オープンソースとは何か? Open Source Definition逐条解説書が公開

slashdot(open source)
2 months 3 weeks ago
スラドの創設者としても知られる佐渡秀治氏が22日、「オープンソースとは何か? Open Source Definition逐条解説書」を公開した(Shuji Sado)。 冒頭部の説明を要約すると、 このオープンソースという用語は自由ソフトウェア(Free Software)の代替として企図され、いまでは当たり前の存在となっている。しかし、この用語が指す意味の範囲を意図的あるいは意図せずに拡大解釈しようとする動きや、言葉の意味を理解しないままにオープンソースの状態にあるソースコードの利用行為を行うことも珍しいことではなくなってきている。このため、オープンソースに関する理解を深められるよう「オープンソースの定義」を逐条的に解説していく目的で執筆されたとしている。なお、内容的には八田真行(mhatta)による「オープンソースの定義」の日本語訳に基づいて解説がおこなわれているとのこと。

すべて読む | オープンソースセクション | オープンソース | ソフトウェア | IT |

関連ストーリー:
商用利用禁止のAI言語モデルがオープンソースと称して公開され、騒動に 2023年08月22日
MariaDB.comがSPAC上場を巡りトラブル 2023年04月13日
佐渡秀治氏、アピリッツを去る 2021年11月10日
オープンソースプロジェクトの商標問題に対応する「オープンソース商標イニシアティブ」が誕生 2020年12月02日

nagazou

オープンソースとは何か? Open Source Definition逐条解説書が公開

slashdot(IT)
2 months 3 weeks ago
スラドの創設者としても知られる佐渡秀治氏が22日、「オープンソースとは何か? Open Source Definition逐条解説書」を公開した(Shuji Sado)。 冒頭部の説明を要約すると、 このオープンソースという用語は自由ソフトウェア(Free Software)の代替として企図され、いまでは当たり前の存在となっている。しかし、この用語が指す意味の範囲を意図的あるいは意図せずに拡大解釈しようとする動きや、言葉の意味を理解しないままにオープンソースの状態にあるソースコードの利用行為を行うことも珍しいことではなくなってきている。このため、オープンソースに関する理解を深められるよう「オープンソースの定義」を逐条的に解説していく目的で執筆されたとしている。なお、内容的には八田真行(mhatta)による「オープンソースの定義」の日本語訳に基づいて解説がおこなわれているとのこと。

すべて読む | オープンソースセクション | オープンソース | ソフトウェア | IT |

関連ストーリー:
商用利用禁止のAI言語モデルがオープンソースと称して公開され、騒動に 2023年08月22日
MariaDB.comがSPAC上場を巡りトラブル 2023年04月13日
佐渡秀治氏、アピリッツを去る 2021年11月10日
オープンソースプロジェクトの商標問題に対応する「オープンソース商標イニシアティブ」が誕生 2020年12月02日

nagazou

Fragging: The Subscription Model Comes for Gamers

EFF update
2 months 3 weeks ago

We're taking part in Copyright Week, a series of actions and discussions supporting key principles that should guide copyright policy. Every day this week, various groups are taking on different elements of copyright law and policy, addressing what's at stake and what we need to do to make sure that copyright promotes creativity and innovation.

The video game industry is undergoing the same concerning changes we’ve seen before with film and TV, and it underscores the need for meaningful digital ownership.

Twenty years ago you owned DVDs. Ten years ago you probably had a Netflix subscription with a seemingly endless library. Now, you probably have two to three subscription services, and regularly hear about shows and movies you can no longer access, either because they’ve moved to yet another subscription service, or because platforms are delisting them all together.

The video game industry is getting the same treatment. While it is still common for people to purchase physical or digital copies of games, albeit often from within walled gardens like Steam or Epic Games, game subscriptions are becoming more and more common. Like the early days of movie streaming, services like Microsoft Game Pass or PlayStation Plus seem to offer a good deal. For a flat monthly fee, you have access to seemingly unlimited game choices. That is, for now.

In a recent announcement from game developer Ubisoft, their director of subscriptions said plainly that a goal of their subscription service’s rebranding is to get players “comfortable” with not owning their games. Notably, this is from a company which had developed five non-mobile games last year, hoping users will access them and older games through a $17.99 per month subscription; that is, $215.88 per year. And after a year, how many games does the end user actually own? None. 

This fragmentation of the video game subscription market isn’t just driven by greed, but answering a real frustration from users the industry itself has created. Gamers at one point could easily buy and return games, they could rent games they were only curious about, and even recoup costs by reselling their game. With the proliferation of DRM and walled-garden game vendors, ownership rights have been eroded. Reselling or giving away a copy of your game, or leaving it for your next of kin, is no longer permitted. The closest thing to a rental now available is a game demo (if it exists) or playing a game within the time frame necessary to get a refund (if a storefront offers one). These purchases are also put at risk as games are sometimes released incomplete beyond this time limit. Developers such as Ubisoft will also shut down online services which severely impact the features of these games, or even make them unplayable.

DRM and tightly controlled gaming platforms also make it harder to mod or tweak games in ways the platform doesn’t choose to support. Mods are a thriving medium for extending the functionalities, messages, and experiences facilitated by a base game, one where passion has driven contributors to design amazing things with a low barrier to entry. Mods depend on users who have the necessary access to a work to understand how to mod it and to deploy mods when running the program. A model wherein the player can only access these aspects of the game in the ways the manufacturer supports undermines the creative rights of owners as well.

This shift should raise alarms for both users and creators alike. With publishers serving as intermediaries, game developers are left either struggling to reach their audience, or settling for a fraction of the revenue they could receive from traditional sales. 

We need to preserve digital ownership before we see video games fall into the same cycles as film and TV, with users stuck paying more and receiving not robust ownership, but fragile access on the platform’s terms.

Rory Mir

Weekly Report: GitLab Community EditionおよびEnterprise Editionのパスワードリセット機能の脆弱性

JPCERT
2 months 3 weeks ago
GitLabのGitLab Community EditionおよびEnterprise Editionのパスワードリセット機能に脆弱性があります。また、同脆弱性の実証コード(PoC)と見られる情報がすでに公開されています。この問題は、当該製品を修正済みのバージョンに更新することで解決します。詳細は開発者が提供する情報を参照してください。

FTC Bars X-Mode from Selling Sensitive Location Data

EFF update
2 months 3 weeks ago

Update, January 23, 2024: Another week, another win! The FTC announced a successful enforcement action against another location data broker, InMarket.

Phone app location data brokers are a growing menace to our privacy and safety. All you did was click a box while downloading an app. Now the app tracks your every move and sends it to a broker, which then sells your location data to the highest bidder, from advertisers to police.

So it is welcome news that the Federal Trade Commission has brought a successful enforcement action against X-Mode Social (and its successor Outlogic).

The FTC’s complaint illustrates the dangers created by this industry. The company collects our location data through software development kits (SDKs) incorporated into third-party apps, through the company’s own apps, and through buying data from other brokers. The complaint alleged that the company then sells this raw location data, which can easily be correlated to specific individuals. The company’s customers include marketers and government contractors.

The FTC’s proposed order contains a strong set of rules to protect the public from this company.

General rules for all location data:

  • X-Mode cannot collect, use, maintain, or disclose a person’s location data absent their opt-in consent. This includes location data the company collected in the past.
  • The order defines “location data” as any data that may reveal the precise location of a person or their mobile device, including from GPS, cell towers, WiFi, and Bluetooth.
  • X-Mode must adopt policies and technical measures to prevent recipients of its data from using it to locate a political demonstration, an LGBTQ+ institution, or a person’s home.
  • X-Mode must, on request of a person, delete their location data, and inform them of every entity that received their location data.

Heightened rules for sensitive location data:

  • X-Mode cannot sell, disclose, or use any “sensitive” location data.
  • The order defines “sensitive” locations to include medical facilities (such as family planning centers), religious institutions, union offices, schools, shelters for domestic violence survivors, and immigrant services.
  • To implement this rule, the company must develop a comprehensive list of sensitive locations.
  • However, X-Mode can use sensitive location data if it has a direct relationship with a person related to that data, the person provides opt-in consent, and the company uses the data to provide a service the person directly requested.

As the FTC Chair and Commissioners explain in a statement accompanying this order’s announcement:

The explosion of business models that monetize people’s personal information has resulted in routine trafficking and marketing of Americans’ location data. As the FTC has stated, openly selling a person’s location data the highest bidder can expose people to harassment, stigma, discrimination, or even physical violence. And, as a federal court recently recognized, an invasion of privacy alone can constitute “substantial injury” in violation of the law, even if that privacy invasion does not lead to further or secondary harm.

X-Mode has disputed the implications of the FTC’s statements regarding the settlement, and asserted that the FTC did not find an instance of data misuse.

The FTC Act bans “unfair or deceptive acts or practices in or affecting commerce.” Under the Act, a practice is “unfair” if: (1) the practice “is likely to cause substantial injury to consumers”; (2) the practice “is not reasonably avoidable by consumers themselves”; and (3) the injury is “not outweighed by countervailing benefits to consumers or to competition.” The FTC has laid out a powerful case that X-Mode’s brokering of location data is unfair and thus unlawful.

The FTC’s enforcement action against X-Mode sends a strong signal that other location data brokers should take a hard look at their own business model or risk similar legal consequences.

The FTC has recently taken many other welcome actions to protect data privacy from corporate surveillance. In 2023, the agency limited Rite Aid’s use of face recognition, and fined Amazon’s Ring for failing to secure its customers’ data. In 2022, the agency brought an unfair business practices claim against another location data broker, Kochava, and began exploring issuance of new rules against commercial data surveillance.

Adam Schwartz