If the software is open source, what's the point of pulling it from a repository?
Chef roasted for tech contract with family-separating US immigration, forks up attempt to quash protest
DevOps darling Chef had a nightmare Thursday after it emerged the software biz had inked a deal with US immigration, which sparked protest and a baffling counter-response. Here's how it went down. Earlier this week, Chef, an app configuration specialist, was publicly called out for selling $95,000 (£75,000) of licenses to …
COMMENTS
-
-
Friday 20th September 2019 07:30 GMT Flocke Kroes
To understand this, you have to damage ¾ of your brain
Some web designers think it is sane to have web pages reference javascript directly from github. If you think no-one could be that reckless, check the article:
The withdrawal of the Gems not only drew attention to Chef's deal with the US government, it also broke, to some extent, customer deployments that were relying on Vargo's now-yanked Apache-licensed source.
If this still make no sense to you, repeat the instructions in title. After a few iterations everything will make sense.
-
Friday 20th September 2019 18:54 GMT Anonymous Coward
Re: To understand this, you have to damage ¾ of your brain
Downvote for the title. Brain damage is not an instant ticket to Moronville, nor is it simple as there is a vast breadth and depth to the effects of brain damage depending on what part of the brain is damaged.Unlike heart disease or gout.
-
-
Friday 20th September 2019 07:31 GMT bombastic bob
Flaming idiot, social justice warrior and political hack
"what's the point of pulling it from a repository?"
because he's a FLAMING MORON?
"Oh look, LAW ENFORCEMENT is using somethign I wrote, and I am a FLAMING IDIOT and SOCIAL JUSTICE WARRIOR so I am going to ACT LIKE AN ASSHAT and remove something that's probably been COPIED A BOZILLIAN TIMES and could EASILY BE RETRIEVED BY VIEWING THE HISTORY IN THE REPO..."
Number 1: It's a LAW ENFORCEMENT OPERATION at the border. You know, THE COPS. if you don't like the laws, BLAME THE PEOPLE WHO WROTE THEM (Congress, over the last 20 years or so).
(I bet if I illegally tried to enter the EU, or the UK, I'd be treated to a JAIL CELL. When MOBS of foreigners show up at our doorstep, we can't just "let them in", ya know, and then THEY EXPECT TO BE FED AND CLOTHED AND HOUSED AND TREATED FOR WHATEVER FORNICATING DISEASES THEY HAVE, and OH LOOK I JUST HAD A BABY and now he's A CITIZEN OF YOUR COUNTRY and NOW I CAN STAY AND GET WELFARE MONEY - 3 card monty and shell game, and we're a bunch of PATSIES)
Number 2: If you put it out there as OPEN SOURCE, you're GIVING IT AWAY. when you GIVE something, and you try to CONTROL HOW IT IS USED, it's NOT A GIFT ANY MORE. You are CHARGING RENT.
Number 3: I am _SO_ _SICK_ of FLAMING ASSHATS doing things like this.
Number 4: Don't rely on other people's repos for your appliation's distribution. HOST IT YOURSELF.
We've seen this happen before, with some pointless trivial utility in NodeJS, a year or so ago...
-
-
Friday 20th September 2019 12:29 GMT Ian Michael Gumby
@Bronek Re: Flaming idiot, social justice warrior and political hack
What he's saying is that it was foolish for him to bow to the Social Justice Warrior Crowd
To that group, the facts don't matter. Nor does common sense.
Free clue... if your parent or parents break the law, you will be separated from them because they go off to jail and you go to social services. In some situations the courts will stagger jail sentences so that one parent can be with the children.
With respect to the border... the separation of children from parent was happening before Trump took office as well as the use of 'cages'. There is a famous picture that the MSM used of children in 'cages' to attack Trump, that was from the Obama Administration.
But I digress. If you want to get angry with someone... its the members of Congress. More specifically the Democrats who will not pass anything to help fix the illegal immigration problem.
-
-
Saturday 21st September 2019 03:35 GMT bombastic bob
Re: @Bronek Flaming idiot, social justice warrior and political hack
"People in desperation trying to escape persecution and poverty are still people."
Criminals breaking the law are still criminals, even if putting them in prison would "separate them from their children". My heart bleeds for NO one.
-
Sunday 22nd September 2019 00:05 GMT John Savard
Re: @Bronek Flaming idiot, social justice warrior and political hack
While I strongly disapprove of Seth Vargo's gesture, which affects innocent third parties, and I agree that the United States government has a right and a duty to control immigration at its borders, the fact remains that there are people in Central America who, due to an ongoing situation of armed violence there, do not have any good legal alternatives for themselves and their families.
If the United States doesn't want to accept them as refugees - and their refugee claim is valid under international laws and treaties the United States has signed - it can use its armed might to bring peace and order to the area from which these people came.
Compassion and empathy for all innocent human beings is not a failing.
-
Monday 23rd September 2019 03:39 GMT Bite my finger
Re: @Bronek Flaming idiot, social justice warrior and political hack
So according to you, if the US doesn't want open borders and many millions of global unfortunates flooding in, we must go to all the "bad" countries and sort them out. Um, let's say we did that, how long before you start vilifying us for our warlike ways?
-
Monday 23rd September 2019 10:11 GMT Clunking Fist
Re: @Bronek Flaming idiot, social justice warrior and political hack
"it can use its armed might to bring peace and order to the area from which these people came."
Dear god NO! NO! Many of the countries that these people flee are, arguably, in the state they are due to US meddling. E.G. Barry & Hillary pursued regime change in Libya. They got it: vast swathes of the country are now governed by ISIS rather than Muammar Gaddafi. They also engaged in a bit of regime change in Syria. You decide whether ISIS is an improvement over a depot.
-
Monday 23rd September 2019 13:59 GMT James Anderson
Re: @Bronek Flaming idiot, social justice warrior and political hack
Using armed might, er, might not be such a good idea.
The US use of armed might in combination with US financial might is at the root cause of the mess in central america.
The term "Banana Republic" has real historical roots. The most notorious instance being the United Fruit Companies 1954 orchestration of a military coup in Guatemala (with a little help from the CIA and US Marine corps.)
-
Monday 23rd September 2019 15:33 GMT Tom -1
Re: @Bronek Flaming idiot, social justice warrior and political hack
Sadly, the USA's government pays no attention whatsoever to the rems of international laws and of treaties it has signed. So so far as USA govenment agenices are concerned, there is no such thing as a refugee, only an illegal imigrant.
-
-
Monday 23rd September 2019 13:42 GMT fung0
Re: @Bronek Flaming idiot, social justice warrior and political hack
Criminals breaking the law are still criminals, even if putting them in prison would "separate them from their children".
Applying for asylum is not criminal. Trump has made out that it is, but that's just his usual BS. In any case, the government has failed to apply due process for asylum claims, locking up (and separating) even those who attempted to apply correctly.
As for why they're applying? Mostly the fault of US foreign policy, which has devastated multiple Central American countries. Plus a bit of (largely US-caused) climate change, which has devastated crops in those countries.
My heart bleeds for NO one.
Nor will our hearts bleed for YOU, when it's your turn in the chain-link cages. Of course, by then it will be too late for all of us...
-
Monday 23rd September 2019 14:28 GMT EscapedTheInsanity
Re: @Bronek Flaming idiot, social justice warrior and political hack
When the backlog for even LEGAL asylum claims is 10 years+ then you kinda have to worry about the possibility of getting a route in at all.
If the options are getting locked up (sans kids) versus a 10+ year wait for an infinitesimally small chance of legal refuge then its easier to understand why people choose this route.
If the process for legal immigration was more expedient and realistic then you wouldn't have the massive problem of people illegally crossing, having to spend billions of dollars on futile gestures (a wall and militaristic patrols) and the ham-fisted response of caging both the asylum seekers and their progeny.
-
-
-
Monday 23rd September 2019 09:46 GMT Anonymous Coward
Re: @Bronek Flaming idiot, social justice warrior and political hack
"if your parent or parents break the law, you will be separated from them because they go off to jail and you go to social services."
Jesus. So if my old man refuses to pay a parking fine, I'll get put in a home?
That's scary enough for a kid, but I'm 36 and have a family of my own...seems a bit unfair that I'd also get sent away if my old man is a numpty.
-
-
Friday 20th September 2019 14:33 GMT Lennart Sorensen
Re: Flaming idiot, social justice warrior and political hack
Showing up at the border and applying for asylum is not illegal. It is a legal way to enter a country.
Sneaking into the country and not applying for admission would be illegal. That is not what is happening though.
Locking them up and mistreating and abusing and neglecting them to the point of having many die is also illegal.
So it is pretty clear who is doing something illegal.
-
-
Friday 20th September 2019 22:18 GMT Crazy Operations Guy
Re: Flaming idiot, social justice warrior and political hack
But it is the legal way according to the Department of State, the Geneva Conventions, and the US Supreme Court (As well as many lower courts).
The US Attorney General is merely the head of the executive branch's legal department and holds zero authority on the interpretation of the law. The US Attorney General has about as much control over the law, and whether something is actually legal or not, as those crappy cut-rate lawyers you see advertising on late-night television.
-
-
Friday 20th September 2019 20:27 GMT Anonymous Coward
Re: Flaming idiot, social justice warrior and political hack
Legality is not the same as right and wrong.
Being a gay man was illegal in the UK, didn't and doesn't make being a gay man wrong.
Being of mixed (white/black) parentage in South Africa was illegal, didn't and doesn't make being of mixed heritage wrong.
Selling weed was illegal in California, now it's legal, I think you can see where I'm going with this.
It's never been right, to refuse shelter to people fleeing oppression.
Find an moral compass and understand the only law that matters is "don't get caught".
-
Monday 23rd September 2019 10:05 GMT Anonymous Coward
Re: Being a gay man was illegal in the UK, didn't and doesn't make being a gay man wrong
it doesn't, and it does. The rights and wrongs are not impartial, neutral concepts, are they are linked to people who make such judgement, and these people are influenced by various factors. As you demonstrated with the example of being gay, this is a fluid state. Being gay was illegal and was "wrong" (or perceived as wrong), it's legal now, and still perceived as wrong (shifting towards being right, i.e. acceptable). Being Jewish in Germany was at one point both legal and right (to some extent), and it became both illegal and wrong in the eyes of the German "general public". Likewise, in China, people are generally happy with distorted view of what is wrong and right (at least for now). Who says that the shift goes only one way, towards being less restrictive? You'll have 100 MILLION people trekking north from Africa in search of better life (or just life), and millions of Europeans will believe that yes, sinking those boats from drones and lobbing tactical nukes to stop the crowd is absolutely right and even morally justifiable :(
-
Monday 23rd September 2019 12:05 GMT Anonymous Coward
Re: Who says that the shift goes only one way, towards being less restrictive?
Every human being who understands that progress has a direction, away from ignorance and towards understanding.
Because in all the areas you discuss what's happened is that a majority have realised that discrimination wasn't helping as it didn't deal with the situation.
-
Monday 23rd September 2019 13:42 GMT Anonymous Coward
Re: progress has a direction, away from ignorance and towards understanding
tell it to the brexiteers who claim that cheap EU labour - baaaad. Of course, this discrimination isn't helping - so what? People really believe that once those pesky polacks are gone, no more GB and school overcrowding, . You bet, cause those GPs and schools are staffed by the now gone bloody foreigners. Who happen(ed) to pay taxes to fund nhs and schools. Oops. How about climate change? Lalala, we're not listening, fake news, fake news!
So please, don't tell me that "Every human being understands that progress has a direction, away from ignorance and towards understanding", because most people are just stupid and don't give a fuck about progress or basic cause and effect.
-
Monday 23rd September 2019 14:35 GMT EscapedTheInsanity
Re: progress has a direction, away from ignorance and towards understanding
But you can't engage with them from the position you have taken (effectively brand them all stupid - dehumanisation of a group that doesn't share your world view).
Its a slippery slope.
Next you'll be saying that these people are not worth convincing that they may be wrong and should be purged from existence (genocide is the word for the record).
I wonder where we got this idea of removing counter ideologies from?
-
-
-
-
-
Friday 20th September 2019 20:36 GMT Anonymous Coward
Re: Flaming idiot, social justice warrior and political hack
Not all of them are showing up at Points of Entry, some are pressing their luck and then just surrendering and claiming asylum if they get caught.
The whole filing for asylum on the grounds of fear of gang violence is being taught to them by lawyers on the way here. Sadly, those lawyers don't seem to understand that it is NOT a valid asylum reason, which is why the number of asylums actually approved are in the single digits.
Not to mention that the international norm is to normally declare asylum in the first country you come to, not the "one chosen one" that you picked.
This isn't about violence, if was, most of them would be asking to go to Canada, which has a far less rate of violence than the US! This is about two things: Jobs and Votes!
-
Saturday 21st September 2019 03:50 GMT bombastic bob
Re: Flaming idiot, social justice warrior and political hack
"Sneaking into the country and not applying for admission would be illegal. That is not what is happening though."
actually, it IS happening.
Legit asylum claims require a hearing, and with Trump's new rules, they stay IN MEXICO waiting for it, maybe even for a couple of years. Otherwise, "just letting them in" lets them DISAPPEAR into the USA. Most do NOT show up for their hearings and something like 90% of them are denied asylum claims when they do.
"Asylum" is just one of those "key words and tricky phrases" these people are taught to say when they arrive (or are caught). Trump's rule changes are attempting to close this loophole, such as requiring asylum seekers to a) go to a port of entry, and b) remain in Mexico until their hearing. That and "the wall" should keep the sneak-ins out, but that's why we NEED the wall, because they ARE "sneaking in". And liberal interpretations allow them to SCAM the United States by saying those "key words and tricky phrases" so they can DISAPPEAR into the country, never to be seen again by law enforcement.
And that bit about "mistreating and abusing" these criminals is JUST a bunch of LIBERAL NONSENSE. I happen to live close enough to the border to see mountains in Mexico on a clear day (it's about a half hour drive to the border). So yeah, what goes on at the border is LOCAL news around here.
Liberal overly tolerant policies are qute literally acting like a MAGNET for caravans of illegals from Central America to cross Mexico just to sneak into the USA. Along the way they get RAPED, ROBBED, BEATEN, SCAMMED, EXPLOITED, and so on, even KILLED, and the caravans are run by MEMBERS OF THE DRUG CARTELS. Liberal policies are CAUSING these people to be ABUSED by giving them FALSE HOPES.
THAT should be considered too, ya know...
-
Monday 23rd September 2019 20:42 GMT Ghostman
Re: Flaming idiot, social justice warrior and political hack
"Locking them up and mistreating and abusing and neglecting them to the point of having many die is also illegal."
Links to proof of this would be nice, if you could ever find one.
If you have large numbers of refugees showing up, it takes time to process the cases.
The citizens are tired of the "refugees" coming in, given a court date for their case to be heard, and the "refugees" disappear and never show up.
California, where most of the "let them in" protesters live, has several large military bases that have been closed down. There are thousands of units of base housing and barracks that could be used to house them in fenced in, gated areas. Couple of security personnel at the gates and roving patrols to keep everything safe could insure that there is a place where family units could stay together.
Of course those who are loudest protesting the conditions of the refugee camps could take legal and financial responsibility for a busload at their home.
When the migrants show up at the border and fill out the paper declaring refugee status, each member is implanted with an RFID chip for identification purposes.
The chip would remain until the refugee status is removed. Note: Refugee status is not a permanent visa. Status is in effect until the situation that made the person request to be a refugee has ended.
Refugees are not actually immigrants.
-
-
Monday 23rd September 2019 10:26 GMT FIA
Re: Flaming idiot, social justice warrior and political hack
[...]if you don't like the laws, BLAME THE PEOPLE WHO WROTE THEM (Congress, over the last 20 years or so).
OH LOOK I JUST HAD A BABY and now he's A CITIZEN OF YOUR COUNTRY
See your first point; or does it only apply to laws you believe in?
What about the human rights laws? Or do they not apply too? There's a difference between detaining immigrants and inhuman detention without basic access to sanitation.
Also, how did your ancestors get there??
-
Monday 23rd September 2019 13:19 GMT hayzoos
Re: Flaming idiot, social justice warrior and political hack
"If you put it out there as OPEN SOURCE, you're GIVING IT AWAY. when you GIVE something, and you try to CONTROL HOW IT IS USED, it's NOT A GIFT ANY MORE. You are CHARGING RENT."
I believe you are confusing Open Source with public domain. Public domain has no restrictions and can be used by anybody for any purpose in any way they wish. Open Source and the closely related Free Software put restrictions (non-monetary) on your use and distribution of the software. Using an OPEN Source license is not akin to giving it away, the restrictions must be followed according to copyright laws.
When using public domain, it is common courtesy to attribute the author, but not required. Not doing so is plagiarism, but is not illegal in regards to public domain. Some of the least restrictive Open Source requires attribution, not doing so is illegal under copyright laws.
-
Monday 23rd September 2019 15:23 GMT Anonymous Coward
Re: Flaming idiot, social justice warrior and political hack
Ah!, Bombastic Bob is back with his normal gentle and liberal viewpoints on life in the Good Old US of A.
Clearly the nurses have allowed him out again and reduced his meds, he's also somehow got internet access rather than the rounded and crumbly crayons that the nursing home for retired despots normally allow him to use.
Sadly he's still shouting at full rage, so perhaps a little more lithium or something doctors?
I've often wondered if Bombastic Bob is actually a bot that's been given a right wing southern red neck conspiracy nut job as a persona. His repeating of conspiracy theory views, the random capitalisation (with a s) of words and the constant viewpoint that he's a victim. I'm no expert but it could well be that Bombastic Bob doesn't actually exist, even in his own head.
It could be that somebody has hooked up a Fox News feed into some sort of semi-AI system to generate this sort of nonsense. Many of the themes he (or the bot) is pushing seem straight from the Fox News sycophants.
So lets address his points in order. I know it seems pointless but it's fun.
1.It's a law enforcement operation. Border control is a law enforcement operation and not yet a military operation (though I suspect that Bombastic Bot would like it to be). However it's clear that DHS has a very different way of doing this now than before when that liberal Obama was in place. The Trumpists like to say that this is just what Obama did, yet I can't recall Obama separating families at the border and allowing their kids to die, but perhaps that was the liberal media suppressing the news. Clearly Fox News and Sean Hannity must have been liberal too.
I can say 100% that if you showed up at the border in either the UK or the EU and asked for asylum status you would not be put in jail cell. There is a legal obligation on countries to assist refugees, whilst some refugees are economic and some are dodgy people, we try to work out the ones that should stay and the ones that should go back. We don't separate families, though we do make life very difficult for them. I am embarrassed by my countries treatment of refugees. We actually do feed them, we clothe them, we house them, god forbid, we actually give them medical treatment to make them better. We even do it for nothing as that's the sign of a decent and civilised country. I have many friends in the UK NHS (thats the benefit of socialised medicine, free healthcare) and without a single exception they would expect to help every migrant that comes in with medical aid without thought of payment. I cannot state with certainty what the French medical system would so, as apart from being treated for a skiing injury (the medical staff were brilliant and free) I never use them. I'd be surprised if French or German healthcare is much different as that's the sign of a decent and civilised country (whoops repeating myself).
I'm unclear what a fornicating disease is, is it dangerous? Can you catch it?
I do know that in some parts of the Texas the vaccination rate of children is too low and there is a danger that children will catch measles and the like from American children as the herd immunity is not there. I understand the vaccination rate is so low as it costs precious money and that some right wing nut jobs feel that vaccination is a US govt conspiracy and so they refuse to vaccinate little Joe or Jane. Whereas sthe vaccination rate in Honduras for small kids is waaaay above the US so, actually if there is a measles outbreak in the US, the immigrants are better vaccinated anyway and might actually ensure that the outbreak doesn't hit the unvaccinated kids.
My understanding is that somebody having a kid in America gets the right to nationality and this actually goes back about 150 years. Something to do with Chinese immigrants. Might be worth the bot looking this up. I'm also not sure that most pregnant woman want to walk 1,000 miles to give birth in the US. Surely if they do, this should be a celebration of joy. I note in passing that the utter fuckwit Boris Johnson was born in the US. many of us (approx 53M) would welcome the US taking him back from us. Like Ted Cruz I'd be happy to help fund BoJo's return to the hell hole he came from. Indeed I'd buy him a Thomas Cook ticket now.
Not sure why you're a patsy for wanting to help refugees, surely thats a sign of a decent and civilised country (whoops repeating myself yet again).
2. Open Source. I think you misunderstand how Open Source works. For example the GPL does control how it is used. The whole of the license states what you can and what you cannot do with it. There are restrictions. When you get back into the home, ask the nurses nicelty for a copy of the GP V2 and V3. Also I don't recall that the developer asked for money, just that it isn't used in this way. Whilst it may be a pain in the bum, nobody has yet stated he's not within his rights to do what he did.
3. No response necessary. Your words speak for themselves.
4. I tend to agree here with Bombastic Bot, if you want security fork it yourself and host it yourself. We did see the node.js issue and it caused mayhem.
I think Bombastic Bot nicely sums up the differences between right wing nut job America and the rest of the world. He whines a lot, makes himself the victim, reruns conspiracy theories, thinks that everything is transactional, i.e. Refugees get medical care, Bombastic Bot loses out somehow.
I could go on, but this seems like a good place to stop.
-
Tuesday 24th September 2019 09:10 GMT Intractable Potsherd
Re: Flaming idiot, social justice warrior and political hack
It sometimes seems that BB is two different people (either in reality or in his head) - for a few weeks there are sensible, rational posts with nary a shout in sight, then BOOM!*, he's using the keyboard with the sticky caps lock again.
Unfortunately, I can see echoes of Eldon here (for those who have not been here since the dawn of time, Eldon was also an apparent entitled person with a thing against Microsoft), so I'm just waiting for the account to get squashed.
*Sorry, couldn't resist :-D
-
-
Monday 23rd September 2019 15:45 GMT Anonymous Coward
Re: Flaming idiot, social justice warrior and political hack
If only actual Native Americans had thought of that first before all the European 'foreigners' started turning up on their shores with all their murdering and fornicating diseases and the like, then we wouldn't be in this mess ay?
It would be jolly nice if you remember America is a nation built on immigrants. Just because 'you' are there now, doesn't mean immigration must now stop. Or maybe you should go back to where your ancestors came from as well???
And what's actually wrong with Social Justice? Is justice supposed to be unfair?
Aaaaaanyway...
Yeah. stuff...
-
-
Friday 20th September 2019 07:56 GMT diodesign
If you yank a package from the Ruby Gems repository, it can't be automatically and easily installed by the Ruby toolchain, used to build software that integrates with, in this case, Chef. You have to get the source by hand - except you can't, because the Github repo was also removed.
No different to pulling software from the Debian package repository, and yanking it from wherever the code is hosted, eg: Github.
Why do dependencies in this manner, so automatically? Well, that's the modern way. Python, Rust, Ruby, Go, whatever you're using, the libraries you pull into a project have their own dependencies, which have their own dependencies, and you don't want to be merging updates by hand into each of them.
C.
-
Friday 20th September 2019 09:07 GMT bombastic bob
"the modern way"
So are a _LOT_ of things. Not necessarily "the BETTER way", particularly obvious right NOW.
I'm especially NOT happy with the idea that someone upstream can change something that immediately has an effect on something I'm supposed to support. If I don't push the button and approve EVERY change that goes into the update, I won't do it. Simple.
And the "one ASSHAT" case, which has happend a couple of times now, seems to be a VERY good reason to NEVER rely on this kind of deployment, EVAR.
fail icon for the "modern" deployment method, not the quote nor the comment from where it came.
(I can think of several OTHER 'modern' things, from the 2D FLATTY to ADS in Windows OS to UWP and ".Not" in general. WOW, how "modern" they are!)
-
Friday 20th September 2019 09:40 GMT Jay 2
Even now we have to try and smack it into our devs' heads that constatly pulling stuff from t'interwebs is really not a good idea. Fortunately I think we're slowly winning the battle with locking down the proxies and provding a Nexus hub/cache/thingy.
Now if only we could get them to stop writing app stuff for prod where it has a dependancy on pulling/pushing from/to the local git repo as part of it's daily running (opposed to a proper upgrade).
-
Monday 23rd September 2019 12:39 GMT baud
Where I'm working, the build system can only pull dependencies from a local server. And the dependencies have to be approved beforehand, so the rest of the world could disappear, we'd still be able to build. It encourages us to keep dependencies to a minimum and use the standard lib and what we've already pulled. On the other hand the approval mechanism slow down when we're updating the libs.
-
-
-
Friday 20th September 2019 20:39 GMT Woodnag
What you describe is convenience, not sense
When a release is approved, it should be rebuilt with all the libraries pulled and stored locally, and that binary shipped. This way, and only this way, can the build be described as frozen and repeatable. Of course it's a pain. But the first time you try to compile you create a script with all pulls to make it easier next time.
You can also audit whether different code portions are calling different versions of the same library.
Think that's silly? See HCSEC_OversightBoardReport-2019.pdf at https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/790270/HCSEC_OversightBoardReport-2019.pdf where Huawei's code used "6 copies of 2 different OpenSSL versions, with 5 being 1.0.2k and one fork from a vendor SDK. There remained 17 partial copies of 3 versions, ranging from 0.9.7d to 1.0.2k. The fragments from the 10 different versions of OpenSSL remained across the codebase as do the OpenSSL derived files that have been modified by Huawei. More worryingly, the later version appears to contain code that is vulnerable to 10 publicly disclosed OpenSSL vulnerabilities, some dating back to 2006. This shows the lack of maintainability and security resulting from the poor configuration management, product architecture and component lifecycle management."
Lastly, repositaries are other peoples' computers. Use them, don't depend on them.
-
-
Friday 20th September 2019 08:57 GMT Phil O'Sophical
If it's open source, why not just include a licence term that says "not to be used for XXXXX"? It's what used to be done in the days when code was labelled as "shareware", and "open source" hadn't become the common term. The guy made it available under some FOSS licence, the company seems to have abided by that licence. Now he's effectively trying to change his licence terms. He may not like what they're using his code for, but perhaps he should have considered that before making it freely available?
-
Friday 20th September 2019 12:30 GMT Anonymous Coward
@Phil talk to a lawyer.
Apache's license was written in a certain way so that companies that donated code could slurp back anything worthwhile.
Certain Open Source companies are using multiple FOSS licenses. Apache for products that came from Apache licensed packages and then GNU for other things.
Trying to prohibit certain people from using your software never goes well and ends badly.
Posted Anon for a good reason.
-
Friday 20th September 2019 14:58 GMT Doctor Syntax
The guy made it available under some FOSS licence, the company seems to have abided by that licence.
In fact they seem not to have. The licence is the Apache licence: https://www.apache.org/licenses/LICENSE-2.0
See in secont 4.c: "You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works" (my emphasis). As far as I can understand from the article they have not done so.
-
-
Saturday 21st September 2019 00:25 GMT Snake
d**k move
It may be FOSS but he's still both the creator and the submitter. If he feels that he no longer wishes to do "business" with an entity then he has, and will always have as a free individual, that right of choice. Do to otherwise, to say that he must maintain his agreement with any organization once started, cedes both his work and his right of freedom to choose to the organization - a step stone to fascism.
Seems that many here forget that in their personal abhorrence of possibly being inconvenienced.
-
-
-
Monday 23rd September 2019 14:23 GMT Anonymous Coward
"why not just include a licence term that says "not to be used for XXXXX"?"
It needs to be built on a lawful basis.
What people should think if someone adds a clause "this is Christian code, must not be used on LGBT sites or sites about abortion"?
Or someone asking that "this code can be only used by white, male developers, as long as they are not Jews or Muslims"?
Maybe this would be plain unlawful discrimination?
-
-
-
Friday 20th September 2019 07:34 GMT Bronek Kozicki
I wonder if "... personal feelings should take a back seat when there are deals to be had." IBM used the same excuse.
-
Friday 20th September 2019 09:10 GMT bombastic bob
"feelies" - ugh. I *FEEL* with my FINGERS, and THINK with my BRAIN.
Feelings don't belong in business, nor in open source, nor in ANYTHING that people "not you" rely on for their success. Serious developers WILL realize this at some point. Otherwise, the entire system can be HELD HOSTAGE by some SJW, or even a TERRORIST, just like now.
It's time to re-think this whole dependency tree deployment thing.
-
Saturday 21st September 2019 00:30 GMT Snake
Feelings
If feelings don't belong in any business, then exactly why are you still a free individual? We should enslave you, throw you in a dungeon, torture you absolutely horribly until you work to *our* level of satisfaction, then let you starve to death in a dark corner once your usefulness has been utterly drained away.
Because your feelings shouldn't be in our business decisions.
-
Monday 23rd September 2019 11:23 GMT Androgynous Cupboard
It's barely worth replying to bob - despite his dislike of feelings in business, he sure seems to share them a lot of it on these pages.
But I would point out that removal of a moral element from business decisions leads to things like slavery, Bhopal, Enron, phone-scammers the sub-prime scandal, the list sadly goes on. Essentially every corporate scandal in the history of corporations has been because no-one felt it was there job to stand up and say "this is wrong."
-
-
Sunday 22nd September 2019 00:14 GMT John Savard
IBM used the same excuse?
I read that book. From cover to cover. And as far as I could see, from the facts recounted in that book, IBM had taken every step in its power to prevent misuse of their technology by the Nazis. As a private company, they couldn't blow up their factories in Germany, particularly before the war started.
The only thing that could be criticized in IBM's conduct was that it took steps to avoid an association between punched cards and the Holocaust, due to the illegal unlicensed misuse of IBM's punched card technology by the Nazis, from entering the public mind - they covered up the historical record of some events that were not under their control to prevent damage to their brand image.
Every step of the way, they withdrew their technology from Germany to the extent they were able, and they contributed to the Allied war effort as a public-spirited business.
-
This post has been deleted by its author
-
-
Tuesday 24th September 2019 02:05 GMT Trixr
Yes, this conflation of "political" with "party politics" never fails to grind my gears. It was indeed a political action, even more especially because it was directed at government operations ("politics" is by definition about systems of governance).
He could have said, "this is not about supporting one party or another - the govt's actions are reprehensible and I cannot allow my software to enable them" and that would have made his point.
Acting as if "politics" is simply a dirty word rather than the concept of how we are governed - which concerns absolutely everyone - is how we end up with the kind of governments we have, good or appalling.
-
Friday 20th September 2019 14:44 GMT NonyaDB
Let's be clear here - illegally entering the country and then trying to claim asylum is not an approved method of claiming asylum.
Folks who do that are rightfully detained until processed and deported.
And just like any other common criminal, no you can't have your kids/family with you in jail.
Don't get it twisted, Brits, you don't know what's going on because you've never been there.
I used to live in El Paso, HQ'd out of Ft. Bliss, and one of my first "jobs" in the Army was working on the JTF-6 task force during the Clinton Administration where we unleashed complete and utter hell on drug cartels operating on the border.
It worked well enough - barring a certain Marine sniper incident - until the Task Force mysteriously disappeared one day.
-
Sunday 22nd September 2019 19:19 GMT jilocasin
Actually it is.
I hate to break it to you, but;
"illegally entering the country and then trying to claim asylum is not an approved method of claiming asylum"
May not be approved, especially by the current administration and its followers, but it is *NOT* illegal. This has been confirmed by numerous courts.
The United States has laws, and international obligations, many stemming from the terrible way many countries treated fleeing Jews during WWII, that deal with people claiming asylum. But I see that you don't let little things like facts get in the way of racism and xenophobia. The DOJ's own statistics show that over 89% of asylum seekers return for their day in court ( https://www.humanrightsfirst.org/resource/fact-check-asylum-seekers-regularly-attend-immigration-court-hearings ). Hardly 'catch and release'.
Trump himself has publicly stated that he would like more people from Norway and less brown people as well as less from sh!th0le (predominantly black) countries.
Trump and his supporters are trying to blame the democrats, not for not passing immigration reform (there was a bill that was passed by BOTH houses, which although Trump promised to sign, vetoed instead), but for not passing legislation that would approve their current lawless actions.
People ARE fleeing violence and oppression in their home countries.
The US is directly or indirectly responsible for this state in many central and south american countries.
Most of those coming into the country are honest law abiding citizens (immigrants generally have a lower rate of crime than natural born citizens).
The US government is currently breaking the law with how they are treating asylm seekers.
Throwing people, especially children, in concentration camps to try and make a political point is abhorrent and morally repugnant.
Oh, and even Border Patrol says that a wall from coast to coast is; impossible to build, impracticable to maintain, and ultimately ineffectual as either a deterrent or an obstacle.
-
Monday 23rd September 2019 13:09 GMT rg287
Let's be clear here - illegally entering the country and then trying to claim asylum is not an approved method of claiming asylum.
Folks who do that are rightfully detained until processed and deported.
And just like any other common criminal, no you can't have your kids/family with you in jail.
Even if we accepted that as true (which it isn't), that doesn't make up for the kids-in-cages as opposed to kids-in-social-care/foster-homes/sensible and humane accommodations pending the outcome of their asylum application.
But then as the only country in the world to have avoided ratifying the UN Convention on the Rights of the Child we shouldn't really expect any more from the failed society that calls itself the USA.
As for the War on Drugs. Yes... It's gone swimmingly. How many thousand guns have the ATF sold to cartels in botched sting operations? How about that delightful episode where the DEA appropriated a truck to use in a sting, got the driver shot dead and the truck shot up, then refused to pay for repairs...
Let's face it, the ATF and DEA enjoy their job too much. They don't want to do themselves out of business - so they keep sending merchandise and guns the way of the cartels to keep up a competent opposition against whom they can play out their
Hollywood action scripts"operations".It worked well enough - barring a certain Marine sniper incident - until the Task Force mysteriously disappeared one day.
Nothing mysterious about it. They were rebranded JTF-North when Counter-Terror was added to their remit.
-
Monday 23rd September 2019 16:07 GMT LeahroyNake
'Don't get it twisted, Brits, you don't know what's going on because you've never been there.'
A lot of inhabitants of England and the UK in general are descended from 'illegal' immigration. Ever heard of vikings? They mostly killed people and stole their goods until some of them settled. Rome also had a lot of input and before that we all came from Africa I believe.
The Scottish and Welsh resisted and there were many clan wars and we still consider ourselves different somehow. The Irish, that's why they now have Ireland and Northern Ireland. We all seem to get on now though.
America, unless you are Native American you are all illegal immigrants and most of you are proud of it, Italian, French, Spanish god forbid British descent etc
Brexit (oh crap I said it) it's exactly what you mean, we are there. Denying people entry to the country was apparently the leading reason for voting leave.
History repeating itself?
Just ask yourself one question. If the USA becomes unfavorable for you through pollution, crime or persecution where are you going to go that your government hasn't pissed off ?
-
-
Friday 20th September 2019 17:47 GMT Anonymous Coward
This could break open source
Using your open source code... and then yanking it, regardless of the reasons, will ultimately do more harm to Open Source. If you are a contributor, your first responsibility is to the community, not your personal politics. This breaks the fundamental community trust in Open Source and will do more harm than good in the long run. Proprietary software will ultimately win.
Don't break your arm patting yourself on the back Seth.
-
Friday 20th September 2019 20:41 GMT Anonymous Coward
Re: Not in my name, and not with my help.
Yeah, don't buy it.
Open source is about programmers being lazy (wrote this N times already, CBA to write it again).
So Open Source it and can use it next time I need that itch scratched.
To be clear, we don't care if anyone else uses it, we care that we can use it.
I refuse to work for the UK.gov at present, that's not going to do anything but stop the inflated rate under offer from hitting my account. They don't give a single shit about me or my stance.
Have you considered that he cares about the US and is trying to make it a better place by this simple act of non-violent resistance to oppression.
Taking an undocumented pre-verbal child from undocumented parents, is virtually ensuring that parent and child will never be reunited. That's pretty close to a definition of evil in my book.
-
Saturday 21st September 2019 04:09 GMT bombastic bob
Re: Not in my name, and not with my help.
"To be clear, we don't care if anyone else uses it, we care that we can use it."
eh, ok I'll give ya THAT in a scenario that I've had from time to time...
a) you wrote something cool, REALLY cool, and you want to be ABLE to use it again
b) you copypasta that thing into $customer project and give them a written license to use it without GPL etc. even though you posted it online as GPL code beforehand [even 5 minutes beforehand]
c) you can THEN use it again and again not having to re-write the 'cool thing' and everybody wins and you don't EVAR get sued for using "their code" in "that customer's project" (even though it was yours, proving it in court is EXPENSIVE and a PAIN IN THE ASS).
So yeah, in a way, you're right. On THAT point.
But I always see it as showing off my work, too. "Want an example of my work? Go to my public git rep site". That sort of thing. And it's also convenient off-site backup to use github, gitlab, sourceforge, whatever.
that aside from the other obvious benefits of open source, contributing code to public projects that help your own customers use your products/services as well as you and everyone else, and so everyone benefits to some extent and YOU make money.
-
Saturday 21st September 2019 12:49 GMT Anonymous Coward
Re: Not in my name, and not with my help.
I think the showing off my work part is a bit over-egged, I can't imagine anyone but another programmer is going to care about my random bits of code online.
Some cancer research sw was originally written by a university on Oracle/SaS, Closed source circa 1990.
The conditions of public funding from the EU for SW dev, requires it to be open sourced. (Public money = public Access).
I got paid to reverse engineer into a C++/Sqlite3 implementation. So I got paid for doing the work, and the public got the fruits of the research. I'm proud of that, especially as it had to be bug compatible with the previous version. Not sure if that's for or against.
-
-
-
-
Friday 20th September 2019 18:42 GMT Anonymous Coward
It's not as if he's even complaining that the DHS is using *his* software - it's that they're using Chef, for which his software is an optional (but convenient) cog, so he does something to spite all Chef users.
How far do you go with this? DHS are using Ruby. Should everyone pull all Ruby code that's ever been published? Are DHS using Red Hat, or Ubuntu? Should we boycott those companies too?
HST, Chef were wrong to remove the primary attribution when they copied it.
-
Friday 20th September 2019 21:02 GMT Notas Badoff
No long-term memory here!
Amazing that no one has mentioned the Jamie Kyle debacle only one year ago.
Lerna relicences to protest ICE
then reversed by Lerna the next day (but not Jamie till a couple months went by)
Open Source Devs Reverse Decision to Block ICE Contractors From Using Software
when the practicalities of rage turned out to be more difficult than imagined.
And it's only three years since "it's my code so I can delete it if I want!"
How one programmer broke the internet by deleting a tiny piece of code
We code in a magical world. We live in the real world. One of these is way more complex than the other. Ask Jamie, Koçulu, Eich or, lately, Stallman.
-
Friday 20th September 2019 21:15 GMT Anonymous Coward
It's sad that politics has no obvious moral compass, while at the same time so many here seem to think that morality and politics are two sides of the same coin. Deciding that any organization using your intellectual property for actions you deem wrong and being able to prevent it because you have no contractual obligation to allow it is perfectly fine. Not many of us have that option - we can always leave the organization in protest, but what we leave behind still exists.
-
Monday 23rd September 2019 11:48 GMT Anonymous Coward
So you agree with someone refusing to make a cake for a LGBT marriage because of his or her beliefs and they deem it wrong? Of if they have a shop open to the public they should not be able to question the public behaviours as long as they are not illegal?
Moreover do you really know if retiring your code helped detained people, or not - maybe letting ICE procrastinate plans to make some data available to those fighting the actual situation?
And does he matter if his code is used in China in its detention camps? Or it doesn't care because he doesn't know, doesn't want to know, and pretend it's OK?
-
Monday 23rd September 2019 14:37 GMT bombastic bob
"So you agree with someone refusing to make a cake for a LGBT marriage because of his or her beliefs and they deem it wrong? "
*sigh* - you played THAT emotional hand-grenade. Nice. Job. *NOT*
I say "go elsewhere" and get the cake done by a bakery and decoration artist who's not an idiot, and let the idiot do what he wants.
-
-
-
Friday 20th September 2019 21:52 GMT Jeff 11
I can understand the (apparent) good intentions of devs for doing these things, as I wouldn't want my work used for purposes I find ethically abhorrent. But open source software can and is used for evil, and the willingness of those who do this to see no evil in this regard strikes me as at least naive - possibly hypocritical, or perhaps self-serving in today's publicity-driven economy. Singling out an intermediate relationship between Chef and ICE seems a bit of a gimmicky reason to me when we accept things such as IBM's complicity in the holocaust, and still allow them to use our OSS (and in turn use theirs).
If nothing else, this is another feather in the cap for local dependency caches...
-
Saturday 21st September 2019 03:20 GMT Henry Wertz 1
this kind of thing
First off, he's 100 percent withing his rights to do what he's doing. Definitely inconvenient but *shrug*. I must admit I would not want ICE using my software either. They could handle things a lot better than they are.
That said, this kind of thing does make me nervous... pip (for python), npm, etc. where there are piles and piles of layered dependencies. (I use pip3 a fair bit and it really pulls in a lot of dependcies). I do realize linux distros like debian have layers too, but they maintain some control over things so if they will not yank a package until they've made some allowance to having it not massively break dependencies.
-
Saturday 21st September 2019 04:13 GMT bombastic bob
Re: this kind of thing
if you're careful you can set up pip to fix versions in stone for everything. This does not always build well on different platforms, though. I did this a bit with an older DJango setup I had been maintaining [not writing, more like re-writing to use LESS PYTHON and C language utilities to improve performance by a factor of 10 or more, but I digress] but I agree, languages like Python and apparently Ruby have this kind of "dependency Hell" built into them, and the trend would be to have 'bleeding edge' enough that you can't easily just go back to what it was before... and when a single developer decides to play SJW and deny you access to his source, you're FSCK'd. Unless you do snapshots and archives, which apparently the 'Chef' guy did.
-
-
Monday 23rd September 2019 09:43 GMT Anonymous Coward
it is about maintaining a consistent and fair business approach in these volatile times
I applaud him for a new weasel take. In short, this cunty explanation of life, universe and everything calls for an ad hitlerum: "x is about maintaining a consistent and fair approach in these volatile times". But hey, what else did you expect, that he'd fall on his sword?
-
Monday 23rd September 2019 09:47 GMT Anonymous Coward
it is appropriate, practical, or within our mission to examine specific government projects
Ah, this is what the German businessmen used to say in WW2. When they were asked nicely to come up with another 10,000 railcars to transport the undesirables for the "resettlement in the East" for example. Gas-fired stoves, great business, lots of potential. And if we don't do it, our competitors will.
-
Monday 23rd September 2019 15:05 GMT Anonymous Coward
Re: it is appropriate, practical, or within our mission to examine specific government projects
He should have just quoted Tom Lehrer (https://www.youtube.com/watch?v=QEJ9HrZq7Ro):
Don't say that he's hypocritical
Say rather that he's apolitical
"Once the rockets are up, who cares where they come down?
That's not my department" say Wernher von Braun
-
-
Monday 23rd September 2019 10:05 GMT AOD
Build process not fit for purpose
If you're shipping a product then as mentioned by another commenter, you want the versions of the various components to be set in stone and always available so the build can be recreated at any time.
One option I imagine is to stick your own repository between your build chain and the public one(s), slurp the relevant code into that and then build against that.
There are products to assist with that (Artifactory?) which I've seen deployed in environments where products were only for internal use (eg Banks).
When it comes to building your software, if the build can be tripped up by an external dependency/repository issue then it's not robust and therefore not fit for purpose.
-
Monday 23rd September 2019 13:39 GMT Spanners
So how should one start? What licence?
In the unlikely event of my developing something in the future, how would I want to be licenced?
I am well aware that illegal criminals would not follow any restrictions but legal criminals like US ICE might.
I would want to only licence to groups I agreed with not nasty ones including ,
ICE
many other US TLA's
Private healthcare
Arms industry
Gambling
Tobacco
Other than closed source, how can one be specific?
-
Monday 23rd September 2019 14:33 GMT Anonymous Coward
Re: So how should one start? What licence?
Even with closed source, you can avoid to bid for a contract if you don't like the origin, but I don't believe you can hinder a reseller to sell your products to whoever they like, as long it's a legal sale not forbidden by law. I'm not sure you can't even refuse a direct sale when requested without a good, legal reason (i.e. a true risk of not being paid) - think about a shop refusing some customers because they don't like something in them....
-
-
Monday 23rd September 2019 14:42 GMT heyrick
I apologize for the disruption to your workflow
Bollocks.
If he gave the slightest inkling of a shit beyond his personal moral crusade, he would have considered all the others that his toy ejecting will have affected, and realised that his creation is more important than one contact with evilness.
It's acceptable to be annoyed. It's not acceptable to annoy everybody else.
-
Tuesday 24th September 2019 02:05 GMT Trixr
Re: I apologize for the disruption to your workflow
Even more bollocks. It's his work; he has the utmost right to decide what to do with it. Are you going to dismantle copyright while you're at it?
And if you're so stupid you're relying on pulling code directly from the interwebs for critical functionality, rather than your own fork, you deserve what you get.
-
-
Monday 23rd September 2019 20:57 GMT Ghostman
I see a lot of IRS audits in the future
Want to pull the software away from everybody just because you don't like the government? How many lawsuits for lost productivity from customers? Breach of contract?
IRS audits for him, his accountant, his family, his business, for years past.
Loss of future business?
The guy is more than likely screwed for the next 10-15 years.