Reading this felt like the official obituary for the 90s techno-optimism many of us grew up on.
The "end of history" hangover is real. We went about building the modern stack assuming bad actors were outliers, not state-sponsored standard procedure. But trying to legislate good use into licenses? I don't know how you would realistically implement it and to what extent? That solution implies we have to move toward zero-trust architectures even within open communities.
As an example: formal proofs and compartmentalization are unsexy but they're a solid way we survive the next decade of adversarial noise.
I remember reading a quote somewhere that stuck with me. Paraphrasing, "If the architecture of my code doesn't enforce privacy and resistance to censorship by default, we have to assume it will be weaponized".
I am out of ideas, practical ones, lots sound good on paper and in theory. It's a bit sad tbh. Always curious to hear more on this issue from smarter people.
It's also questionable to which extent restrictive licenses for open source software stay that relevant in the first place, as you can now relatively easily run an AI code generator that just imitates the logic of the FOSS project, but with newly generated code, so that you don't need to adhere to a license's restrictions at all.
How does one make sure the implementation is sufficient and complete? It feels like assuming total knowledge of the world, which is never true. How many false positives and false negatives do we tolerate? How does it impact a person?
I'm not sure. We can use LLMs to try
out different settings/algorithms and see what it is like to have it on a social level before we implement it for real.
> If the architecture of my code doesn't enforce privacy and resistance to censorship by default
which is impossible.
- No code is feasibly guaranteed to be secure
- All code can be weaponized, though not all feasibly; password vaults, privacy infrastructure, etc. tend to show holes.
- It’s unrealistic to assume you can control any information; case-in-point the garden of Eden test: “all data is here; I’m all-powerful and you should not take it”.
I’m not against regulation and protective measures. But, you have to be prioritize carefully. Do you want to spend most of the world’s resources mining cryptocurrency and breaking quantum cryptography, or do you want to develop games and great software that solves hunger and homelessness?
Things like that should not be handled on software level, you will always loose and run out of resources. You basically have to force politicians (fat chance)
> That solution implies we have to move toward zero-trust architectures even within open communities
Zero trust cannot exist as long as you interact with the real world.
The problem wasn't trust per se, but blind trust.
The answer isn't to eschew trust (because you can't) but to organize it with social structures, like what people did with “chain of trust” certificates back then before it became commoditized by commercial providers and cloud giants.
I don't get why you conflate privacy and resistance to censorship.
I think privacy is essential for freedom.
I'm also fine with lots of censorship, on publicly accessible websites.
I don't want my children watching beheading videos, or being exposed to extremists like (as an example of many) Andrew Tate. And people like Andrew Tate are actively pushed by YouTube, TikTok, etc. I don't want my children to be exposed to what I personally feel are extremist Christians in America, who infest children's channels.
I think anyone advocating against censorship is incredibly naive to how impossible it's become for parents. Right now it's a binary choice:
1. No internet for your children
2, Risk potential, massive, life-altering, harm as parental controls are useless, half-hearted or non-existent. Even someone like Sony or Apple make it almost impossible to have a choice in what your children can access. It's truly bewildering.
And I think you should have identify yourself. You should be liable for what you post to the internet, and if a company has published your material but doesn't know who you are, THEY should be liable for the material published.
Safe harbor laws and anonymous accounts should never have been allowed to co-exist. It should have been one or the other. It's a preposterous situation we're in.
The Internet was the “Wild West”, and I mean that in the most kind, brutal, and honest way, both like a free fantasy (everyone has a website), genocide (replacement of real world), and an emerging dystopia (thieves/robbers, large companies, organizations, and governments doing terrible things).
Which, if you think about it, is a mostly uplifting timeline.
Back in 1770 there were basically 0 democracies on the planet. In 1790 there were 2. Now there are about 70 with about 35 more somewhere in between democracy and autocracy. So most of the world's population is living under a form of democracy. I know that things are degrading for many big democracies, but it wouldn't be the first time (the period between WW1 until the end of WW2 was a bad time for democracies).
I have no idea how we get from here to a civilized internet, though.
Nothing wrong with a GPL-like viral license for the AI era.
Training on my code / media / other data? No worries, just make sure the weights and other derived artifacts are released under similarly permissive license.
Well, I would say it should be like that already & no new license is needed. Basically if a LLM was ever based on GPL code, its output should be also GPL licensed. As simple as that.
Wouldn't you want the code generated by those models be released under those permissive licenses as well? Is that what you mean by other derived artifacts?
If model training is determined to be fair use under US copyright law—either legislated by Congress or interpreted by Federal courts—then no license text can remove the right to use source code that way.
RMS is probably greatly behind the technical news at this point. I mean, he's surfing the web via a email summary of some websites. Even if he doesn't condone of how the internet is evolving, he can't really keep up with technology if he doesn't "mingle".
He's also 72, we can't expect him to save everyone. We need new generations of FOSS tech leaders.
I agree with the sentiment, but unfortunately often this is too simplistic.
For example, a lot of Palestinians are not tolerant towards LGBT people -> a lot of LGBT people are not tolerant towards Israelis -> a lot of Israelis are not tolerant towards Palestinians.
Also how do you know if you are intolerant or intolerant towards intolerance?
> I agree with the sentiment, but unfortunately often this is too simplistic. For example, a lot of Palestinians are not tolerant towards LGPT people -> a lot of LGPT people are not tolerant towards Israelis -> a lot of Israelis are not tolerant towards Palestinians.
Nice bait with broad sweeping generalizations there.
One of critiques of "Paradox of Tolerance" is its proponents (probably not Karl Popper himself) take the argument to its extremes (similar to the generalization you posit), while the reality is more of a spectrum.
I didn't intend it to be bait. It is a generalization, but if you read carefully, there is "a lot" at each point.
And pretending that there aren't large swaths of people who have different ideas and you can group them into "tolerant" and "none tolerant" is also a generalization.
Yes, I think of “paradox of tolerance” as a sort of glib rebuttal people give when enjoined to tolerate someone.
“Fuck you, that person is intolerant, I get to do whatever I want to them. And man, how uncultured are you that you would even suggest otherwise. You must never have heard of this philosopher!”
> But the part about FOSS being used in a project not aligned with the creator's values seams hypocritical
I agree with you.
Imagine a parallel Earth where there was a free OS that the majority in the world used called GNU/Felix.
Felix (it/its), who wrote GNU/Felix and who was the project’s strong but kind leader, one day had a head injury that somehow decreased its empathy but raised its IQ.
Subordinates of Felix on the council of leadership noticed that it was adding features that would track all user data to use in some nefarious plan.
In this case, most would agree that for both the freedom and good of all, Felix should no longer lead this effort.
However, they would want to be sure that even the Will Bates’ great company Bikerosoft didn’t lead the project either, because despite its wonderful and ubiquitous Bikerosoft Office apps and Ezure cloud tools and infrastructure, it was a profit-based company.
I think this mixes up the 'how' with the 'why.' FOSS isn't the end in itself, I think that for most people it's just the tool that lets us work together, share what we've built, and get something back from the community.
If this is suddenly being weaponised against us, I don't see how that's not a problem.
I think you'll find, especially within the tech community, people struggle with purity and semantics. They see that supporting and promoting FOSS is to be okay with its use for war, oppression, or whatever mental gymnastics they need to just not care or promote bad things. They will argue about what "free and open" means and get mixed up in definitions, political alignments, etc.
It is pretty obvious to me, that being blase about whomever using FOSS for adversarial reasons is not very "open" or "free". Somewhere in the thread there is an argument about the paradox of intolerance and I don't really care to argue with people on the internet about it because it is hard to assume the debate is in good faith.
My point is this: Throw away all your self described nuance and ask this yourself whether or not you think any malicious, war-monger, authoritarian, or hyper-capitalist state would permit a free and open source software environment? If the objective of a business, government, or billionaire is power, control, and/or exclusivity then, well, your lofty ideals behind FOSS have completely collapsed.
For a lot of people, FOSS is also very much the why. It’s not just a practical tool—it represents core principles like freedom, transparency, and collaboration. Those values are the reason many contribute in the first place.
Emphasis on the freedom, especially the freedom to use by anyone for any purpose.
If it took some people in the FOSS space this long that it also includes people, companies or purposes they disagree with, then I don't know what to tell them.
You are correct but in the context of free software, the FSF has been explicit about this ("The freedom to run the program as you wish, for any purpose"). Publishing software under a FOSS license imply that you agree with this definition of freedom.
That's like saying "I have the freedom to kill you".
Saying that you can create something, then you reserve the 'freedom' to limit what everyone else does for it really doesn't fall under the word freedom at all.
The interpretation is simple and the complete opposite of "I have the freedom to kill you".
The software creator (human or AI) must give the user of its software the same freedoms it has received.
If it has received the freedom to view the original, readable, source code, then users should have the freedom to view the original, readable, source code.
If it has received the freedom to modify the source code, then users should have the freedom to modify the source code.
Etc.
It's not hard to follow for people who want to do the moral thing.
It's VERY hard to follow for people who want to make money (and ideally lots of it, very quickly).
If you consider that the people weaponizing code are not honest, I as a FOSS producer am unworried. There may not be a lot of people out there able to use my code compared to LLMs scraping it, but I'm giving a leg up to other humans trying to do what I do.
If what I'm doing is interesting or unusual, LLMs will firstly not recognize that it's different, secondly will screw up when blindly combining it with stuff that isn't different, and thirdly if it's smart enough to not screw that up, it will ignore my work in favor of stealing from CLOSED source repos it gains access to, on the rationale that those are more valuable because they are guarded.
And I'm pretty sure that they're scraping private repos already because that seems the maximally evil and greedy thing to do, so as a FOSS guy I figure I'm already covered, protected by a counterproductive but knowingly evil behavior.
These are not smart systems, but even more they are not wise systems, so even if they gain smarts that doesn't mean they become a problem for me. More likely they become a problem for people who lean on intellectual property and privacy, and I took a pretty substantial pay cut to not have to lean on those things.
> NGI Zero, a family of research programmes including NGI0 Entrust, NGI0 Core and NGI0 Commons Fund, part of the Next Generation Internet initiative.
with the Next Generation Internet thing at the end receiving money/financing from the political supra-state entity called the EU [1] . So I guess said speech-holder is not happy because political entities which are seen by the EU as adversarial are also using open-source code? Not sure how war plays into this, as I’m sure he must be aware of the hundreds of billions of euros the EU has allocated for that.
Michiel is indeed one of the driving forces behind NLNet's NGI0 program. That said, just because they're distributing money they received from the EU, that doesn't mean that they're intimately aware of the full EU budget.
One way war plays into FOSS is that enemy nations are no longer supposed to be contributing to the same projects, being from nationality XYZ is now as relevant as programming skills one has to offer, likewise open source software from specific countries might no longer be allowed.
I imagine anytime the people that control the war resources decide to use them, there are plenty of other people not interested or involved in the destruction. If the UK declares war on an African nation tomorrow, since the US is an ally you would say those other people in the US should disallow devs from the target African nation from contributing to their project?
The "end of history" hangover is real. We went about building the modern stack assuming bad actors were outliers, not state-sponsored standard procedure. But trying to legislate good use into licenses? I don't know how you would realistically implement it and to what extent? That solution implies we have to move toward zero-trust architectures even within open communities.
As an example: formal proofs and compartmentalization are unsexy but they're a solid way we survive the next decade of adversarial noise.
I remember reading a quote somewhere that stuck with me. Paraphrasing, "If the architecture of my code doesn't enforce privacy and resistance to censorship by default, we have to assume it will be weaponized".
I am out of ideas, practical ones, lots sound good on paper and in theory. It's a bit sad tbh. Always curious to hear more on this issue from smarter people.
This is still techno-optimism. The architecture of your code will not to that. We are long past the limits of what you can fix with code.
The only action that matters is political and I don't think voting cuts it.
It's also questionable to which extent restrictive licenses for open source software stay that relevant in the first place, as you can now relatively easily run an AI code generator that just imitates the logic of the FOSS project, but with newly generated code, so that you don't need to adhere to a license's restrictions at all.
It would require it not to be easy to farm (Entropy detection on user behaviour perhaps and clique detection).
which is impossible.
- No code is feasibly guaranteed to be secure
- All code can be weaponized, though not all feasibly; password vaults, privacy infrastructure, etc. tend to show holes.
- It’s unrealistic to assume you can control any information; case-in-point the garden of Eden test: “all data is here; I’m all-powerful and you should not take it”.
I’m not against regulation and protective measures. But, you have to be prioritize carefully. Do you want to spend most of the world’s resources mining cryptocurrency and breaking quantum cryptography, or do you want to develop games and great software that solves hunger and homelessness?
Zero trust cannot exist as long as you interact with the real world. The problem wasn't trust per se, but blind trust.
The answer isn't to eschew trust (because you can't) but to organize it with social structures, like what people did with “chain of trust” certificates back then before it became commoditized by commercial providers and cloud giants.
I think privacy is essential for freedom.
I'm also fine with lots of censorship, on publicly accessible websites.
I don't want my children watching beheading videos, or being exposed to extremists like (as an example of many) Andrew Tate. And people like Andrew Tate are actively pushed by YouTube, TikTok, etc. I don't want my children to be exposed to what I personally feel are extremist Christians in America, who infest children's channels.
I think anyone advocating against censorship is incredibly naive to how impossible it's become for parents. Right now it's a binary choice:
1. No internet for your children
2, Risk potential, massive, life-altering, harm as parental controls are useless, half-hearted or non-existent. Even someone like Sony or Apple make it almost impossible to have a choice in what your children can access. It's truly bewildering.
And I think you should have identify yourself. You should be liable for what you post to the internet, and if a company has published your material but doesn't know who you are, THEY should be liable for the material published.
Safe harbor laws and anonymous accounts should never have been allowed to co-exist. It should have been one or the other. It's a preposterous situation we're in.
Doomscrolling or porn is just too "appealing" to children, like sugar. Children don't have their minds fully developed to be able to say "no" to them.
If in school everybody has a smartphone and does doomscrolling, your children will do as well. Or they'll be ostracised.
It’s changing but not completely.
Back in 1770 there were basically 0 democracies on the planet. In 1790 there were 2. Now there are about 70 with about 35 more somewhere in between democracy and autocracy. So most of the world's population is living under a form of democracy. I know that things are degrading for many big democracies, but it wouldn't be the first time (the period between WW1 until the end of WW2 was a bad time for democracies).
I have no idea how we get from here to a civilized internet, though.
But the part about FOSS being used in a project not aligned with the creator's values seams hypocritical:
IMO FOSS is a gift to humanity and as such:
"A gift should be given freely, without obligation or expectation, as a true expression of love and kindness"
Training on my code / media / other data? No worries, just make sure the weights and other derived artifacts are released under similarly permissive license.
He's also 72, we can't expect him to save everyone. We need new generations of FOSS tech leaders.
For example, a lot of Palestinians are not tolerant towards LGBT people -> a lot of LGBT people are not tolerant towards Israelis -> a lot of Israelis are not tolerant towards Palestinians.
Also how do you know if you are intolerant or intolerant towards intolerance?
You don't need to, it's all intolerance.
Nice bait with broad sweeping generalizations there.
One of critiques of "Paradox of Tolerance" is its proponents (probably not Karl Popper himself) take the argument to its extremes (similar to the generalization you posit), while the reality is more of a spectrum.
And pretending that there aren't large swaths of people who have different ideas and you can group them into "tolerant" and "none tolerant" is also a generalization.
“Fuck you, that person is intolerant, I get to do whatever I want to them. And man, how uncultured are you that you would even suggest otherwise. You must never have heard of this philosopher!”
Saint-Just
I agree with you.
Imagine a parallel Earth where there was a free OS that the majority in the world used called GNU/Felix.
Felix (it/its), who wrote GNU/Felix and who was the project’s strong but kind leader, one day had a head injury that somehow decreased its empathy but raised its IQ.
Subordinates of Felix on the council of leadership noticed that it was adding features that would track all user data to use in some nefarious plan.
In this case, most would agree that for both the freedom and good of all, Felix should no longer lead this effort.
However, they would want to be sure that even the Will Bates’ great company Bikerosoft didn’t lead the project either, because despite its wonderful and ubiquitous Bikerosoft Office apps and Ezure cloud tools and infrastructure, it was a profit-based company.
If this is suddenly being weaponised against us, I don't see how that's not a problem.
It is pretty obvious to me, that being blase about whomever using FOSS for adversarial reasons is not very "open" or "free". Somewhere in the thread there is an argument about the paradox of intolerance and I don't really care to argue with people on the internet about it because it is hard to assume the debate is in good faith.
My point is this: Throw away all your self described nuance and ask this yourself whether or not you think any malicious, war-monger, authoritarian, or hyper-capitalist state would permit a free and open source software environment? If the objective of a business, government, or billionaire is power, control, and/or exclusivity then, well, your lofty ideals behind FOSS have completely collapsed.
If it took some people in the FOSS space this long that it also includes people, companies or purposes they disagree with, then I don't know what to tell them.
That's like saying "I have the freedom to kill you".
Saying that you can create something, then you reserve the 'freedom' to limit what everyone else does for it really doesn't fall under the word freedom at all.
The software creator (human or AI) must give the user of its software the same freedoms it has received.
If it has received the freedom to view the original, readable, source code, then users should have the freedom to view the original, readable, source code.
If it has received the freedom to modify the source code, then users should have the freedom to modify the source code.
Etc.
It's not hard to follow for people who want to do the moral thing.
It's VERY hard to follow for people who want to make money (and ideally lots of it, very quickly).
If what I'm doing is interesting or unusual, LLMs will firstly not recognize that it's different, secondly will screw up when blindly combining it with stuff that isn't different, and thirdly if it's smart enough to not screw that up, it will ignore my work in favor of stealing from CLOSED source repos it gains access to, on the rationale that those are more valuable because they are guarded.
And I'm pretty sure that they're scraping private repos already because that seems the maximally evil and greedy thing to do, so as a FOSS guy I figure I'm already covered, protected by a counterproductive but knowingly evil behavior.
These are not smart systems, but even more they are not wise systems, so even if they gain smarts that doesn't mean they become a problem for me. More likely they become a problem for people who lean on intellectual property and privacy, and I took a pretty substantial pay cut to not have to lean on those things.
> NGI Zero, a family of research programmes including NGI0 Entrust, NGI0 Core and NGI0 Commons Fund, part of the Next Generation Internet initiative.
with the Next Generation Internet thing at the end receiving money/financing from the political supra-state entity called the EU [1] . So I guess said speech-holder is not happy because political entities which are seen by the EU as adversarial are also using open-source code? Not sure how war plays into this, as I’m sure he must be aware of the hundreds of billions of euros the EU has allocated for that.
[1] https://ngi.eu/
(Disclosure: I once received NGI0 funding.)