If you read the article, the developer already was not working for Chef. Chef was/is relying on OSS components which the former develop pulled from the open repository. -edit for clarity.
Interesting approach. Makes me wonder if you authored a component and extended a license to say that “use of this code must abide by [inert relevant code of ethics]”, could you enforce that?
Fundamentally, it depends on the license. When this came up under Bush 43, the appeal was "the military is not allowed to use this!" and RMS and many others pointed out terms like this. This one is from the GPL v3 specifically:
> All rights granted under this License are granted for the term of copyright on the Program, and are irrevocable provided the stated conditions are met. This License explicitly affirms your unlimited permission to run the unmodified Program.
Other licenses have similar clauses and a short list of requirements which must be met. Since the relevant groups, agencies, etc were (and presumably are) meeting the requirements, there's no grounds to revoke the license.
iirc, the Open Source Initiative stated that any claims/requirements limiting who could use the software or where they could use it would not meet the definition of "open source."
It's under Apache license. I think the ethics of code placed under that license include "you may use this; you may rely on being able to continue to use this; if you don't like the direction the main package is taking for whatever reason, you may fork it and [optionally] release your fork under Apache as well."
Is it unethical, though? The entire point of OSS is that you cannot revoke the license once granted. A hostile fork is the expected result of Chef's actions.
The zeroth freedom is the freedom to use the software for any purpose whatsoever. That inherently must include purposes which the author finds unethical, even abhorrent.
But forking with the intention of helping people run concentration camps and changing the authorship of the commits? Doesn’t fit into my model of ethics.
The technicals of the story are interesting around the software supply chain.
I’m put off by the statement: “I want to be clear that this decision is not about contract value—it is about maintaining a consistent and fair business approach in these volatile times,” he wrote. “I do not believe that it is appropriate, practical, or within our mission to examine specific government projects with the purpose of selecting which U.S. agencies we should or should not do business.”
I hear about practicality all the time at my office and sometimes it’s real and sometimes it’s laziness. This sounds like a little of both but also profit motivated (not saying that’s wrong for a for-profit company).
Interested in your options on code of ethics and the above.
It's definitely impractical to say you won't do business with anyone who does things you don't endorse. Imagine an electrician trying to demand a certification that the buildings he works on will host only ethical tenants. You just can't run a company that way; even people who do meet your ethical standards won't do business with you.
If you think that ICE is so uniquely bad that they specifically need to be boycotted, that makes sense. Without inviting any debate on whether it's true, it's a consistent position that can be reasonably applied.
Congrats, you have very mainstream ethics. Imagine trying to run a business that uses no fossil fuels and does no business with anyone using fossil fuels.
I'm glad to hear that you can make it work. About how frequently do you cancel contracts because you've discovered your client is doing something unethical?
I recently declined a client who appears to be a white supremacist. I have declined work in the past due to the potential client organizations working with the military, police, or other violent organizations.
We all have this responsibility to place nonviolence above profit.
I think that's a very different thing than, as Chef is being asked to do here, terminating existing clients because they got some bad press on Twitter. Both in terms of your own operations (sudden cashflow interruptions are hard) and your clients' willingness to do business (can I justify the risk of waking up one Monday to learn that our CI provider is cutting me off and all development is dead in the water?)
It's a PR statement so I wouldn't read much into it. It's designed solely to yield the least negative response possible in a polarizing situation.
But if we ignore the meaningfulness or truthfulness of the statement, let's take two hypothetical societies. In one society people agree to cooperate and trade with others when there's a mutual self interest, even if they happen to despise their partner otherwise. In the other society, people engage in a substantial degree of scrutiny and only trade and cooperate with others whom they are meaningfully aligned with. Which society do you think would have the better outcomes for whichever metrics you might imagine? I'd start with economic/technological progress, war vs peace, tribal vs unified (not to say homogeneous) society, etc.
I think there is a clear answer to my hypothetical, but perhaps people see things differently. I'd be quite curious to know how.
It does seem odd and convenient to say I’ve got no problem making money from this part of the government but I won’t sell to that part of the government. It’s the same Congress and President making decisions for all the parts. Either it’s beyond the pale or it isn’t. I mean, would you do business with ISIS so long as the particular sub-project you were providing material for was innocuous?
I don’t think this tracks. I mean, the American Government is also part of the human race. Because we object to one part of the human race should we refuse to deal with any of it?
Humans have to make moral choices about where they personally draw the line and where they draw the boundary. Around the organisation that falsely imprisons Americans and runs concentration camps seems like a starting point.
No one is in charge of making decisions for the human race. The President and Congress make decisions for all of the federal government.
If you thought the Windows division of Microsoft was acting extremely unethically would you still do business with the XBox division? It’s one CEO and one board that runs both.
Yes, because I know from experience with large organizations that there can be a lot of variance between different parts of an organization. Also, relatively little that happens is directly controlled or decided at the top.
> The President and Congress make decisions for all of the federal government.
That’s fundamentally not true. Appropriations and appointments are not the same as “making decisions”, but even if they were, the judiciary still exists.
Let’s circle back to the core issue here: are you or anyone else really claiming that the policies ICE is pursuing under Acting Director Matthew Albence, which so many people object to, are against the wishes of Acting United States Secretary of Homeland Security Kevin McAleenan or President Donald Trump? Or even that those two haven’t had a direct role is causing them to be pursued?
This is why we typically speak about defense in depth. Input sanitization works best when applied to known expected inputs, like a phone number or dob.
Output encoding is the real solution where we know where we intend any data to end up (this is how it’s displayed) so we can ensure that it’s in the correct format and that that format parser won’t interpret it as code instead of data. Ie html attribute, html, Json, JavaScript, etc.
I’m sure the the op knows this. The point that was made is that the article’s title stated that FB staff is using that term to describe children. The article doesn’t actually support the claim it makes in the title.
While I agree with your sentiment I believe that body builders and strength trainers do experience this as they reach semi(pro) levels. It is extremely hard to do and is often an incorrect self-diagnosis. Please let me know if there has been some research on occurrence rates.
nah man, this argument gets torn apart because "rent control doesn't apply to new developments so it's neutral on new development"
What it does is it takes rental units off the market because being faced with the maintenance risk of 5 or 20 year or however long the tenant stays fixed income vs. convert it to owner-occupied housing and take a large payout now, landlords often choose to ellis up the place.
And if they don't remove rental stock, then they're incentivized to provide shittier service -- delay repairs, delay upkeep, ignore tenant requests -- to encourage the rent-controlled tenant to move elsewhere so they can reset their price.
>this argument gets torn apart because "rent control doesn't apply to new developments so it's neutral on new development"
Most implementations of rent control make it difficult to redevelop those properties into higher density housing. After all, if you could remove people from those units to redevelop, rent control wouldn't be worth much. This reduces total housing available which drives up prices elsewhere. Rent control is always a massive wealth transfer to a couple of winners from a massive number of losers.
That depends almost entirely on what kind of rent control gets implemented.
If you only ever rent control 100 units, then yeah, it should only affect the owners of those units. You might have some other problems with it, it incentivizes slumlording, but it shouldn't be a systematic disincentive to build housing.
But that also only helps 100 people. If you expand rent control onto more existing properties or mandate that new units be built under rent control (or even just have credible candidates talking about doing that), it's a disincentive to anyone looking at offering rental properties - especially cheap rental properties, which are much more likely to become a net loss as prices rise.
Humans may also be the best at handling what you stated. You’re comparing us to robots but if you say humans were designed then our collective knowledge limits us to 1 at present. So we’re the best and worst.
Thank you for the story, I find this fascinating! I’m really surprised how easy it was to accidentally grow this. Is this a 1/(very high number) chance occurrence or is it a somewhat normal happening if proper steps aren’t taken to clean?
Growing a resistant strain was more or less guaranteed, because we were effectively creating the ideal evolutionary pressure: an ideal growing medium that strongly favors any additional resistance to ampicillin. It's the same as why doctors remind you to finish any prescription of antibiotics even if you feel better early. It's basic survival of the fittest, where we're strongly defining what "fittest" means.
In the web security space its typically called the browser security model and there are differences between browsers. The browser is not just a portal forwarding/displaying the intentions of the developers. If you want to see one of the more obvious examples look at the same origin policy and how it’s implemented across browsers.
Having said that, I do agree that browsers shouldn’t implement lots of crazy features but I personally don’t mind if they have some kind of malicious file scanning feature.
