Hacker Newsnew | past | comments | ask | show | jobs | submit | iceninenines's commentslogin

We also need more tech co-ops so employees can profit more fairly from their crucial work, because a pittance of low-priority employee shares doesn't really count.


Puppet, a freemium services FOSS model, switched licenses a bunch of times but settled on Apache. Depending on the use-case, there can be legal problems on customers' sides including certain projects in hardware, software, SaaS products or even just using them with onerous licenses like GPL3 and AGPL. The license's restrictions on use combined with the type of use makes all the difference.


RIP. My grandparents had a TI 2550.


Not another vendor-lock-in package manager. And, very predictably, no end-to-end integrity and nonrepudiation. smh.


Yeah, it's unfortunate. Rather than a solution that could be adopted outside of CCI, this is only useful in those configs. So as soon as you use them in your org with this product, you have to reinvent the wheel to get the same functionality in any other CI that a different team might be using.


Which package manager do you feel gets it right?


I’m not the OP but Nix/NixOS is the closest I’ve ever seen to a “Platonic ideal” package manager


I think you'll like AppFS

http://AppFS.rkeene.org/


If you want to find malware with no AV signatures, look at no-name warez of medium popular and niche professional software, and honey-net via unpatched Windows computers on exo-DMZ unfiltered IP addresses. I saw this one sample behavioral analysis of a trojaned well-known firewall product for Mac that tries to download Google Chrome in order to clickbot... no AV signature for it. With the right APT defenses, such as a root priv esc, SIP bypass and process & file cloaking, it would be entirely possible to keep nodes pwned much longer, at the cost of 2-3 sploits... and better use such farm for a big money-maker.


> and better use such farm for a big money-maker.

So...like raise goats or something?


This is where fast and reliable caching strategies, and lazy, parallel enumeration come in. I would almost want the .DS_Store to include a summary of a tree's metadata and update what's in view by watching watchable filesystems in order to avoid as much full remote tree walking as possible. Shared remote filesystems without a differential/OT push metadata notification API reduce clients to glorified polling. :(


???


https://en.wikipedia.org/wiki/Thermonuclear_weapon


GPLv3 prevents TiVo, AGPL prevents AWS.

Puppet has an Apache licensed community edition, and they make money just fine. RedHat, Canonical, and so on.


AGPL doesn't prevent AWS, AGPL forces AWS to be open with their changes.

Which I think is better. You might not enable FOSS devs to make much off their work, but you at least force companies to contribute.


> AGPL forces AWS to be open with their changes.

Unfortunately, AGPL is full of loopholes, which are emerging now, because large enterprises with access to specialist legal talent are putting the microscope on licenses for projects like AGPL MongoDB.

https://writing.kemitchell.com/2018/11/04/Copyleft-Bust-Up.h...

MongoDB's counsel mentioned this directly in their statement submitting SSPL to OSI.


I think AWS would still rather do what they did with DocumentDB.


You mean like Sugar CRM?


That sucks. I used them in the past.


I didn't, so I won't be crying now.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: