if that is the case I choose upper-left of the political compass for you (:

i’m curious, where do you place yourself on that compass? if you’ve got 20 minutes I highly recommend this video about it.

and here i does it for free 🤡

Nope.

Nope, it is.

It allows someone to use code without sharing the changes of that code. It enables non-free software creators like Microsoft to take the code, use it however they like, and not have to share back.

This is correct; it is a permissive license.

This is what Free Software prevents.

No, that is what copyleft (aims to) prevent.

Tired of people calling things like MIT and *BSD true libre/Free Software.

The no True Scotsman fallacy requires a lack of authority about what what constitutes “true” - but in the case of Free/Libre software, we have one: https://en.wikipedia.org/wiki/The_Free_Software_Definition

If you look at this license list (maintained by the Free Software Foundation’s Licensing and Compliance Lab) you’ll see that they classify many non-copyleft licenses as “permissive free software licenses”.

They’re basically one step away from no license at all.

Under the Berne Convention of 1886, everything is copyrighted by default, so “no license at all” means that nobody has permission to redistribute it :)

The differences between permissive free software licenses and CC0 or a simple declaration that something is “dedicated to the public domain” are subtle and it’s easy to see them as irrelevant, but the choice of license does have consequences.

The FSF recommends that people who want to use a permissive license choose Apache 2.0 “for substantial programs” because of its clause which “prevents patent treachery”, while noting that that clause makes it incompatible with GPLv2. For “simple programs” when the author wants a permissive license, FSF recommends the Expat license (aka the MIT license).

It is noteworthy that the latter is compatible with GPLv2; MIT-licensed programs can be included in a GPLv2-only work (like the Linux kernel) while Apache 2.0-licensed programs cannot. (GPLv3 is more accommodating and allows patent-related additional restrictions to be applied, so it is compatible with Apache 2.0.)

What is a U.S.-sanctioned place? Why does the U.S. government think this is a bad thing?

https://en.wikipedia.org/wiki/United_States_government_sanctions

🎉 sometimes US sanctions actually do lead to positive outcomes :)

I often see Rust mentioned at the same time as MIT-type licenses. Is it just a cultural thing that people who write Rust dislike Libre licenses?

The word “libre” in the context of licensing exists to clarify the ambiguity of the word “free”, to emphasize that it means “free as in freedom” rather than “free as in beer” (aka no cost, or gratis) as the FSF explains here.

The MIT license is a “libre” license, because it does meet the Free Software Definition.

I think the word you are looking for here is copyleft: the MIT license is a permissive license, meaning it is not a copyleft license.

I don’t know enough about the Rust community to say why, but from a distance my impression is that yes they do appear to have a cultural preference for permissive licenses.

Fuck this project, but… their source code can be free and open source even if they distribute binaries which aren’t. (Which they can do if they own the copyright, and/or if it is under a permissive non-copyleft FOSS license.)

And if the source code is actually FOSS, and many people actually want to use it, someone else will distribute FOSS binaries without this stupid EULA. So, this BS is still much better than a non-FOSS license like FUTO’s.

I immediately knew this was going to be from Microsoft users, and yeah… of course, it is.

Binaries distributed under this EULA do not meet the free software definition or open source definition.

However, unlike most attempts to dilute the concept of open source, since the EULA is explicitly scoped to binaries and says it is meant to be applied to projects with source code that is released under an OSI-approved license, I think the source code of projects using this do still meet the open source definition (as long as the code is actually under such a license). Anyone/everyone should still be free to fork any project using this, and to distribute free binaries which are not under this EULA.

This EULA obviously cannot be applied to projects using a copyleft license, unless all contributors to it have dual-licensed their contributions to allow (at least) the entity that is distributing non-free binaries under this EULA to do so.

I think it is extremely short-sighted to tell non-paying “consumers” of an open source project that their bug reports are not welcome. People who pay for support obviously get to heavily influence which bugs get priority, but to tell non-paying users that they shouldn’t even report bugs is implicitly communicating that 2nd and 3rd party collaboration on fixing bugs is not expected or desired.

A lot of Microsoft-oriented developers still don’t understand the free software movement, and have been trying to twist it into something they can comprehend since it started four decades ago. This is the latest iteration of that; at least this time they aren’t suggesting that people license their source code under non-free licenses.

StartPage/StartMail is owned by an adtech company who’s website boasts that they “develop & grow our suite of privacy-focused products, and deliver high-intent customers to our advertising partners” 🤔

They have a whitepaper which actually does a good job explaining how end-to-end encryption in a web browser (as Tuta, Protonmail, and others do) can be circumvented by a malicious server:

The malleability of the JavaScript runtime environment means that auditing the future security of a piece of JavaScript code is impossible: The server providing the JavaScript could easily place a backdoor in the code, or the code could be modified at runtime through another script. This requires users to place the same measure of trust in the server providing the JavaScript as they would need to do with server-side handling of cryptography.

However (i am not making this up!) they hilariously use this analysis to justify having implemented server-side OpenPGP instead 🤡

Tuta’s product is snake oil.

A cryptosystem is incoherent if its implementation is distributed by the same entity which it purports to secure against.

If you don’t care about their (nonstandard, incompatible, and snake oil) end-to-end encryption feature and just want a free email provider which protects your privacy in other ways, the fact that their flagship feature is snake oil should still be a red flag.

The three currently-maintained engines which (at their feature intersection) effectively define what “the web” is today are Mozilla’s Gecko, Apple’s WebKit, and Google’s Blink.

The latter two are both descended from KHTML, which came from the Konquerer browser which was first released as part of KDE 2.0 in 2000, and thus both are LGPL licensed.

After having their own proprietary engine for over two decades, Microsoft stopped developing it and switched to Google’s fork of Apple’s fork of KDE’s free software web engine.

Probably Windows will replace its kernel with Linux eventually too, for better or worse :)

How else are Chrome, Edge, Brave, Arc, Vivaldi and co getting away with building proprietary layers on top of a copyleft dependency?

They’re allowed to because the LGPL (unlike the normal GPL) is a weak copyleft license.

BSD tells me the team probably wants Ladybird to become not just a standalone browser but also a new competing base for others to build a browser on top of

it’s about the ladybird browser. i edited my comment to add details.

with mandatory male pronouns for users in the documentation.

(and no politics allowed!)

https://digdeeper.club/articles/browsers.xhtml has a somewhat comprehensive analysis of a dozen of the browsers you might consider, illuminating depressing (and sometimes surprising) privacy problems with literally all of them.

In the end it absurdly recommends something which forked from Firefox a very long time ago, which is obviously not a reasonable choice from a security standpoint. I don’t have a good recommendation, but I definitely don’t agree with that article’s conclusion: privacy features are pointless if your browser is trivially vulnerable to exploits for a plethora of old bugs, which will inevitably be the case for a volunteer-run project that diverged from Firefox a long time ago and thus cannot benefit from Mozilla’s security fixes in each new release.

However, despite its ridiculous conclusion, that page’s analysis could still be helpful when you’re deciding which of the terrible options to pick.