It’s true that they say both things out of comfort.

Though to be completely honest, both statements are not contradictory. They are not necessarily accepting that they do have something worth hiding, but just stating that hiding is too difficult these days anyway. That does not mean (sadly) that they would start doing it were it easier, just that they have even less of a motive to care about it now that hiding is so much harder (to the point of almost being “a myth”).

I’m not saying they are right, I’m saying that lack of consistency is not the problem with that attitude. It’s not a “shift”, just a consistent continuation of a lazy attitude towards comfort.

You share public keys when registering the passkey on a third party service, but for the portability of the keys to other password managers (what the article is about) the private ones do need to be transferred (that’s the whole point of making them portable).

I think the phishing concerns are about attackers using this new portability feature to get a user (via phishing / social engineering) to export/move their passkeys to the attacker’s store. The point is that portability shouldn’t be so user-friendly / transparent that it becomes exploitable.

That said, I don’t know if this new protocol makes things THAT easy to port (probably not?).

I’m ok with not considering it “public good” when something has a license that sets conditions and it’s under Copyright of a particular private person/entity. But if you do need to ask consent to a private party for the use of something in a derivative work of certain conditions, then I don’t think it makes sense to call it a public good.

Yes, that’s why im saying that this kind of problem isn’t something particular about this project.

In fact I’m not sure if it’s the case that the builds aren’t reproducible/verifiable for these binaries in ventoy. And if they aren’t, then I think it’s in the upstream projects where it should be fixed.

Of course ventoy should try to provide traceability for the specific versions they are using, but in principle I don’t think it should be a problem to rely on those binaries if they are verifiable… just the same way as we rely on binaries for many dynamic libraries in a lot of distributions. After all, Ventoy is closer to being an OS/distribution than a particular program.

That’s ok if we are talking about malware publicly shown in the published source code… but there’s also the possibility of a private source-code patch with malware that it’s secretly being applied when building the binaries for distribution. Having clean source code in the repo is not a guarantee that the source code is the same that was used to produce the binaries.

This is why it’s important for builds to be reproducible, any third party should be able to build their own binary from clean source code and be able to obtain the exact same binary with the same hash. If the hashes match, then you have a proof of the binary being clean. You have this same problem with every single binary distribution, even the ones that don’t include pre-compiled binaries in their repo.

Also I expect there should be more surveillance around powerful people like Larry Ellison, right?

The more powerful, the more important is to ensure good behavior, and the more public / peer-reviewed the AI model and its logs should be to avoid tampering/laundering.

True. Though I don’t think we would be in a hurry for this one, both Mindustry and Shapez have similar concepts and are already open source and quite good.

You still call the period before when the sun is directly overhead “morning” and the period after “afternoon” and similarly with “evening”, “night”, “dawn”, “noon”, “midnight” etc.

Note that the Sun position is not consistent throught the year and varies widely based on your latitude.

In Iceland (and also Alaska) you can have the Sun for a full 24 hours in the sky (they call it “midnight sun”) during Summer solstice (with extremelly short nights the whole summer) and the opposite happens in Winter, with long periods of night time.

I think it still makes the most sense to decide that the days of the week (“Monday”, “Tuesday”, etc) last from whatever time “midnight” is locally to the following midnight, again probably rounding to the nearest whole hour.

Just the days of the week? you mean that 2024-06-30 23:59 and 2024-07-01 00:01 can both be the same weekday and at the same time be different days? Would the definition of “day” be different based on whether you are talking about “day of the week” vs “universal day”?

I have purchased every single open source game that I’ve seen listed on steam as paid. Examples:

• Shattered pixel dungeon (and also the original Pixel Dungeon)
• TOME
• Shapez
• Open Hexagon
• Mindustry
• Lugaru
• Mega Glest
• Marvellous Inc
• Hydra Slayer
• HyperRogue

For more FOSS games on steam, there’s a decent list collected on this curator (also pointing which ones are only partially open): https://store.steampowered.com/curator/38475471-Libre-Open-Source-Games/?appid=1769170

In that counter argument they are essentially admitting that 99% of their content was distributed without the copyright holder’s consent.

In the CDL lawsuit, they have admitted that of the millions of books we have digitized, they themselves have only made about 33,000 available to libraries; only about 1% of what we have done, and only under restrictive and expensive license agreements. This is, they claim, the essence of their copyright rights: the ability to restrict access to information as they see fit, to further their theoretical economic interests, without regard to libraries traditional functions and the greater public good.

Was it fair use in the past to redistribute reprints/format-conversions of works without the copyright holders consent?

I agree that copyright law sucks… but that’s why it needs to change so it actually serves “the greater public good”. The judiciary system is not the right place to advocate for that (they don’t make the law, just interpret it), so I don’t really think there’s much hope in them winning this. Sadly.