You share public keys when registering the passkey on a third party service, but for the portability of the keys to other password managers (what the article is about) the private ones do need to be transferred (that’s the whole point of making them portable).

I think the phishing concerns are about attackers using this new portability feature to get a user (via phishing / social engineering) to export/move their passkeys to the attacker’s store. The point is that portability shouldn’t be so user-friendly / transparent that it becomes exploitable.

That said, I don’t know if this new protocol makes things THAT easy to port (probably not?).

I’m ok with not considering it “public good” when something has a license that sets conditions and it’s under Copyright of a particular private person/entity. But if you do need to ask consent to a private party for the use of something in a derivative work of certain conditions, then I don’t think it makes sense to call it a public good.

Yes, that’s why im saying that this kind of problem isn’t something particular about this project.

In fact I’m not sure if it’s the case that the builds aren’t reproducible/verifiable for these binaries in ventoy. And if they aren’t, then I think it’s in the upstream projects where it should be fixed.

Of course ventoy should try to provide traceability for the specific versions they are using, but in principle I don’t think it should be a problem to rely on those binaries if they are verifiable… just the same way as we rely on binaries for many dynamic libraries in a lot of distributions. After all, Ventoy is closer to being an OS/distribution than a particular program.

That’s ok if we are talking about malware publicly shown in the published source code… but there’s also the possibility of a private source-code patch with malware that it’s secretly being applied when building the binaries for distribution. Having clean source code in the repo is not a guarantee that the source code is the same that was used to produce the binaries.

This is why it’s important for builds to be reproducible, any third party should be able to build their own binary from clean source code and be able to obtain the exact same binary with the same hash. If the hashes match, then you have a proof of the binary being clean. You have this same problem with every single binary distribution, even the ones that don’t include pre-compiled binaries in their repo.

Also I expect there should be more surveillance around powerful people like Larry Ellison, right?

The more powerful, the more important is to ensure good behavior, and the more public / peer-reviewed the AI model and its logs should be to avoid tampering/laundering.

True. Though I don’t think we would be in a hurry for this one, both Mindustry and Shapez have similar concepts and are already open source and quite good.

Is “intent” what makes all the difference? I think doing something bad unintentionally does not make it good, right?

Otherwise, all I need to do something bad is have no bad intentions. I’m sure you can find good intentions for almost any action, but generally, the end does not justify the means.

I’m not saying that those who act unintentionally should be given the same kind of punishment as those who do it with premeditation… what I’m saying is that if something is bad we should try to prevent it in the same level, as opposed to simply allowing it or sometimes even encourage it. And this can be done in the same way regardless of what tools are used. I think we just need to define more clearly what separates “bad” from “good” specifically based on the action taken (as opposed to the tools the actor used).

I think that’s the difference right there.

One is up for debate, the other one is already heavily regulated currently. Libraries are generally required to have consent if they are making straight copies of copyrighted works. Whether we like it or not.

What AI does is not really a straight up copy, which is why it’s fuzzy, and much harder to regulate without stepping in our own toes, specially as tech advances and the difference between a human reading something and a machine doing it becomes harder and harder to detect.

I have purchased every single open source game that I’ve seen listed on steam as paid. Examples:

• Shattered pixel dungeon (and also the original Pixel Dungeon)
• TOME
• Shapez
• Open Hexagon
• Mindustry
• Lugaru
• Mega Glest
• Marvellous Inc
• Hydra Slayer
• HyperRogue

For more FOSS games on steam, there’s a decent list collected on this curator (also pointing which ones are only partially open): https://store.steampowered.com/curator/38475471-Libre-Open-Source-Games/?appid=1769170

In that counter argument they are essentially admitting that 99% of their content was distributed without the copyright holder’s consent.

In the CDL lawsuit, they have admitted that of the millions of books we have digitized, they themselves have only made about 33,000 available to libraries; only about 1% of what we have done, and only under restrictive and expensive license agreements. This is, they claim, the essence of their copyright rights: the ability to restrict access to information as they see fit, to further their theoretical economic interests, without regard to libraries traditional functions and the greater public good.

Was it fair use in the past to redistribute reprints/format-conversions of works without the copyright holders consent?

I agree that copyright law sucks… but that’s why it needs to change so it actually serves “the greater public good”. The judiciary system is not the right place to advocate for that (they don’t make the law, just interpret it), so I don’t really think there’s much hope in them winning this. Sadly.

“you want a government backdoor on GPL licensed code? publish the backdoor for everyone to use, see and exploit/check for themselves. And/or watch as people simply take a version of the software built from a more reputable source without that backdoor instead. Thanks for the money!”

“you want to force all foss projects existing in the global internet across countries to get paid by you or close? enjoy your logistic nightmare as you pay to be made fun of by all other countries while I fork projects with one click”

If they really think there’s no reason to hide anything, why are they prosecuting Snowden for exposing something that was hidden?

Before having surveillance on people, they should have it on themselves.

Imagine how many corruption cases could have been prevented if the government was publicly monitored, with live streams from all offices, like a “big brother” show set up in the white house with live recordings of all calls and communications, so the voters can judge by themselves and monitor if the person they employed as the servant for the country is doing its job.