These are the things I add in when adding in a new usecase to a codename:
- Expansion of the acceptance criteria into small steps.
- Any clarifications to what we are making
- Anything I don't understand yet so i can chase up someone about it later
- As I read through the code I write up possible refactoring opertunties. (I find this a lot better than adding todos as you can skim though the list closer to the end and address things that matter most first. Often the code that seems silly at first has a decent reason to be that way with the full context knowen)
All of this helps me pull the right threads without having to switch context throughout the day
I have tried to point out that poorly implemented or non contructive security controls reduce system availability. As employes are not able to get to the information they need in a timely manner.
But it's been a dead end to many an argument. For some the underlying issue is a refusal to accept that product usability and security are not mutually exclusive and a difficult to use system just leeds to grey IT in the org.
The most odd reply I have received was pedantics on the definition of security availability, i.e.,
"Ensuring data and network resources are accessible to authorized users when needed"
Beacause it contains the word "authorized" any controls for authorisation can therefore never affect availability as they have to be authorized before we can consitter it an impediment to availability...
If anyone has a reply better than that's ridiculous, please help me
here
You're right it would be nice to see some more detail. Perhaps it requires sending a custom update when it reaches out via ssh or it does something wild like opening a reverse shell
Evidence of it opening a reverse shell would be wild, and should be possible to spot, if it’s happening, by monitoring what network traffic to that domain looks like.
Beyond that, companies being able to push changes via custom firmware is sort of the normal state of consumer IoT devices. And it doesn’t really imply the kind of broad “the whole engineering team can access my LAN” that the OP is speculating about.
Now, from a design standpoint, using SSH to pull firmware updates would be a bit of a wonky choice. But the world is full of wonky choices.
What I still don't understand is how flight plans get approved?
In my mind they would only be approved once all involved countries review and process the plan. That way we don't need this ridiculous idea of failing safe on the whole uk airspace for a single error.
That day a single flight plan could have been rejected, perhaps just resubmitted and the bug quietly fixed in the background
Another variation is for scammers to update the number on google maps to their premium number. Calling it still forwards to the real call center. You can often spot people complaining about a free call to X org costing them hundreds of dollars in google reviews of the company.
I think these collectives would end up behaving much like the music industry in terms of chasing licence fees, suing orgs for infringement, and having too much power on what cut was handed down to developers.
Personally I would rather software be Free than have a unavoidable middle man taking a % cut.
While I appreciate that you've released a new source-available license to the public, the OpenFare License as described in the README is not free or open source.
FOSS software can be sold, but if the software license requires the user to pay to continue using it, the software is not free because it does not unconditionally grant the user the freedom to run it:
> The freedom to run the program as you wish means that you are not forbidden or stopped from making it run.
That restriction also means the software is no longer open source, since it discriminates against commercial users who do not pay:
> The license must not discriminate against any person or group of persons.
> The license must not restrict anyone from making use of the program in a specific field of endeavor. For example, it may not restrict the program from being used in a business, or from being used for genetic research.
Source-available licenses are a middle ground between proprietary and FOSS licenses, and they certainly serve a purpose. But, they're not FOSS licenses unless they allow the user to use, modify, and redistribute the software without exception.
How do you fit AGPL in with the freedom to run the program as you wish, which is explained in the gnu.org link you gave as:
> The freedom to run the program means the freedom for any kind of person or organization to use it on any kind of computer system, for any kind of overall job and purpose, without being required to communicate about it with the developer or any other specific entity. In this freedom, it is the user's purpose that matters, not the developer's purpose; you as a user are free to run the program for your purposes, and if you distribute it to someone else, she is then free to run it for her purposes, but you are not entitled to impose your purposes on her.
Suppose I find an AGPL program that takes a photo on standard input and does interesting transforms (like the effects Apple Booth and many chat programs support), I tweak the code a bit, and I hook it up to a camera and write some glue scripts that take a photo with the camera, apply a transform selected by pressing a button, and print the results which I put in a nice frame. I build this all into a booth and put it an a mall and use it to sell fancy framed goofy transforms of people.
All fine under AGPL. I don't have to tell the people who come to my booth that I'm using AGPL software or tell them where to download it.
But then I make it so if your mobile device is using the mall WiFi hotspot, you can upload a photo from your device to have my system make your goofy framed transform photo. Now AGPL requires me to tell them I'm using AGPL code and make the download available.
So...the requirements change depending on how the inputs are supplied?
If the inputs come from the camera hooked directly to the computer, I can use the tweaked AGPL program for my purpose (making goofy framed photos) "without being required to communicate about it with the developer or any other specific entity", but if the inputs come through the mall WiFi I do now have to communicate about it with a specific entity (whoever supplied the inputs)?
> Notwithstanding any other provision of this License, if you modify the Program, your modified version must prominently offer all users interacting with it remotely through a computer network (if your version supports such interaction) an opportunity to receive the Corresponding Source of your version by providing access to the Corresponding Source from a network server at no charge, through some standard or customary means of facilitating copying of software.
In the mall example, this requirement can be fulfilled by having a link to or an attachment of the source code on the interface that facilitates the photo upload. The developer does not have to communicate with the user, since the requirement applies to the software ("your modified version") and not to the developer.
When a software license requires the source code of the licensed software to be released, that does not make the software unfree. This is because allowing users to access source code is one of the goals of the free software movement, as well as a prerequisite for freedoms 1 and 3:
> The freedom to study how the program works, and change it so it does your computing as you wish (freedom 1). Access to the source code is a precondition for this.
> The freedom to distribute copies of your modified versions to others (freedom 3). By doing this you can give the whole community a chance to benefit from your changes. Access to the source code is a precondition for this.
Note though that if I don't provide the WiFi access option the person using my goofy photo service does not have to be given access to the code.
The document you cite on the four freedoms says "A program is free software if it gives users adequately all of these freedoms. Otherwise, it is nonfree". Does that mean GPLv2 is not a free software license, because it only gives users all of those freedoms when someone is distributing the program?
The issue is how to define "user". GPL (and pretty much everything else before AGPL) keyed everything off of distribution. The user was someone who had a copy of the program. Mere interaction with a running copy of a program did not make the interacting person a user.
With user defined thusly, GPLv2 is a free software license. If I do something to make you a user (i.e., I distribute the code to you) GPLv2 ensures that you get all four freedoms.
If we expand user to include people who are interacting with someone else's running copy, which it seems we have to do to make AGPL fall under freedom 0, then (1) it becomes hard to argue that licenses that trigger only on distribution can satisfy the four freedoms, and (2) it doesn't even do a good job with AGPL because AGPL only ensures the four freedoms to those who are users by interaction when that interaction is remote and through a computer network. It completely drops the ball for users by interaction who aren't interacting in that specific way.
AGPLv3 refers to "all users interacting with it remotely through a computer network", not "people who are interacting with someone else's running copy". If someone adapted AGPLv3 into a new license that requires all "people who are interacting with someone else's running copy" to be able to access a copy of the source code regardless of whether the interaction takes place over a computer network, that new license would still be free and open source. The FSF has not bothered to write such a license yet, but anyone can do it.
This part of the FSF's page on free software endorses this type of rule:
> Rules that “if you make your version available in this way, you must make it available in that way also” can be acceptable too, on the same condition. An example of such an acceptable rule is one saying that if you have distributed a modified version and a previous developer asks for a copy of it, you must send one. (Note that such a rule still leaves you the choice of whether to distribute your version at all.) Rules that require release of source code to the users for versions that you put into public use are also acceptable.
I don't claim that this is a free or open source license. The OpenFare license is about monetizing software in the most convenient way possible. I agree with the open source definition as given here:
> But if your license isn't open source, then what good is it for monetizing open source programs?
The OpenFare License is the commercial license that I believe should be used in the dual licensing circumstance described in the article. Thereby helping to monetizing open source programs.
The OpenFare License intends to provide that commercial aspect whilst being equivalent to the MIT License where possible.
Sponsorship and donations are the popularity driven funding mechanisms. I want to fund the unpopular long tail of software maintainers (like the log4j guys who were not well known before the incident).
I want to fund maintainers based on whether the software is *used* commercially or not. Not on whether it's popular or not.
OpenFare doesn't lead to extreme individualism. It aims to fund collaborative software development. The OpenFare scheme is flexible enough to reflect how the collective wants to manage funding.
The OpenFare is *equivalent* to the MIT License in non-commercial settings. It isn't even close to a closed source license.
> The OpenFare License is a lot like the MIT License. The code can be modified, forked, reproduced, executed, and compiled without restriction by anyone. With two exceptions:
>
> Commercial users are subject to payment plans defined in code.
> The license and payment plans can only be modified by the license copyright holder.
I like this idea in principle! Of course, enforcing it is another question altogether, but ... a step in the right direction, nonetheless.
Question, why does the payment plan appearing in the code rather than in the license make a difference? Assuming you're not allowed to distribute/modify etc without also including the license, does it matter where the payment plan is coded? Or am I missing the point here?
There are many advantages to defining the payment plan in code. Whether it's defined in the OPENFARE.lock file or the LICENSE file only matters for the sake of simplicity. The LICENSE needs to be the same across many packages so that it can be approved by lawyers once.
The idea is to put (very narrow) customizations of the terms in the OPENFARE.lock file.
What evidence do you have that these collectives would behave like the music industry? Generally the music industry does not go after the large companies, but instead after small individuals.
In contrast the collectives would go after large corporations which profit in the billions from volunteer work without giving significantly back. In fact the argument that situation is that currently you're paying the middle man (those corporations) without the actual creators getting anything.
Thats what Trademark, Copyright, DRM, WhatsApp ToS and all claim. “We want to protect creators/snail businesses ”, but they end up as tools to go after little guys.
One one hand, given human nature and evidence thus far, I would agree with your worry.
On the other hand, the music thing is a mess partly because of ambiguity of what constitutes use (e.g. is a coffee shop video infringing because a piece of music was heard in the background?)
I would hope that things are not as ambiguous with code libraries. They are either used or they are not.
Having said that I can see shit hitting the fan with arguing over what constitutes a fork vs derivative work etc.
oh I'm absolutely not saying this is a good idea. But what I am saying is that it could become politically feasible if tons of money gets poured into self-driving vehicles and they slowly chip away at "open" use of public streets.
Look at what the automobile industry did with "jaywalking" and removal of street cars.
Interesting facts about renouncing American citizenship:
- There is renunciation fee that has to be paid and currently stands at $2,350 (the highest in the world).[1]
- A final tax return will sill need to be filed. [1]
- An Expatriation tax is payable if [..] Your net worth is $2 million or more on the date of your expatriation. you will be treated as having disposed of your assets the day before your expatriation and will be subject to capital gains tax.
- The highest capital gains tax bracket in the USA is 20% [2]
Now there will be ways this is avoided but it would seem that the IRS is trying very hard make this process unappealing
> ...it would seem that the IRS is trying very hard make this process unappealing
IANAL, but I believe that all the unpleasantries which you note were decided by the U.S. Congress. (Most probably with the President's sign-off.) Making the IRS out to be the Real Villain(tm) here only helps a bunch of self-serving politicians to evade responsibility.
And what's wrong with this? Personally I'm very happy to see it. The idea that you make tons and tons of money by what America has worked hard to offer you and then you want to skip town because of taxes? Taxes that help pay for all the advantages that got you that wealth in the first place?
If the unpleasantries only applied to a few very rich, who were trying to skip town that way, then you'd have a decent argument.
Unfortunately, it sounds like the vast majority of targets bear no resemblance to your stereotype. And the system has no interest in discriminating between the few filthy rich town-skippers and the vast majority who are just easy victims.
Targeting all members of large group - because a small minority of them are "bad" in some emotional-button-pushing way - has a very long and disreputable history.
Then you’re refuting the basic premise of the article, which is that the ultra wealthy want to avoid taxes.
Why else would Eric Schmidt want to become a citizen of Cyprus, which then also allows him to live elsewhere in the EU? It’s certainly isn’t to end up laying more in taxes than he would in the US.
Being a citizen of Cyprus gives him visa free travel and work options in Europe. As he hasn't renounced US citizenship, he certainly isn't taking advantage of that for tax reasons. The article seems to imply otherwise, but that's basically what bad journalism is... strongly suggesting an incorrect interpretation of facts while still "telling the truth".
That honestly seems quite reasonable. Citizenship comes with all sorts of obligations like getting drafted and serving on juries, taxes are simply the most obvious.
On the up side you can apparently still qualify for Social Security benefits.
It’s a reciprocal relationship with rights and obligations on both sides not ownership. For example the FBI doesn’t invoice victims or their families when it gets involved in kidnapping cases.
Capital gains are deferred without interest until an asset it sold, that doesn’t mean there wasn’t an obligation for those years.
> rights and obligations on both sides not ownership
I would say consequences of infringement are much worse for individual citizens than for the government.
If the government confiscates some of your money through "civil forfeiture", you then have to sue the government and prove the money was gained legally.
Just like every other civilized country. The fact that it was even mentioned suggests that for Americans it might not always be the case in some situations, which is quite frightening.
It’s not an issue in American. Thing is we are talking about renouncing citizenship so the comparison is to other countries.
Looking deeply at the social counteracts of other countries is really interesting because of how many different things we take for granted aren’t universal. Free speech in the US is more limited than I would like, but it gets much worse even in countries that look civilized in other ways.
FBI has no jurisdiction outside the US, so you don’t gain anything this way.
Free speech in US is poorer than in most Western countries, as it fails to protect you from anything other than most government institutions. For example in US it’s fine for your employer to fire you because they don’t like what you say in your private time. Other countries provide better protection.
My question is still unanswered: why would anyone in US even think about their law enforcement invoicing the victims?
The FBI may get involved for citizens outside the US. The international situation is complex but being or not being a US citizen can very much change FBI involvement.
PS: My question is still unanswered: why would anyone in US even think about their law enforcement invoicing the victims? It’s a concern if your considering renouncing citizenship and moving to a country where it’s a concern just as free speech should be a concern if your moving to a country without it.
No one is thinking that. It was an example by the other commenter of a free and valuable service provided by the government as part of their side of the bargain
A service which is always provided for free - there are no countries that invoice victims. It’s the fact that the commenter assumed it might not be free that’s frightening.
That’s the whole point, it’s always free. The commenter pointed out that it’s a valuable service that is always free as part of the social contract. You can be frightened by this if you’re really determined to be, but no sinister dystopia was implied.
It’s common for cops to require bribes to investigate crimes in developing countries. Not every time, but almost every interaction can end up as a shakedown.
Reciprocal relationship = either party can end it under certain circumstances. If the taxpayer wants to move, the state has no moral right to force them to stay
You compare obligations to debt (which do have an upfront playout) but then state there is a benefit. How does that work with debt? Why would a jury of peers be a benefit, unless you assume positive bias? How does that work with the draft?
If you’re paying an electric bill the benefit associated with the debt was receiving electricity. How does that work with debt? For debt like a credit card bill it’s the money you spent when buying stuff etc. If you meant taxes then it’s government services already received, for example a strong military.
Why would a jury of peers be a benefit, unless you assume positive bias? It’s an option, you don’t need to be tried by your peers so you would only pick it if it’s better than being judged by a judge. That doesn’t mean it’s a positive bias, you might assume judges have a negative bias.
How does that work with the draft? Look at all the countries that have been invaded, compare them to countries that haven’t been. That’s the benefit of a strong military and the existence of the draft is part of that.
While $2350 is expensive, compare that to Australia. My friend got sponsored by his partner for a partner visa and the fee is AUD7,850 for most applicants.
On the other side of the equation (getting citizenship, rather than renouncing it), here in the UK I have a Chinese friend for whom it cost over £20k to gain citizenship after she married a local. (this was the total paid to the government over, I think, a 3 year period).
Why? It doesn’t have to be that way. Social Security has been successfully bolstered in the past and can be again. I don’t see why it can’t remain solvent for the foreseeable future…
Social Security is not a pension - this is a common misconception.
The SS tax is to pay current retirees. There's a formula that states how much you'll get when you retire, but the money you're putting in now is not being saved/invested for your benefit in the future.
The short version: Money you put into SS is not your money.
You still put a bunch of money into it on the promise that after retirement you will have income, and that promise is broken when you renounce your citizenship. Also, Social Security is closer to real pensions than you think, they're just different from the theoretical concept of a pension that isn't actually used outside of the Post Office.
You're using vague words like "promise". "Hope" would be more accurate. Someone can correct me, but if Congress passes a law tomorrow saying they're not going to pay social security after 2025, that is probably allowed. The only "promise" is to people who are currently retired.
Furthermore, if you renounce your citizenship, it is you who are choosing not to get this benefit. It is a defined benefit for citizens, and you are choosing not to be one.
As for similarity to pensions: Far from it. When the government has an excess (i.e. total SS taxes collected is greater than payouts for a given year), they are not allowed to hold it or invest it. Pensions are/were always invested, or at least held.
> Furthermore, if you renounce your citizenship, it is you who are choosing not to get this benefit. It is a defined benefit for citizens
Individuals who renounce their US citizenship (or were never citizens) are still eligible to receive SS benefits; SS actually has very little to do with citizenship.
The money you put into taxes went into national defense that kept you safe, roads you drove on, schools that provided an educated workforce that made the goods and services you consumed, etc...
Money put into Social Security is just lost to you unless you are renouncing your money after retirement.
That's a rather generous assessment of how my money was used in Iraq, for instance. That sounds glib, but if you could pick and choose which things your taxes funded or not it would kind of make the whole concept of the state untenable.
I believe to renounce you must first have dual nationality. You could marry a foreigner for nationality, then (eventually) both renounce your home country.
While that is the smart way to go. The USA is one of the few country's that will allow you to become stateless.[1] But I am not sure why you would ever do that.
Not exchanged, but considering Australia and America are both immigrant countries, you may be able to get an Italian or Irish passport based on ancestry if your ancestors came from there.
I always wanted to start a "couchsurfing for passports" , or even airbnb. If one is a citizen, they can vet for an exchange citizen, sounds democratic to me.
"- The highest capital gains tax bracket in the USA is 20% [2]"
Not really, because they can arbitrarily change it and backdate the change at any time, and they are currently planning to raise it to 43% and backdate the change.
In truth, the US does not have a fixed capital gains rate.
- Expansion of the acceptance criteria into small steps.
- Any clarifications to what we are making
- Anything I don't understand yet so i can chase up someone about it later
- As I read through the code I write up possible refactoring opertunties. (I find this a lot better than adding todos as you can skim though the list closer to the end and address things that matter most first. Often the code that seems silly at first has a decent reason to be that way with the full context knowen)
All of this helps me pull the right threads without having to switch context throughout the day