• Assembled: 1200 USD
• Kit: 950 USD

1. I was showing that my understanding of the word “asset” was based in fact. The 4th definition wasn’t relevant to that.
2. I literally talked about the 4th definition in the next paragraph.

If anyone’s operating in bad faith, it’s you. Are you drunk? You’re being an intentionally obtuse pedant and a liar (by your own definition). Try replying once you’ve sobered up, clown. Once you reread and realize how much of a dick you were, I’m sure you’ll apologize - unless I’m right about you being too much of a coward to admit when you’re wrong about something.

You could try reading the rest of my comment first.

Before I reply to your comment, I’d like to share this link. It didn’t change any of my existing understanding because Linus’s comment already made it clear that this was out of their hands, but maybe it’ll help clarify something for you.

I realize now that this comment on that post was made before this one (“What’s free about delisting maintainers based on their country of residence?”) by the same person. It’s disingenuous for someone to act like this is about “country of residence” when they already engaged with a post clarifying that it’s because of sanctions against specific companies.

that you unironically think asset means property

I unironically think that because it does mean that:

1. assets plural

a. the property of a deceased person subject by law to the payment of his or her debts and legacies

b. the entire property of a person, association, corporation, or estate applicable or subject to the payment of debts

2. ADVANTAGE, RESOURCE

a. an item of value owned

b. assets plural the items on a balance sheet showing the book value of property owned

When I do a search for “state asset,” the results I get are all related to property, resources, etc., things that belong to and can be exploited by the state - for example https://www.epa.gov/dwcapacity/state-asset-management-initiatives-documents

Searching for “asset” specifically I see a tertiary definition reading “A spy working in his or her own country and controlled by the enemy” as well as the wikipedia definition, but that still means “spy,” not “paid lobbyist.”

just that incredibly obtuse

I’d apologize for not being well versed enough in counter-intelligence lingo to properly interpret the comment, but even with a proper interpretation, the comment I replied to was still incoherent, so I’m not really sure what you expect here.

It feels weird to say that it was incredibly obtuse of me to not spend more time trying to figure out what someone meant when they were, as far as I can tell just mad that Linus and other Linux maintainers didn’t ignore what their attorneys advised, regardless of what impact that might have had on them personally, and spouting a bunch of nonsense as a result.

Maybe I’m wrong, though. If so, would you care to explain how this was a violation of the GPL and/or how all of the 4 freedoms I listed were violated?

Right? It’s weird how so many people upset about the situation in this thread are incapable of explaining why it’s a problem without lying.

Like, I get that it sucks to be removed as a maintainer because of something outside your control. But being, or continuing to be, a maintainer of a project isn’t a right that’s integral to that project being free.

I’d honestly even consider it a good idea for Russia to get the FSF to fight this considering it’s a blatant violation of the GPL.

How is telling someone that you won’t accept their contributions anymore a violation of the GPL?

Literally none of those freedoms were impacted. Everyone is still free to use the program as they wish, fork it, make changes, etc… Linux doesn’t have a new license that says “anyone but Russians” can use it.

he then followed up by gloating about Russian maintainers

How did he gloat? He explained the change. If your complaint is that he was abrasive, I feel like you’re not familiar with Linus.

Ok, lots of Russian trolls out and about.

It's entirely clear why the change was done, it's not getting
reverted, and using multiple random anonymous accounts to try to
"grass root" it by Russian troll factories isn't going to change
anything.

And FYI for the actual innocent bystanders who aren't troll farm
accounts - the "various compliance requirements" are not just a US
thing.

If you haven't heard of Russian sanctions yet, you should try to read
the news some day.  And by "news", I don't mean Russian
state-sponsored spam.

As to sending me a revert patch - please use whatever mush you call
brains. I'm Finnish. Did you think I'd be *supporting* Russian
aggression? Apparently it's not just lack of real news, it's lack of
history knowledge too.

Sounds a lot more like he’s frustrated than delighted to me.

Calling your former volunteer contributors bots

He didn’t call the contributors bots.

He called the people submitting reverts and complaining about those maintainers, who weren’t contributors themselves, “troll farm accounts.”

and state assets because of their home country

When did he call anyone a state asset? To be clear, being a troll or a paid actor doesn’t make you someone’s property.

He also explained that this was a legal matter:

> Again -- are you under any sort of NDA not to even refer to a list of
> these countries?

No, but I'm not a lawyer, so I'm not going to go into the details that
I - and other maintainers - were told by lawyers.

I'm also not going to start discussing legal issues with random
internet people who I seriously suspect are paid actors and/or have
been riled up by them.

First, you’re acting like the decision was made by Linus or another member of the team and that they weren’t following the law.

Second, even if that weren’t the case, it’s still completely free. Unless you can name one of the following freedoms that was impacted by those actions:

• Freedom 0: The freedom to use the program for any purpose.
• Freedom 1: The freedom to study how the program works, and change it to make it do what you wish.
• Freedom 2: The freedom to redistribute and make copies so you can help your neighbor.
• Freedom 3: The freedom to improve the program, and release your improvements (and modified versions in general) to the public, so that the whole community benefits.

What “not at all free dogmas” are you referencing, and why is “free” in scare quotes?

Up until a year ago, the README explicitly said they didn’t claim to be an open source project: https://github.com/jgraph/drawio/commit/8906f90ac0cc50a0c6da77c28cf9b2b2339277b1#diff-b335630551682c19a781afebcf4d07bf978fb1f8ac04c6bf87428ed5106870f5L10

For starters, it was never “open source”…

From your link:

Instead, as Winamp CEO Alexandre Saboundjian said, “Winamp will remain the owner of the software and will decide on the innovations made in the official version.” The sort-of open-source version is going by the name FreeLLama.

While Winamp hasn’t said yet what license it will use for this forthcoming version, it cannot be open source with that level of corporate control.

If I upload the source code for my project on Github/Forgejo/Gitlab/Gitea and license it under and open source license, allowing you to fork it and do whatever you want (so long as you follow the terms of my copyleft license), and I diligently ensure that code is uploaded to my repository before being deployed, but I ignore all issues, feature requests, PRs, etc., is my project open source?

Yes.

Likewise, if Winamp had been licensed under an open source license, it would have been open source, regardless of how much control they kept over the official distribution.

Winamp wasn’t open source because its license, the WCL, wasn’t open source.

Do you memorize all of your passwords? If so, I take that to mean that you don’t use a password manager. Password managers - really, any app with 2FA - have this problem, too. But if you use a password manager and store your 2FA methods in it, then you only need to be able to regain access to your password manager.

If you use a cross-platform password manager with Passkey support, like Bitwarden, you can use it on any of your devices. In the event that you lose all of your devices, if you don’t have an Emergency Contact set up, you will need your password and one of the following to gain access to your account:

• Access to your 2FA method
• Access to your Recovery Code
• If you’re in an enterprise using Duo 2FA, access to a Duo bypass code (contact your Duo admin to request this)

If you use security keys for 2FA, then you should have at least two - one that you keep with you and a backup that you keep in a safe place, like at home in a lockbox.

If you use a TOTP app to log in, or if you use security keys and want another backup, then making sure you’ll have access to the Recovery Code should be your priority. You can write it down and keep it in a few different places - at home, in your car, in your locker at work, etc… You can share it with someone you trust in person or over an encrypted channel (like Signal). You can store it on a flash drive, encrypted by a second password (which can be much easier than your primary password) or even unencrypted, if you generally keep the drive somewhere safe, disconnected from your computer. As long as you remember your password and can access your recovery code, you’ll also be able to regain access to your account, including all of your passkeys.

Emergency Access requires someone else to have access to their Bitwarden account, but assuming you don’t both lose access, it’s a pretty solid solution. When they request access, Bitwarden will send you an email allowing you to accept or reject their request. If you accept or don’t respond within the allotted “Wait Time” (which you configure: 1 day minimum, 90 days maximum) then they’ll be granted access. You also get a choice (when setting this up) to let them takeover the account (resetting your master password) or to just get read-only access.

Maybe you don’t like Bitwarden and want to use some other app, like 1Password, Dashlane, Roboforms, etc… Whatever your choice, familiarize yourself with how to restore access to your account in an emergency. Then you only need to worry about that and not about how to get access to your passkeys that are on your Windows laptop or only synced to your Apple devices.

But that is exactly what he recommends, using a password manager - with one time email authentication for the first login as an extra step, right?

Nope.

Using a cross-platform password manager with synced passkeys is different and much more secure than using a password manager with email TOTPs or sign-in links with emails that aren’t end-to-end encrypted.

And password manager adoption is much higher than PGP keyserver adoption, and if you can’t discover someone’s public key you can’t use it to encrypt a message to them, so sending end-to-end encrypted emails with TOTPs/sign-on links isn’t a practical option.

According to Statista, 34% of Americans used password managers in 2023 (a huge increase from 21% in 2022), so it’s not even like the best case scenario is rare.

The author mentions it: the QR code approach for cross device sign in. I don’t think it’s cumbersome, i think it’s actually a great and foolproof way to sign in. I have yet to find a website which implements it though.

The site doesn’t need to implement this; the browser handles that part.

I confirmed this works and logged into Github using Google Chrome on my work computer using a passkey stored in Bitwarden earlier today. I had to enable Bluetooth for Chrome, since I’d had it disabled, but then everything else was seamless.

For the purposes of this project, you could at least reproduce them by running wget and downloading them from the original projects.

There is a project to convert the Steam app to a side-loadable mobile app (both for Android and iOS): https://github.com/blake502/balatro-mobile-maker

I haven’t tested that out myself and I have no idea how it compares to their official mobile release, but I’m super curious about how it was implemented (it’s the first time I saw a tool that could convert a game to an iOS app), so I’ll be looking into it at some point.

Eligible libraries, archives, and museums have a few exemptions to the DMCA’s anti-circumvention clauses that aren’t available to ordinary citizens, but these aren’t unique to the Internet Archive. For example:

Literary works, excluding computer programs and compilations that were compiled specifically for text and data mining purposes, distributed electronically where:

(A) The circumvention is undertaken by a researcher affiliated with a nonprofit institution of higher education, or by a student or information technology staff member of the institution at the direction of such researcher, solely to deploy text and data mining techniques on a corpus of literary works for the purpose of scholarly research and teaching;

(B) The copy of each literary work is lawfully acquired and owned by the institution, or licensed to the institution without a time limitation on access;

© The person undertaking the circumvention views the contents of the literary works in the corpus solely for the purpose of verification of the research findings; and

(D) The institution uses effective security measures to prevent further dissemination or downloading of literary works in the corpus, and to limit access to only the persons identified in paragraph (b)(5)(i)(A) of this section or to researchers or to researchers affiliated with other institutions of higher education solely for purposes of collaboration or replication of the research.

This exemption doesn’t allow them to publish the content, though, nor would it provide them immunity to takedown requests, if it did.

These exemptions change every three years and previously granted exemptions have to be renewed. The next cycle begins in October and they started accepting comments on renewals + proposals for expanded or new exemptions in April, so that’s why we’re hearing about companies lobbying against them now.

Dunno, I think regardless of the method used by the extension, I think any extension called “Bypass Paywalls” that does what it says on the tin can pretty unambiguously be said to be designed to circumvent “technological protection measures”.

“Bypass” and “Circumvent” are nearly synonymous in some uses - they both mean “avoid” - but that’s not really the point.

From a legal perspective, it’s pretty clear no circumvention of technological protection measures is taking place*. Yes, bypassing or circumventing a paywall to get to the content on the site itself would be illegal, were that content effectively protected by a technological measure. But they’re not doing that. Rather, a circumvention of the entire site is occurring, which is completely legal (an obvious exception would be if they were hosting infringing content themselves or something along those lines, but we’re talking about the Internet Archive here).

* - to be clear, I’m referring to what was detailed in the request, not the part that was redacted. That part may qualify as a circumvention.

In this case, it circumvents the need to login entirely and obviously it circumvents the paywall.

Following the same logic, Steam could claim that a browser extension showing where you can get the same game for cheaper or free circumvents their technological protection measure. It doesn’t. It circumvents the entire storefront, which is not illegal.

That’s the same thing that’s happening here - linking to the same work that’s legally hosted elsewhere.

Though as you said, these guys should probably be sending DMCAs to the Internet Archive

Yes - if they don’t want their content available, that’s what they should do. They might not want to do that, because they appreciate the Internet Archive’s mission (I wonder if it’s possible to ask that content be taken down until X date, or for content to be made inaccessible but for it to still be archived?) or they might be taking a multi pronged approach.

Maybe archive.today is the problem? Maybe they don’t honor DMCA requests.

Good point. If so, and if their site isn’t legally compliant in the same ways, then the extension becomes a lot less legally defensible if it’s linking there. That’s still not because it’s circumventing a technological protection, though - it’s because of precedent that “One who distributes a device with the object of promoting its use to infringe copyright, as shown by clear expression or other affirmative steps taken to foster infringement, going beyond mere distribution with knowledge of third-party action, is liable for the resulting acts of infringement by third parties using the device, regardless of the device’s lawful uses,” (Source), where “device” includes software. Following that precedent, plaintiffs could claim that the extension promoted its use to infringe copyright based off the extension’s name and that it had knowledge of third-party action because it linked directly to sites known to infringe copyright.

The Digital Media Law Project points out that there are two ways sharing links can violate the DMCA:

• Trafficking in anti-circumvention tools - which is obviously not what’s going on here
• Contributory copyright infringement - which is basically doing something described by the precedent I shared above.

I’m not sure how the extension searches web archives. It if uses Google, for example, then it would make sense to serve Google ae DMCA takedown notice (“stop serving results to the known infringing archive.piracy domain”), but if the extension directly searches the infringing web archive, then the extension developers would need to know that the archive is infringing. Serving them a DMCA takedown (“stop searching the known infringing archive.piracy domain”) would give them notice, and if they ignored it, it would then be appropriate to send the takedown directly to their host (Github, the browser extension stores, etc) citing that they had been informed of the infringement of a site they linked to and were de facto committing contributory infringement themselves.

Given that they didn’t do that, I can conclude one of the following:

1. The lawyers are incompetent.
2. The lawyers are competent and recognize that engaging in bad faith like this produces faster results; if this is contested they’ll follow up with something else, possibly even the very actions I described.
3. The archives that are searched by the extension aren’t infringing and this was the best option the lawyers could come up with.

How is the accused project designed to circumvent your technological protection measures?

The identified Bypass Paywalls technology circumvents NM/A’s members’ paywalls in one of two ways. [private]

For hard paywalls, it is our understanding that the identified Bypass Paywalls technology automatically scans web archives for a crawled version of the protected content and displays that content.

If the web archives have the content, then a user could just search them manually. The extension isn’t logging users in and bypassing your login process; it’s just running a web search for them.

while (true) { print money; }

Someone’s never heard of Bitcoin