fsebugoutzone.org:9999

       Post A4te8V2OSCUKUzg70a by Arcaik@mastodon.social
 (DIR) More posts by Arcaik@mastodon.social
 (DIR) Post #A4sjrRZSUkBrOJR0We by danielinux@mastodon.bida.im
       2021-03-04T19:00:21Z
       
       8 likes, 21 repeats
       
       #signal server is now officially closed source, making it de facto a worse-looking telegram.https://lemmy.ml/post/55595
       
 (DIR) Post #A4te8V2OSCUKUzg70a by Arcaik@mastodon.social
       2021-03-05T02:46:08Z
       
       0 likes, 0 repeats
       
       @danielinux @mmu_man That’s just not how it works.While I agree that this is sad, something is not closed source just because the code is not public.
       
 (DIR) Post #A4te8VVogo1XyFRbs0 by Arcaik@mastodon.social
       2021-03-05T02:50:39Z
       
       0 likes, 0 repeats
       
       @danielinux @mmu_man To be more clear : there’s nothing in the (A)GPL (or any other common FLOSS licence) that requires the code to be public.The only thing is that the code must be shared with users that ask for it.
       
 (DIR) Post #A4te8VxT208rM0Ngy8 by danielinux@mastodon.bida.im
       2021-03-05T05:51:12Z
       
       1 likes, 2 repeats
       
       @Arcaik @mmu_man The problem is not just an AGPL violation here, even though the license explicitly requires to show the code if you are providing a service on top of it. According to AGPL-3, if you are using the service you are the user. Good luck anyway submitting such a request to them at this point.The actual problem is that #signal is no longer willing to publicly share the sources of their server platform, which is what #signalapp users criticized the most about others in the past, #telegram in particular.
       
 (DIR) Post #A4u74qYBQR7sjR9rI8 by katie@mstdn.io
       2021-03-05T15:35:12Z
       
       2 likes, 0 repeats
       
       @danielinux @Arcaik @mmu_man Not trying or wanting to defend them, but..There is no AGPL violation there. None. They never accepted or merged any contributions from outside the company. Thus, they have the original Copyright so they can leave the latest AGPL online and develop their own special version and keep the source all to themselves without violating any law or license. The AGPL don&#39;t revoke your own Copyright if you are the original owner. The same applies to GPL, etc.
       
 (DIR) Post #A4uDS0cClnoYKhT10q by Shamar@qoto.org
       2021-03-05T16:46:25Z
       
       0 likes, 0 repeats
       
       Good point @katie!No #AGPL violation can come from the sole copyright holder.But this means people do NOT know what code is running on the server side AND that such code is NOT #OpenSource (not to mentions #FreeSoftware)@danielinux @Arcaik @mmu_man
       
 (DIR) Post #A502uB8vHwygXqlBFA by IngaLovinde@embracing.space
       2021-03-05T03:31:33Z
       
       0 likes, 0 repeats
       
       @danielinux But was it really different? They published some source codes, sure, but who can check what code ran on their servers?I&#39;m not sure how publishing server-side source codes for a centralized platform that focuses on security could be anything but a marketing gimmick.
       
 (DIR) Post #A502uBnKrhIuZBfSEa by danielinux@mastodon.bida.im
       2021-03-05T06:00:43Z
       
       0 likes, 0 repeats
       
       @IngaLovinde while I agree they could have already technically done this, AGPL should be there exactly to prevent this. When you are using the service you have the right to see the code that is used on the server side. This is no longer happening, and that&#39;s why the original poster is concerned.Their marketing strategy so far consisted throwing FUD on the competition to create the false hope that #signal was the only viable solution for instant messaging that would protect the users&#39; privacy in a transparent way. And they did this while defending their position on centralization and killing any attempt of federation and decentralization along the way.
       
 (DIR) Post #A502uC8bacJld9cRO4 by IngaLovinde@embracing.space
       2021-03-05T09:42:40Z
       
       0 likes, 0 repeats
       
       @danielinux I totally agree on the rest, but: no license in the world would prevent them from running a modified version of the code, unless there is some sort of audit on their servers. Yes, that would be a license violation, but undetectable and unpunishable; companies routinely do that and much worse.
       
 (DIR) Post #A502uCW0Bd26niZ7r6 by cadadr@mastodon.sdf.org
       2021-03-05T17:28:20Z
       
       0 likes, 0 repeats
       
       @IngaLovinde @danielinux I used Signal as an SMS client, but left during the &quot;introduction&quot; of the PINs. That even alone is infinitely telling of Signal.W.r.t. AGPL, AFAIK if they did accept contributions without copyright assignment then if they refuse to release changes they might be in some sort of AGPL violation given patch authors retain copyright.Might be useful to relay this to EFF and FSF if that&#39;s potentially the case.
       
 (DIR) Post #A502uCwEc61674q4kC by katie@mstdn.io
       2021-03-08T12:16:43Z
       
       0 likes, 0 repeats
       
       @cadadr @IngaLovinde @danielinux I didn&#39;t see any code from outside contributors when I skimmed the changelog some days ago. However.. a close-up inspection of https://github.com/signalapp/Signal-Server/pullsshows something a bit interesting. Lots of merge requests are closed as done without the requested commits being merged. Wonder if that code was put in by copypaste (with no log)?I haven&#39;t seen any evidence that they have accepted outside commits, but it is possible.
       
 (DIR) Post #A509uMmihgbuKZPZ4K by cadadr@mastodon.sdf.org
       2021-03-08T13:35:12Z
       
       0 likes, 0 repeats
       
       @katie @IngaLovinde @danielinux That shouldn&#39;t be too hard to find out through reading the code and looking for matches to pull requests. If they did that and without attribution, that&#39;d be a violation of AGPLv3, which they improperly apply to begin with (no COPYING file, some files don&#39;t have the header so they are proprietrary: https://github.com/signalapp/Signal-Server/blob/master/websocket-resources/src/test/java/org/whispersystems/websocket/WebSocketResourceProviderFactoryTest.java, https://github.com/signalapp/Signal-Server/blob/master/websocket-resources/src/main/java/org/whispersystems/websocket/WebSocketSecurityContext.java, https://github.com/signalapp/Signal-Server/blob/master/service/src/main/java/org/whispersystems/textsecuregcm/liquibase/DbMigrateCommand.java ; and then many copyright lines are stale (e.g. copyright in 2014, but there are changes1/
       
 (DIR) Post #A50P4ZMiHbUJYaZP84 by katie@mstdn.io
       2021-03-08T16:25:08Z
       
       0 likes, 0 repeats
       
       @danielinux Signal Appears To Have Abandoned Their AGPL-licensed Server Sourcecodehttps://linuxreviews.org/Signal_Appears_To_Have_Abandoned_Their_AGPL-licensed_Server_Sourcecode