> We can’t avoid that any more than the government can avoid criminals having unbreakable encryption.
I mean, we can; we just don't. It's not like there's something baked into the laws of math that says your society is required to be a surveillance state (unlike encryption, where the laws of math do say this is always possible).
It is absolutely within the realm of technological possibility to build a society with largely decentralized infrastructure that doesn't constantly phone home to report on you to the Great Eye. We don't live in that world because normal people are kinda retarded. In the words of the creator of the Great Eye itself: "They trust me. Dumb fucks."
The reason I say it is unavoidable is not laws of nature, it is the ease with which it can be done with current technology, and the advantages that our current technology brings to societies which do not reject it.
Indeed we could, as you say, construct societies without that capacity — Amish, etc. already do so — but such a society is outcompeted by every society which embraces tech, and any society with tech at the level of the Stasi (i.e. both old and the wrong side of the Iron Curtain) can surveil whoever it wants whenever it wants.
Now? Now it doesn’t matter if you decentralised all the infrastructure, the tech is too cheap to avoid total surveillance.
Now, laser mics are school projects, and the hardware cost for pointing one at each and every window in London 24/7 is significantly lower than the annual cost of the Metropolitan Police Service in the same city.
Now, your WiFi can be converted into a wall-penetrating radar, do pose detection, heart rate and breathing detection.
Now, my wristwatch knows when I walk past the charging station to turn on its screen and remind me of its existence. I don’t even know how it knows when I’m walking past.
Now, I have an IR camera that can see through some opaque-to-visible-light materials for no good reason and at pocket-money prices.
“Centralised” has its problems, but getting rid of centralisation isn’t enough.
Corporate sponsorship of open source is entirely dependent on top talent caring about open source and thus being more willing to tolerate working for EvilMegacorp if major pieces of the infrastructure they work on are open.
When top talent just accepts the big money contract regardless, corporations see little incentive to sponsor open source. Software development is the only industry that has large portions of infrastructure free and open for anyone to use, and this is due to inheriting the values of key founders of the industry a generation or so ago.
It's up to us to carry that torch, or we will become like every other industry.
> and this is due to inheriting the values of key founders of the industry a generation or so ago.
Is it? I think it has more to do with companies realizing that [1]commoditizing their complements is a sound strategy, and [2] using open source as a growth strategy.
When you get to the "harvesting" stage or the "entrenched monopoly stage", the FOSS license doesn't make sense if you were using it merely as a growth strategy.
Commoditizing software was never a strategy, at least until a very recent stage. Open source software projects commoditized software either by being vastly more successful and out-competing their alternatives (gcc[1]), or by being a singularly better value proposition than their alternatives (linux[2]). The companies which have "commoditized their complements", used "open source as a growth strategy", or "become entrenched monopolies" have always had a rather sketchy relationship with open source software, which is why they have preferred to avoid an actual free software license.[3]
[1] Back in the good ol' days, everybody made C/C++ compilers. OS vendors made compilers highly tuned for their hardware and software; others, like embedded vendors, made compilers tightly integrated with their tooling. Then gcc showed up everywhere, and started producing optimized code better than the tuned products. By the time LLVM appeared (2003?), its only real competition was gcc and a fork of gcc.
[2] Originally, Unix vendors had incremental improvements over their competitors in specific areas (IBM: SMIT/JFS, SiliG: graphics, etc.). Initially, Linux was a joke. Then it became as stable as the vendor OSs and the hardware it ran on was cheaper. Then it ran on any hardware. It may never have achieved feature-advantages over the competition, but taken as an entire package, the competition couldn't provide anywhere near enough value.
[3] IBM's a funny case, especially with Red Hat. IBM hasn't had a functioning software (or hardware?) product for at least 30 years.
You’re just describing the process of how all that software became commoditized. Software the everybody needs to use is simply a commodity now, and that’s why the more generically useful something is, the more open source support it’s going to have. Companies (usually) don’t want to build their own infrastructure, the want to spend their money investing in their value adds, because that’s where they get their RoI. A company could build their own web server, operating system, compiler, database... But their customer are unlikely to see any benefit from that, which is why they find themselves with an incentive to improve open source software. That’s the reason big open source projects attract large corporate sponsorship, not to satiate the ideological motives of “top talent”.
The open source from your list largely falls under #1. They didn't open source their primary product, but rather their complements. That is sustainable, whereas #2 is not when a permissive license is involved.
Strategy #1 is self-interested and doesn't require any real zealotry and survives the harvesting stage just fine.
Open sourcing your core product with a permissive license is generally going to be at odds with business goals at some point, and if you're in business, often the thing to give is the license.
People who write open source do it for analogous reasons, except the "strategic incentives" are often personal. Those reasons can change quickly when shiny new things appear. There's a wealth of abandoned OSS projects that illustrate this point.
That's been my experience as well, and the same applies to groups that own/maintain certain projects, like drools/RHDM. The project/technology owner/maintainer is aligned with corp based on customer size/needs, and that alignment is a function of how much the customers are paying.
If and when a large customer drops out, the entire corp and open source structures can change because the monetization changes. On the plus side, if there's a broad customer base, this is less likely to happen.
When will this not be the case? Most companies use a lot of open source, in order to ship quickly. I suppose the thesis of main link is, that's no less so the case -- but here we are, building UIs with Vue/React/Angular/etc. Tons and tons of open source tech to enable shipping more quickly.
I don't pretend to be an industry expert but things seem different now, in this day of Everything-as-a-Service and subscriptions-as-primary-revenue-streams, from when Free Software first became A Thing.
It's just so easy these days for a corporate parasite like Amazon or Sony to rip off your hard work (ElasticSearch, BSD) and contribute essentially nothing back.
The SSPL seems like a perfectly rational response to this newly-emerged phenomenon.
I have serious question to you and everyone who try to advocate for SSPL. Don't you understand that this license has clause for SaaS providers that impossible to comply with?
Even if Amazon wanted to open source every single line of their own AWS code under AGPLv3 or APLv2 it's still not enough: the license require everything to be published under SSPL in very fuzzy terms that can even apply to OS kernel.
Even copyleft licenses always had a goal to increase amount of copyleft code, but SSPL only goal is to completely ban 3rd-party SaaS from using said software.
> the license require everything to be published under SSPL in very fuzzy terms that can even apply to OS kernel.
Not even a little bit.
From the SSPL itself:
>However, it does not include the work's System Libraries, or general-purpose tools or generally available free programs which are used unmodified in performing those activities but which are not part of the work.
Seconding this. Unless something's changed, my experience with the default Go daemon they provide was shock at how much resources it consumed in the background. It was something like 12% CPU usage while doing nothing at all for hours on end - I wasn't even accessing any ipfs content.
Yeah I just tried downloading the latest version and it looks much better now. I remember I tried ~3 years ago or so and it was horribly inefficient, so I deleted it, then gave it another shot around a year ago and came to the same conclusion.
But yes, from running it ~10 minutes just now, it looks quite reasonable.
Yeah, they did improve it recently (within the past year or so). I see that Brave uses a gateway by default, I guess that's good for adoption but bad for decentralization. Then again, users don't care about decentralization as much as they care about convenience, so that's a good first step.
Did you bother actually looking up the data? Because intentional homicide in the US is indeed more than 6x greater than it is in places like Austria and Switzerland.
There is no country in western Europe with anywhere near the violent crime rate as the US.
Yes I did. US has 3 times more murder then average EU. That is not the same as 6 times more. And some of surplus is one person killing more people, so you then have one person being in prison instead of multiple.
And murder clearance rates are low anyway, so that on itself can't be reason for disparity.
> I mean Greenwald has also asserted that no Parler user was involved in the insurrection, which is a straight-up lie.
Actually, what is written is, and I quote, "a Parler executive told me that of the thirteen people arrested as of Monday for the breach at the Capitol, none appear to be active users of Parler." But I'm sure that was an innocent mistake on your part, not a straight-up lie like you accuse Greenwald of.
While this differs in form, it doesn't seem to differ in substance.
"a Parler executive told me that of the thirteen people arrested as of Monday for the breach at the Capitol, none appear to be active users of Parler."
So Greenwald reports that there were 13 people, a number small enough to stretch credulity, and they all happen to be inactive. The thrust of this statement, that it was a handful of inactive accounts is functionally the same as saying that there weren't any Parler users involved in the insurrection.
13 inactive accounts vs no accounts has little meaningful difference in meaning.
Industry has nothing to do with it. Every country has industry. The reason the US has so many in prison is because its people are the more hair-on-fire moralistic crusaders in the civilized world and they want people in prison.
Industry is not what the prison industrial complex is.
The prison industrial complex is a deliberate lengthening of sentences and increasing of mandatory jail time for non-violent offenses designed to increase the for-profit prison population to increase profit.
"Prison industrial complex" is verbal sleight of hand to blame a system rather than people, but in reality these market forces are merely the revealed preference of what people want. If people wanted these inmates free - and by wanted I mean wanted in the revealed preference sense, not the virtue signal on the internet sense - capitalism would have them free tomorrow.
> If people wanted these inmates free - and by wanted I mean wanted in the revealed preference sense, not the virtue signal on the internet sense - capitalism would have them free tomorrow.
That’s not how the world or capitalism works at all. Plenty of people want things and don’t get them.
If you are referring to “a majority of people” then it’s still not how it works - for example the structure of the existing system affects it (see no president Clinton). There is much more to decisions and change.
In this case, a minority of profit seeking people with power use levers of control on decision makers and propaganda to create public policy.
Sadly, the type of people who rise to the top of corporations and democratic governments are the same who rise to the top of autocratic governments. At least, in a democracy, it seems like they're under some existential threat (as slim as that may be). In better democracies, the threat is less slim. And I think things are getting and will get better.
If it was indeed a backdoor, sure, but that's a judgment call, not something anyone knows. As others have noted, e2e was a novelty at the time, not a norm, and the platform itself was extremely new (less than a year old), and their stated reason for this was to protect against weak client RNG, which in retrospect sounds like a weak reason, but looking back at the news of 2013, this was right around the time the Snowden leaks caused everyone to believe RDRAND could indeed be compromised, so "client having state-compromised RNG" was indeed something on everyone's mind.
Further, the fact that this was caught so quickly is in some sense a vindication of Telegram's model - even in its infancy when it had orders of magnitude fewer users, the fact that the client was open source allowed someone to quickly spot a vulnerability.
The verdict? IMO Telegram secret chats are probably secure (90% certain), but if I were plotting a murder or something, I wouldn't do it over a smartphone app anyway. There's just too many leaky, complex layers in the stack, some of which aren't even open, and quite dubiously so. If security is a life-or-death situation for you, you'd be a fool to use any smartphone app.
>If it was indeed a backdoor, sure, but that's a judgment call, not something anyone knows. As others have noted, e2e was a novelty at the time, not a norm, and the platform itself was extremely new (less than a year old), and their stated reason for this was to protect against weak client RNG, which in retrospect sounds like a weak reason, but looking back at the news of 2013, this was right around the time the Snowden leaks caused everyone to believe RDRAND could indeed be compromised, so "client having state-compromised RNG" was indeed something on everyone's mind.
Everything you said here was addressed by the OP. The connection to telegram servers is already encrypted, the only adversary this server-side RNG could possibly defend against is one that has access to the server.
I mean, we can; we just don't. It's not like there's something baked into the laws of math that says your society is required to be a surveillance state (unlike encryption, where the laws of math do say this is always possible).
It is absolutely within the realm of technological possibility to build a society with largely decentralized infrastructure that doesn't constantly phone home to report on you to the Great Eye. We don't live in that world because normal people are kinda retarded. In the words of the creator of the Great Eye itself: "They trust me. Dumb fucks."