We can quibble about whether a "hacktivist" group can even exist at all or if it's a convenient lie the Internet has collectively told itself to justify groups of thugs attacking the targets they don't like as "the good ones", but they fit the modern definition of a hacktivist group.
(I remember trying at the time of the incident and having less success than now.)
Thanks for sharing the direct link to that video. At the time of the initial outage, I only saw some assertion that they were 'a hacktivist group' on some article on Bleeping Computer, and at the same time the only reason they'd claimed for the DDoS was 'because we could'. Hacking something just because you can is, of course, not doing hacktivism.
If these people are sincere, they are idiots in their propaganda strategy and artless in their 'hacktivism'... but definitely hacktivists.
But tbh this seems too stupid and ill-directed to me to be anything other than a false flag operation. ¯\_(ツ)_/¯
Either way, thanks for the additional context!
It is abit sad that they messed up the licensing. It would be fun nostalgia to run the 'real' Winamp on Linux. Native. Emulation does not count.
Giving WINE (originally WINdows Emulator) a cute backronym does not change the definition of the word emulator or whether Wine is one. Please check your favorite dictionaries for that.
> In computing, an emulator is hardware or software that enables one computer system (called the host) to behave like another computer system (called the guest).
> Good online communities die primarily by refusing to defend themselves.
> Somewhere in the vastness of the Internet, it is happening even now. It was once a well-kept garden of intelligent discussion, where knowledgeable and interested folk came, attracted by the high quality of speech they saw ongoing. But into this garden comes a fool, and the level of discussion drops a little—or more than a little, if the fool is very prolific in their posting. (It is worse if the fool is just articulate enough that the former inhabitants of the garden feel obliged to respond, and correct misapprehensions—for then the fool dominates conversations.)
Read the whole thing:
https://www.lesswrong.com/posts/tscc3e5eujrsEeFN4/well-kept-...
In the Christian religion, God ultimately protects the virtuous pacifists by putting them in Heaven, away from bullies. In an online forum, there's no transcendental force to render such a service, so...
But not even all Christian scholars subscribe to that definition, let alone pacifists in general. Many pacifists are perfectly ok with self-defense.
But, to my mind, pacifists choose to not fight back by definition, or that would be violence, so their prolonged existence is only possible because other social mechanisms hold back violence which would destroy them. Interaction with these mechanisms may be the point of holding a pacifist position: say, a monk or a nun may have a higher moral authority because of a declared personal abstinence from any violence, and hence indirectly incentivize lay people to protect them.
Of course there are people who call themselves pacifists but admit a right for self-defense, but only not organized or military; such a position again is only possible when someone else would partake in a defensive warfare and protect them.
Abstaining from aggression while being ready and willing to respond to aggression with full force, lethal when required, looks to me like the most logical "lawful good" position. It has a chance to produce an equilibrium when multiple parties live in peace for a long time, and any violent deviations are quashed.
say, a monk or a nun may have a higher moral authority because of a declared personal abstinence from any violence, and hence indirectly incentivize lay people to protect them.
Abstaining from violence at the expense of others putting themselves in harms way to protect them?
Shouldn't they try to make these "lay people" abstain from violence as well?
But then who is left to defend the pacifists?
Does that mean in the face of outside aggressors all pacifists will die soon or live horrible lives under oppression from the aggressor?
Which I guess is OK for them if they believe that something better is available for them in 'heaven'?
It would be hypocrisy if the monk commanded others to fight instead of him, while also declaring that he finds violence morally debasing and thus unacceptable for himself. But I don't think that laypeople would respect such a figure.
Again, this is a valid, but narrow definition of pacifism. One that is more often found in misguided Christians who take Mathew 5:39 literally than serious scholars. The willingness for self defense does not preclude pacifism at all.
A good example is Mahatma Gandhi who is widely recognized as a pacifist, yet argued that it is better to fight than to be a coward in the face of injustice.
The classical thought experiment replaces the British Raj with a German, or, better yet, Soviet occupation administration. With them, peaceful protests spectacularly won't work, and would be insane to try.
(Right after the independence was achieved, the land descended into a brutal war that claimed 20M dead, the death toll similar to that of WWI.)
But yes; even newsgroups, BBSes, etc. were subject to this kind of stuff. People have always been people, even smart people with money to purchase computers.
Yes, "good ol' days" types will always move the goalposts further and further back when you point out that things were exactly the same in the mythical time period they want to return to
Botnets weren't a thing, either.
The setting applies to a whole repository.
Which in itself would summon the vitriol of the super-trolls. "Moderation is censorship" is the most absolutely ridiculous mantra to gain traction in the last decade.
It's fine both to "moderate" your own repo, as well as to "censor" your own repo. No need to play word games or demand that strangers that you owe absolutely nothing to can't be upset. They can be upset, and you can ignore them until they go away.
People often conflate the two. That censorship and First Amendment violations are one and the same. They are not.
And the reason the U.S. government saw fit to restrict its ability to censor its public is because they recognized that that ability could be used to censor legitimate criticism of the government.
Dang rate limited my HN account because I got into too many controversial discussions. Arguments just like this one. Did I call him out for censorship? No. I asked him to keep it rate limited. Because the truth is sometimes I see things and I just have to reply.
Academic censorship? Start your own journal and publish there. Religious censorship? Start your own church and gather your followers. Forum censored you? Start your own website where they have zero say about anything and write about whatever you want.
Government censorship? You are screwed, and you go straight to jail if you try to break free and start your own.
The word 'censorship' is clearly defined to include actions by many groups, not just governmental entities.
Now, I think there is a line between moderation and censorship but it is not based on who is doing it. That line is can get real fuzzy, but in my opinion (and it mirrors some supreme court decisions) the most significant difference is in what they try to control. Moderation tries to regulate how people communicate and censorship tries to control which ideas get expressed. Almost all moderation also includes some amount of censorship.
Even worse is "moderation of this kind would disproportionately impact disenfranchised LGBTWBIPOC+ users since they're more likely to have new accounts", "gatekeeping" is therefore racist, etc. ad nauseam.
That's for sure is the most absolutely ridiculous mantra to gain traction in the last decade.
To repurpose an old aphorism: Moderation is key to avoiding assholes running rampant on your platform.
Sometimes I wonder though why GitHub allows like an anonymous account with no projects and no followers to do things like upload executables to my issue tracker, or file a dozen new issues on a project with 160+ watchers. Then there's the people who use AI to fill their profiles with fake content to look less sus. It's particularly spicy when you work for a non-profit that puts a lot of oversight into decisions like banning people. I think Microsoft could be doing more to make sure the people who participate in the GitHub community are openly original and have good intentions.
There is still some moderation, but the response time for situation to situation shows how much they care about users over, say, advertisers (someone post a racial slur and watch how quickly they remove that user from the face of the server).
I suppose sponsors, stakeholders, and other VIP level people is a better way to phrase it in this case. Anything that can explode to a huge PR issue will put all those off.
To my mind, premoderation is the way. Any new user's submissions go to the premoderation queue for review, not otherwise visible. Noise and spam can be rejected automatically. More underhanded stuff gets a manual review. All rejections are silent, except for the rare occasion of a legitimate but naive user making an honest mistake.
What's passed gets published. Users who passed premoderation without issues for, say, 10 times, skip the human review step, given that they've passed automatic filters, so they can talk without any perceptible delay. The most trusted of them even get the privilege to do the human review step themselves %)
Meta uses they LLMs to summarize comments already and can do this, yet they choose to allow obvious crypto scammers, T-shirt scams, “hey add me comments”.
A simple LLM prompt of “is this post possibly a scam”, especially for new accounts, would do wonders. GitHub could likely do it too.
L-MO = Language Model Optimized
We get about 50% [obvious] spam/scam signups (only 5 or 6 a day).
That’s pretty sobering, when you consider that it’s a very low-profile, unpromoted, region-locked (US, Canada, Ireland, and India), iOS-only native app.
We vet each signup manually.
Once, that option got turned off accidentally and anyone could sign up. We got about 10 signups a day until I reverted the change, all spammers and bots.
The server logs also show that we get hit by script kiddies dozens of times an hour. This is such a tiny scale operation, with no meaningful commercial activity going on, but anything exposed to the public internet should be considered under attack 24/7.
The problem is that to outsiders, the initial set of gatekeepers who arose naturally in the early community as "the people that knew what it was about" will themselves appear to be "the toxic assholes", so every community will naively eventually cut out its gatekeepers to be more inviting to newcomers.
Only to have the actual toxic assholes flood in, become the new gatekeepers, and dominate the discussion, and suddenly your Faces of Evil speedrunning Discord must have a stance on the war on Gaza and the US election because we clearly need to keep out the neo-Nazis according to our CoCs, right?
And no, I don't have an answer to this other than to largely disconnect from online platforms and start engaging in your local community. Something I myself am not guilty of doing.
At least sourceforge has a download button in the front page.
They turned Github into a social media.
This is such a ridiculous accusation. Why do discussions about source-available models often turn into accusations of soliciting free labor? Why can't authors just provide access to source code, but reserve some or all of the distribution rights? It's their code, after all. Nobody is forcing 'the open source community' to contribute under the terms set forth; anybody who does contribute does so under their own free will, under the terms set forth by the license.
It doesn't always have to be a binary choice between open source and closed source, nor does it justify further accusations of "openwashing."
Copyleft licenses like the GPL assert the same right recursively for downstream users, more or less (details vary between copyleft licenses). But granting the right (to distribute modified copies) to first-order recipients of the source code is common to all free and open-source licenses. That's great! I imagine it's what you're getting at with the phrase 'properly secured'.
But to qualify as open-source, a license must allow redistribution of modified copies, and copyleft is not the only kind of free software license
See (for instance) the Free Software Foundation Europe's FAQ entry 'what is open-source software?':
https://fsfe.org/freesoftware/legal/faq.en.html#opensource
as well as the Criterion 3 of the Open Source Initiative's open-source definition: https://opensource.org/osd
I dislike prescriptivist language. I will continue calling things open source whenever I can see the source code, no matter the license.
The OSD does not originate with Amazon. Its ideas and text are drawn from the free software movement and indeed from a not-for-profit, volunteer-driven, community-based project-- namely Debian. Its text is essentially lifted from the Debian Free Software Guidelines. The term 'open-source' was created to describe an effort by a commercial entity, though-- for the project that would eventually give us Firefox, at a time when the web was dominated by a deeply proprietary monopoly in Internet Explorer.
But all of this should be common knowledge among 'hackers'. At any rate it is extremely easy to discover.
> prescriptivist language
Talk about knowing enough to be dangerous! lol.
> I will continue calling things open source whenever I can see the source code, no matter the license.
Okay? You are successfully resisting being nagged about your use of terms. You are also broadcasting your ignorance of the giants whose shoulders software developers stand upon today.
Software, like many things that can satisfy human needs and wants, is an instrument and mechanism of power. In particular, software and the terms under which it is distributed are often a mechanism by which the software publishers exert power and control over the software's users. 'Open-source', like its more frank ancestor 'free software', exists to signal terms of software distribution that variously protect users from certain strategies of domination by software vendors. Historically (and recently!), that signal associated with the phrase 'open-source' has been a fairly clear (if simplistic) one, because the phrase's usage has been consistent.
When you choose how you will or won't use the phrase 'open-source', you are making a choice about how useful a signal that phrase will be for such purposes in the future. What language is 'correct' in this case gets at a practical and political question we can alternatively get at without any commitment or appeal to a notion of linguistic correctness. That question is this: should there be ready ways to identify terms of software distribution that seek to spare software users from domination by software suppliers?
If one's answer to that is 'yes', then it takes a bit of footwork to get to 'I intend to participate in applying this established safety label to unsafe things'.
> calling things open source whenever I can see the source code
This kind of behavior is arguably a predictable outcome of the strategy of distancing the licensing tactics of the free software movement from that movement's explicit politics, articulations of its on motivations, etc.
Simple. Because the company literally wrote this in their press release[1] at the time they were releasing it.
Direct quote “This is an invitation to global collaboration, where developers worldwide can contribute their expertise, ideas, and passion to help this iconic software evolve.”
Further direct quote: “With this initiative to open the source code, Winamp is taking the next step in its history, allowing its users to contribute directly to improving the product.”
They are literaly soliciting free labor.
This is how the press release ends: “Interested developers can now make themselves known at the following address: about.winamp.com/free-llama” what is that if not a solicitation for free labour?
> anybody who does contribute does so under their own free will, under the terms set forth by the license
So wait. Just so I understand. Is your problem that you think they are falsely accused of soliciting free labour? Or that they are indeed fully were soliciting free labour but you would rather not want people harsh your vibes by discussing this?
1: https://www.llama-group.com/wp-content/uploads/2024/05/2024-...
I'd also be careful attributing these actions to malice without further motive, when it very well could also be attributed to excitement i.r.t. sharing and collaborating on Winamp's source code in public, under a single-source.
That assumes that everyone has full information of course. Discussing the terms publicly is helping everyone reach that state.
> Nobody is asking for an uninvolved third-party to police the collaboration.
And someone is asking you to police what people are chatting about here? Doesn’t feel to be an entirely thought through argument.
> I'd also be careful attributing these actions to malice without further motive
I don’t actually care if they are “malicious” or “inept” or “ill informed” or anything else. In fact I think someone was excited about the open collaboration, and someone else at the company was worried about losing business opportunities and that is how we ended up with this situation. Maybe it was even the same person at different times.
Maybe they heard about open source but never really understood the concept, and the motivations of people participating in it.
Or maybe they are just as greedy as they appear to be.
Who knows and who cares. What matters is that this is a rough deal and people should not play within their rules.
these actions could be construed as malice, but i would definitely attribute them as greed. AKA, they want contributions, but want to prevent anyone else but themselves from being able to commercially exploit it.
Fair Source is a better model in that regard, kudos for using that! And I personally have no problem with using the term “open source” for that, although just using the distinct term is better.
In case of Winamp though, they:
1. Used a crayon license that prohibited pretty much everything and was indeed focused on collaboration
2. Made a press release about “opening up” the source – not using the exact phrase “open source” (except in the URL: https://about.winamp.com/press/article/winamp-open-source-co...), but misleading nonetheless
3. Weren’t even the original authors
This is openwashing, and it is ridiculous, and they were rightfully shamed.
I find value in every one of these types of releases. Sometimes that value is just a chuckle... knowing even successful codebases are as duct-taped together as all the rest.
Look at Apple, they claim E2EE, but don't even allow to verify that defeating the purpose of E2EE entirely (lack of need to trust the provider)
My comment was a reply to a comment which described it this way.
> * Contribution to Project: You are encouraged to contribute improvements, enhancements, and bug fixes back to the project. Contributions must be submitted to the official repository and will be reviewed and incorporated at the discretion of the maintainers.
> * Assignment of Rights: By submitting contributions, you agree that all intellectual property rights, including copyright, in your contributions are assigned to Winamp. You hereby grant Winamp a perpetual, worldwide, non-exclusive, royalty-free license to use, copy, modify, and distribute your contributions as part of the software, without any compensation to you.
> * Waiver of Rights: You waive any rights to claim authorship of the contributions or to object to any distortion, mutilation, or other modifications of the contributions.
>Nobody is forcing 'the open source community' to contribute under the terms set forth; anybody who does contribute does so under their own free will, under the terms set forth by the license.
And? Yes, we're all acting out of our own free will. The owners of Winamp decided out of their own free will to release their code under those terms, and I'm criticizing them for trying to take advantage of people also out of my own free will. What's the issue?
With all due respect, I don't think you know what open-washing means.
Without that, I don't see how this is open-washing...
>The Winamp Collaborative License is a free, copyleft license for software and other kinds of works.
https://git.cbraaten.dev/AtRiskRepos/winamp
Also here is a git bundle file which can be cloned from:
Winamp contained modified GPL code, violating the GPL (github.com/winampdesktop)
18 points by mepian 19 days ago | 6 comments
Was it linked dynamically? Static linking to an LGPL library from a proprietary application is also possible, but way trickier.
For a "shared source" app (i.e. source available but under restrictive non-open source terms), static linking is generally a non-issue, provided you give people permission to recompile the app from source with a modified library version, and you actually built the binaries you ship from the source you provide them (as opposed to some separate internal repo containing changes missing in the source you provide to your customers or the public). So, WinAmp currently would not be infringing even if it were statically linking modified LGPL libraries (assuming their source repo includes the source to the modifications) – although this may be evidence of past non-compliance.
Static linking is really only a big problem for proprietary apps where you don't give people the source code. Even there, so long as you ship them object files so they can relink it with an updated LGPL library version, you are fine. Once upon a time, linking at the customer site was not an uncommon strategy for enterprise software, in fact last time I worked with Oracle RDBMS (7+ years ago) it was still using that strategy for a standard install.
For LGPL 2.1, you don't even need to ship the object files or offer them for download – you just need to make an offer, valid for at least 3 years, [0] to supply them on request. LGPL 3.0 removed that provision, with LGPL 3.0 you have to either ship them or offer them as a separate download.
[0] I believe the "3 years" is from the date you ship each individual copy of the software. So if you released version 1.0 in 2001, and it contained a "valid for 3 years offer", if you are still offering version 1.0 for download from your website in 2024, that offer is valid until 2027 for someone who downloads it today. But if you removed version 1.0 from your website in 2005, and since then have not given anyone a copy, then the offer would have expired in 2008.
But still a modification.
a) release the code of the original LPGL licensed library
b) release it with a patch of any modifications, ie the small change here
c) nothing else. zero. No license changes. No other code of the app affected. No app code needs to be released.
And you are compliant with the LGPL license and can get on with life. So this is not a big deal the way GPL code in the app would be which would require the app code to be re-licensed and released to comply, which is a huge deal and difficult to accomplish.
One of the reasons libraries are useful. You can replace the library in one go and if you do it right (ie, don’t replace it by the same modification process described above) the license is moot.
I worked for a company that did sales in Europe and we ran afoul of a public domain library. At the time the EU didn’t recognize PD release as a legal act. One library was easy enough to replace with a similar one, the other had no suitable peer. Luckily the library we used was small and we didn’t use much of it, but that use was important.
I wrote a bunch more unit and functional tests in our code to serve as pinning tests, then asked a lead dev on another team to write a library to replace it without referring back to the existing code. I’d stepped through it enough I could practically rewrite it from memory. I knew that wouldn’t stand up legally, but he had no reason to obsess about that part of the code. Nearly took me longer to explain the gambit to him than it did for him to complete the task once he understood it.
That's just not true, surely? Lest everyone using any flavour of Linux is liable to the same problem?
How many apps out there are using GPL code? Android, for example.
Making a derivative in the sense of adding functionality to it, I get, but using it as-is as a component or library surely doesn't - and cannot - fall foul of the license else the entire technosphere is liable.
What? The actual history of GPL enforcement is restrained when it comes to remediation. Are you aware of some routinely punitive GPL enforcer that I am not? Or is this FUD or a joke?
I hope I've not missed some news about your own projects and that you've not been subject to anxiety or meanness on account of the GPL, either. :(
> Lest everyone using any flavour of Linux is liable to the same problem?
The kernel is GPL. applications running on it in usermode are not constrained by the license.
https://www.gnu.org/licenses/gpl-faq.en.html#PortProgramToGP...
The "technosphere" is generally fairly compliant on these things. There is no disaster. But this is also why most commercial companies avoid GPL libraries.
If by that you mean, if you are using Linux in production servers: You may use GPL software in a commercial setting. The source code part only applies if you are distributing software that contains GPL code.
Yes, OEMs are expected to release their kernels' sources. Also yeah, they're mostly very bad at it.
It is true.
> Lest everyone using any flavour of Linux is liable to the same problem?
The Linux kernel has an explicit "system calls are not linking" exception to avoid any possible confusion on this matter.
https://github.com/torvalds/linux/blob/master/LICENSES/excep...
Merely using the kernel's facilities from user space does not make your program a derivative work of the kernel.
People like to get all worked up about GPL violations - but the reality is there's nearly zero anyone can actually do.
The people posting these "Issues" were plainly being gapping, loose butt holes.
Winamp contained modified GPL code, violating the GPL - https://news.ycombinator.com/item?id=41662105 - Sept 2024 (6 comments)
Winamp removed "No forking" restriction from license - https://news.ycombinator.com/item?id=41650355 - Sept 2024 (12 comments)
Winamp Legacy player source code - https://news.ycombinator.com/item?id=41636804 - Sept 2024 (328 comments)
Being an extraordinarily nice axe, its original creator must surely have taken proper care of it and kept it clean, but over the years it clearly accumulated some dirt and a few modifications. Not wanting to damage an important historic artifact, the finder decides to leave the patina alone and donates the axe as found.
The museum requires the donor to add an exhibit label. Unfortunately, the finder being Belgian and speaking only French, there is a severe misunderstanding about the purpose of the axe.
On the day the exhibit is first shown to the public, hell breaks loose. People threaten to sue because the dirty prehistoric axe is against all regulations that apply to contemporary axes. Some attempts are made to remove the dirt, but only in a way that preserves the dirt, which enrages the other camp even more.
Ultimately, the exhibit is withdrawn from the museum, but luckily many had a chance to make copies and 3D copies that they keep safely in their private collections.
I may totally have missed details here, I haven't paid attention much, so please do correct me if I'm wrong
Most of the blame should be with the people who spoiled it, and while it doesn't excuse their deeds they are unsurprising from a historical context.
The current owners of Winamp share some blame too, but I see it more in the neglect of due diligence when they acquired Winamp and less in the release of the source. Arguably I see more incompetence (which, of course, is no defense against punishment) than malice in the later.
Finally, that the original authors kept the Winamp source clean is a reasonable and likely assumption, but as far as I know there is no 100% way to be sure.
So basically anything you say is speculation?
Im going to add my own unfounded speculation by claiming that the original winamp source did actually contain licence violations which is why the project was never re-released after being acquired by AOL.
Only after buying the project did AOL realise that the code wasn't usable as-is, so it needed further investment to rewrite and replace all the violations, and since at that point the value of local media-players was quickly diminishing they just let it be.
No, just that it might not be the complete picture.
Until the original source from the Nullsoft days surfaces, we do not know, and certainly should not make unfounded speculations.
What law? The law of the Gnu?
All free software licenses grant you additional rights on top of copyright law. These rights allow you to make copies of the software given certain conditions. If you violate them then they do not apply and only copyright law applies so any copies you made are illegal.
First that's not true and even if that would be only true in the US. Since the US is not THE "law" you cant say that.
Also:
>Under the current law, works created on or after January 1, 1978, have a copyright term of life of the author plus seventy years after the author's death.
https://www.copyright.gov/what-is-copyright/
So when Gates dies and i violate Microsofts License 7 years later i can have DOS 6.22 for free and redistribute it right?
You and I will likely be dead.
Gates does not hold the copyright for MS DOS 6.22 and it's not 7 years but 70. But yes, eventually yes, see how Sherlock Holmes became public domain. For PC software in 2024 this is not yet relevant, the Berne minimum is death plus 50 and the IBM PC is not yet 50 years old.
I learned something today,
Also, from one ArsTechnica link posted later in this story, one former dev told that the 4 WA Legacy developers were fired and soon he left too, so I guess they presumably had either no one or very few resources who knew that code and were in the best position to audit it before public release. This is not just shooting oneself in the foot; it rather looks like dancing on a landmine.
It's not ideal if the way the software was written was itself illegal. Still the advantages of having it out in the open seem to outweigh the benefits of litigating all license violations.
>> It's not clear their license was open source, actually. OSI Makes free distribution the first part of the definition of open source, as well the ability to create derived works[1]. Their rule against forking might clash against that.
Thank you for your satirical post to highlight the type of person OP was mocking.
> If I did have any desire, it would be extinguished by the license terms, lol. The terms are completely absurd in the way they are written, e.g. "You may not create, maintain, or distribute a forked version of the software." So arguably making any changes would be considered "creating a forked version." But even taking these terms as they are likely intended (which is slightly more permissive than how they are written), they are terrible. No thank you.
https://www.askjf.com/index.php?q=7357s
And here's a statement from one of the recent maintainers of Winamp:
> I worked at Winamp till this February. I was the one that suggested the we'd open-source all the player code that belonged to us (so stripping all the Dolby, Intel IPP, etc stuff that wasn't owned by Winamp), so that the community was free to do whatever it wanted with it. I envisioned something à la DOOM GPL release. Amongst ourselves we joked about seeing enthusiasts create a Winamp-for-your-smart-fridge or Linux port. That would have been pretty cool. Instead that proposal was repeatedly ignored by management which couldn't be convinced that this decades-old spaghetti code had nothing more than historical value. "Why would we give our IP away ?! We paid for that". As if VLC, Foobar2000, etc didn't exist ...
https://arstechnica.com/civis/threads/winamp-really-whips-op...
But sure. All the pushback is totally from "entitled shutins". Definitely people who have never even used Winamp and just want to manufacture outrage. Uh huh.
https://news.ycombinator.com/item?id=41645867
> Oh.... they vendored everything, including a bunch of external x86 binaries. 32- and 64-bit. FFS.
> But also - I sure hope they got the licensing correct for those parts...
> his lawyers tell him
There is hypocrisy here around internet archive, it's totally OK to store copy-write content on the archive, but its not OK when a company does so on their own.
It's not a nitpick, the library was self-contradictory. It claimed to be copyleft while not allowing distributing modified copies by anyone other than the rights holder.
>There is hypocrisy here around internet archive, it's totally OK to store copy-write content on the archive, but its not OK when a company does so on their own.
That's right, because it was the company that broke their contract with their vendor by making publicly available source code when they didn't have permission to do that. If that software vendor has a problem with the IA they can issue a DMCA request.
"Those who know Git mechanics" in this case is talking about extremely simple Git mechanics. Those who know more advanced Git mechanics would know that even a rebase is not sufficient to solve the problem of having pushed up secrets.
Aside from the obvious problem of all the forks and previously-cloned copies, the offending commits will still also be available on GitHub (at least until the next garbage collection), they'll just have the message "This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository."
Any links that include the old hash will still be available online and will still turn up the code you tried to delete.
No. Forever. Literally forever. GitHub does not run garbage collection, like, ever.
https://stackoverflow.com/questions/4367977/how-to-remove-a-...
Dangling commit from 14 years ago :
https://github.com/nylen/connectbot/commit/1cd775d
There is only one way to delete data on github permanently and that's to request it from github support. Still, you would have better luck just deleting your repository and starting over from scratch, deleting your history locally and pushing from a pristine state.
I wish more were brave enough to just publish it with an open license, and then if the owner complains you take it down and rewrite.
Any damages for distributing 30 year old source code are hopefully in the single-digit-dollars range anyway.
This project is preserving the source code around a distributed chat system from the year 2000, the E programming language, and the first real usage of JSON. Outside of those aspects, it's not about preserving fonts and proprietary code.
You are literally suggesting that we take proprietary, copyrighted code and release it under an open source license with no standing, rights, or ownership. It's insane to even suggest this. If you put the source code for Windows 95 online, you'd be sued into a pile of ashes by MS within 10 minutes.
When we want to open source proprietary code, we work with the rights holders. This code was all given to us under such an agreement, and the agreement ONLY covers the code owned by the people who built this thing. The deal was contingent on us not opening any of the code the original owners didn't own, as that would ALSO incur risk for them.
The Windows NT 4 source code exists in multiple public repos on GitHub, and the one from the first Google result has been there for at least four years.
On the one hand, great, but on the other, that's how much (little) they care about Windows as a source of revenue.
> You are literally suggesting that we take proprietary, copyrighted code and release it under an open source license with no standing, rights, or ownership. It's insane to even suggest this. If you put the source code for Windows 95 online, you'd be sued into a pile of ashes by MS within 10 minutes.
Yeah, legal preservation efforts will probably never get that. The torrent is still out there if you just want to look at it, though.
You're assuming an awful lot with this.
- No defendant is going to negotiate a settlement out of court. They would force you to hire an attorney and force this to a trial because of how absurd it is.
Then you would be left with other major issues:
- One that any IP law firm would take a case like this on to begin with.
- The little upside for any firm litigating a case where the software is 30+ years old, effectively abandoned and has little if any resell value.
- Then even if some firm did want to take a swing at it, getting this in front of a judge who would even consider the case would be a huge hurdle as well. We're not even considering having to deal with a jury trial either which would also be even harder to win.
- Even if the defendant refused to negotiate pre-trial, and you somehow managed to finagle yourself into a civil bench or jury trial, trying to convince anybody that the plaintiff has somehow sustained financial damages on 30+ year old software that is no longer being used and has no resale value is almost impossible.
The US courts are not perfect, but these kinds of cases rarely see the inside of a court room and for good reason.
I love how utterly diconnected from reality HN comments are. Y'all seem to think that just because you can rationalize something on paper that we should all just go out and do the thing because the laws are "Stupid." If the world ran like HN thought it did, we'd have no copyright laws, no patents, and infinite free legal advice and services. Yeah, yer right, maybe we could get a sympathetic judge or get the case tossed. After we spend $100,000 on lawyers to get there. Oh, the prosecution would have to pay our legal fees you say? Great, now I'm out $100,000 waiting on the appeal, and it could take years for them to pay up. That's like giving them a $100,000 loan with 0 interest and no defined closing date.
And what's even the upside? I ruined my non-profit so I could spuriously open source some random crap I don't even want to preserve. I have the binaries already, I don't need to recompile. But hey, no one is using this stuff right? Fuck the law!
The world does not work this way. If a lawyer shows up and wants to kill a small non-profit, they can do it in a day, very easily. They don't even need the courts, they just have to sue you and then bomb you with 50,000 pages of evidence. This is a REAL tactic. How do you counter that without paying a lawyer to look at all 50,000 pages? The key is to not give them a reason to do so. You know, by not breaking the fucking law.
I have been trying to preserve a game engine which has had an important following. But there has just been so many hands in the code, there is a lot of trepidation of the risk it could open the companies up too. Not sure how to progress from here.
Because what is the point if something is distributed in a restrictive license, can't be preserved and then gets lost to time? Also, licensing is to avoid distribution, modification or outright copying by competitors; preservation is completely orthogonal to those concerns. It is to avoid losing a piece of craft to the sands of time. There is no reason laws should have power over anything in perpetuity.
As seen in other spaces, pirates ignoring the "law" will provide the greatest service to humanity.
If the rights holders of the licensed bits haven't abandoned them, then it's not really fair to distribute them without their consent.
Also, we're not talking about personal code either, but something that is arguably a product humanity, or a part thereof, would want to preserve for posterity.
Lastly, no one is telling you to open anything. I am saying that if someone decides something you have created need to be preserved, they should go ahead. You can protest, you can sue, the point is it shouldn't stop anyone from trying. Which doesn't apply to this case, as the owner of Winamp actually wanted to make it open source.
And the license matters. We're talking about something owned by a company somewhere, legally. Humanity's concerns don't matter in business and legal affairs. As I stated above, I agree that we should be able to save everything. But this has nothing at all to do with what's good for humanity. This is about money and copyright law.
Also, OK, your personal code is not licensed. Great, now I can take it and license it myself, copyright it myself, and then sue you for hosting it in your github account. Hey, I'd be in the wrong, but if I lawyer up I can just win by spending money and waiting you out. This is the world we live in. It's not good, but it's reality.
Who is telling you that? Literally no one. In my original comment, the preservationist is NOT the author, as it's the author that is liable to be sued by releasing proprietary material.
In my comment, the preservationist is a third-party that should NOT be concerned with such matters, even if being forbidden by copyright law. Imagine the Internet Archive, which already operate this way, and I applaud, because the service they offer is better than if they had to respect all legal nonsense.
No one is telling you to do anything with YOUR code, and code you are legally liable for. No one is putting a pistol to your head, so I don't get why you are being so defensive to my admittedly unpopular opinion. Do whatever you want.
This is not true. You can't redistribute someone else's IP without a license from the owner.
In my country it's legal to do so -if there's no profit- on media, but not for propietary software with sharing restrictions.
If it is reasonable that someone needs to preserve something because it has been abandoned, then the thing should automatically be in the public domain.
If you are not actively using IP for a reasonable amount of time, any patents, trademarks, copyrights, etc should be permanently expired.
This fixes problems with patent trolls too: you effectively would not be able to own a patent unless you were using it in your business.
It's the notion that IP is about protecting some kind of natural right that is a perversion, both historically (evinced in such language as the copyright clause) and ethically (I assert).
Like the privilege of being less bound to engage in survival and political struggles. Evolution produced a world where if you want something, you have to take it. Makers aren't good at taking things because they're too busy making. The natural order is that makers would be marked for deletion, which is how it was for million of years before economies came into being that could support them. Since we know that life is good for everyone when stuff gets made, society is better off as a whole when it goes out of its way to support its makers, since giving makers more means they'll make more. OTOH if you lift up takers they'll just use it to take more.
The greatest most successful takers all know this, which is why many of them become philanthropists. Since there's not much point being a taker if there's nothing left to take. Once you've taken everything, the only way you can take more is by getting makers to make more. The supreme takers also set up things like governments, which claim dominion over all the makers and punish all the little takers who try to take from them. The little takers of course weep and wail about why the makers get a special set of rules, but that's where they get it wrong, because rather than being angry at the makers, the little takers should be modeling themselves after the supreme takers.
In modernity, the set of rules that the supreme takers put in place hundreds of years ago to protect the makers included things like intellectual property. However those rules are just that, arbitrary rules, and they don't cover up the underlying reality of what they sought to accomplish, which is privilege. If those rules don't work anymore, then the system will simply do something else to achieve its goals, which include elevating the universe to a higher state of existence and creating a better life for everyone.
Not exactly how I see things, but insightful and concisely put. Thanks for taking the time to write it out!
Calling her stupid isn't a good way to show her (or anyone) that she's wrong about this.
Yeah, you go ahead and get that through every Western government. We'll fix the rest.
Laws are simply rules chosen and enforced by a given society. Having power over things is what they do. (Also, "in perpetuity" seems untrue, as all copyright expires eventually.)
You clearly disagree with the laws (and I'm inclined to support you there), but what is special about preservation that it should automatically override the will of society? Nearly all the combined work of humanity has been "lost to time," and society seems pretty okay with that.
Pre-digital age, preserving the combined work of humanity was actually quite difficult. The cost to preserve everything outside of "obviously important" artifacts would've been preventative (or even impossible) for society as a whole.
I believe many (if not most) folks native to the digital age believe that digital artifacts should be preserved indefinitely by default - as the cost in doing so is comparatively trivial - and laws in democratic nations will catch up to that.
We could do this. The technology exists. But we, as humans, as a society and as a race of beings, have collectively decided that we will not do this: It doesn't make anyone any money.
For the first time in history, we could store all of human knowledge in a safe replicable way, world wide, for everyone. But we specifically choose not to do this.
We need more of those, agreed, but it makes no sense saying "no one is doing that."
I ADORE Archive. But guess what, they're being sued into the ground over doing EXACTLY what we all want them to do: preserving things. If anything, this absolutely 100% proves my point: we have 1 example of a modern Library of Alexandria, and it is in danger because someone is upset they didn't get paid. This is even more than choosing as a society not to save information and our culture. This is being outright HOSTILE towards the idea.
That argument is almost entirely about the length of copyright, and you're dismissing that with a quick "eventually". It's not about trying to "override" the intent of copyright.
Also copyright has a clear purpose, and the purpose is to promote culture and science, not to help things get lost. When works that people care about get lost, that's a flaw not a feature.
Because it's the only thing that will be left of us in 100, 500, 1000, 10000 years. Whatever we care to preserve today will be what will be left to our descendants. It always matters more than the profits of some company today that won't be around in 10, 20, 100 years. And before you try to argue that not everything is valuable, that's fucking not up to you to decide for our descendants.
> Nearly all the combined work of humanity has been "lost to time," and society seems pretty okay with that.
Works that were lost through things like war, conflict, migration, etc. Not through conscious choice. Copyright is a deliberate decision to prevent the collective preservation of our modern culture in favour of enriching corporations and the handful of people who own them. But that doesn't make it moral or right. And "society being okay with it" doesn't make it okay either.
https://arstechnica.com/civis/threads/winamp-really-whips-op...
The source is open, if don't want to contribute, don't. Just because something doesn't fit a specific definition it doesn't mean it's not worth of existence.
It's one thing to provide a source available codebase. That's a choice, and it's fine for various definitions of fine. What they did was legally put themselves in hot water with the inclusion of proprietary dependencies, misrepresent what their intentions were, and likely irrevocably damage their reputation to a small, but vocal minority, who likely have a sizeable overlap with folks that know what Winamp is/was.
It's okay if none of that matters to you, or if it doesn't resonate with you, but the things that were done were comically awful in terms of sharing a codebase.
Of course they didn't know what they were doing. It was written by a 19-year-old in the mid 90s. The code is messy with poor licensing and some build tools were included in the repository and they wrote a dumb license for it? Who cares, they shipped a product that 10s of millions of people used and loved and wanted to share that code up to the world and instead of embracing the best of what they were trying to do while helping them to make things better, the community piled on them until they said it was so not worth it that just pulled the whole thing.
Bravo and job well done.
Other license holders who would at best DMCA Github and take it down anyway. And at worst sue WinAnp for infringement? This is really bad for them. But if you only care about getting to use a decent product, I guess you don't have to care.
This stuff makes FOSS look bad tho. And would only discourage others from trying to make their source available. So I and others care when thinking of the forest instead of the beautiful tree.
The "they" that made that license is not the "they" that originally wrote it.
The most recent "they" is a European corporation. "They" are the ones trying to use open source as free labor. This isn't the case of "some dumb kid who didn't understand licensing", this is the case of a large international corporation trying to exploit the public for free labor. That's it.
The "they" who originally wrote Winamp, Justin Frankel among others, understands licensing well enough to know when to use GPL and when to keep it closed as he has projects in both areas.
Of course a lot of us have a soft spot for Winamp. It was a formative part of internet culture in the late 90s and early 00s. That and Napster was kind of the first step to things like iTunes and Spotify. But let's be honest here. What the Llama Group did was hilariously inept in the best case and ineptly exploitative in the worst.
Bravo indeed, it's important these things get done so that people can be better educated on software licenses and open source. If we want to discourage stealing, we have to tell people stealing is bad.
We do absolutely nobody any favors by carving out exceptions for whatever darling piece of software we love.
That's a disingenuous argument. It doesn't meet the OSI's definition of open.
> the community piled on them until they said it was so not worth it that just pulled the whole thing.
Yes, but let's be honest: If it wasn't the community, it would have been DMCA takedown requests from the companies whose software was published in the repo. At best, the community hastened the end of the repo by a few weeks.
Anyone can read about this here: https://opensource.org/history
But it's well-documented elsewhere, too.
The term 'open-source' is political, as much as it aimed to 'depoliticize' free software. Its definition is and always has been normative rather than merely descriptive. The term and concept exist to serve a movement, and anyone who is invested in that movement's goals is likely to be invested in promoting a historically informed understanding of both.
As for why you, specifically should care about the concept, I think I don't have the patience to make the case right now. But if you're genuinely interested in that question, I'd be happy to provide links to resources if you let me know what sorts of media you enjoy/have energy for.
>They ended up looking bad and exposing themselves to legal trouble, but I'm not sure this was awful
For a company, I can't think of anything less awful than purposefully choosing to expose oneself to legal trouble. I'd say that qualifies as "comically awful".
>they might even have known exactly what they were doing.
In what way? Are they going bankrupt (so nothing to sue for) and just want to send out readable source on the way out, without enough care to strip out copyright and list dependencies? That's certainly a hail Mary, but I think that move does more damage to the community than goodwill.
Oh no! I did notice all the hallmonitors calling for teacher.
I absolutely support dumping proprietary code on any platform and I'm glad I got a copy the day it was uploaded which lets me verify any fork claiming to be from it.
If we break the contracts we just end up with less free information. I want to protect the long term.
> "Winamp Collaborative License (WCL) Version 1.0.1," you may not "distribute modified versions of the software" in source or binary, and "only the maintainers of the official repository are allowed to distribute the software and its modifications." Anyone may contribute, in other words, but only to Winamp's benefit.
They were basically grifters. It wasn't just a dump for preservation sake (which would be fine as a historical artifact), they wanted to benefit. Parasitic. What was the community benefitting? They could volunteer for free to benefit a for-profit company when there are already open-source clones that do the same thing? (XMMS and it's various descendents for starters).
You got to look at the code. Because it was open.
It's the most literal definition of "open source". You're complaining because you can't also do whatever you want with it. So now we're back to the code being closed again. Better now?
The bad faith interpretation is that this was an attempt to make use of previous goodwill to get some free labor to at the very least fix some bugs for them, or at most add in requested features to try to get it back on the map.
In any online population, some people like to build the world (Aces), some like to rule the world (Kings/Queens), some like to watch the world burn (Jokers), and some spend all their time fire-fighting (Jacks). Corollary: There will always be jokers.
This being, in turn, a fantastic reason to use the GPL for your code.
Whoa there!
You have exceeded a secondary rate limit.
Please wait a few minutes before you try again;
in some cases this may take up to an hour.
Can anyone speak to this? To me, it's the most interesting bit in this article. Does this mean Winamp developers had access to libraries of Intel/MS that are not publicly available?
> The Winamp Collaborative License is a free, copyleft license
also from that license text:
> 5. Restrictions
> No Distribution of Modified Versions: You may not distribute modified versions of the software, whether in source or binary form.
Which means that the Winamp Collaborative License is neither free nor copyleft.
What copyleft actually is:
> Copyleft is a general method for making a program (or other work) free (in the sense of freedom, not “zero price”), and requiring all modified and extended versions of the program to be free as well.
https://www.gnu.org/licenses/copyleft.en.html
Releasing proprietary software is whatever. 'Shared source' and similar dilutions are one level of bullshit. Abusing and diluting the language of the free software movement is a step beyond that.
This kind of 'open-source' is actively harmful to an exceptional degree and absolutely deserves to drown in ridicule. A lot of the mocking issues were unfocused or low-effort, but I can't really complain about their function or intent.
On the other hand, Radionomy's clear incompetence over the years sours me. Having the IP for all those years and laying it to waste, culminating in a half-assed attempt to open source it. It pains me to say as their intentions may be good at least in part, but one has to let Darwin get his way too.
It was pretty clear that with "fork" they meant "don't create a WinAmp-ng fork" and not a "fork" in the "send a patch" GitHub sense. It's fine to point out "hey, I think your custom written license may need a bit of work!", but the amount of vitriol and hate over it (including on HN) was just ridiculous.
It was one of those moments I was embarrassed to be posting here.
And yes, they could have done better, sure. But instead of bringing in someone in the community you just chased them away. Well done everyone. Good job. Excellent result. A story to tell the grandchildren.
If anyone is thinking about open sourcing (and/or making source available) their previously closed app, they had better be paying attention to this. The clear message I saw is that open sourcing is not worth it.
And that sucks and is the exact opposite of how it should be. Open sourcing is an amazing gift you can give to humanity, and instead of looking the gift horse in the mouth and bitching about some imperfections, we should have been praising them and thanking them for their generosity, and sending PRs to help fix issues.
The mess resulting from the Winamp open sourcing/source availabling is more on us (the community) than them, IMHO. If we had acted like rational adults instead of emotionally charged children dehumanizing strangers on the internet and shitting all over them, they would have fixed the issues and we'd be in a better place. Instead now, we have nothing. This is why we can't have nice things.
Many in the OSS community have made it clear that there's a distinction between "yes do whatever you want with it, including running a local instance and/or charging people for it while using the original name" and "we're transparent but want to reserve some intellectual property rights."
We'll see if most consumers of said software agree with the vocal proponents of OSS purity. I think the story of BUSL and similar licenses has yet to fully play out.
Hey, that's me! :-)
(the following is not targeted at you, but at the "Fair Source" idea. You are just the messenger here presenting the idea, I wouldn't shoot you. Although I do respectfully take issue with some phrasing of yours, which I take as an occasion to explain my rebuttal of the Fair Source idea:)
> There's this emerging notion of "Fair Source" that attempts to meet halfway between open participation and business interests
Open source is not necessarily open participation. See for instance SQLite: open source, but not open participation.
Open source is also not at odds with business interests, given the right business model. See also SQLite, and the many successful commercial open source projects.
Open participation and business interests can also go hand in hand, but my comment is already too long to develop on this and I want to focus on the free software aspect.
I reject this idea that source available but not open source being fair and being some "middle ground" between proprietary and FLOSS. User empowerment and freedom is not only 50% lost in the process, it is almost totally lost. There are few things we can do with some code we can't use anyway. There's nothing fair to the user about proprietary software, and the source availability of the software is only barely relevant to this. There's no middle ground: either you have the fundamental rights allowing you to control your computing, or you don't have them.
I think seeing those things as fair / middle grounds is a dangerous idea. The idea that open source prevents doing business and open source needing some taming down for businesses to succeed is also dangerous.
There's a reason to be adamant with the "purity" of licenses being free software without compromise. It's because if you lose even one of the fundamental rights guaranteed by the free software definition, you lose control of your computing.
I guess I probably sound like some fanatic.
To be clear, I was not part of the people reacting on the Winamp repository, and I think things need to be discussed respectfully.
For instance, is this just something that’s being dumped out on the internet in case someone else finds it useful?
Is it part of your portfolio and intended to showcase your technical skill, but not necessarily be polished from a UX perspective?
Or is it intended to be useful for end users?
Maybe it would be good to have a visually distinct and consistent badge or checklist available for open source projects to communicate the high-level goals so that people’s expectations are set correctly and they know what kind of feedback is inappropriate.
Every project is going to nominally be as-is for obvious liability reasons.
- UX Tier 10 for completely tech-illiterate users
- UX Tier 9 for infrequent mainstream users (do not need to watch a tutorial)
- UX Tier 8 for frequent mainstream users (have watched tutorials)
- UX Tier 7 for power users (need to read the manual)
- UX Tier 6 for sysadmin users (responsible for keeping it running for above users)
- UX Tier 5 for domain specialist users (know the theory behind it)
- UX Tier 4 for developers (read the API reference)
- UX Tier 3 for domain specialist developers (API reference and know the theory)
- UX Tier 2 for project ecosystem developers (know conventions and idiomatic patterns)
- UX Tier 1 for the project team itself (know where the skeletons are buried)
- UX Tier 0 for no further development anticipated
revealing Winamp was breaking GPL and several commercial licenses.
[0] = https://www.theregister.com/2024/10/16/opensourcing_of_winam...
And it would have been fine to say "hey, I think there may be a problem here, let's work together to see if we can solve it" wrt. to either their custom license or the GPL. That is not what happened. The sad thing is there would be many knowledgable patient people who would be willing to work with the WinAmp people on resolving all of this free-of-charge, but who is going to notice them in a sea of assholes?
I'll also argue it's not "serious", at least in the sense of "needs to be fixed ASAP". It's been like this for how long? 20 years? 25 years? It's just that no one noticed before. And it's basically a "dead" legacy project. Don't really need to rush to correct mistakes of the past here IMHO.
When I see Twitter-style drama on Github, it makes me sick to my stomach thinking that one day I could be the target of an impromptu dogpile.
I checked his github profile and he barely published anything.
So here we have a company that made all of the code of a complete application source available being dunked by a guy who barely published any source code at all.
Really put things in perspective for me.
Would help a lot, I think.
- YC attempting to choose one startup to fund based on HN votes
- Winamp trying to open-source their code
- Jordan Henderson supporting the LGBTQ community
- Ellen Degeneres's sponsors offering to donate to a charity per question answered by her guests
- PETA offering to donate money for each person who chooses veganism
- Numerous open-source developers who give their things for free
It's important to know who your audience is. If they require unwavering purity, it's often better for your own sake to not engage with them. For my part, I stay clear of all these groups in a charitable sense. Everyone pays. The relationship is obvious. They'll go after the people who give them stuff for free. But for the ones who charge them it's just a transaction. That is good.
As i remember, they were caught violating the GPL.
I'm sorry, i don't think that law applies only to some unfortunate people.
That's good, IMO. Don't steal IP and you don't have to worry about getting caught for stealing IP. FYI: simply hiding the code doesn't fix the issue - disgruntled employees and whistleblowers do exist.
That said, I'm just as a casual observer lying in bed with the flu, I probably should just shut up until I know more the situation.
Of course the childish comments that seem to have been posted on github were probably not great, I think people should be respectful, so maybe the additional lesson here is that github, by trying hard to become a social network and not focusing on being a code host and issue tracker, succeeded in being a social network, with the whole package, attracting this kind of shitty behavior, and that's one more reason to avoid it now. You wouldn't upload your code on a social network, would you?
If you don't want cooperation or forks, a zip anywhere will do.
But seriously, the poster is probably complaining about how most modern music is heavily compressed in dynamic range, so that it sounds better on crappy earbud headphones and smartphone speakers.