agile", "open", or similar words. Do you? I think trying to change the definition now would just lead to it being a buzzword.
"Open source" isn't a synonym for "good," it's a particular approach to sharing software. There are other licenses and other ways of sharing that might be good ideas. For clarity I think they need their own names. "Ethical source" is at least clearly different, though I don't agree with the implication that other ways of sharing are unethical.
Yes, you're right. I said that incorrectly.
Do not want! I'm wary of having even optional ways to terminate a license. As an author I don't like the idea of having a legal "kill switch" because I don't want to have that sort of power relationship over people I don't know. Sometimes it's necessary, but I want to minimize that. I think it poisons the relationship between author and user if they think I'm trying to control them (which is why the "right to fork" is important). I don't want to be the cop, particularly not for free, and so this isn't an option that appeals to me.
And as a user I'm not interested in collecting extra obligations to comply with other people's licenses. Particularly when using package management to download large collections of interconnected libraries, I think we should be able to pick useful packages without having to worry too much about their licenses or their dependencies' licenses.
With something like the GPL, it's at least very well-established and clear what you need to do to avoid getting your license terminated, so I accept that, though I wouldn't pick the GPL for my own project and I don't think it should be used for libraries.
It's already the case that doing license compliance properly can take a lot of work. For example, there are scanning tools that the big companies use to make sure they don't inadvertently pick up any licenses they don't want to comply with. I would guess most users ignore this (like we mostly don't pay attention to shrinkwrap licenses) but when we're talking about whether a license is a good idea or not, I want it to be based on what happens if we try to follow the license agreements strictly.
I'm not the parent, but yes. I abandoned to OSI's definition years ago because it's just not used that way in the real world. It's for the same reason that we don't insist other's say "facial tissue" instead of Kleenex - we know what they mean, and it's commonly understood.
I might grumble every time somebody says "hashtag" to refer to an octothorpe, but that's just the way it works. Words change, and they always have. In my opinion the only reason the OSD has held sway this long is because programmers (myself included) are a particularly pedantic breed of people.
Prescriptivism is frowned upon in linguistics, and for good reason. It comes across as dogmatic and inflexible. It describes what "ought to be", but not what actually is. That might work in the world of APIs and standards, but not for something as fluid as language.
Besides, I never thought the arguments for insisting on the OSI's definition were very good. Why does it matter if "open-source" is a precise term? That's exactly what licenses are for. They spell out the usage rights in no uncertain terms.
edit: Details/grammar.
It matters in the sense that if it's an OSI approved license, you know that the license confers the rights to modify and redistribute.
Part of the reason that 'open source' was coined was to distinguish it from 'free software', where people often confused 'right to modify and redistribute' and 'free of charge.'
Languages do evolve, but there are some substantial issues with that when taken to extremes. 'Literally' is one example, where the definition became the opposite because of incredibe misuse, and I have yet to find a term that equates to 'no I'm not being hyperbolic'.
Open Source needs to have a firm definition to prevent it from being co-opted and abused, as an 'open source' license (as defined by the OSI) confers certain rights to the end users. If a company declares their license as open source, but doesn't include these rights, it dilutes the term into a mere buzzword and muddies the waters.
It's the same reason I support a legal definition of milk as 'lactation from an animal'. Or chocolate as 'must contain at least X% cacao.'
Without any sort of enforcements, it becomes easy for companies to decieve people into thinking they're getting something they aren't.
Look at the whole gluten-free fad. Many gluten free products were being made that weren't safe for Celiacs to eat because they didn't follow proper precautions during preparation.
I wouldn't put it past any of the largest tech companies to try to rebrand a 'look but don't touch' license as open source, which is antithical to the whole purpose of it. See Microsoft's bullshit about Office files being an 'open standard' when they were not anything of the sort when governments started requiring it.
This seems like a shortcut that isn't altogether necessary anymore. For instance, if we look at Tildes' license on either Github or Gitlab, it lists exactly the freedoms they confer.
Even if these features weren't available, almost all licenses have their permissions spelled out from services like tldrlegal.com. Licenses are not hard to parse these days.
What I'm suggesting is that this has already happened. It happened long ago. A significant portion of the uses of "open-source" online do not meet the OSI's definition. We can either stop and object every time somebody uses the term "incorrectly", or we can get with the program and accept that this battle has long been over.
I don't think most people, in the sense of non-techies, are aware of what the OSI actually is. And those savvy enough will surely be checking the license themselves anyway.
I don't think the comparison to Celiacs really applies. Food safety requirements are a very different ballgame to language fluidity.
A statement of principles can be useful for groups making decisions about which licenses to accept. For example, it's helpful for distributions like Debian, where they decide which licenses are allowed in the distribution. (Debian doesn't incorporate the open source definition, preferring their own, which is similarly precise. See guidelines 5 and 6 which are identical to the open source definition.)
But that's different from what a dictionary usually does, which is just to document common usage as a guide to understanding what other people are saying.
I'm not usually a prescriptionist, but I don't think the battle is lost on this one. When I say "open source" that's the definition I mean. In formal writing, I might link to the open source definition to avoid any confusion. Using terms loosely annoys specialists, and I guess that's what's going on here?
This I am totally okay with. In this example you're defining a specific subset of permissions to allow, be it for reasons of legality, ethics, or compatibility. If you wanted to ask, "Does this project meet the OSD's requirements?", then that's a perfectly valid question.
Similarly, asking "Does this project meet Debian's requirements?" is just as valid as the question above, at least in the context of Debian. If you're trying to land some software in a Debian repo, then those are the requirements you need to meet.
In some cases it will make sense to create a set of requirements, and give them a name like above. A statement of values can be useful for a project. I'm even okay with referring to "the OSI's definition of open-source", as that has a specific meaning. In fact, my only objection is insisting that this is the only definition of the phrase, as I believe that is no longer the case.
Even the question of "does this meet the OSD?" is not particularly useful anymore, I'd argue, as many companies have made the decision to avoid GPL software for fear of accidentally having to expose internal code. Those companies would have their own sets of requirements which do not align with the OSD.
We may differ on this, but I find open-source is most useful as an umbrella term. That includes everything from WTFPL to a basic visible-source license. That's how it's used most commonly today, and I say, why not?
Remember, we're not losing anything. The OSD still exists if you want to refer to it. The license itself will be more precise than anyone's specific list of requirements. I think it's time to move forward on this one.
Well, the place this debate usually comes up is when companies claim they are open source, and when you look into it, their source code license is more restrictive. This is controversial and I think it should be controversial. I don't want to let them get away with it. As a term used in advertising, I think it should stay the way it is.
But then, I remember whenever every company said they were "open" and it didn't mean anything.
I'm not going to get into a pedantic argument about the definition of open source, because as you said, that is a side issue, and is a bit of a red herring IMO.
Yes, I know you don't, and neither do the vast majority of programmers, which is why my opinion here is incredibly unpopular. As I said right from the start, programmers want to absolve themselves of all ethical responsibility for how their software is used.
I can understand why it's problematic for major core libraries and dependencies to be ethically licensed (though IMO it's likely not unsolvable), but social media in particular is being weaponized by hatemongers these days, and at the very least I think that open-source social media software makers should seriously start to consider supporting and adopting ethical source licenses so their product can't be used by those hatemongers.
I think it would be reasonable in the case of a social media server to use an alternative license for the top-level repo. However, licenses of any kind are mainly for business and in-community disputes. Outside hackers aren't going to read and follow license agreements. They will do what they like.
So, if you're really concerned, maybe you shouldn't release the source code at all? As far as I know, Hacker News doesn't release their source code, probably due to concerns about how it might be misused.
And this is also what companies do. They're careful not to release stuff as open source unless they are fine with the consequences of everyone seeing and using it. As programmers, maybe we should be careful about what we release too?
OpenAI tried to start a conversation about this with GPT-2, but it was quite controversial. The scientific community is built on openness but there are things that might be too dangerous to share openly.
You can't stop hackers and pirates from using even closed source software if they're motivated enough to do so, but the vast majority of people are usually willing to abide by licenses. But that's not really the purpose/point of these ethical source licenses anyways. Their purpose is to provide legal redress and a means to stop continued misuse when people are identified and caught violating the terms of the license. Don't let perfect be the enemy of good.
There are plenty of reasons, other than absolutist adherence to FOSS principles, to open the source code of a project, e.g. so the devs and others can still get the benefits of the code being open, visible, available, able to be publicly reviewed/audited, accept contributions from the public, able to be forked, ensuring the devs are held accountable, etc. etc. etc. etc.
So maybe programmers at large should stop gatekeeping using their sacred definitions of what makes something "open source", and start accepting responsibility for their software being misused by bad actors? Or at the very least, IMO they should start trying to accept the fact that others are trying to do just that, and stop fighting those efforts so much.
For servers, not releasing the source tends to be pretty useful in stopping misuse, since they can only go through your API and that gives you a lot of options.
For client-side code, yeah, it's not going to matter for a determined hacker since they can disassemble the code. But it's a speedbump and it avoids secrets leaking through comments and unused code (that would get compiled away).
And this is why we always do input validation on the server; you should never trust the client.
With respect to legal redress, I have never gotten lawyers involved for my personal hacking and I hope never to need to do that. I would prefer not to release code if there's a risk of getting into a legal dispute. Maybe that's different for organizations who can afford lawyers, though.
Maybe an alternative would be to work on code that's less dangerous. Unpaid work is supposed to be for fun, after all.
So I guess my conclusion is that, yes, you could use a different license, but there aren't that many situations where it helps? It seems rather specialized.
Unless you're Nostrodamus, good luck predicting what software can be made dangerous or misused. And isn't that sort of attitude of "don't work on anything dangerous" simply letting yourself be held hostage by bad actors anyways?
Here is a crazy idea, but hear me out... instead of never working on any "open source" software that can potentially be dangerous/misused, how about we try to craft some sort of, I dunno, "ethical" open source software license that allows us to dispute its use by those bad actors? ;)
It's not a crazy idea, but I'm not sure how effective it would be. If you don't have any idea what they're going to do (which is often the case for general-purpose software), it seems tough to figure out which license restrictions would be effective? It seems like you need some kind of threat model that you want to talk to your lawyer about?
In some cases it might be safer to release code under a more restrictive license (for example, no commercial use at all, like with Creative Commons Noncommercial licenses) and have them come to you for permission.
Or perhaps a new license could be promoted as a standard. I think it would need to be carefully drafted though (with input from lawyers) for people to trust it. There are a lot of licenses that don't get much traction.
TBH, I'm not sure how effective these ethical source licenses will be either. And at this point I am unsure of if there is any legal precedent to back up what they are attempting to do, but I very much doubt there is. And yes, it's certainly possible that non-commercial/permission-required licenses may ultimately be the best ones to adopt as a developer concerned with bad actors abusing their software, but I still think these attempts at ethical software licenses are worth exploring too.
The Hippocratic License was. Top question in the FAQ: https://firstdonoharm.dev/faq.html
Now, that doesn't necessarily mean they were particularly good lawyers, or that they were correct in their assessment. :P But at least that particular license has seemed to make a legit attempt to find a viable solution, legally speaking.
You may enjoy this anecdote about moral clauses in licenses.
https://web.archive.org/web/20130203112329/http://dev.hasenj.org/post/3272592502
LOL, thanks for that! Been a stressful and depressing day, so I needed a good giggle. :)
Are there any examples of any of those licenses ever being successfully used to stop someone from using a piece of software?
(I'm not trying to be dismissive about it, I just don't know if it's ever happened in practice)
I am personally not aware of any yet... but given how new these license efforts are, how few of them there are to choose from at the moment, and how few opensource projects have actually adopted them so far, I imagine how effective they can be is likely still an open question, and I doubt there is any legal precedent to back them up yet.
p.s. And for the record, I am fully aware that these licenses may not be ready for large-scale adoption yet, nor am I advocating Tildes (or @ThatFanficGuy) adopt them in their current forms... but I applaud the license authors' efforts, think what they are attempting to accomplish is worthwhile, and it's definitely an idea worth exploring further as a possibility.
This issue may not be exclusive to federated platforms, but it’s clearly more fluid and complex for them. With the right leadership, a centralized platform can more easily keep the community free from bigotry.
You're conflating a centralized platform with centralized moderation. Twitter, Facebook, Youtube, etc are centralized platforms with centralized moderation, which is why they fail at effectively moderating and likely always will. Whereas Reddit is a centralized platform with decentralized moderation, which is working decent-ish. And you're literally on a platform right now that has plans to try to make that centralized platform, decentralized moderation even more effective: https://docs.tildes.net/future-plans#trustreputation-system-for-moderation
Bingo! And therein lies the rub. But that same maxim applies to centralized platforms as well as decentralized ones so long as the moderation is decentralized. However the key difference and strength of centralized platforms is that they can ban certain people from using them at all, but decentralized ones cannot, they can only attempt to sweep them under the rug with instances blocking other instances.
Good to know you have faith in the platform and person/people behind it. :(
But if it makes you feel any better, AFAIK nothing has really been decided yet regarding Tildes ever fully opening to public registration. A lot of alternate ideas have even been talked about in the past of various ways in which it could be partially opened instead. E.g. Temporary accounts for AMAs and the like, probationary accounts with limited access (e.g. 0 trust to start, and no ability to vote or label) which then maybe even require sponsorship from another community member to gain full status, etc.
I actually completely agree with you that moderation of large platforms is impossible to do well. I'm not sure that I've ever explicitly posted it before, but I've believed for years now that the single largest problem on the internet comes down to treating "we built a platform too large for us to effectively manage" as something to be proud of, instead of the failure that it should be recognized as.
So I feel like the misconception that you have is that I want Tildes to be large. I don't. I definitely want it to be larger than it is now, but my ideal size for it is far, far smaller than any mainstream site. Reddit claims something like 430 million unique users a month. I think Tildes could be great at like... 40,000 active, high-quality users. That's somewhere around 0.00001% of Reddit's size.
Even when registration opens up more, it's never going to be done in a way that just lets the site grow uncontrollably. I'm completely aware that would destroy it, and that's a big part of why I've made almost no effort to bring in a lot of new users.
Care to elaborate? Automoderator is pretty powerful on it's own and I imagine a thousand or 3 mods for an askreddit-sized sub would only require 3 or 4 levels of 'internet bureaucracy' between them and a central figure and a lot of the burden is lifted with the democratization of moderation by allowing anyone to label comments and other things, right? I'm not very knowledgeable on moderation.
(8/1/21 Edit:)
That's just over 4 orders of magnitude, so more like 0.01%. Sorry foe the pedantry.
AutoModerator and other automated tools can really only deal with simple cases. All of the difficult moderation decisions really need human judgment, and it's crucial that the people making the judgment have a solid understanding of the whole community and its culture. That's just not possible, beyond a certain scale.
For some more reasons that it's pretty much impossible in practice, this article's a really good overview: Masnick's Impossibility Theorem: Content Moderation At Scale Is Impossible To Do Well
Fair enough. And despite my not trusting decentralized platforms since I think they don't actually solve the problem, they merely hide them, I still wish them luck (and hope they do succeed) since we're all basically trying to work towards the same end. :)
I have tinkered with some, but yes, I generally avoid most federated social software, since IMO centralized platforms have a lot of upsides so long as their leadership is not compromised (think benevolent dictator), and decentralized platforms will likely never be the choice of the overwhelming majority of people. So instead of wasting effort on overly complicated federation systems that will likely never see significant adoption (compared to the centralized platforms), and don't really solve the issue of bad actors using/abusing them, IMO we should instead focus on finding means to better the centralized platforms instead. E.g. By basically doing everything Tildes is doing; Making them donation driven non-profits, with no investors or advertisers, so they are only beholden to their own users. Focusing on creating better tooling for more effective crowdsourced moderation. Etc.
Precisely. Sensible enforceable rules, principles and guidelines are characteristics of good leadership.
We’re talking about different things. I’m referring to global governing principles that should be applied to all instances. Moderating a single instance would be more equivalent to moderating one subreddit or one Tildes group. Of course that’s easier. But a centralized platform can directly intervene and dissolve a group, while in a federation a group can remain in existence regardless of the opinions of the creators the platform.
That’s quite simple for me: if I ever get to make a platform, I don’t want Nazis in there. Ever. It doesn’t matter if they don’t talk to me anymore, because the mere existence of their online community is a direct consequence of the rules I put forth. I wouldn’t want to provide them with a platform to harm society with their hate speech.
That’s of course a rhetorical exaggeration but I believe the point remains.
Theses conclusions seem far fetched.
It seems to me that both paradigms can be equally dangerous in the wrong hands, but centralized platforms will only propagate bigotry with bad leadership while federated platforms are meant to be freely used in all forms and shapes — which includes bigotry.
I don’t say it cannot be beneficial at all, but I believe federation is the target of an unwarranted degree of fascination. Discussions tend to focus on the technological challenge more than anything.
I don’t dispute that, but I do take issue with the notion that federation is an essentially superior alternative.
That may be true of you personally, but for a large organization providing a free service funded through advertising, morals will often get thrown out the window if it will reduce userbase or interaction. This is doubly true for any publicly traded company, where duty to shareholders is priority #1.
Reddit has no incentive to kick out the bigots unless a big enough PR disaster hits. Last major banwave for communities came after a huge amount of media attention, but little was done to prevent re-forming these groups after the hammer came down.
Reddit is bad but I don’t see how that’s relevant. I did not say companies with bad leadership are beneficial.
Ignoring bigotry and bigots doesn’t make bigotry go away, it allows it to fester.
Perpetually blocking and silencing bigots doesn't make the problem go away, if anything it makes it worse as it gives them conspiracy fodder about how they're being repressed. It's not an easy problem to solve online, because of echo chambers and willful ignorance. I'll have conversations, and be instantly dismissed because my sources are too long and boring. I think it takes genuine, face-to-face interaction with the bigot's targeted outgroup, because that's how I got away from being a bigot.
I grew up in a Fox News household. Rush Limbaugh playing on every car trip. I was a horrible bigot. It didn't get better at all until I escaped that bubble and began interacting with people I was bigoted against and it clicked for me 'I've been lied to for years, and every belief I held needs to be re-evaluated because I've been brainwashed with hate.' Two decades later, I still struggle with avoiding 'bigotry mindset,' where my brain wants to take shortcuts to justify an existing belief.
I also believe this journey is what led me away from being a staunch neo-con to being a hard-left anarchist over the course of a decade. As I questioned and shed my bigotry, I also questioned and shed many other things I had been taught.
Others have explained the whole invasive, cat-and-mouse nature of stopping bad folk while allowing good folk. I'd like to raise another point.
The thing that gives me a peace of mind is they seemed to have control over how the federated instances can be accessed through other instances. It's not a perfect solution, but it's the most basic requirement to prevent people accidentally stumbling into toxic communities like so many people on Reddit do with the communities like red pill etc.
Mastodon has a similar system, and it works pretty well. I remember an alt-right website (my mind says Gab, but truth be told I have little incentive to look it up and verify) tried to use Mastodon to host their own Twitter like instance after they got kicked off Twitter (and nearly every other platform). They are currently blocked from Mastodon instances, and if you go on Mastodon and try to register to a different mastodon instance, it doesn't show up. I believe it's the same situation with Graham Lineham's failed mastodon instance.
I agree, it's not a flawless solution, but solutions are rarely flawless, especially when the problem increases in complexity.
Whitelisting and blacklisting aren’t nothing. The main reason reddit and Facebook are such fertile grounds for them is because it gives them direct access to vulnerable people in normal hobby groups, like gaming. Breaking the connection between the hate sub and regular subs cuts off that channel and effectively blunts the worst of the insidious propaganda. They still have a base to organize, but as we see whenever Reddit bans a sub like FatPeopleHate, not having a regular way to cross pollinate between regular subs makes them unable to spread.
It works even for edgy but proximally good communities. Like the ChapoTrapHouse sub used to be a pretty good space for leftist discourse with people across the spectrum. After being quarantined, though, it’s pickled itself in it’s own juices and the anarkiddie and edgelord factor has dialed up considerably. They also never hit /r/all anymore due to quarantine, but when you look in on it there’s nothing there that would even appeal to the broader Reddit user base anymore.
How much of that is the sub being quarantined vs. the show itself dialing up the edgelord factor is hard to disentangle, but it’s hard to argue against the idea that shedding the normies also atrophies the community’s ability to create content that appeals to normies. Reddit basically works as a large genetic algorithm to surface appealing viral content. If you quarantine a sub it creates a negative feedback loop that denies them the necessary information and selective pressures to be effective at going viral. This effect is even stronger with a straight ban (or blacklist) that severs them from the instance completely.