License question


#1

The github repo (https://github.com/nehbit/aether) doesn’t seem to be updated, and there are no instructions on how to build.

Is this not an open source project maybe?


#2

The source code for Aether is licensed under AGPL. Whether you consider this ‘open source’, or your definition of open source has additional criteria (i.e. build instructions, frequent updates, acting as a maintainer, etc) is a personal question for you to decide. I personally don’t have an opinion, I’m fairly uninterested in calling it officially ‘open source’ because that just generally leads to holy wars, verbal abuse and not much else. :slight_smile:

This is also why there’s no mention of Aether being open source anywhere. If you see it such a claim, it is by mistake. Let me know, and I’ll remove it.


#3

Thanks, but this wasn’t really a licence question as much as “where is the actual source?”

I can see on github it says AGPL. But the repo seems outdated. There was a release on Dec 27, but the repo was last updated 24 days ago.

The license applied to the source doesn’t matter much if one can’t get hold of the source code :slight_smile:


#4

I mean, the version on GitHub is the actual source, I’m not sure if I’m parsing your question right.

OK — let me put this in the general and specific context, that might be easier to answer.

I think in the general context the question you’re asking is ‘Why is the published source code tracking the published binaries with a delay?’. The answer to that question is that I have a private repository, and the Github is a cleaned up mirror of that. There are a few reasons for not working in public:

  1. The most practical one is that the code that halfway works, incomplete, or doesn’t work (which is often the case with in-progress builds) is actually dangerous to the network. For example, if you git clone while something is halfway through the implementation, you actually run into a real risk of that halfway code DDoSing other nodes, in turn getting your IP banned by them permanently. More importantly, your ISP might not actually like it and you might get a call from them with a concern that you’re running something like a DDoS rig. Your ISP is your business, but I would rather have the network up and functioning right.

  2. This is more personal, and it’s privacy. I am a private person, and I don’t like to work in public. I don’t think the benefits of working in public outweigh the negatives, simply put. If I see someone who is genuinely talented, interested in a sustained fashion over a long term period, with a right skill set (Go + Vue.js + networking experience) that person will receive an invitation to the private repo, alongside the commit bit. However, I do realise that most open source projects are run by one to three people that do the bulk of work, so I’m happy to do all the work myself.

  3. Aether is not a library, it’s a product. The fact that you can compile the code is secondary, even tertiary to the fact that you can see the code. My users are largely non-technical people, and there’s not much in the source code that can be used by other projects. You should be able to compile the code, in fact, easier than I ever could, because the public repo is much cleaner than the private one I have — but that is not the point.

The update schedule is such that I update the source code whenever there’s a major change. It’s a low priority task, and it requires significant amount of busywork, because I batch that task with things like updating the Electron, node versions, and other sorts of housekeeping. I’ll eventually write a script to automate all this, but I’ve just not gotten around to that.

(If you really want to see the actual code running on your machine, it’s just an unzip away, just unzip the app.asar in the app folder, and you’ll get the JS files. The Go files in the repo move much more slowly, and since changes to them usually mean major updates, they tend to always remain current.)

Again, if you think this is not trustworthy enough, I fully understand where you’re coming from, and you can compile the public version yourself and use that. It will be slightly older, but that shouldn’t amount to major feature differences or incompatibilities.

Which brings me to the specific context:

The license applied to the source doesn’t matter much if one can’t get hold of the source code :slight_smile:

The license is applied to the source code in the Github repository, there is no promise or obligation of future updates. In other words, there is no source code you cannot get access to. What you get, is what’s on the repository, per the license provided in the repository. In other words, open source does not come with the obligation of releasing future updates as open source as well. The code out there is Aether. The binary provided at the website is, Aether per the source code, plus some minor bits that haven’t been cleaned up enough to be open sourced yet. They’ll probably eventually make their way out there, but again, no warranties offered, claimed, implicitly or explicitly, including any warranty or expectation of future updates.

Obviously all of this is in the license, all capitalised and bolded even, but people generally just glaze over thinking it is just filler text.

I apologise for sounding curt, it is very hard to talk in specificity without sounding as such. I suspect the general context is what you’re looking for rather than this specific one. The former is what I intend to do, the latter is what I am obligated to do, which is nothing. :slight_smile:


#5

Alright, sweet. I’ll stick to the code that’s in the repo that I can compile myself if I want to use Aether.

I get what you’re saying. That’s probably not how I would do it, but hey it’s your creation you do what you want with it, I totally respect that. Thanks for going through the effort of making the source code public when you can :slight_smile:

The reason I’m asking is that I’m security minded, and don’t execute binaries I can’t get the source for. That’s in no way a guarantee for security, but binaries that are unavailable to scrutiny could potentially do basically anything.

I’m also not prepared to give up my 4 freedoms

  1. Freedom to run the program as you wish.
  2. Freedom to study the source code of the program and then change it so the program does what you wish. Access to the source code is a precondition for this.
  3. Freedom to help your neighbour. That’s the freedom to redistribute the exact copies of the software when you wish.
  4. Freedom to contribute to your community. That’s the freedom to distribute copies or modified versions when you wish.

https://www.rastinmehr.com/2009/03/01/the-4-software-freedoms-according-to-richard-stallman/

Stallman says a lot of crap, but these 4 freedoms I agree with him on.

Cheers!


#6

The reason I’m asking is that I’m security minded, and don’t execute binaries I can’t get the source for. That’s in no way a guarantee for security, but binaries that are unavailable to scrutiny could potentially do basically anything.

I’d love to see your baseband processor source code on your mobile phone. :wink:

In general, doing open source ‘in the open’ is expensive. Even the best run open source project I know, Evan’s Vue.js, is run largely by a single person who as far as I can see does not provide any support for the code whatsoever — he has other people in the project providing that support. I don’t have those other people, so I have to make a choice between being correct, fast (in implementation), and public, I can only pick two.

In other words, given the choice between supporting people vs. writing code, I’d prefer to be writing code, I’m sure that’s something we share as well. Google can do it, because they effectively have unlimited resources, Evan can do it with Vue.js because it’s a project that’s going on for about a decade, so he has the people willing to do the work for him. I have neither.

Lastly — unfortunately, open source community is a fairly toxic place, as is Github. It’s composed 95% of good people, but there’s a 5% contingent of folks that consider themselves entitled to free work and support just because it’s open source, which, to them, implies servitude to their desires. This leads to maintainer burnout, and this is something I’ve experienced personally in the past as well. I now know how to protect my time better, hell, just shutting off Github issues and pointing people to this meta site saved major grief from my life because even if it’s just a tiny, small barrier, it makes people who are just looking for the next outrage to move on to something else.

For compiling instructions, the repo actually used to include a fairly detailed step by step compile instructions. What happened is that I kept getting very basic questions from people who clearly had no idea what they were doing, and had no business trying to compile anything — to the point that it started to feel that I was running a coding bootcamp. I removed it, and funny enough, there’s roughly the same % of people compiling it. For people who know how to compile things, even in the most basic sense, it seems to be no problem. For people who don’t, well, you have to start explaining from what a makefile is, and that’s not a support / education burden that I’m willing to take on because it’s not directly related to Aether, it’s just common UNIX knowledge you need to compile anything.

Generally, if someone really wants to compile it and has a chance of actually figuring it out with some help, I usually help people out as much as I can anyway. Most people don’t really need any, though, just set up the dependencies (npm install, and have the latest version of Go), then run the makefile (make) and you’re pretty much good to go.


#7

I’m not trying to run Aether on my phone. I treat my phone as the unsecure black hole that it is. It would be cool to have a phone compatible with OsmocomBB though. Librem5 is in the works (would go nice with my Librem15), and I’m saving up for a Talos desktop.

Huh, that’s not my personal experience, but I don’t doubt you. I mainly use GitLab though, maybe it’s a smaller and friendlier community.
I hope you can see that my perspective is “if the author is willing to share the source code I’m willing to use it”, and not one of entitlement or making demands.

Thanks for taking your time clearing this question up. I hope this project grows, maybe one day you can have someone else manage the people that support the project and you can keep programming :slight_smile:


#8

No worries, I didn’t mean it like you were making demands. And yeah, it seems Gitlab is a much more friendly place. It might be worth moving over there at some point. My private repo is on Gitlab, in fact.

The toxicity is usually visible on the maintainer side — here’s one article I’ve found from a cursory Google search: https://www.techrepublic.com/article/why-open-source-developers-are-burning-out-no-respect/