Follow

You naughty , we asked you to take down the words "Open Source" from your website since you are NOT

You did.

It seems those words have somehow found their way back on the website.

Time to raise awareness again and try to make Cyph understand. If the fedizens would like to join the effort and leave a little comment on the issue, that'd be awesome!

Boost appreciated

github.com/cyph/cyph/issues/67

Just to make sure we're on the same page: I'm asking that, if you agree with this stance, you make your voice heard in a polite manner. This could be as simple as putting a thumbs-up on the issue I raised. In fact, unless you're adding to the issue, there's no reason to post a comment. A thumbs-up will suffice.

I'm not inciting harassment. The issue simply deserves a level of attention proportional to the crowd that agrees with it. If none of you care about this, the issue should reflect that.

Show thread

@yarmo the personal you tagged in that is also here on the fediverse.
@rysiek

@yarmo stop with the brigading and harassment of maintainers for God's sake.

That's hostile behavior, no matter if you believe that you are right, that's just toxic.

"Open source" has a literal, English meaning and isn't under a trademark.

@reto

Yes, it means "denoting software for which the original source code is made freely available and may be redistributed and modified."
And if Cyph is not - that's false advertising.

@yarmo

@selea @reto @yarmo if source code is literally open then open source is not false advertising.

“open source” was in use before OSI created a marketing term in response to political “Free Software” by FSF.

OSI cannot enforce term “open source” but clearly that creates confusion because we don’t have a popular term for a software with open code base e.g. “public source” is also confusing.

I hear arguments from both sides but using ‘open source’ is not false advertising in this case.

@selea @reto @yarmo in other words you cannot enforce ‘open source’ in any legal way besides publicly shaming or harassing a company (which can be a successful strategy).

‘Open Source by OSI’ has a specific meaning and list of licenses.

‘Free Software by FSF’ has a specific meaning and list of (fun fact: different) licenses.

‘open source’ is now a generic term and lost its meaning like haggis, appstore, hoover, jetski, pampers, thermos, etc.

We can thank OSI for trademark erosion.

@fudgel
That's a rather bizarre logic. I take it you are happy to be sold horsemeat as "beef", brooms as "hoovers", and handkerchiefs as "pampers"?
What matters is whether advertising claims are misleading (intentionally or not) – not whether someone owns a specific term or has regulated around it.
@selea @reto @yarmo

@fudgel
Incidentally, generic terms have commonly agreed upon meanings too. In this case, all the dictionaries I can find – Oxford, Collins, Merriam-Webster, Cambridge – all have definitions that include some combination of rights to use, modify, redistribute. The software in this case lives up to none of them.
@selea @reto @yarmo

@gamayun that’s a valid argument but it’s weak because for example merriam-webster.com/dictionary notes first usage of ‘open source’ as 1998 which is false.

Collins includes:

“open source in British English
noun
a. intellectual property, esp computer source code, that is made freely available to the general public by its creators”

So I doubt we could win a case against Cyph in a court based on that.

@selea @reto @yarmo

@fudgel I wasn't arguing that dictionaries are arbiters of truth. They are just good indicators for established usage - and *some* less specific definitions don't invalidate *most* definitions.

Of course, if nobody complained when there was pig-gelatin in the "vegetarian candy", no beef in the "beef", or no open source in the "open source", commonly accepted usage might change. Hence people are complaining.
@selea @reto @yarmo

@gamayun In late 90s OSI took an in‑use term ‘open source’ and made it *narrower*. That definition is now popular but it gives us no power to enforce that *narrower* meaning onto others. That’s why descriptive terms are refused as trademarks.

A proper food comparison is defining ‘vegetarian candy’ as a vegetarian candy + some restrictions and then enforcing that meaning on a vegetarian candy without those restrictions.

I hope that makes it clear where’s the issue.

@selea @reto @yarmo

@fudgel

What are you trying to achieve?
The definition got clearer (narrower). It just does not make any sense that some people define A as A, and other define A as H.

@gamayun @reto @yarmo

@fudgel

I can't really make up my mind if you are just trolling, or not.

@gamayun @reto @yarmo

@fudgel

But well, this is probably a clear reason why "Open Source" is not ideal and the term "Free" or "Libre Software" should be preferred :).

@gamayun @reto @yarmo

@selea
if something is not clear then please ask about clarification. I’m trying to explain why using descriptive term was a mistake, why we cannot legally enforce ‘open source’ on others, and why using descriptive term is not ‘false advertising’ *legally*.

The situation is confusing and the best way forward *IMO* is grant OSI rights for ‘open source’ and let them enforce it. Otherwise we can only shame (or harass) ‘open source‑in‑descriptive‑sense’ folks.

@gamayun @reto @yarmo

@selea ‘free software’ has the similar issue. If we sell software that’s free we can describe it as free software and that’s legal.

’Libre Software’ is not descriptive (in English) and could be trademarked and enforced.

@gamayun @reto @yarmo

@fudgel
How come you are so hung up on whether you can win a hypothetical court case?
Customs and norms always come before laws and regulations, not the other way around. You are arguing that people should just abandon terms that have clear and established use over +30 years, just because you can find examples of different use and the term has become more clearly defined over time. That's how language works!
@selea

@gamayun There’s a misunderstanding if you came to a conclusion that I’m arguing anyone should abandon ‘open source’ (which btw didn’t have established meaning for over 30 years, OSI re‑defined term in 1998 and made it stricter).

Words can have many meanings at the same time and we cannot *legally* enforce only one meaning on others.

Anyone can use descriptive words to describe things that’s why using descriptive terms as trademark creates issues.

@selea

@gamayun does beef describes horse meat in a literal sense?
Does hoover describes a broom in a literal sense?
Does open source describes an open code base in a literal sense?
In this case it matters whether the term is descriptive or not.

Trademark erosion examples were about mishandling of OSI.
I’m sorry that I did not make that clear.

sense?@selea @reto @yarmo

@fudgel So "literal" here means something other than "according to established, common usage" or "by dictionary definition"?
Or do you mean that the term is literally descriptive, and the code base is actually a gushing source that spouts (software?) out into the world? 🤨
@selea @reto @yarmo

@fudgel
I'm really surprised they don't just fess up and state on the website they are open core. Well I'm not, they are trying to appeal to FLOSS. They just use use a paragraph to say they are opencore without saying. But if you are a developer and you care about fully open free to use code don't go down this route. Heck release your code under GPL. They pay lipservice to FLOSS as they want a business with access restricted to their code.
@selea @reto @yarmo

@fudgel @selea @reto @yarmo It's technically not an unambiguous lie but practically misleading, given that in software open source is generally understood today to mean under a licence that allows free use, modification and distribution, whether it meets the OSI or FSF definitions or not.

Even the license that they use calls itself a *reference source* license.

I wouldn't support harassing them over it but it's misleading.

@byron Term ‘open source’ was and can be used in descriptive manner.

That’s confusing and that’s exactly why we are not able to register descriptive terms as trademarks.

OSI created that situation by choosing (already in use) descriptive term ‘open source’.

What Cyph is doing is unkind, can be misleading for folks not checking the license (we should always check the license)
and can be misleading on purpose taking into account their past. I’m not disputing that.

@selea @reto @yarmo

@reto @yarmo There is an OSI definition. You may think there's a "literal, English meaning", but this stuff can be subjective and I fear your interpretation is closer to "visible source" than "open source".
@brad Sure, the OSI has no legal meaning as far as I am concerned.

It's a self assembled group of like minded individuals that agreed on a common nomenclature. And if you say "open source as per the OSI definition" I agree.

However if me and my buddies suddenly decide that "true" suddenly means "true if I and my buddies say it's true else false" that wouldn't mean that you suddenly stop using the word "true" in the other, common sense would it? Nor that you'd be in the wrong if you use the word as it was intended as per the Oxford dictionary or whatever you consider a reasonable source of word meanings.
@reto Absolute nonsense. Take a look at what @sir wrote about this problem with people pretending things are open source.

https://drewdevault.com/2018/10/30/Its-not-okay-to-pretend-youre-open-source.html
@brad It's not nonsense no.
look, let's just agree to disagree here

@reto hostile behavior is making proprietary software and then freeloading off the labor and reputation of open source.

In a society shaken by corporate scandals, open source is slowly becoming a concept that stands for openness, security and privacy friendliness. We, maintainers of foss, must act now to protect that standard before it falls to corporations and businesses who will just deceive their users with false promises.

@yarmo your website paints "security" all over the place.

Now, where's the link to the independent security audit of your application stack? Building up on primitives that are secure isn't enough, you'd need to actually look at the full chain as any piece could be broken.

Isn't this "false advertising" and a "false promise" as well?

"secure" has a meaning as well in those circles, there are standard committees as well that define what "secure" means.


Don't get me wrong, I have nothing against your site I just use it as an example.

@reto I use the word secure because I never handle private keys, I do not store any user data nor allow the website to do anything that could alter keys in any way.

But you know what? I agree with your point. Not handling user data doesn't mean it's secure, it just means a security breach will have much less impact.

I need to reconsider the use of that term and would love feedback on it. I cannot guarantee "secure" without a proper audit.

The power of dialog 🤗

@yarmo @reto “safe” might be a more accurate definition than “secure,” but that word is so soft and squishy people might misunderstand it…

“secure” is popularly known as “that word that means safe but by real no-nonsense guys” so I think you can use “secure,” even if someone occasionally bitches about the technical definition. You could also reword it so it says that the user is secure, rather than the platform. “A modern, safe, and privacy-friendly platform to establish your secure online identity?”

I am admittedly very leery of your claim to safely “perform basic cryptographic operations.” For instance, if I use your “Encrypt” form to generate an encrypted message for someone, then didn’t your server just see the message, unencrypted? And couldn’t your server verify a bogus signature, claiming it’s signed by just about anyone? A service to link accounts is valuable enough. Probably can scrap the cryptographic operations part, or replace it with tutorials or something.

@cy encryption happens in the browser so the server did not see the message! That would have been a terrible design…

But the proofs, yes, someone could change the code and verify bogus proofs. Working on apps to solve that issue.

And yes, I want to scrap "cryptographic operations" 😉 focus is on identity

@yarmo Eh, yeah, it's a little shady I guess. But their explanation when you click the "open source" link isn't unreasonable either. Rather than just taking you to GitHub, it takes you to a post where they explain clearly what they mean by the term.

cyph.com/blog/open-source

What term would you prefer? "Public source?" I personally don't feel decieved based on their website alone.

@pcrock it could say "source code" which is an accurate description without promising open source values.

The dev agreed with our request last time so there was mutual understanding of the potential power there is in using the words "open source" relative to "source code" or "code available"

@yarmo Yeah, agreed, I suppose there are better alternatives that would communicate the idea to average people well, while still respecting developers like us who have a very specific definition of what "open" means.

@yarmo It seems like a long time ago that open source was considered dirty. Remember Steve Ballmer. Nowadays it's a popular marketing term like green or bio. These terms have eroded and have therefore become meaningless and are only meant to separate you from your money. That's pretty hard to swallow for people that recognize and promote the importance of FLOSS.

@ericbuijs what do you think is the way forward? Defend the words open source? Or are they too far gone and should we find a new term?

@yarmo @ericbuijs
We don't have to find new terms, just use the existing ones as they were originally used

Open-source: the source code is open
Free/libre: follows the tenets of Debian/FSF/OSI

If you think free/libre is too muddied or whatever, open-source as approved by OSI or OSI approved is a good term

@wuwei @yarmo @ericbuijs I’d propose a slightly different terminology

Open-source: please steal our work oh beloved corporations

Free/libre: this source code may not be closed, or withheld from people in any other way

@yarmo @ericbuijs maybe ask for some guidance on how to handle this issue from the FSF or similar where they’ve put quite a bit of thought and experience into the topic?

Wikipedia seems to agree that OSS means more than publicly viewable source code. Wikipedia typically represents a pretty commonly accepted view of things. The middle ground.

@yisraeldov wait, what do you mean? #BitWarden is licensed #GnuGPLv3 / #AGPLv3 according to Wikipedia.

Also, the Wikipedia article ( en.wikipedia.org/wiki/Bitwarde ) starts, " _Bitwarden is a free and open-source password management service that stores sensitive information such as website credentials in an encrypted vault._ " with the " _free and open-source_ " linked to en.wikipedia.org/wiki/Free_and.

I don't see what is wrong with BitWarden that you had to bring it up here.

@yarmo

@shine
Bit warden relies heavily on Microsoft proprietary software.
@yarmo

@yisraeldov I highly doubt that would be true. Especially since the software is #GNUGPL.

@yarmo

@yarmo damn, I thought I had asked for sources too 🤦

I was surprised when I saw your toot notification.

@yisraeldov

@yarmo @yisraeldov @shine Afaik the #Bitwarden servers run on Azure if that's what you mean by "heavily rely on", but you can always self host.

@threed ah, your first toot was kind of ambiguous. this one makes sense.

well, if you wanted to judge a product by the choice of service providers they use to host their services, then you shouldn't be using a lot of other software either. I know #GitLab is hosted on #Azure as well. I can speculate that #GitHub and #npm might move from #AWS to #Azure in the coming future too.

If you code in #JavaScript and push to GitHub, are you going to stop? That's a very silly argument to make @yisraeldov

@yarmo

@yisraeldov also then, you shouldn't use #LinkedIn or #SlideShare either. They're owned by #Microsoft too, on a nested level like #Github and #npm.

but that's not the topic of discussion here. we're talking about how the term "open source" is being (ab)used by mis-interpreting its meaning by releasing code with a read-only license.

@threed @yarmo

@shine
The thing is that the products you mentioned do not claim to be open source. Bitwarden advertises as open source, but you are required to use closed source tech if you want to self host.
@threed @yarmo

@cy @yarmo @threed @shine I am not opposed 100% to SaaS but if you are really open I should have the option of using your software as software. For convenience I don't mind paying someone else to run and maintain software for me, but I should always have the option to not rely on a third party.

@threed
No, you can't self host without using Microsoft sql and other Microsoft proprietary products.
@yarmo @shine

@yisraeldov you're right. the dependency requirement of #MicrosoftSQL is a put-off. I get what you meant when you brought it up in this thread. my apologies for mis-understanding your argument.

@threed @yarmo

@yarmo
> In addition to the patents, our source code is licensed under Ms-RSL, which is effectively a read-only license; this means that third parties can’t fork and modify our code or deploy their own instances of Cyph without our permission.

So you can inspect the code if so inclined, but cannot copy or modify it.

This could be an ugly surprise for someone who thinks "even if the startup pivots, there's still the community"

Sign in to participate in the conversation
Fosstodon

Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.