A lot of this is a game of probabilities, which I don’t really think we have.

For instance if a normal human driver, without any automation, can prevent 80% of dangerous situations, but the automation can only prevent 50%, and in those situations the human savety driver can prevent only another 50%, because of inattention, this results in just 75% of dangerous situations prevented and the automation is worse.

Maybe someone knows the real probabilities, I don’t.

One notable software business professional interviewed by RBC thought that the West’s decision would “adversely affect the life of the developer community, mutual trust within it, and therefore the quality of the product.”

It was Russia and other autocracies etc. that diminished the trust by actually financing developers for multiple years to first earn trust and finally introduce backdoors into open source software, as demonstrated by the XZ utils backdoor.

In open source projects, maintainers need to have some initial trust into each contributor, and let this trust naturally grow with time and contributions. They cannot perform intensive background checks on everyone before accepting a patch.

While it is easier to uncover backdoors in open source software, there is no good way to defend and prevent against this kind of attack in this type of development process. All open source projects can do is trying to take away some trust from people within higher risk groups. This of course might lead to discrimination.

I have nothing against any meta search engine, they are very useful, and I use them primarily as well.

However, they are not a true alternative, because they depend on third-party services. The same as Invidious is a very useful, but also not an alternative to YouTube itself, just a different user interface.

Tesla’s CEO; The Inspiration For Tony Spark

Elon “Baby-Brain” Musk as the inspiration of “Tony Spark” the cheap knock-off Tony Stark.

Well, you and I just have a different understanding of “search engine” then. For me a search engine is something that doesn’t forward queries to third parties.

Which other trustworthy search engines are there? And I don’t mean some different frontend or a meta search engine like ddg, sp, kagi, searx(ng), etc… that mostly just use googles, bings or even yandex and beidu results?

Ages ago I configured and hosted yacy for myself, but that was a different time… Are there any real alternatives? With mayor internet companies like cloudflare, social media sites and many others restricting the access to the net and information, searching becomes more and more impossible if you aren’t a huge corporation…

The problem is EAs business model for this game. It is free to pay, so EA need to extract money otherwise. They introduce some gamified resource collection and crafting with exponentially rising costs, etc. And hope that gamers circumvent that by buying stuff with real money. Now players don’t all want or can’t do that, and look for alternative solutions.

So EAs business model drives people to cheat. To cheat them primarily and other players secondarily.

And because of their business model, they cannot solve the cheating between players by giving them dedicated servers or just let them P2P match, because they would loose control over them and their ability to extract more money.

Together with secure boot and your own signing keys, it could be a good way to en/decrypt the a dm-verity secured read-only rootfs. But for the home partition I would probably still want to enter my own decryption key, maybe via systemd-homed. From there you can update the kernel/initramfs and read-only rootfs image and sign them for the next boot.

This is complicated to set up. Otherwise maybe use TPM as a 2FA, so you still have to enter a pin?

So the question is how to get those suburban churches to be more like those downtown churches?

Raze the whole suburbia to the ground and rebuild it with proper pedestrian, bike and public transportation, mixed zoning in mind. There is no saving or improving it, it is just too far gone.

Well, if the text file uses git(hub/lab) flavored markdown, you can check/uncheck the boxes from the webui of git(hub/lab). No need to write an app for the apple device.

https://docs.gitlab.com/ee/user/markdown.html#task-lists

In gitlab you might need to edit the markdown file via an webeditor and create a commit this way.

Instead of relying on a specific cloud service, why not generate a text file from for the todo list data and checkbox state and push/pull it to a git repo?

There is gitpython, a pure python implementation of git.

Also called bikeshedding.

The SDK is not closed source, you can find the source here: https://github.com/bitwarden/sdk

It might not be GPL open-source, but it is not closed either.

Sure. To me “source available” is still closed-source, since looking into it might give companies an attack surface for you to have violated their copyright in the future. Happened with IBM in the past: https://books.google.de/books?id=gy4EAAAAMBAJ&lpg=PA15&pg=PA15&redir_esc=y#v=onepage&q&f=false

Let’s wait and see before we get out the pitchforks.

Sure. Bitwarden doesn’t owe us anything, but it is still sad to see this decision and better clarification and explanation could have alleviated the breaking of the trust here.

So you meant to say:

I would go as far as to say that Bitwarden’s main competitive advantage and differentiation is that it’s source is available.

That is not true, there are a lot of other password management software out there where the client source code is either open source or source available. For instance keyguard: https://github.com/AChep/keyguard-app?tab=License-1-ov-file#readme which is an alternative proprietary bitwarden client, where the source is also available. Also the Proton Pass client is under GPLv3.

I would argue that the main advantage of bitwarden compared to others is that it is open source and has an open source server for self-hosting (vaultwarden). Which of course makes it difficult in terms of business strategy with their VC funding. But maybe becoming a non-profit org and getting money from donors, the strategic funds of EU and other governments, etc. might be an alternative way.

Ok, lets take it step by step:

Thanks for sharing your concerns here. We have been progressing use of our SDK in more use cases for our clients. However, our goal is to make sure that the SDK is used in a way that maintains GPL compatibility.

• the SDK and the client are two separate programs

I think they meant executable here, but that also doesn’t matter. If both programs can only be used together and not separate, and one is under GPLv3, then the other needs to be under GPLv3 too.

• code for each program is in separate repositories

How the code is structured doesn’t matter, it is about how it is consumed by the end-user, there both programs are delivered together and work together.

• the fact that the two programs communicate using standard protocols does not mean they are one program for purposes of GPLv3

The way those two programs communicate together, doesn’t matter, they only work together and not separate from each other. Both need to be under GPLv3

Being able to build the app as you are trying to do here is an issue we plan to resolve and is merely a bug.

Not being able to build a GPLv3 licenses program without a proprietary one, is a build dependency. GPLv3 enforces you to be able to reproduce the code and I am pretty sure that the build tools and dependencies need to be under a GPLv3 compatible license as well.

But all of that still doesn’t explain what their goal of introducing the proprietary SDK is. What function will it have in the future? Will open source part be completely independent or not? What features will depend on the close-source part, and which do not? Have they thought about any ethical concerns, that many contributors contributed to their software because it under a GPL license? How are they planning on dealing with the loss of trust, in a project where trust is very important? etc.

None of that makes Bitwarden not open source.

Yes, it does, because it violates its own license GPLv3 by having proprietary build-/runtime dependencies.

If it was under a different, maybe more permissive, open source license, then maybe it would still be open source, but as of right now i likely breaks its own license terms.

Not only that, they specifically state this is a bug which will be addressed.

From what they state, they think that because executables that share internal information via standard protocols does somehow not break GPL3 terms compared to two libraries that share internal state via the standardized C ABI which does. And they seem to not consider that a bug, just the build-time dependency.

Well, then it would be nice to hear from them an explanation on why they decided to violate the GPLv3 on their client, by coupling it with proprietary code in a way that disallows building and/or usage without that proprietary component.

They would be insane to change that.

Yes. And i hope that they recover from it soon.

I would say a proper explanation includes the goal you want to achieve, not just the statement that you think that you are allowed to do something.

That “explanation” is unsatisfactory and likely wrong: https://www.gnu.org/licenses/gpl-faq.html#MereAggregation

So they either have to license their SDK under a GPLv3 compatible license, or switch the license of their client to a non-GPL one.

Their “explaination” only mentions why they think can do it, but not why they are doing it.

So that means they are just supporting it as long as it is easy to do, and that they are not brave enough to fork chromium.