UXP and allied Project Contributors.. Your rights are being violated along with the MPL.

Discussions about the development and maturation of the platform code (UXP).
Warning: may contain highly-technical topics.

Moderators: trava90, athenian200

User avatar
Lunokhod
Lunatic
Lunatic
Posts: 469
Joined: 2017-04-20, 21:25
Contact:

Re: UXP and allied Project Contributors.. Your rights are being violated along with the MPL.

Unread post by Lunokhod » 2021-09-09, 20:31

(with potentially disastrous consequences in terms of security, etc.)
That provoked an interesting line of thought regarding reproducible builds. Now this may not be fully supported in Pale Moon as it was only completed in Firefox in the last couple of years, but even though it may not be possible to get a byte identical build on different platforms, you could probably recreate the build env so it would be close enough to easily audit with the right tools and know-how, to ensure the binary contained what it was supposed to. But Feodor's non-compliance created a situation where this was difficult. And why would someone smart enough to create a fork of something as complex as a browser not be able to add git tags to mark build releases, and persist in doing this, and not answer direct questions?
Even if Feodor was not adding hidden malware to the released binaries, it created a situation which a hacker or hostile state / group could take advantage of to do exactly that. So this lack of transparency was not merely some minor technical detail but a genuine security concern for anyone using these binaries.
As a non-XP user, actually even I have an old computer with XP just in case it's useful to access floppy drives, but have never used it online, do feel free to carry on this lively discussion amongst yourselves...
Wait, it's all Ohio? Always has been...

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35402
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: UXP and allied Project Contributors.. Your rights are being violated along with the MPL.

Unread post by Moonchild » 2021-09-09, 20:40

Off-topic:
Lunokhod wrote:
2021-09-09, 20:31
As a non-XP user,
Keep in mind Mypal and Centaury have also been used on current versions of Windows so it doesn't preclude potentially compromising an otherwise OK system.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

dbsoft
Project Contributor
Project Contributor
Posts: 405
Joined: 2020-02-21, 17:35

Re: UXP and allied Project Contributors.. Your rights are being violated along with the MPL.

Unread post by dbsoft » 2021-09-10, 00:52

Moonchild wrote:
2021-09-09, 20:10
Tobin was (and remains) compliant because his EULA informs recipients how they can obtain a copy of the program in source code form. Even if his repo for his own development isn't public, that EULA statement satisfies the MPL (since Tobin clearly follows up on requests made).
Feodor2 was not compliant because the Centaury repo didn't contain the source code form, and users were also not informed how they could obtain a copy of the published program in source code form. That information has to be readily available.
A password protected archive is not "Source Code Form" by your definition. It sure looks like it was there under the Centuary branch when I looked, it wasn't clearly labeled, but it was there. The site where you downloaded Mypal linked to the GitHub repository where the source code resided, you just had to dig for it. To me that is compliance. If Feodor2 was not in compliance because it wasn't super easy to get, then neither is Tobin.

Lurker_01
Fanatic
Fanatic
Posts: 122
Joined: 2015-06-12, 14:59
Location: Uruguay

Re: UXP and allied Project Contributors.. Your rights are being violated along with the MPL.

Unread post by Lurker_01 » 2021-09-10, 01:27

Lunokhod wrote:
2021-09-09, 20:31
you could probably recreate the build env so it would be close enough to easily audit with the right tools and know-how, to ensure the binary contained what it was supposed to
By the license you are not obligated to provide the build tools nor the flags used for the build nor any hardware information, in fact the exact flags for Pale Moon official build is not known(buildconfig dont have all flags), there was F.A.Q. section on the Pale Moon website one time and the response was they are not provided since people ask them with "clearly not always with good intentions" with the answer "No, this is my baby", "No, this is my workstation and you do not need that info", "No, you do not need that info" and then completely removed.
Considering the exact flags are so precious, maybe it would be possible, but i just doubt it.
Last edited by Lurker_01 on 2021-09-10, 01:30, edited 1 time in total.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35402
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: UXP and allied Project Contributors.. Your rights are being violated along with the MPL.

Unread post by Moonchild » 2021-09-10, 01:28

dbsoft wrote:
2021-09-10, 00:52
A password protected archive is not "Source Code Form" by your definition.
Please explain how you come to that conclusion.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

dbsoft
Project Contributor
Project Contributor
Posts: 405
Joined: 2020-02-21, 17:35

Re: UXP and allied Project Contributors.. Your rights are being violated along with the MPL.

Unread post by dbsoft » 2021-09-10, 01:44

Moonchild wrote:
2021-09-10, 01:28
dbsoft wrote:
2021-09-10, 00:52
A password protected archive is not "Source Code Form" by your definition.
Please explain how you come to that conclusion.
Ok so... Feodor2 linked to the GitHub repository which you can download unrestricted and use the git tools to access the source code form, if you know where to look, branches and revisions.

After emailing Tobin he linked to a restricted archive, which you can access the source code form if you have the right password and the right archiving software.

How are those things different besides the tools used?

I can't read minds, but from where I stand, it seems like Tobin is purposefully making it difficult to get the Source Code Form, and Feodor2 was simply failing to make it easy.

vannilla
Moon Magic practitioner
Moon Magic practitioner
Posts: 2181
Joined: 2018-05-05, 13:29

Re: UXP and allied Project Contributors.. Your rights are being violated along with the MPL.

Unread post by vannilla » 2021-09-10, 07:26

dbsoft wrote:
2021-09-10, 01:44
I can't read minds, but from where I stand, it seems like Tobin is purposefully making it difficult to get the Source Code Form, and Feodor2 was simply failing to make it easy.
That's not the issue though.
The issue is that Feodor didn't provide the exact source code for any version.
Making it always accessible on GitHub vs only in a protected archive has nothing to do with it.
If you can't build Centaury 1.0 when reqiesting for that version from the given source code, then Feodor is not compliant. Since Tobin gives archives to build Interlink 8.9 when requesting that version, he is compliant.
Having to scan every commit in a git repo until you find the correct commit for Mypal 13.6 is not being compliant. Being compliant means there is a branch or a tag to which you can jump to to get the exact source code.
Remember that the license states that is the developer(s) that have to provide the source code; the user must not go and search for it.
Feodor failed to do that and that makes him non-compliant.
This is what everyone has been trying to tell you since the beginning, but you purposefully are trying to ignore it by changing topic to unrelated issues.

Lurker_01
Fanatic
Fanatic
Posts: 122
Joined: 2015-06-12, 14:59
Location: Uruguay

Re: UXP and allied Project Contributors.. Your rights are being violated along with the MPL.

Unread post by Lurker_01 » 2021-09-10, 11:16

vannilla wrote:
2021-09-10, 07:26
Since Tobin gives archives to build Interlink 8.9 when requesting that version, he is compliant.
Having to scan every commit in a git repo until you find the correct commit for Mypal 13.6 is not being compliant. Being compliant means there is a branch or a tag to which you can jump to to get the exact source code.
Remember that the license states that is the developer(s) that have to provide the source code; the user must not go and search for it.
Yes, you are correct, but i think you are missing his point, with Feodor you could at least manage to piece together the source code and make it work.
I would say basically the problem here is that by the license if you were to convert the code to some proprietary intermediary language and package everything with proprietary compression algorithm both obscure (or a an archive with a password), you are in the clear as long as you give that useless archive to everybody since you are not obligated to provide the build tools (and those do work with that language and compression), so you made your part now and the user can happily go around search for the build tools.
In both cases the user have to jump a lot of hoops, just one of those is fine under the license and the other is not.
For Feodor his "reasonable means" are to use git tools you know about to apply the patches to the original code, his modifications to the source code were provided, so for him he did his part.
Yes you could argue that this is not enough and i do say you are correct, unfortunately the situation was handled in the worst manner possible with opening 3 issues and already pulling the carpet under his feet by Tobin that made any further versions of the fork browser very hard to build or almost impossible in the future and so made the author to just throw the towel instead of working to resolve the issue.

New Tobin Paradigm

Re: UXP and allied Project Contributors.. Your rights are being violated along with the MPL.

Unread post by New Tobin Paradigm » 2021-09-10, 11:48

The problem is he FAILED TO INFORM. Plain and simple. Whatever form he thinks is there either patch files in 2019 or an empty repo with a readme in 2021 without any information.. HE FAILED TO INFORM. He compounded it by his third response to the second violation by not being specific.. Repo, tags, branches, whatever.

Let us not forget the events of the second violation. His first action was to declare it a duplicate of 2019's notification and close it. So his tangible action was to ignore it. THEN he made up instructions on the fly which are not specific enough to get the Source Code Form for any version. THEN he went to MSFN and brought in an army and revived a totally separate issue to get those who commented a year ago to also come and fight. During that mypal issue other aspects developed. Total War was declared. Death threats emitted. And his horde spread out to hostile areas of 4chan and several subreddits where I could not speak or I and others would be restricted as a matter of course. He deleted the binaries for Centaury, he deleted the binaries for MyPal (after several cohorts saved and are still spreading them) he tried to run away constantly. In cooperation with his MSFN allies djames1 stole patches and gave them to roytam1 while I was distracted with fedor2 within 24 hours. Now my phone is being harassed .. WAS being harassed. Simple fix.

These people are the upmost scum of this planet. Ignorant, violent, devious, manipulative and also, despite their protected leftists status which somehow magically claims they aren't, they are demonstratively racist and xenophobic.

Blacklab
Board Warrior
Board Warrior
Posts: 1080
Joined: 2012-06-08, 12:14

Re: UXP and allied Project Contributors.. Your rights are being violated along with the MPL.

Unread post by Blacklab » 2021-09-10, 12:42

Sorry to hear you have been having problems with devious individuals and then unwarranted hate speech. :(

An old mantra surely applies? "Don't feed the trolls" Post a factual correction, ban them, leave them to fester.

Difficult sometimes I appreciate, but has to be better than spending hours having convoluted, lengthy arguments and flamewars with trolls who are probably just stirring for their own sad enjoyment and/or nefarious purposes?

All in all just a depressing waste of time... and it drains your energy.

vannilla
Moon Magic practitioner
Moon Magic practitioner
Posts: 2181
Joined: 2018-05-05, 13:29

Re: UXP and allied Project Contributors.. Your rights are being violated along with the MPL.

Unread post by vannilla » 2021-09-10, 13:01

Lurker_01 wrote:
2021-09-10, 11:16
but i think you are missing his point
I'm not, but his point is unrelated to the licensing issues at hand, so whatever he has to say won't give Feodor anything to help him.

For a proper response, see Tobin's.
What I'm going to say is this: your example with the proprietary tools to package the source code might be invalid.
Lawyers might say that providing an archive that can't be opened does not constitute a provision of the requested source code, for example.
In particular, the license states that source code can be modified by licensed entities, so if the source code can't be accessed because it's inside a special archive, that might make people unable to apply their rights.

And Mypal/Centaury being impossible to build? Well, actions have consequences as we've seen clearly.
In truth, if you (generic you, not you Lurker_01) take the Pale Moon source code as is currently available (since it's public), apply code to make it work on whatever operating system you want to, and provide the source code as requested by the license (plus all other terms, of course, including those related to branding), then you can still have your browser.
It's Feodor that can't provide it, but literally everybody else can still provide an equivalent to Mypal or Centaury as long as the license is followed.
But I suppose this is too hard to understand, or we woldn't have had this whole discussion.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35402
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: UXP and allied Project Contributors.. Your rights are being violated along with the MPL.

Unread post by Moonchild » 2021-09-10, 14:52

dbsoft wrote:
2021-09-10, 01:44
After emailing Tobin he linked to a restricted archive, which you can access the source code form if you have the right password and the right archiving software.
To lift this tidbit out since that is what I asked about, not anything else you tossed in your reply:
A password-protected archive supplied with a password along it is an absolutely reasonable means to supply source code (the reason to password protect it can range anywhere from preventing interception or unauthorized downloads by third parties, to policy mandates, or something as simple as not wanting it to be scanned in-transit and causing issues with e.g. antivirus that might prevent delivery due to a false positive, and more). The MPL also does not specify details how source code should be provided, merely that it has to be provided either directly or by providing information how to obtain the source. See my previous post.
Don't confuse your complaint about technical fulfilment of your request to receive the Source Code Form (or your inability to extract it) with license compliance. I'm sure the archiving software used was common software and the password was supplied. Recipients' technical difficulties opening an archive (due to their own ineptitude or otherwise) don't make a developer non-compliant. "I don't know how to unzip something so now you are in breach of the MPL" ... no. :lol:

I already explained this in my e-mail response and I simply don't understand why you keep refusing to accept my and others' explanations and just state the same questions again elsewhere or in a slightly different form. You're just being obnoxious now. Please stop.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

New Tobin Paradigm

Re: UXP and allied Project Contributors.. Your rights are being violated along with the MPL.

Unread post by New Tobin Paradigm » 2021-09-10, 15:23

I used 7zip with standard ultra compression and default settings for password. The password was the tagged commit sha from my repository. Given I am going to alter how I satisfy the MPL in the future this internal secret is no longer valuable.

This is due to the recent influx of MPL Compliance as a harrassment vector. When nuke falsely claimed that the archive could not be unlocked I did for all of five minutes refuse to provide an unpassword protected version but even though I knew he was trying to fabricate a state of non-compliance against me I sent it anyway.

Given he also attempted to get me to send him every version ever despite not-latest being taken out of circulation and the MPL being only a pretext for harrassment.. I challenged him to produce any evidence that he had obtained a non-latest version of which he could not as I am only obligated to satify requests for the Source Code Form of Covered Software that was used in creation of a specific Executable Form.

These alt os and xpeople seem bent on getting my source code through any means possible but do not follow the MPL them selves or within the scope of what is allowed to be requested. Never the less, I do follow it to the letter and to take direct interaction out of the equasion I will be altering the process. However, it shall not simply be putting it on a server for broad consumption but once implemented it won't be e-mailing me.

As a reminder: The Source Code Form of Covered Software is ONLY THAT and anything proprietary or bits that did not materally go into production of a BinOC Produced Executable Form will continue to be filtered out. My applications remain generally a proprietary Larger Work merely based, albeit largely, on open souce community code. Code that is Covered Software under the Mozilla Public License 2.0.
Last edited by New Tobin Paradigm on 2021-09-10, 15:25, edited 1 time in total.

dbsoft
Project Contributor
Project Contributor
Posts: 405
Joined: 2020-02-21, 17:35

Re: UXP and allied Project Contributors.. Your rights are being violated along with the MPL.

Unread post by dbsoft » 2021-09-10, 15:24

vannilla wrote:
2021-09-10, 07:26
Remember that the license states that is the developer(s) that have to provide the source code; the user must not go and search for it.
Feodor failed to do that and that makes him non-compliant.
It says nothing about that in the license. If he provided the source code he is compliant.

dbsoft
Project Contributor
Project Contributor
Posts: 405
Joined: 2020-02-21, 17:35

Re: UXP and allied Project Contributors.. Your rights are being violated along with the MPL.

Unread post by dbsoft » 2021-09-10, 15:27

Moonchild wrote:
2021-09-10, 14:52
To lift this tidbit out since that is what I asked about, not anything else you tossed in your reply:
A password-protected archive supplied with a password along it is an absolutely reasonable means to supply source code (the reason to password protect it can range anywhere from preventing interception or unauthorized downloads by third parties, to policy mandates, or something as simple as not wanting it to be scanned in-transit and causing issues with e.g. antivirus that might prevent delivery due to a false positive, and more). The MPL also does not specify details how source code should be provided, merely that it has to be provided either directly or by providing information how to obtain the source. See my previous post.
Well the password provided did not work when entered into "The Unarchiver" software on my Mac. I wasn't able to obtain it until he sent me one without a password on it. I don't know if the software does not handle the password properly or he sent me the wrong password, or what.

New Tobin Paradigm

Re: UXP and allied Project Contributors.. Your rights are being violated along with the MPL.

Unread post by New Tobin Paradigm » 2021-09-10, 15:28

The License states that recipients of an Executable Form must be informed that the Covered Software that went into it is under the MPL 2.0 and how to obtain the Source Code Form of said Covered Software. You also convey the Source Code Form to the recipient by reasonable means in a timely manner.

That wasn't done and still hasn't been done by fedor2 in this case. So fuck off nuke.
Last edited by New Tobin Paradigm on 2021-09-10, 15:32, edited 1 time in total.

dbsoft
Project Contributor
Project Contributor
Posts: 405
Joined: 2020-02-21, 17:35

Re: UXP and allied Project Contributors.. Your rights are being violated along with the MPL.

Unread post by dbsoft » 2021-09-10, 15:32

New Tobin Paradigm wrote:
2021-09-10, 11:48
The problem is he FAILED TO INFORM. Plain and simple. Whatever form he thinks is there either patch files in 2019 or an empty repo with a readme in 2021 without any information.. HE FAILED TO INFORM. He compounded it by his third response to the second violation by not being specific.. Repo, tags, branches, whatever.
He did not fail to inform. The source code was there. When asked about it he linked to the branch and the date of the revision.

dbsoft
Project Contributor
Project Contributor
Posts: 405
Joined: 2020-02-21, 17:35

Re: UXP and allied Project Contributors.. Your rights are being violated along with the MPL.

Unread post by dbsoft » 2021-09-10, 15:34

New Tobin Paradigm wrote:
2021-09-10, 15:28
The License states that recipients of an Executable Form must be informed that the Covered Software that went into it is under the MPL 2.0 and how to obtain the Source Code Form of said Covered Software. You also convey the Source Code Form to the recipient by reasonable means in a timely manner.

That wasn't done and still hasn't been done by fedor2 in this case. So fuck off nuke.
It was. The source code was there in the repository, he informed where the repository was. I don't understand why you think what you do is ok and what he does isn't? It is just mind boggling.

User avatar
Nuck-TH
Project Contributor
Project Contributor
Posts: 195
Joined: 2020-03-02, 16:04

Re: UXP and allied Project Contributors.. Your rights are being violated along with the MPL.

Unread post by Nuck-TH » 2021-09-10, 15:40

Okay, let's extrapolate into absurdity:
Any data can be found in PI number... somwhere in it. I supply you with executable and PI number. Source is somwhere in it, find it yourself.
This is exact analogy to what fedor2 offered to do.
Providing source form is pointing to exactly where is ecatct code that was used to make executable form. In case of PI number it is starting offset(decimal digit) and length.
Spoonfeeding answer for git: there it is commit hash, or tag(which is shortcut for it).

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35402
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: UXP and allied Project Contributors.. Your rights are being violated along with the MPL.

Unread post by Moonchild » 2021-09-10, 15:45

dbsoft wrote:
2021-09-10, 15:32
He did not fail to inform. The source code was there. When asked about it he linked to the branch and the date of the revision.
He failed to inform.
1. The information to obtain the source code must be offered by the developer when publishing an executable form. He failed this part so failed to inform, so didn't satisfy the license terms.
2. When asked about a specific version (which is being lenient because it is not within the scope of the license) he linked to a branch elsewhere and made a vague statement to use a date of publication to guess the right commit. Even in this lenient interpretation he failed to provide the exact source code form of an exact executable asked about.

But since you insist on continuing to repeat the questions and being obnoxiously incapable of having a decent discussion, you can take it elsewhere.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

Locked