I think this is true initially and Rust didn't "click" for me for a long time.
But once you are _maintaining_ applications, man it really does feel like absolute magic. It's amazing how worry-free it feels in many respects.
Plus, once you do embrace it, become familiar, and start forward-thinking about these things, especially in areas that aren't every-nanosecond-counts performance-wise and can simply `Arc<>` and `.clone()` where you need to, it is really quite lovely and you do dramatically less fighting.
Rust is still missing a lot of features that other more-modern languages have, no doubt, but it's been a great ride in my experience.
The idea with Rust is that you get safety...not that you get safety at the cost of performance. The language forces you into paying a performance cost for using patterns when it is relatively easy for a human to reason about safety (imo).
You can use `unsafe` but you naturally ask yourself why I am using Rust (not rational, but true). You can use lifetimes but, personally, every time I have tried to use them I haven't been able to indicate to the compiler that my code is actually safe.
In particular, the protections for double-free and free before use are extremely limiting, and it is possible to reason about these particular bugs in other ways (i.e. defer in Go and Zig) in a way that doesn't force you to change the way you code.
Rust is good in many ways but the specific problem mentioned at the top of this chain is a big issue. Just saying: don't use this type of data structure unless you pay performance cost isn't an actual solution to the problem. The problem with Rust is that it tries to force safety but doesn't have good ways for devs to tell the compiler code is safe...that is a fundamental weakness.
I use Rust quite a bit, it isn't a terrible language and is worth learning but these are big issues. I would have reservations using the language in my own company, rather than someone else's, and if I need to manage memory then I would look elsewhere atm. Due to the size of the community, it is very hard not to use Rust too (for example, Zig is great...but no-one uses it).
The idea with rust is that you _can_ have safety with no performance cost if you need it, but depending on what you're building, of course, that may imply extra work.
The pragmatism of Rust means that you can use reference counting if it suits your use case.
Unsafe also doesn't mean throwing out the Rustiness of Rust, but others have written more extensively about that and I have no personal experience with it.
> The problem with Rust is that it tries to force safety but doesn't have good ways for devs to tell the compiler code is safe...that is a fundamental weakness.
My understanding is that this is the purpose of unsafe, but again, I can't argue against these points from a standpoint of experience, having stuck pretty strictly to safe Rust.
Definitely agree that there are issues with the language, no argument there! So do the maintainers!
> if I need to manage memory then I would look elsewhere atm
Haha I have the exact opposite feeling! I wouldn't try to manage memory any other way, and I'm guessing it's because memory management is more intuitive and well understood by you than by me. I'm lazy and very much like having the compiler do the bulk of the thinking for me. I'm also happy that Rust allows for folks like me to pay a little performance cost and do things a little bit easier while maintaining correctness. For the turbo-coders out there that want the speed and the correctness, Rust has the capability, but depending on your use case (like linked lists) it can definitely be more difficult to express correctness to the compiler.
Agree, that is the purpose of unsafe but there is a degree of irrationality there, which I am guilty of, about using unsafe in Rust. I also worry about unsafe leaking if I am using raw pointer on a struct...but stdlib uses a lot of unsafe code, so I should be too.
I think the issue that people have is that they come into Rust with the expectation that these problems are actually solved. As I said, it would be nice if lifetimes weren't so impossible to use.
The compiler isn't doing the thinking if you have to change your code so the compiler is happy. The problem with Rust is too much thinking: you try something, compiler complains, what is the issue here, can i try this, still complain, what about this, etc. There are specific categories of bugs that Rust is trying to fix that don't require the changes that Rust requires in order to ensure correctness...if you use reference counter, you can have more bugs.
If you obscure the implementation a bit, you can change GP's example to a runtime overflow [0]. Note that by default the checks will only occur when using the unoptimized development profile. If you want your optimized release build to also have checks, you can put 'overflow-checks = true' in the '[profile.release]' section of your cargo.toml file [1].
This is bad because the program behaves different depending on build flags. What's the point of having "use unsafe addition" flag, and having it enabled by default?
Rust developers made a poor choice. They should have made a special function for unchecked addition and have "+" operator always panic on overflow.
The point I'm sure was to prevent the checks from incurring runtime overhead in production. Even in release mode, the overflow will only wrap rather than trigger undefined behavior, so this won't cause memory corruption unless you are writing unsafe code that ignores the possibility of overflow.
The checks being on in the debug config means your tests and replications of bug reports will catch overflow if they occur. If you are working on some sensitive application where you can't afford logic bugs from overflows but can afford panics/crashes, you can just turn on checks in release mode.
If you are working on a library which is meant to do something sensible on overflow, you can use the wide variety of member functions such as 'wrapping_add' or 'checked_add' to control what happens on overflow regardless of build configuration.
Finally, if your application can't afford to have logic bugs from overflows and also can't panic, you can use kani [0] to prove that overflow never happens.
All in all, it seems to me like Rust supports a wide variety of use cases pretty nicely.
Eh, maybe. There's a performance tradeoff here and maintainers opted for performance. I'm sure many folks would agree with you that it was the wrong choice, and I'm sure many folks would disagree with you that it was the wrong choice.
There are also specific methods for doing *erflow-checked arithmetic if you like.
Actually, the x86 'ADD' instruction automagically sets the 'OF' and 'CF' flags for you for signed and unsigned overflow respectively [0]. So all you need to do to panic would be to follow that with an 'JO' or 'JB' instruction to the panic handling code. This is about as efficient as you could ask for, but a large sequence of arithmetic operations is still going to gum up the branch predictor, resulting in more pipeline stalls.
The core of this argument taken to its extreme kind of makes the whole discussion pointless, right? All the languages can do all the things, so why bother differentiating them?
To entertain the argument, though, it may not be a language issue, but it certainly is a selling point for the language (which to me indicates a "language issue") to me if the language takes care of this "library" (or good defaults as I might call them) for you with no additional effort -- including tight compiler and tooling integration. That's not to say Rust always has good defaults, but I think the author's point is that if you compare them apples-to-oranges, it does highlight the different focuses and feature sets.
I'm not a C++ expert by any stretch, so it's certainly a possibility that such a library exists that makes Rust's type system obsolete in this discussion around correctness, but I'm not aware of it. And I would be incredibly surprised if it held its ground in comparison to Rust in every respect!
I don't think its fully correct that social pressure means that permissive licenses are no longer meaningful when it comes to the ethics or sociology of open source software.
Since the original subject is also about swapping out the imagery, it's also difficult to take your argument too seriously as the term "exploit" is doing a lot of heavy lifting for your argument.
I will also add that the social and ethical component goes both ways: is it ethical to knowingly give something away freely and without restriction and then immediately attempt to impose restrictions through a purely social mechanism? I would say so as long as your expectation is that some might politely decline.
Or worse, some may respond with the same vitriol and then we're at your original point, which doesn't seem to be preventing such an approach here, making me doubt your hypothesis.
I'm using a nearly default configuration which seems to not have this problem. curl still works and so do downloads.
I guess if your cookie expired at just the right time that could cause this issue, and that might be worth thinking about, but I think "breaks the web" is overstating it a bit, at least for the default configuration.
It includes links with explanations, but the page does kind of "fly by" in many cases. At which point, would you still leave?
I'm guessing folks have seen enough captcha and CloudFlare verification pages to get a sense that they're being "soul" checked and that it's not an issue usability-wise.
Yeah I had no idea that some folks would get so passionate about making changes to a piece of FOSS based on a request on a certain footer-esque documentation page.
I think its a great discussion though that gets to the heart of open source and software freedom and how that can seem orthogonal to business needs depending on how you squint.
My "workaround" for this MIT-licensed software that does not allow me a simple and common customization was to have my reverse proxy redirect requests to the images. https://git.lyte.dev/lytedev/nix/pulls/92/files
I did so, though I would hardly call using MIT FOSS for my personal projects a breach of the social contract of open source. This was easier than forking, building a docker image, etc. I'm guessing it will be much easier for others, too, since the recommended config has you dink around with reverse proxy configuration no matter what.
You are breaking the social contract of the project, not the legal one. The MIT license is the legal contract. The additional social contract is established by the author asking (without legal teeth) that you not do exactly what you did by removing the branding.
Compare to a take-a-penny-leave-a-penny tray from an era past. You are legally allowed to scoop up all the pennies into a bag, and leave the store, then repeat at the neighboring store, and make a few bucks. You'd be an asshole, but not face legal trouble. You "followed the rules" to the letter. But guess what? If you publish an easy how-to guide with "one weird trick" for making some quick cash, and people start adopting your antisocial behavior and emptying out change trays, you've forced the issue and now either a) businesses will stop offering this convenience or b) the rules around it will be tightened and the utility will be degraded. In the concrete case of Anubis, the maintainers may decide to stop contributing their time to this useful software or place a non-FOSS license on it in an attempt to stop gain-maximizing sociopaths from exploiting their efforts.
I'm surprised to read this from you, somebody I and many others hold in high regard as accepting and knowledgeable, insulting someone's character because they didn't like some specific aspect of your work or opinions or chose to ignore an ask in this particular use case.
I didn't implement this out of fear or some lack of courage. In fact I had the original avatars up for quite a while. I simply wanted my own logo so visitors wouldn't be potentially confused. It seemed to fit the use case and there was no way to achieve what I wanted without reaching out. I didn't feel comfortable bugging you or anybody on account of my tiny little no-traffic git forge even though, yes, that is what you politely asked for (and did not demand).
I think if you do feel this strongly you might consider changing the software's license or the phrasing of the request in the documentation. Or perhaps making it very clear that no matter how small, you want to be reached out to for the whitelabel version.
I think the success story of Anubis has been awesome to read about and follow and seeing how things unfold further will be fun to watch and possibly even contribute to. I'm personally rooting for you and your project!
You are correct in that I ignored a specific request, but you are also ignoring the larger social contract of open source that is also at play. To release software with a certain license has a social component of its own that seems to be unaccounted for here.
Your analogy to me seems imprecise, as analogies tend to be when it comes to digital goods. I'm not taking pennies in any sense here, preventing the next person from making use of some public good.
You can make a similar argument for piracy or open source, and yet... Here we all still are and open source has won for the most part.
I think back to the original idea of free software.
The GPL protects users from any restrictions the author wants to use. No additional restrictions are allowed, whether technical or legal.
In this case, the restriction is social, but is a restriction nonetheless (some enforce it by harassment, some by making you feel bad).
But you could ignore it, even fork it and create a white label version, and be proud of it (thereby bypassing the restriction). Donate voluntarily if you want to contribute, without being restricted technically, legally, or socially.
I agree with your comment here, and would add that I believe the license and open source in general has a certain social restriction as well and implies how the software may or may not be used, which is part of what makes this discussion nuanced and difficult, as it appears there are two true and opposing points.
And the author is breaking a social contract of not shoving stuff I don't want to see in an excessive amount (or being a contributor of it). Before I wouldn't mind to see some anime here or there, it's quite cute for most people. But lately I see it in much more places and more aggressive.
Some project even took it to the next level and displayed a furry porn. I think anime and furry graphics are related, esp. in the weird obsession of the people to shove it to the unsuspecting people, but since it's "cute" it's passable. Well unless it gets into the porn territory.
On the other hand I applaud the author for an interesting variation of making the free product slightly degraded so people are incentived to donate money. The power of defaults and their misuse.
Personally I'm not fan of enshittification of any kind even a slight one even when it's to my own detriment.
> And the author is breaking a social contract of not shoving stuff I don't want to see in an excessive amount.
Except the author is not shoving any stuff at you. Author doesn't owe anything to you and can do whatever they want and you doesn't owe the author the obligation to use their software.
It's not business, it's a person giving something free to the world and asking people who uses it to play the game. You can chose to not play the game or to not use it, but you can't act like your issue with an anime character is the author's fault. Just don't install it on your server and go ahead.
Not directly. But he knows it will get used in the current unfortunate landscape and that people will put it in front of their web pages. Then as a visitor of these pages I'm forced to see it. So yes indirectly he is shoving this stuff at the people.
> Some project even took it to the next level and displayed a furry porn. I think anime and furry graphics are related, esp. in the weird obsession of the people to shove it to the unsuspecting people, but since it's "cute" it's passable. Well unless it gets into the porn territory.
This is your weird association and hang-up. That's on you to deal with, not Anubis or the rest of the internet.
Well that's extremely shortsighted, almost to the point of blindness.
The author clearly went out of the way to put code in to signal to people that if you use the software and you are a company earning revenue using it, to help support the project.
This is clearly breaking the social contract that comes along with that MIT license, guided by what the author says.
When you break the social contract, and by doing so you induce people to follow you to do the same, eventually (given sufficient breakage) you end up in a world on fire; filled with violence and destruction.
This happens because non-violent conflict resolution can't take place without society, which itself is based on the social contract. A contract that you broke by trying to work around the authors intent.
It is well known that with people, "What you do in the small things, you do in big things that matter when everything is on the line". This piece of old wisdom, shows a cognitive preferential bias.
Ipso facto, you are supporting that world on fire filled with violence coming into being by those actions.
Sure you don't see anything wrong now, but that is blindness, and you can hold that isolated view right now while society is still in a working state, but actions and choices matter, and society moves towards the aggregate, either towards stability or towards chaos.
There is a time that is not far off, where that kind of behavior is going to have severe consequences.
If you did this without any resistance or seeing this as wrong, you have to ask yourself how many other things you've done that you just didn't notice? Are your kids modeling this blindness in themselves? Mimicking you as a role model.
Blindness puts people at a significant disadvantage because they often can't see the dangers they often create indirectly for themselves.
While I think you have a point buried in there worth discussing, I simply can't equate me wanting slightly different functionality from MIT-licensed software and making it happen equivalent to these kinds of breakdowns in society.
The author also went of their way to indicate this license, for what it's worth.
> You ignore the authors words and published intent, and go so far as to undo them
I guess I took the MIT license as the author's word and intent. Are you saying their choice of license is not? It clearly outlines that I am free to use the software without restriction which you conveniently leave out of your core argument.
If you want to talk about open source and the social contract, this is the heart of it: freedom, which I have exercised. If I was using it for commercial purposes and doing something more against the "spirit of open source" I think I might be inclined to agree with you. But I'm not.
the license enumerates the rights the author has bestowed upon you.
the funding page clarifies their intent:
>Anubis is provided to the public for free in order to help advance the common good. In return, we ask (but not demand, these are words on the internet, not word of law) that you not remove the Anubis character from your deployment.
you are of course free to do whatever you want with this code, the license is as you point out quite clear. but so is the intent, and feigning ignorance of the author's intent is disingenuous at best.
I'm not aware of any ignorance (feigned or otherwise) on my part or in my comments about my ignoring the author's request. I'm aware that I am doing so and have made that clear and shared with others that also would choose to do so as they deem reasonable.
If you'll allow me to make assumptions, given that the author neither demands -- and is, in fact, explicit about not doing so -- nor licenses the software in such a way as to prevent this use case, I am guessing the author had at least some intent or foreknowledge around some folks wanting to swap the images. I further assumed that such use cases were for instances such as those the author wrote Anubis for to begin with, protecting small git forges with little resources. Now, I admit my server is not small and I have resources, and so am happy to pay for and donate towards open source software, but in this case the only option was to contact the author, which is something I deemed overkill in this case. I would simply wait and see how the author planned to approach the issue and revisit at that time.
Perhaps I've made the wrong move socially or ethically, which I think is at least a worthwhile discussion to have, and if I should decide I feel like I've made an ethically sideways choice, I will eat my words and make things right as best as I can.
However, if we're going to talk about intent, I an guessing there is a bit more nuance to bring to the conversation. Or perhaps the author can chime in or update the documentation to be more clear, because the liberal license says quite a lot about intent to me. I think it's at least a little disingenuous to say that the software license carries no intent behind it (spirit of open source and all that) and is "only" an enumeration of my rights.
in fact, the author has chimed in and you still choose to argue with him. at this point i think it's clear that you aren't confused about his intent at all, you just don't care about it.
I never claimed confusion, but that there is more to "intent" here than what one page of documentation says.
I think it's clear the author "desires" or "wants" folks to keep the images. However, I think the author also "wants" users to use the software without restriction, hence the license.
If I say I intend one thing in one place, but then also say another thing orthogonal to that thing elsewhere that seems to be at odds, what was my intent truly? If my actions do not line up with my words, how do external parties judge what is the socially acceptable approach given my two statements that are at odds?
I simply think the choice of license says a lot more about intent, and is, in fact, the mechanism by which a creator decides how their code may be used. If the author truly intends their software to be used a certain way, the license is _the_ way to have control over that.
I believe this conversation is a bit more nuanced than you are making it out to be and the discussion around "what is open source" is where this discussion begins and ends. I'm not going to try and argue about what the author "wants", which, I agree with you, seems clear, but is not expressed fully, given the chosen unrestricted license.
I disagree, and the fact that you can't see this is wrong, and ethically dubious is the most important part of the problem. This is blindness, and worse it is a willful blindness.
I wasn't even aware that you had reached out directly where the author made themselves clear. The license doesn't supersede the authors words.
When there's a contradiction, you take the authors words and intent first, the same as any hierarchical set of documents. The authors words will be far more detailed than any license, and the social contract comes first so everyone can continue receiving benefit under it. There are edge cases, this isn't one of them.
By focusing on the license to the exclusion of all else, you pigeonhole the only actions that can be taken so the only alternative is to not provide any solutions, and in the process taking the authors work. This acts towards eliminating the social contract through destructive interference, towards not providing the benefits you enjoy under the social contract while you at the same time breaking it. This can't last forever, and while this is a minor example, it speaks to the much greater issue.
There isn't nuance that allows for you to do what you did. Its not a court of law that you can get to argue false justification, its a simple ethical question that includes the authors intent which you exclude, and the license, which you dissemble on.
There are things you can do that can't be forced by society, but the social contract has never been about forcing people. As you say its been about freeing people to act towards the benefit and survival of others.
Part of this is the important choice to know when you should not do something because it breaks that contract and incentivizes destructive outcomes. This is where ethics and reasoning following Method come in. You aren't following Method or Logic here, you follow fallacy.
> If the author truly intends their software to be used a certain way ...
The law is not perfect, and in fact many places the rule of law has failed following similar degradation in reasoning that you follow here, which has become known as judicial activism. I've already said what happens generically, so you've been warned even if you don't see it.
The true nature of evil is in the blindness it induces in self and others so they can adopt evil without resistance. I'm not saying you are evil, but this is a very slippery slope that you don't even realize you are on when you've become blind.
To become blind, you have to make a willful choice to be blind at some point through repeated action, and the nature of perception and your subconscious forces you to ignore anything to the contrary after that, you made the choice to not see, this is a basic psychological bias. Negligence is sufficient to consider intent when there is loss, and the loss here while quite subjective scales over time, having enabled others to undermine the authors' works.
We have many psychological blindspots as members of humanity, which is why in many religions they cover behaviors that help avoid adoption of destructive behaviors through those blindspots, and objective tests to know when (in Christianity a part of this is in the 7 virtues, and 7 sins). This has a lot of nuance that few read into.
Wrath for example is the loss of rationality, flawed reasoning meets that definition as a deadly sin when its to the exclusion of all else (i.e. blind).
Complacency, is sloth, most of the rest are primal desires towards destructive ends. You get the idea.
There are those that may claim to embrace these things but have blinded themselves so they don't know when they break them. You generally can't be good in the long run, if you are blind to the bad you do in the short.
You appear to have no resistance to breaking the contract. This is a perceptual blindness, and it disadvantages you, and it disadvantages those who you might induce to do the same, whether it be as a role-model from proximity or otherwise.
> I'm not going to try and argue about what the author "wants", ..., but is not expressed fully.
The author's intent is expressed to sufficient degree that choices can be made to either follow the authors intent if you use their work, or not. Its not a novel construction, so you can build it yourself on your own and then do whatever you want with that creation, that would be the right path to be ethical about this.
You don't seem to make the right choice here. This discussion is irrespective of the subjective definition of what individuals consider open source is. This is a cop out. The author published their expectations, you either follow them or you don't, and undermining those expectations is on the side of you choosing you don't.
I don't think I've claimed that ignoring the author's request is factually wrong. I'm debating on the internet because I _do_ believe the license makes more allowance than you give credit, but I definitely would not say that what I'm doing here is objectively "in the right". I've reached out to the author as a result of these discussions, because I do, in fact, value what you are referring to and believe I did make some false assumptions about what the author might have intended.
To say that the license doesn't supersede the author's words is your opinion. It does, in fact, supersede the request both in law and "socially".
If any requirement or request need be laid upon the software and its use, there are mechanisms for doing that available today and the author willingly chose to try something new. This doesn't negate their request, but it does bring into question the "social contract"; people have certain social expectations of software, particularly when licensed like this, that you seem to ignore or consider null in this argument, which seems unfair and one-sided.
I do believe that this situation is not as cut and dry and morally wrong as you seem to be stating. What of a user that deploys the project without ever reading that specific page of documentation?
Perhaps you and I are debating towards different end states here. Myself towards what a fleshed-out approach to this kind of permissive-license-plus-social-request open-source might look like and you towards ignoring the request of another human being implying an eventual complete breakdown in society.
It's simply untrue that every request from every human being (regarding something they have made or otherwise) must be respected and followed above all else and to think otherwise trends towards its own breakdown of society. Intent and requests are not the be-all-end-all of ethical cooperation that you seem to be arguing for. Does this imply that anarchy and chaos are the answer? No, of course not! As I have tried to indicate, there is more nuance here than your argument makes room for and indeed the lack of nuance in your own argument as you tighten it down further results in its own ethical problems which you seem to be trying to argue into impossibility.
Alas, we humans on an individual and group level will always have mutually exclusive goals and opinions and working through those is part of the human experience - relationships take communication, work, nuance, understanding, and compromise. Absolutism such as you are calling for is the kind of thing that results in societal collapse as well.
In summary, I agree with you that asking the author is the right thing to do here as I _did_ read the documentation thoroughly and I should have done so and not assumed that my little personal git forge was "exempt" from the request. As a result, I have reached out to discuss as requested. I also would say that anyone else that opts to interpret the license literally would also be in the right, though. I also disagree that this issue is as cut and dry as you make it out to be. I also believe the status quo around "open source plus restrictions" (if you can say there is much of one) can be greatly improved and is a discourse worth having.
But once you are _maintaining_ applications, man it really does feel like absolute magic. It's amazing how worry-free it feels in many respects.
Plus, once you do embrace it, become familiar, and start forward-thinking about these things, especially in areas that aren't every-nanosecond-counts performance-wise and can simply `Arc<>` and `.clone()` where you need to, it is really quite lovely and you do dramatically less fighting.
Rust is still missing a lot of features that other more-modern languages have, no doubt, but it's been a great ride in my experience.