This will definitely be brought up, so why not from me: this is not open source by Open Source Definition standards.[1] You're free to sell your builds as commercial, but if I can't compile the source code myself and use it at my workplace (assuming I'm not a journalist or any other type of listed free-to-use professional) then you're discriminating against fields of endeavor.
Replying to a now flagged and dead comment, as it's a common sentiment expressed in a rude way, and the sentiment deserves a reply:
> I'm sick of self-proclaimed "orgs" (with unclear sponsorship) or SJWs claiming ownership of commonly used terms.
This is revisionist history. OSI was formed and OSD was published in February 1998 immediately after the term "open source" was proposed, and OSD was largely based on Debian Free Software Guidelines which predates the term.[1][2] So the term only became popular after the "self-proclaimed org" formed and popularized it. The OSD clearly predates any so-called open source abuse, and AFAIK it was never revised due to some sort of corporate sponsorship.
You can coin your own term and try to popularize it. FSF has their free software (well, that's actually a weak claim on a broad term) and libre software (much better). You can also get behind some weird term like "Open Source with Commons Clause", or just use another commonly used term, "source available" (which, granted, spans a pretty wide range on the restrictiveness spectrum, so definitely not ideal).
Meanwhile, many of us get annoyed when commercial products try to reap the marketing benefits of open source but does not grant the rights we've come to expect from the term. This particular case isn't even subtle like the Commons Clause.
I feel like the fact that their very first sentence [1] has to say this:
> Open source doesn't just mean access to the source code.
is pretty good evidence they themselves are to blame for poorly picking the terminology. You can't really fault people for assuming words mean what they say and not going back to check the etymology. Consider it a special case of designing intuitive UIs. Which is something many pieces of software (especially open-source software...) don't do particularly spectacularly.
It's kinda like picking your site to be called "Hacker News" and then yelling at people for thinking that's where the hackers that broke into their computers got their news. The associated trouble and confusion is the price you decided to pay in exchange for picking a cool (but misleading) name.
They may deserve some blame for not defending the term as well as they could have done but I don't think it's a badly defined term, I'll be up front in that it seems to me to be incredibly intuitive that open source should mean access to a programs source code in a manner that isn't burdened too heavily by copyright or intellectual property laws or otherwise coming with baggage like usage or redistribution restrictions. Releasing something as 'open' and then placing restrictions on its use seems like the counter-intuitive use of the term here, and for some perspective this is something the FSF and GPL gets criticised for by proponents of more permissive licences like BSD or MIT and is part of the reason why we have the split between free/libre software and open source software in the first place.
As far as the terminology goes, keep in mind that the people defending the OSI are generally the people or at least in line with the people that coined and popularised the terms and their continued usage, and while that may seem like an easy way to dismiss certain talking points it's a point that's going to keep being brought up in response to the argument of feigned ignorance to the terms, and I don't mean this to come across as too mean but something like open source has 20 years of mindshare, free software 30 years, more broad but still applicable terms like open access 40 years, or the greater cultural undercurrent much longer than that. At a certain point even the most well meaning individuals who are looking at existing open source licences and creating their own with the express intention of avoiding commercial exploitation[0], a problem almost exclusive to open source licenced software, are going to recognise that what they're doing isn't entirely in line with the existing open source ethos, and I don't think it's unfair or entirely unexpected that people will point out that it's not part of the open source ethos.
[0] From the licence: 'Under no circumstances shall the Person be permitted, allowed or authorized to commercially exploit the Software.', but other similar and more fleshed out licences might make the connection to open source software being exploited more explicit.
This isn't a compelling argument. No one says "free software" is bad branding because you're implored to "think free as in free speech, not free beer."
I imagine they didn't start using "libre" due to a sheer lack of problems with "free".
> The loan adjective "libre" is often used to avoid the ambiguity of the word "free" in English language, and the ambiguity with the older usage of "free software" as public-domain software.
Your point being? Post found the term used in a 1996 press release, a little more than a year before the "most reputable claims of [re]-invention". A single email quoted from a blog post with a grand total of 1756 reads proves that the term was "commonly used" in 1998 when OSI started popularizing the term? In fact, the fact that the claims are commonly regarded as "reputable" indicates that the term actually wasn't commonly used at that point.
Flagging you for calling names isn't harassing. Familiarize yourself with rules of this community. (Flagging comments you disagree with that doesn’t break any site guidelines — now that is harassment.)
it's for me not a show-stopper but I can see it will needlessly antagonize people.
Why not just say immediately "it is a non-commercial license that allows you to look at the source code BUT [in fat bold font] NOT FOSS" - which takes the air out of anyone who may get triggered. ... This are just weasel words:
> "Sure, other companies might have bigger brands and bigger sales budgets, but this is open-source. You can vet the code, in the open, and so can anyone. You know there's nothing hidden inside. Plus, future updates have all the benefit of open-source software."
Plus, future updates have all the benefit of open-source software.
This part is particularly strange, because a major benefit of open source software is other people can fork and keep the project alive if the company goes out of business or loses interest. I myself have rescued abandoned projects before and just released a new version for one today. This benefit is clearly missing for this product, at least I can't see any way to revive it to keep commercial use alive without a license change.
This is concerning for this project especially because it's being pitched to journalists. It's easy to maintain a backdoored version and an apparently secure version. Only ship backdoored binaries, and only distribute apparently secure source. By not allowing third-party builds, you can effectively lock everybody into using the backdoored version while maintaining a pretense of openness and security. This is a critical example of why the distinction between free vs open exists.
A lot of these criticisms about the license are valid and I acknowledge that. I do understand it's concerning and,I use someone's words here extremely antagonizing for a lot of people to have this use the term open source when their expectations of open-source are so vastly different. And I want to address that particularly in another comment but let me address what is your misrepresentation or misinterpretation of the restrictions.
I totally agree that you could have a back door and that be something possible to distribute in a binary. That's a legitimate risk. At the same time I think it's disingenuous to say that opening the source code on GitHub is not adequate protection but having some sort of third-party builds would be adequate protection against that. I think having those source code in the open is the ultimate protection against sort of backdooring. And from there anyone can download and run it using node or they can make their own binaries. And with respect to using any bineries distributed by anyone else everyone needs to use their own risk tolerance. At the same time I don't think the license that I've made precludes third-party builds with the meaning of that being other people building their own binary from the source code and distributing that for other people, I feel okay you can do that you just can't charge people for it, or use it as part of a paid service or project intended to make money, and you can't deploy it for them as part of a paid service. Unless you're already working in that organization and making this deployment as part of the ordinary course of your duties (like you can't be doing this as a contractor, and it can't be part of being contracted to work for them). One purpose of this restriction obviously is to get organizations to contract Dosyago corporation when they need help to deploy that Dosyago IP. A way to make money through consulting that's an alternative to selling per seat or per site licenses.
So I definitely think the criticisms of this license are valid at the same time it's important to be clear about what actually, you know, the restrictions are and what the risks of that are.
I definitely think people should exercise caution with regard to any software but they should also protect themselves against misinformation. So in that light it is I think in the interests of everyone's safety to have an informed and open discussion. That's why I'm addressing what seems to me to be a misrepresentation, and why and I'm also not bristling and anyone raising concerns about the license. I think it's perfectly valid and it totally makes sense for them to be upset about this.
I'm discriminating based on money. Like the selling of any product if someone can provide the money otherwise not. Otherwise that would be theft or IP violation or whatever it is.
But I guess you don't object to purchase so much as to what you see as my misuse of a term, which you feel is very important to get right. I get that. I understand that many people feel legitimately upset when they see the word used in a way that differs vastly from their beliefs about it.
I acknowledge those complaints you have, they're valid. I don't question your views, I just work from the point of view that it's a big world out there, plenty of room for different perspectives and experiences...and plenty of people with their own interpretation of a term. And there's plenty of room for different versions of a term. I don't think you or, or anyone has monopoly on the meaning of a word or whatever. We can all make our own meanings. No problem I see with that.
I understand you seem to differ on this and believe it's very important to get the word to align with what you see as correct usage. And you view my use of it which diverges from that...as a deliberate bait and switch to lure people in on the false promise of an open source while I rip the rug out from under their innocent feat and charge them or deny them usage. I could say your interpretation is ungracious or ungenerous, but I don't need to. I see it as valid, from your point of view. I get you totally see it as the right way, and I'm fine with that. We see it differently and that's OK.
So, ignoring the intricacies of usage because debating the fine points of terminology, of a particular usage...is not something I'm into here...maybe I can share some of the reason why I chose this, keeping in mind that I understand the license language is unpolished, and I think of it as a work in progress.
I think if you're trying to make money, then you should pay. But if you're in government, you're already funded by people's taxes, so why should we tax people twice? Government may as well not have to pay a license, but they should pay me for my time if I help them deploy it and they should respect my IP by not paying someone else to provide support or service with it. Then I did what I feel is also correct and extended that "free use" exemption to other areas which I feel are widely thought of as having a "public good". Such as not-for-profits (although I'm sure not all of them are good, but again they basically live on donations), and also journalists.
A bit of this is marketing and a bit of it is trying to extract value from what I've created. Maybe it's hamfisted...maybe it won't help me achieve my goal of value capture, and maybe no matter what I say you will despise my stance because you can't help but see my use of the term as an abuse of a sacred ideal meant for the betterment of mankind. I'm not really mocking you...I'm saying I appreciate your idealism, and I'm just trying to make money from what I built.
But if you an indulge me to speak to your idealism for a second, I think any idealism ought to include the openness, and innocence that helps give rise to it, otherwise it might become inflexible fundamentalism, causing more harm than good. I'm not saying you're causing harm here (except maybe to your health by getting upset)...just trying to express my view that there's plenty of ways to view a term, and they're all OK.
You might desire that I put some sort of disclaimer, along the lines of "Adherents of Open Source definition of Q: please note this is Open Source based on the definition of Y, but not per the definition in X, but it is called so because ...."
But I'm not bothered to do that. I feel that such subjectivity is implicit in communication, and doesn't need to be made explicit unless one assumes there is A Single Source of Correctness on the Meanings of Words, published by the Ministry of Truth, 2020 edition. Again, I'm not saying you think of things so inflexibly...I suppose I'm just exaggerating to make my point another way, people have different meanings and perspectives and that's OK.
At the end of the day, people need to consult the License in order to determine the terms of use. And really, if they have questions, they can ask.
Like I said, maybe this is hamfisted...and perhaps I'd make more money if I slapped an MIT license on it and upsold something else...who knows? I'm just learning. Please don't try to crucify me or what I made at the altar of your oh-so-inflexible-but-undoubtedly-correct-to-you beliefs.
If you stop and think about it, you might find there's a way you can use this without getting very upset...that is, if you really want. I guess you could have just been arguing for the sake of it, without any skin involved, but I choose to believe you really do see this product as useful. So if you want to discuss terms (and are not in the free use exemption) definitely reach out to me at cris@dosycorp.com
I avoided replying to your comments (or the thread you started) in the main thrust of the Show peak because I saw them as overly negative and I didn't want to ruin my day by involving myself in some fight. But now the peak is over, I feel it's OK to make my view known, and maybe we can find some useful common ground. If not that's OK, and I totally understand if you simply find this infuriating and thank you for reading this far. Either way best of luck and have a great one
> Sure, other companies might have bigger brands and bigger sales budgets, but this is open-source.
No, it's not. They are delibetarely misusing a well-established term and they deserve to be called out for that. This is extremely antagonizing and it is impossible to take the rest of the project seriously when it is presented that way. The same thing happened when zoom said that their program did "end-to-end encryption", while it didn't; it was a great project, but tainted by a callous and misleading usage of terminology.
I appreciate you sharing that, thanks! On here I set up the restrictions using user accounts and groups, iptables, cgroups and some monitoring of CPU and memory, with cpulimit and pkill for excessive use. Sort of like a lightweight "container" for each browser process.
In other words, each chrome process runs in its own user-space (a no-login user which exists only for the duration of the session), which has cpu and memory limits thanks to cgroups, bandwidth limits and restrictions thanks to iptables, and disk and browser cache limits thanks to chrome command-line flags.
This is really cool, I'm just building an image now. Excited to try it out. One small error is I think you are missing a '\' from the end of line 7 (repository flag)
edit:
I just got this error trying to build an image. Any idea what's wrong or how to fix it?
So it's a browser within your browser running on a remote machine somewhere?
At first glance it seems needlessly complicated, but modern browser finger-printing is also incredibly complex. So this might be better than a VPN... As both the IP and the browser are proxied
With https over VPN, at least the vpn provider cannot inspect the contents of your traffic. With a browser running on a remote machine, whoever controlls that machine can.
This is better than VPN only in a scenario when you either controll that machine or fully trust the provider
I assumed it was more for security than privacy. Run the Javascript remotely so your own machine will be (or at least, is more likely to be) be protected from zero-days.
This seems like it kind of defeats the purpose though. Is this section just to prove that it can be done?
edit: This was not meant to be rude. I was just asking if there is another reason. The reason I listed is more than enough, I was just wanting to learn more.
Depends on the motivation to use - self-hosted option is of course bad for privacy, but still good for security - you could use a browser running on a separate machine, effectively making it a physically isolated sandbox
that's a valid point as well. This pretty much results in a privacy vs security choice, you either run it in infrastructure you fully control at the loss of privacy or some anonymous service, where you could have privacy but loosing the security.
Although one could argue that using an anonymous hosting service, there's still a risk that whoever is running that infrastructure could monitor your activity meaning that effectively you have neither privacy nor security.
I don't think it defeats the purpose. It's not meant to make you anonymous, it's meant to shield your actual computer from exploits. It can do that just fine running on a VPS you rent.
I am slightly concerned that it's being advertised as security software, but the commit log looks incredibly... unpolished and uncared for, to say the least.
Super cool, I have just tested with YouTube and it's allowing background audio playback on mobile because the video continue to play on the server. Audio is playing on my phone with a 3 sec latency but without hiccups and good enough quality.
Thank you :) I thought that would be a cool use case for people (what with free YouTube not letting you play in the background) but I couldn't find a way to get lots of people using it.
Webpage -> Remote server running "isolated browser" -> Local Browser
Use case is to protect security by not allowing any arbitrary website code to run on your local browser, the remote actually renders the webpage and just sends you pixels -- I think.
It passes through your navigator.platform, userAgent and screen dimensions, from the client you connect with. But this is not necessarily the actual values of the machine you run it on. So the site you're browsing thinks it is talking to a browser on, say, an Android phone, but actually it is (in the live demo anyway) talking to a browser running in a virtual Debian instance in GCP.
For fun, check out your geolocation. That is not passed through
[1] https://opensource.org/osd