• 0 Posts
  • 13 Comments
Joined 1 year ago
cake
Cake day: June 6th, 2023

help-circle


  • def generate_proof_of_work_key(initial_key, time_seconds):
        proof_key = initial_key
        end_time = time.time() + time_seconds
        iterations = 0
        while time.time() < end_time:
            proof_key = scrypt(proof_key, salt=b'', N=SCRYPT_N, r=SCRYPT_R, p=SCRYPT_P, key_len=SCRYPT_KEY_LEN)
            iterations += 1
        print(f"Proof-of-work iterations (save this): {iterations}")
        return proof_key
    
    
    def generate_proof_of_work_key_decrypt(initial_key, iterations):
        proof_key = initial_key
        for _ in range(iterations):
            proof_key = scrypt(proof_key, salt=b'', N=SCRYPT_N, r=SCRYPT_R, p=SCRYPT_P, key_len=SCRYPT_KEY_LEN)
        return proof_key
    

    The first function is used during the encryption process, and the while loop clearly runs until the specified time duration has elapsed. So encryption would take 5 days no matter how fast your computer is, and to decrypt it, you’d have to do the same number of iterations your computer managed to do in that time. So if you do the decryption on the same computer, you should get a similar time, but if you use a different computer that is faster at doing these operations, it will decrypt it faster.


  • It’s a very short Python script and I’m confident I get the general idea - there’s absolutely nothing related to current time in the decryption process. What they refer to as a “time lock” is just encrypting the key in a loop (so the encrypted key from one loop becomes the plain text for the next one) for the specified duration and then telling you how many iterations were done. That number then becomes a second part of the password - to decrypt, you simply provide the password and the number of iterations, nothing else matters.


  • No worries, nothing wrong with not knowing everything about every random subject. I would like to apologize for being overly harsh, I assumed that people in c/opensource would have general knowledge of this definition, but that assumption was clearly bad. So again, sorry.

    I assume the term is misused often.

    Yes, companies sometimes do that. Open source is marketable as a guarantee that you won’t fully lose access to a piece of software, and there aren’t any real consequences of misusing it. But there’s also a scheme called dual licensing where the software is available under two licenses - one license is open source but annoying for commercial use, and the other is a “normal” proprietary license under which businesses can buy the code. This is fine (as long as the provider has copyright to all the code being dual licensed) and is pretty common and makes the software open source.


  • But “open source” doesn’t even mean that you can reproduce it or use it for free.

    You’re thinking of source-available licenses. Open source has a clear and widely accepted definition that requires a certain level of freedom. You’re free to ignore this definition, but you can’t expect the rest of the world to do the same.

    To be clear, open source allows for only providing access to paying customers, but those paying customers are then free to use and distribute their copies without any further payment. Then it wouldn’t be open source anymore.


  • I mean, it’s called “LaTeX by example”, so there’s a pretty good chance it’s written in LaTeX, which you do indeed compile to get the PDF or whatever output you want.

    Also, just having access to the source doesn’t make it open source - that requires more freedoms. For example, here’s GitLab Enterprise Edition source code, fully functional and ready to be used. And also officially described as the proprietary edition of GitLab by the GitLab company itself. Why? Because its license pretty much boils down to “you can use this only for testing and development, unless you have paid for it”.



  • So, if I understand this correctly, open source means free beer, just not if you sell the end product.

    Yes, once you give the beer to someone, you can’t require any further payments no matter what they do with it. Free software philosophy says users are free to use the software however they wish and for whatever purpose they wish without any barriers (like having to pay for commercial use).

    its all a scam for free work for corpos then. Very disappointing.

    I’m sorry you feel that way, and it’s becoming a not-so-rare sentiment lately (or at least I’ve started noticing it more), but I don’t agree. Look at (A)GPL and how many companies are doing their best to avoid such code - like when Google made their own C library for Android and even stated that its main goal was to avoid copyleft licenses. I’ve also seen plenty of people say that GPL code is pretty much useless for their work due to their company’s policies forbidding its use.

    I also think that revenue-based loyalties screw over small companies the most - sure, you get the donations from the massive companies that can work with 1% of their revenue gone while also keeping it free for non-commercial users, but in my view you also help those same massive corporations by making the software less viable for their smaller competitors who don’t have the economies of scale on their side, and for whom that 1% might legitimately break the bank.

    And to be clear, I don’t mean any of my arguments as some kind of “gotcha! Look, I’m right and you’re wrong”, I just thought I might share my reasoning for why I don’t think your statement is fair.



  • I kinda doubt there’s going to be any outside contributions to this project, so any non-exclusive license would allow MS to rerelease this under a proprietary license - even the GPL. They own the copyright, so they can release it under as many licenses as they wish.

    With software there’s way lower barrier to entry and way higher chance of having the patches accepted. With art… Good luck convincing MS that your version of the emoji is worth the hassle of losing the ability to just change the license at any moment.


  • But AOSP already is “Android without proprietary Google code”, simply because “Android” means AOSP + Google Play Services + compatibility certification. It’s getting increasingly more and more barebones as Google moves functionality into Google Play Services, but it is what the vast majority of third party ROMs are based on.

    How they manage to then improve compatibility differs. Truly ungoogled ROMs just don’t - either the app works with AOSP, or it’s not welcome on the system because it would require Google services. Some use MicroG, a small open-source reimplementation that is good enough to replace the real Google Play Services for most apps (but it does communicate with Google servers similarly to the real one, so all it does from degoogling perspective is limit the amount of extra data your phone sends to Google). Then there are also ROMs that support installing the official Google Play Services and related apps. LineageOS can do that (or it can use MicroG, or just not have GPS at all), for example.

    And then there is GrapheneOS which has managed to turn the Play Services into a mostly regular app that doesn’t have overreaching access to the whole system and lets you configure how much data you’re willing to leak to it.

    Drivers also don’t seem to be that big of a deal nowadays, Google’s effort to simplify Android updates for OEMs has done a lot to help third party ROMs as a side effect. The biggest problem now is the various security attestation mechanisms that are available through Google Play and which Google spends a lot of time and money to convince developers to use. These are very hard / currently impossible to implement in a way that doesn’t trip security checks on the affected apps - want mobile banking? Well, that’s too bad because it will simply refuse to work if Google Play says your system has been tampered with. Workarounds exist, but they’re not reliable over time.


  • I’m a bit confused about the emphasis you put in the quote… GrapheneOS is built on AOSP (the open-source part of Android), it’s definitely not some OS built from ground up (look no further than the various Linux phone projects to see how terrible those are as Android replacements atm).

    Technically it isn’t Android, because Google owns the trademark and has some requirements for stuff that wants to call itself Android - it needs to pass a compatibility test and more importantly, include Google Play Services. But it is as much Android as any other custom ROM.