this post was submitted on 08 Aug 2024
1502 points (99.1% liked)

Programming

17672 readers
57 users here now

Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!

Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.

Hope you enjoy the instance!

Rules

Rules

  • Follow the programming.dev instance rules
  • Keep content related to programming in some way
  • If you're posting long videos try to add in some form of tldr for those who don't want to watch videos

Wormhole

Follow the wormhole through a path of communities !webdev@programming.dev



founded 2 years ago
MODERATORS
 

Friend who is not a software person sent me this tweet, which amused me as it did them. They asked if "runk" was real, which I assume not.

But what are some good examples of real ones like this? xz became famous for the hack of course, so i then read a bit about how important this compression algorithm is/was.

you are viewing a single comment's thread
view the rest of the comments
[–] Omgpwnies@lemmy.world 46 points 4 months ago (2 children)
[–] magic_smoke@links.hackliberty.org 33 points 4 months ago (2 children)

Azer did nothing wrong.

Laurie Voss made a bad call and should feel bad.

The principals of free software was, is, and always will be more important than every single dollar in silicon valley combined.

[–] Omgpwnies@lemmy.world 15 points 4 months ago

No arguments there, if you're gonna depend on a piece of code, you better own it or have a rock solid plan b.

[–] TheSlad@sh.itjust.works 1 points 4 months ago (1 children)

I think he overreacted a bit, not to having his package name forcibly taken from him, but to being asked to give it up in the first place. Kik explained to him that they have to fight this or lose their tradmark because thats how trademark law works. His response was basically "haha fuck you". He probably could've asked for a couple thousand and just changed the name of his project and everything would've been fine.

being asked to give it up in the first place. Kik explained to him that they have to fight this or lose their tradmark because thats how trademark law works.

I'm not a lawyer but from what I know that's a load of shit. There's nothing stopping a trademark holder from granting licensing rights to third parties, without charge, to use their trademark in specific ways.

They chose not to because its easier, and most people won't know better, so they roll over.

His response was basically "haha fuck you". He probably could've asked for a couple thousand and just changed the name of his project and everything would've been fine.

This is the correct response, even if Kik would've given him money. It's his package, he got the name first. Corpos can eat shit, just because its not the easy choice, or the choice you would've made doesn't mean it was wrong. That package should've stayed down on principal.

[–] dohpaz42@lemmy.world 20 points 4 months ago (1 children)

Yeah that debacle still pisses me off. Especially the fact that someone could possibly trademark and enforce a trademark a name that’s already in use. It’s made even worse that the package that now uses the stolen name is defunct.

I hope all of the bad actors burn in Hell.

[–] JackbyDev@programming.dev 4 points 4 months ago (1 children)

What pisses me off is that NPM thought it would be okay to remove something from their repository.

[–] dohpaz42@lemmy.world 2 points 4 months ago (1 children)

What did NPM remove? My understanding is that NPM restored the deleted package. If you’re referring to giving the author the ability to delete their packages, I’m on the fence about that. On the one hand, if it’s open source, it’s a part of the community. On the other hand, it’s also still the author’s code, and if they are the only author, then it’s their sole decision if they want to host their code under their account.

[–] JackbyDev@programming.dev 1 points 4 months ago

But at the same time if the code is properly licensed under an open source license (I would assume/hope NPM didn't allow non FOSS code) then NPM can refuse to take it down. Yes, they put it back up, but I think it's important for public repositories (as in packaged code repositories, not got repositories) to never remove things (barring legal requirements, sure).

For what it's worth, the policy they adopted after the fact seemed pretty sensible. I think it was something like you can't take things down once they have ~100 downloads or x number of dependents.