|
chglcu posted:Github allowing you to just @ 400k people seems like it’s gotta be a horror of some kind. Just because it's Epic, I'm gonna tell a story from 2006, and there just might be one or two old heads who were there for this. Epic had a bunch of mailing lists for UE3 licensees, and I worked for a UE3 licensee in 2006. One day a message comes in on the "unprog3" list, for all programmers at all UE3 licensee studios, something to the effect of (name changed) quote:Look at line 468 of UnMaterialCompiler.cpp to see why I hate my life. The thread went for DAYS. Plus, lots of people accidentally/on purpose reply-alld from their internal lists that were having their own private fun to the unprog3 list, so tons of internal poo poo got leaked. Turns out it was an intern at a studio who had a friend who was interning at another UE3 shop, and the email was supposed to be meant for that friend. Needless to say that intern never made full time. I still really wanna meet that guy. edit: the line in question was the start of a 400 line local struct definition inside a function which was then instantiated once. I know less than nothing about the UE3 material compiler so I have no idea if that was bad or not, but it looked gross as hell.
|
# ? Jun 5, 2022 07:43 |
|
|
# ? Jun 6, 2024 23:25 |
|
more falafel please posted:Just because it's Epic, I'm gonna tell a story from 2006, and there just might be one or two old heads who were there for this. you wrote "name changed", but there are two names here: Tim Sweeney and Mike Christensen. Which one did you change? Is the one you didn't change a well-known figure?
|
# ? Jun 5, 2022 12:16 |
|
Hammerite posted:you wrote "name changed", but there are two names here: Tim Sweeney and Mike Christensen. Which one did you change? Is the one you didn't change a well-known figure? Tim Sweeney is the CEO of Epic and original lead developer of the Unreal Engine, and likely perpetrator of the code under discussion.
|
# ? Jun 5, 2022 12:45 |
|
Seconding wrapping measurements inside objects. I have a Ruby lib I wrote for such purposes.
|
# ? Jun 6, 2022 13:43 |
|
well now I'm very curious about line 468 of UnMaterialCompiler.cpp
|
# ? Jun 6, 2022 20:09 |
|
There's an Apache licensed library A that I really like. It has a dependency to a library B that is by the same author, which used to also be licensed as Apache. Last month, the author of both the libraries changed the license of Library B to CC BY-NC-ND. Library A continues to be licensed as Apache. Looking further into this, Library B during startup downloads Thing C by the same author, which is licensed as GPL. I hate open source licensing.
|
# ? Jun 7, 2022 13:53 |
|
Loezi posted:There's an Apache licensed library A that I really like. It has a dependency to a library B that is by the same author, which used to also be licensed as Apache. Last month, the author of both the libraries changed the license of Library B to CC BY-NC-ND. Library A continues to be licensed as Apache. Looking further into this, Library B during startup downloads Thing C by the same author, which is licensed as GPL. I guess it depends what industry you're in but in finance at least I don't think you care too much about the license of dependencies of libraries that you use directly. I imagine this is because the "risk" of a GPL dependency is mitigated by the Apache license of the main dependency meaning you can just fork it something goes wrong?
|
# ? Jun 7, 2022 14:12 |
|
Worst comes to worst IIRC you can fork it at the point when they both had Apache licenses and that license still applies to that version of the code.
|
# ? Jun 7, 2022 15:10 |
|
You're not supposed to use CC licenses for code at all, did they make this bad decision because they were so set on trying to apply the horribly vague "noncommercial" clause?
|
# ? Jun 7, 2022 15:59 |
|
Azure Pipelines has some really lovely behavior around their boolean comparison functions.code:
false true See, parameters are typed. Variables aren't. So variables are always strings. But it doesn't properly treat boolean-strings as booleans for comparison purposes. So basically the only safe option is to never use the boolean type.
|
# ? Jun 7, 2022 16:30 |
|
NtotheTC posted:I guess it depends what industry you're in but in finance at least I don't think you care too much about the license of dependencies of libraries that you use directly. I imagine this is because the "risk" of a GPL dependency is mitigated by the Apache license of the main dependency meaning you can just fork it something goes wrong? This is definitely not true. To use software, you need a license. The fact that it’s an indirect dependency does not get you out of that. Ideally, the direct dependency would think about license issues, but they don’t always, and it is ultimately your legal responsibility as a user to ensure you have a license to the software you use. So if your software relies on a project with use restrictions in its license, like a non-commercial-use clause, that affects you even if it’s an indirect dependency. Now, most software license restrictions are not use restrictions and only apply to redistribution. Using software within a company is generally understood to not meet the legal bar of redistribution. So yeah, in finance, if you’re just making internal software, you can ignore all of e.g. the GPL’s clauses about open-sourcing all of your modifications and derived code, because none of that applies until you actually want to distribute something. But it’s not as simple as just ignoring licenses, and direct vs indirect dependency does not matter.
|
# ? Jun 7, 2022 16:37 |
|
And if you aren't worrying about licenses for your internal software you'd probably better make absolutely certain that it will always stay internal.
|
# ? Jun 7, 2022 17:01 |
|
One time I pointed out that a coworker was planning to take GPL code, modify it, and distribute binaries to the end user and they came over to my desk after the meeting and tried to berate me for it because the rest of the code was already using a bunch of GPL libraries. We weren't modifying the code or distributing binaries, though, so I told them to gently caress off.
|
# ? Jun 7, 2022 17:23 |
|
rjmccall posted:This is definitely not true. To use software, you need a license. The fact that it’s an indirect dependency does not get you out of that. Ideally, the direct dependency would think about license issues, but they don’t always, and it is ultimately your legal responsibility as a user to ensure you have a license to the software you use. Huh ok, thats definitely not the impression I had the last time we got audited. So if you have an Apache licensed library and one of it's dependencies changes to GPL license, that propogates to the direct dependency (in whatever version uses the new GPL licensed software) as well?
|
# ? Jun 7, 2022 18:50 |
|
NtotheTC posted:Huh ok, thats definitely not the impression I had the last time we got audited. So if you have an Apache licensed library and one of it's dependencies changes to GPL license, that propogates to the direct dependency (in whatever version uses the new GPL licensed software) as well? If you're using GPL'd software, (whether it's because you have a dependency or not is irrelevant, you're still using it) you have to abide by the terms of the GPL for that software. The GPL generally only comes into play when you're *distributing* software, not when you're using it internally. Any modifications to GPL'd code must be distributed under the GPL *if* it's distributed at all. Go ahead and modify it all you want, but if you give/sell it to people, you must also provide the source including your modifications.
|
# ? Jun 7, 2022 18:56 |
|
more falafel please posted:If you're using GPL'd software, (whether it's because you have a dependency or not is irrelevant, you're still using it) you have to abide by the terms of the GPL for that software. The GPL generally only comes into play when you're *distributing* software, not when you're using it internally. Any modifications to GPL'd code must be distributed under the GPL *if* it's distributed at all. Go ahead and modify it all you want, but if you give/sell it to people, you must also provide the source including your modifications. The GPL requires derivative works to be licensed under the GPL (or a similar license), so you actually have to open-source your entire product. What you’re describing is the LGPL. NtotheTC posted:Huh ok, thats definitely not the impression I had the last time we got audited. So if you have an Apache licensed library and one of it's dependencies changes to GPL license, that propogates to the direct dependency (in whatever version uses the new GPL licensed software) as well? The Apache library in this case would itself be in violation of the GPL unless it relicensed under the GPL. But note that it would have to update its dependency to a GPL’ed version; the old versions are irrevocably licensed under whatever old license they used. Edit: the Apache library’s violation of the GPL might work as a defense against your violation of it if you could demonstrate that you weren’t aware of the violation. rjmccall fucked around with this message at 19:51 on Jun 7, 2022 |
# ? Jun 7, 2022 19:46 |
The important points of GPL: - You may use the software for any purpose whatsoever. This includes any kinds of modifications or combinations with other software. - There are no warranties of any kind. - If you receive a copy of the software in any format, whoever gave you that copy must also offer you a way to get the source code for that exact version of the software. (Example: Even if that software is loaded into a ROM in a device and there is no way to extract or replace the code in the ROM.) - You may give copies of the software, unmodified or modified, to anyone, as long as you also offer them the same license you received, i.e. the GPL license including all terms with no additional restrictions. The last point about no additional restrictions, combined with the first point, use for any purpose whatsoever, means you can't combine GPL software with software that has a no-commercial-use clause in its license, and have the result be redistributable. (But you're still free to combine it and keep the result to yourself.)
|
|
# ? Jun 7, 2022 19:49 |
|
nielsm posted:- If you receive a copy of the software in any format, whoever gave you that copy must also offer you a way to get the source code for that exact version of the software. (Example: Even if that software is loaded into a ROM in a device and there is no way to extract or replace the code in the ROM.) Crucially, the source code must be in a form that allows you to build the product, and to make further modifications that you are then allowed to distribute.
|
# ? Jun 7, 2022 20:06 |
|
So how would this work for vexatious licencing? If I'm the great and revered author of left-pad and instead of deleting my code I release an update that changes the licence to GPL then a bunch of libraries that won't have the version pinned in their dependencies (a horror, I grant you) will be built and deployed automatically into the real world. Can I really at that point enforce the demand that anyone who deployed that version now has to open source that version of their website/app?
|
# ? Jun 8, 2022 02:25 |
|
If it ends "semantic versioning" I'm all for it.
|
# ? Jun 8, 2022 02:58 |
|
A lot of open-source licensing stuff has never been put to the test in court.
|
# ? Jun 8, 2022 03:02 |
|
rjmccall posted:The GPL requires derivative works to be licensed under the GPL (or a similar license), so you actually have to open-source your entire product. What you’re describing is the LGPL. If the Apache library is entirely written by the same person, can it actually be in violation of the GPL? If it shares a data structure with the GPL code, for example, I would interpret that data structure as being available under both licenses by the author.
|
# ? Jun 8, 2022 03:03 |
|
For extra fun, the "no warranties" clause in GPL is almost certainly invalid in some jurisdictions. Lots of places do not allow you to disclaim away implied warranties.
|
# ? Jun 8, 2022 03:17 |
|
pokeyman posted:If it ends "semantic versioning" I'm all for it. If people actually followed semantic versioning it'd be great. But no one does, and actually doing so is significantly more difficult than it sounds.
|
# ? Jun 8, 2022 04:14 |
|
Dylan16807 posted:If the Apache library is entirely written by the same person, can it actually be in violation of the GPL? If it shares a data structure with the GPL code, for example, I would interpret that data structure as being available under both licenses by the author. The author can release their software under as many licenses as they want.
|
# ? Jun 8, 2022 04:59 |
|
NtotheTC posted:So how would this work for vexatious licencing? If I'm the great and revered author of left-pad and instead of deleting my code I release an update that changes the licence to GPL then a bunch of libraries that won't have the version pinned in their dependencies (a horror, I grant you) will be built and deployed automatically into the real world. Can I really at that point enforce the demand that anyone who deployed that version now has to open source that version of their website/app? Yes, you can do that. Or rather, the redistributors of the GPL left-pad will have violated your license. What damages they are liable for will be up to the legal system. The courts are generally not inhabited by rigid law-interpreter robots (this is where a lot of nerds make a crucial mistake), so if the redistributors of your GPL left-pad just say "oops, we didn't notice, we'll roll back to the last non-GPL version which is in any case completely functionally identical" I find it unlikely they will be liable for any damages. In the same vein, some kind of GPL Suicide Bomber couldn't take a job at Microsoft and sneak a few lines of GPL code into Windows in order to make the whole thing GPL. (There are also complexities regarding what exactly constitutes a derived work - I think the so-called virality of the GPL tends to be decided on a case-by-case basis.)
|
# ? Jun 8, 2022 07:19 |
|
rjmccall posted:The author can release their software under as many licenses as they want. They definitely can if they want to, but is it right to say that's what actually (implicitly) happens in the situation Loezi described?
|
# ? Jun 8, 2022 08:45 |
|
I would not interpret an Apache-licensed chunk of code that is a derived work of a GPL-licensed chunk of code to implicitly relicense the GPL-licensed code to Apache, even if it's the same author. I think that's the kind of thing that makes people add "as a special exception," kinda lines to their copy of the GPL.
|
# ? Jun 8, 2022 09:03 |
|
Dylan16807 posted:They definitely can if they want to, but is it right to say that's what actually (implicitly) happens in the situation Loezi described? What "implicitly happens" is something that would need to be argued out by the lawyers involved. It's a situation that nobody wants to be in because you don't actually know the answer until you've spent a bunch of money on lawyers to argue it out and a court has examined those arguments and given a ruling. And if you're even in that situation to begin with, you almost certainly have a lot of money riding on the outcome.
|
# ? Jun 8, 2022 09:09 |
|
Don't use code with unclear licensing. It's no different from using code that is of technically poor quality. Write (or buy) the code yourself if you really need its functionality.
|
# ? Jun 8, 2022 10:44 |
|
Athas posted:Don't use code with unclear licensing. It's no different from using code that is of technically poor quality. Write (or buy) the code yourself if you really need its functionality. Essentially never use javascript ever
|
# ? Jun 8, 2022 10:46 |
|
I forgot to mention that this is in the context of python, but nevertheless I also find it hilarious that the new license for Library B above is 1) any creative commons 2) the no derivatives variant in particular. And as some have pointed out, the "solution" here is, indeed, "oh, I guess we're not using these libraries any more".
|
# ? Jun 8, 2022 12:31 |
|
Athas posted:Don't use code with unclear licensing. It's no different from using code that is of technically poor quality. Write (or buy) the code yourself if you really need its functionality. Buy code? I can download it for free from the internet!!!
|
# ? Jun 8, 2022 16:40 |
|
Just change a few variable names, etc. Nobody will ever notice!
|
# ? Jun 8, 2022 17:00 |
|
NtotheTC posted:So how would this work for vexatious licencing? If I'm the great and revered author of left-pad and instead of deleting my code I release an update that changes the licence to GPL then a bunch of libraries that won't have the version pinned in their dependencies (a horror, I grant you) will be built and deployed automatically into the real world. Can I really at that point enforce the demand that anyone who deployed that version now has to open source that version of their website/app? Depends on which judge you get too; the judge in the Oracle vs Google case about whether Java APIs can be protected IP, who actually took the time to learn enough programming to understand the concepts being argued, or... pretty much any other judge.
|
# ? Jun 8, 2022 18:14 |
|
Volmarias posted:Depends on which judge you get too; the judge in the Oracle vs Google case about whether Java APIs can be protected IP, who actually took the time to learn enough programming to understand the concepts being argued, or... pretty much any other judge. And yet I totally agree that most judges wouldn't give two shits.
|
# ? Jun 8, 2022 19:09 |
|
ExcessBLarg! posted:The thing about this case is that it was pretty clearly two juggernauts going in with complaints regarding major products and any ruling would have significant repercussions within the industry. As a judge, this is it--this is your superbowl. You'd think you want to be sufficiently versed in the situation to get it right. Yeah you say that but the appeal judge did not give a poo poo so
|
# ? Jun 8, 2022 19:21 |
|
Is it evil of me that I kinda wish it were decided the other way, because the repercussions would have been entertaining?
|
# ? Jun 8, 2022 21:17 |
|
In the same way that we all were entertained by trump winning the GOP primary?
|
# ? Jun 9, 2022 04:04 |
|
|
# ? Jun 6, 2024 23:25 |
|
Athas posted:if the redistributors of your GPL left-pad just say "oops, we didn't notice, we'll roll back to the last non-GPL version which is in any case completely functionally identical" I find it unlikely they will be liable for any damages. If it's registered, statutory damages for innocent infringement can go as low as $200 but not really below that. Not that $200 would be worth a lawsuit. https://www.law.cornell.edu/uscode/text/17/504
|
# ? Jun 9, 2022 18:17 |