cultural reviewer and dabbler in stylistic premonitions

  • 376 Posts
  • 919 Comments
Joined 3 years ago
cake
Cake day: January 17th, 2022

help-circle







  • as a mod/admin, i would appreciate being able to edit post titles. there have been a fair number of times where i asked a poster to do so, and then waited a while for them to before deleting the post if they don’t.

    and/or, it would be nice to have a way for us to temporarily semi-delete a post while waiting for OP to make requested changes to it; that is, to hide it from the community view but leave it visible to people with the URL, or people who find it via the user profiles of the poster or commenters in it.

    editing titles would be awkward without an edit history or, at the least, a way to see that some 2nd party had edited it, and editing post bodies would be even more so. but it would make sense and be useful with an edit history, i think.

    i would also appreciate having content addressability, portable identity, composable moderation, and… perhaps a pony 😂








  • three suggestions:

    1. fyi, since your post links to https://lemmy.world/c/remy and https://lemmy.zip/c/remy icymi the preferred way to link to communities (so that everyone can access them via their own home instance) is like this: !remy@lemmy.zip. When someone types that in the lemmy web interface, it will auto-complete and expand it into link markup like [!remy@lemmy.zip](https://lemmy.zip/c/remy), but when that markup is rendered it will actually become a link to access the community via the reader’s home instance. For instance, for me that link will actually go to https://lemmy.ml/c/remy@lemmy.zip where i can interact with the community whereas https://lemmy.zip/c/remy will take me to the lemmy.zip website where i do not have an account. Here is a non-escaped example (my previous examples are all escaped with backtick characters to prevent them from rendering) which anyone should be able to click to load it through their own instance: !remy@lemmy.zip. Please ensure that your client can both generate and follow community links like this! (as well as user links to lemmy and other activitypub things; user links work the same except they’re prefixed with @ instead of !.)

    2. you don’t need multiple communities for your app; users from .world can post on .zip and vice-versa (and it is easy for them to if you link to the community the way described above).

    3. will you ever consider open sourcing it? :)


  • Arthur Besse@lemmy.mlMtoLinux@lemmy.mlA good e-mail client for linux?
    link
    fedilink
    English
    arrow-up
    5
    ·
    edit-2
    6 days ago

    still of Obi-wan Kenobi in Star Wars with subtitle "Now, that's a name I've not heard in a long time. A long time."

    At first i thought, wow, cool they’re still developing that? Doing a release or two a year, i see.

    I used to use it long ago, and was pretty happy with it.

    But looking closer now, what is going on with security there?! Sorry to be the bearer of probably bad news, but... 😬

    The only three CVEs in their changelog are from 2007, 2010, and 2014, and none are specific to claws.

    Does that mean they haven’t had any exploitable bugs? That seems extremely unlikely for a program written in C with the complexity that being an email client requires.

    All of the recent changelog entries which sound like possibly-security-relevant bugs have seven-digit numbers prefixed with “CID”, whereas the other bugs have four-digit bug numbers corresponding to entries in their bugzilla.

    After a few minutes of searching, I have failed to figure out what “CID” means, or indeed to find any reference to these numbers outside of claws commit messages and release announcements. In any case, from the types of bugs which have these numbers instead of bugzilla entries, it seems to be the designation they are using for security bugs.

    The effect of failing to register CVEs and issue security advisories is that downstream distributors of claws (such as the Linux distributions which the project’s website recommends installing it from) do not patch these issues.

    For instance, claws is included in Debian stable and three currently-supported LTS releases of Ubuntu - which are places where users could be receiving security updates if the project registered CVEs, but are not since they don’t.

    Even if you get claws from a rolling release distro, or build the latest release yourself, it looks like you’d still be lagging substantially on likely-security-relevant updates: there have actually been numerous commits containing CID numbers in the month since the last release.

    If the claws developers happen to read this: thanks for writing free software, but: please update your FAQ to explain these CID numbers, and start issuing security advisories and/or registering CVEs when appropriate so that your distributors will ship security updates to your users!


  • Nope.

    Nope, it is.

    It allows someone to use code without sharing the changes of that code. It enables non-free software creators like Microsoft to take the code, use it however they like, and not have to share back.

    This is correct; it is a permissive license.

    This is what Free Software prevents.

    No, that is what copyleft (aims to) prevent.

    Tired of people calling things like MIT and *BSD true libre/Free Software.

    The no True Scotsman fallacy requires a lack of authority about what what constitutes “true” - but in the case of Free/Libre software, we have one: https://en.wikipedia.org/wiki/The_Free_Software_Definition

    If you look at this license list (maintained by the Free Software Foundation’s Licensing and Compliance Lab) you’ll see that they classify many non-copyleft licenses as “permissive free software licenses”.

    They’re basically one step away from no license at all.

    Under the Berne Convention of 1886, everything is copyrighted by default, so “no license at all” means that nobody has permission to redistribute it :)

    The differences between permissive free software licenses and CC0 or a simple declaration that something is “dedicated to the public domain” are subtle and it’s easy to see them as irrelevant, but the choice of license does have consequences.

    The FSF recommends that people who want to use a permissive license choose Apache 2.0 “for substantial programs” because of its clause which “prevents patent treachery”, while noting that that clause makes it incompatible with GPLv2. For “simple programs” when the author wants a permissive license, FSF recommends the Expat license (aka the MIT license).

    It is noteworthy that the latter is compatible with GPLv2; MIT-licensed programs can be included in a GPLv2-only work (like the Linux kernel) while Apache 2.0-licensed programs cannot. (GPLv3 is more accommodating and allows patent-related additional restrictions to be applied, so it is compatible with Apache 2.0.)












  • I often see Rust mentioned at the same time as MIT-type licenses. Is it just a cultural thing that people who write Rust dislike Libre licenses?

    The word “libre” in the context of licensing exists to clarify the ambiguity of the word “free”, to emphasize that it means “free as in freedom” rather than “free as in beer” (aka no cost, or gratis) as the FSF explains here.

    The MIT license is a “libre” license, because it does meet the Free Software Definition.

    I think the word you are looking for here is copyleft: the MIT license is a permissive license, meaning it is not a copyleft license.

    I don’t know enough about the Rust community to say why, but from a distance my impression is that yes they do appear to have a cultural preference for permissive licenses.