# FreeBSD COPYRIGHT in OSX



## Greg Quinlan (Oct 3, 2019)

Hi All,

I have been fixing a friend's Mac ... (freeing up space .. using the command line / terminal)

.. and noticed that Apple have removed all references to FreeBSD Copyright (High Sierra and probably early versions) ... clearly all the UNIX commands / man pages used in OSX have been ported from FreeBSD. 

In previous versions of OSX you could bring up `man` pages, and at the top was a reference to FreeBSD, but not anymore.

There was COPYRIGHT file that reiterated the FreeBSD Copyright notice, but not anymore.

Just an observation.

Thx


----------



## SirDice (Oct 3, 2019)

Yes, and? It only needs to be retained in the source. Besides that, I very much doubt there's anything left of the original sources they imported.


----------



## Greg Quinlan (Oct 3, 2019)

... and binaries! My interpretation of the 2nd clause is if you compile the source and redistribute in binary form there must be a Copyright notice also.


----------



## Greg Quinlan (Oct 3, 2019)

Just searched the entire OSX filesystem on both High Sierra and ML for any copyright notice ... nothing!


----------



## SirDice (Oct 3, 2019)

Yes, like I said, I'm sure they've rewritten everything by now and there's simply nothing left of the original imported source.


----------



## malavon (Oct 3, 2019)

I'd be surprised actually that they had rewritten every single tool from scratch. Don't forget that modifications also require the copyright.
I am however not so sure the FreeBSD foundation would like to go up against Apple ...

Edit: failed attempt at humor below; not meant to be taken seriously 
That said, what might have happened is something like this:
Developer 1: Hey, do you know what that FreeBSD thing is in our copyright notices?
Developer 2: No idea dude.
Developer 1 asks clueless manager.
Manager (giving a non-answer): Well, you see, this is a copyright notice. It serves to protect copyright or something. I think it's because otherwise Google can copy MacOS.
Developer 1 decides to remove it since it's in his way. He writes a script using sed, grep and awk to do it as quickly as possible and commits the whole bunch before the next release.
Developer 2 does the peer review and lets it pass since he already was notified by developer 1.

Edit: explaining the 'joke': sed, grep and awk are typical Unix utilities. It was very unlikely that Apple would have rewritten those, which meant that they used BSD licensed code to violate the BSD license. 
I'll go take comedy lessons somewhere before I ever attempt this again


----------



## SirDice (Oct 3, 2019)

malavon said:


> I'd be surprised actually that they had rewritten every single tool from scratch.


They didn't import much to begin with. And they've been developing MacOS for the past 18 years. Plenty of time to rewrite the entire OS from scratch, multiple times.


----------



## obsigna (Oct 3, 2019)

Instead of guessing, how about comparing the sources?
Apple nicely organized and provides the sources of the whole macOS userland of all releases since Mac OS X 10.0 up to the recent releases of macOS 10.14 Mojave here, including iOS and OS X Server.



			Apple Open Source
		


For example Apple's latest cp can be found here:

https://opensource.apple.com/source/file_cmds/file_cmds-272.250.1/, and the source cp.c starts with what?


----------



## SirDice (Oct 3, 2019)

obsigna said:


> Apple nicely organized and provides the sources of the whole macOS userland of all releases since Mac OS X 10.0 up to the recent releases of macOS 10.14 Mojave here, including iOS and OS X Server.


Maybe I'm going blind with old age but 10.14.6 (Mojave) isn't there.


----------



## obsigna (Oct 3, 2019)

I just did this on my Mac:
`uname -a`
Darwin rolf-mini.obsigna.com 17.7.0 Darwin Kernel Version 17.7.0: Sun Jun  2 20:31:42 PDT 2019; root:xnu-4570.71.46~1/RELEASE_X86_64 x86_64

`cat /usr/share/man/man1/cp.1`

```
.\"-
.\" Copyright (c) 1989, 1990, 1993, 1994
.\"    The Regents of the University of California.  All rights reserved.
.\"
.\" This code is derived from software contributed to Berkeley by
.\" the Institute of Electrical and Electronics Engineers, Inc.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in the
.\"    documentation and/or other materials provided with the distribution.
.\" 4. Neither the name of the University nor the names of its contributors
.\"    may be used to endorse or promote products derived from this software
.\"    without specific prior written permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\"    @(#)cp.1    8.3 (Berkeley) 4/18/94
.\" $FreeBSD: src/bin/cp/cp.1,v 1.33 2005/02/25 00:40:46 trhodes Exp $
.\"
.Dd February 23, 2005
.Dt CP 1
.Os
.Sh NAME
.Nm cp
.Nd copy files
.Sh SYNOPSIS
.Nm cp
...
```

Who wants to believe goes to the church, who wants to know does a research.


----------



## obsigna (Oct 3, 2019)

SirDice said:


> Maybe I'm going blind with old age but 10.14.6 (Mojave) isn't there.


There is always a delay of about 3++ months.


----------



## SirDice (Oct 3, 2019)

Yeah, I suspected something like that. It was released fairly recently. So I suspect this just hasn't been updated yet.


----------



## Greg Quinlan (Oct 3, 2019)

I ran ..
`cd /; find . -exec fgrep -li freebsd {} \;`

.. did not come back with anything... go figure!

Anyway the Copyright notice should be **easily visable to the enduser... e.g. ~/COPYRIGHT


----------



## SirDice (Oct 3, 2019)

Greg Quinlan said:


> Anyway the Copyright documentation should be **easily visable to the enduser... e.g. ~/COPYRIGHT


There's no such condition. It's perfectly fine to put it in the documentation or somewhere else.


----------



## ralphbsz (Oct 3, 2019)

malavon said:


> That said, what might have happened is something like this:
> Developer 1: Hey, do you know what that FreeBSD thing is in our copyright notices?
> Developer 2: No idea dude.
> Developer 1 asks clueless manager.
> ...


I very much doubt something like this could happen by mistake in this day and age, in particular not in a large company that's well organized. Everyone in professional software development is VERY aware of licenses and copyright law. I've worked for several employers in Silicon Valley software development in the last 20 years, and all of them require training every single software engineer in basic copyright/license/open source law. At one employer, we had mandatory annual (!) classes on how to handle open source. Apple is very big, very organized, and aware of lawsuits (they are involved in many, as any big company), and they will want to prevent those by trying to do everything by the book.

And people here know stories of software developers who were fired for violating the rules. One case I know of involves a young engineer wanting to install the free version of Solaris (before there was OpenSolaris, there was a freely installable but closed-source version of Solaris for Sparc). He downloaded it, ran the installer, and clicked one too many "accept license" buttons, which back then was the infectious and dangerous Sun Java license. Our lawyers found out, and he was terminated. The other case is a senior developer who had access to the AT&T Unix source code. He needed a little bit of code for his (non-OS) project, and cut-and-pasted it from AT&T into his project. He even put a comment there: "this bit of code is from the AT&T Unix source code, and we need to remove it before shipping, and replace it with our own code". Again, when management found it, the lawyers were notified, and it was a big crisis. The problem is that once he had read the Unix source code, his brain was polluted, and he could no longer work on that area of the code. Instead, a different engineer who had never seen the Unix source developed a replacement for that bit of code (it was maybe 100 lines). Unfortunately, the original developer now has a lifetime ban on working on a certain type of software, for fear of violating AT&T's copyright.


----------



## Barney (Oct 5, 2019)

I find this wholly comical. All of the open source advocates preach about freedom to use code, and they then get their panties in a bunch about not getting credit on something that no longer is anything like the original work.  Everyone who delves so deep into their iMac that they can view the copyrights already know that OSX is derived from 'BSD. So NeXt used parts of FreeBSD in the MACH Kernel 100 years ago . Who cares?

Ralph is referring to a time when ATT and SCO and BSD were battling for ownership of "unix" and the whole open source thing was fairly new. Now there are a millions products that use linux and 'Bsd derivatives and don't "properly" display every copyright. Nobody cares.


----------



## kpedersen (Oct 5, 2019)

Barney said:


> Now there are a millions products that use linux and 'Bsd derivatives and don't "properly" display every copyright. Nobody cares.



Exactly. And I pirate the heck out of all their products and I don't care!

* That was a joke. I find their products broken and would never use them even if they were free.


----------



## yuripv (Oct 5, 2019)

Greg Quinlan said:


> In previous versions of OSX you could bring up  man pages, and at the top was a reference to FreeBSD, but not anymore.


That is simply the section title and can be and should have been "fixed" long ago, likely they just changed the program rendering the manual pages.


----------



## Barney (Oct 6, 2019)

kpedersen said:


> Exactly. And I pirate the heck out of all their products and I don't care!
> 
> * That was a joke. I find their products broken and would never use them even if they were free.



This is the dumbest thing I've seen here yet. Maybe a language problem? All products that don't properly display copyright notices are broken?


----------



## kpedersen (Oct 6, 2019)

Barney said:


> This is the dumbest thing I've seen here yet. Maybe a language problem? All products that don't properly display copyright notices are broken?



I was more referring to the fact that they are closed-source (thus big portability / lifespan issues) and in most cases have no respect for user privacy (thus big security issues). Scummy software is broken regardless of if their little copyright notices are correct or not.


----------



## Phishfry (Oct 6, 2019)

kpedersen said:


> I pirate the heck out of all their products and I don't care!


That was me until I converted to FreeBSD.
I got some scary lawsuit letters for downloading torrents too. Ignored them and nothing further came from them.
Now I have washed my hands clean of that mess.

I am trying my darndest to get my company to dial back their AutoCad licenses.
Recently I installed LibreCAD and FreeCAD on some work computers without licensed ACAD seats.
Hands on help from me has made that a seamless conversion from previous pirate-ware adventures.
These people are not CAD experts but occasionally need to sketch. LibreCAD seems more liked so far.
I had to bypass our clueless IT guy and go to the owner for cooperation.
Next up get them to drop Office365 and use LibreOffice.
Can you imagine all you sensitive work documents held in the MS cloud.
Fools. IT guys are lazy and choose the simplist kool-aid being pimped by Gates and Co.
Outlook365, are you kidding me?
Internet is down so now we can't work? Who thought up this crap?

Next rant: Timekeeping program connected to the internet.......


----------



## Phishfry (Oct 6, 2019)

Oh but NovaTime connects to Great Plains....
Great now not only is your time keeping system vulnerable but so is accounting.

When I first started working on business systems all accounting systems were AIRGAPED.
Then along came Quickbooks and you eventually had to be connected to the internet.
Why?
To get updated tax charts. But didn't they used to do that by CD-ROM?
Why yes, they did. Welcome to the world of dumbness.


----------



## Phishfry (Oct 6, 2019)

Barney said:


> Now there are a millions products that use linux and 'Bsd derivatives and don't "properly" display every copyright. Nobody cares.


Dude have you actually read the BSD 2-Clause license.
Copyright retention is only needed in the source code.
Plus one file with the copyright in binary distributions.

Windows used to have an ACK for NetBSD TCP/IP stack in IE. i dunno if they still do.
It was not required but a nice gesture from the beast.


----------



## ralphbsz (Oct 6, 2019)

Phishfry said:


> Copyright retention is ONLY NEEDED IN SOURCE CODE. Period.


Incorrect. Here is the exact wording from the 2-clause BSD license and from the "new BSD" a.k.a. 3-clause license (they are the same as far as this is concerned):


> Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.


So even if you do not distribute source (meaning you distribute binary), the copyright notice must be shipped with the product.


----------



## kpedersen (Oct 6, 2019)

Phishfry said:


> Internet is down so now we can't work? Who thought up this crap?



Hah so true. Absolute idiocy.

Being artificially tied to the internet is basically the easiest way to "damage" a consumer. So naturally that is why 99% of commercial software does its best to tie a consumer to the internet.

It is getting very close to Stockholm Syndrome for consumers. The more they are treated like absolute dirt by these (effectively criminal) corporations, the more they respect, revere and almost worship them.

Either way, Apple not displaying a copyright correctly is the least of our concerns. What is a little bit sad is that if the FreeBSD Foundation did try to fight them, they possibly would not win, even if Apple had actually broken a license agreement.


----------



## Phishfry (Oct 6, 2019)

Thank you ralphbsz
I cleaned up that rant some. Binary distribution does require an copyright notice.
The license does not say how long it has to remain on the computer.
So you could copy it over to /tmp while installing software and then delete it on cleanup.
That would meet the license requirements as I read them.


----------



## yuripv (Oct 6, 2019)

kpedersen said:


> Either way, Apple not displaying a copyright correctly is the least of our concerns.


Well, that's not true, they do follow the requirements. Looking at my iPhone, Settings->General->Legal lists a lot of licences and copyrights for specific code parts that were used.  No one is forcing you to display all that on the front page though.


----------



## CraigHB (Oct 6, 2019)

kpedersen said:


> It is getting very close to Stockholm Syndrome for consumers.



Never thought of it quite that way, but it's always a line software crosses for me when an internet connection is required to run.  Not saying I won't cross that line, but rather a demarcation.  More of an "in for a penny, in for a pound".  Either my stuff all runs local or it all runs remote, not a mix and mash of both.


----------



## ralphbsz (Oct 6, 2019)

Honestly, I don't know how the copyright notice has to be distributed. The license says in the "documentation and/or other materials provided with the distribution". Let's take MacOS and iOS as an example. To my knowledge, you can only (legally) obtain those when you buy the Apple hardware (the Mac or iPhone or tablet). Therefore it is sufficient if the copyright notice is shipped with the hardware, that matches the "provided" clause. It could for example be printed on the box the hardware comes in. Or on the little piece of paper that comes with the hardware. Or it could be displayed on the screen when you boot. Or it could be in an application or program that you can start. Or one time when first powering it up. I have no idea whether there have been lawsuits clarifying where it needs to be displayed.

On the Mac currently on my lap, it is super easy to find: Top left apple menu -> About this Mac -> bottom right License Agreement -> brings up a finder window, click on first item Acknowledgements -> there it is.

Claiming that Apple is hiding the license, or not properly displaying it, is simply nonsensical. Or perhaps explicit trolling. Accusing that Apple is being unsupportive or inimical to *BSD, and that a "fight" (probably meaning court fight) would be necessary, is not only nonsensical, but outright damaging.


----------



## ralphbsz (Oct 6, 2019)

kpedersen said:


> Hah so true. Absolute idiocy.
> 
> Being artificially tied to the internet is basically the easiest way to "damage" a consumer. So naturally that is why 99% of commercial software does its best to tie a consumer to the internet.
> 
> ...



Sorry, no. Think about the alternatives.

Let's consider a typical consumer, who has one or more devices (laptop, smartphone, tablet, for this discussion they are all the same). They want to do something on their device, and doing so will create some data that they want to be persisted (meaning they can read it again later).

Observation: Most  computer users are nearly continuously connected today, but with varying bandwidth and latency. That's simply a verifiable fact. For a fun story, earlier this year I spent 3 weeks in rural southern Brasil (family matter), and that's not a super-rich high-tech area, completely on the contrary. My cell phone was nearly always connected, even on the 1-hour trip on a provincial road between the district capital and a small farming village where my mother lives. Navigation and messaging worked nearly always (because of the nature of the family emergency, I was in constant contact with my siblings, who live in different continents). Many of the "big buildings" (hotel, restaurant, government hospital, court house, ...) had free WiFi which simply worked. Boring. Actually, where I live (in the mountains on the edge of Silicon Valley), connectivity is actually slightly worse than in rural Brasil; there are several stretches of road through uninhabited areas on my daily commute where my cell phone is disconnected (no phone calls) for several minutes. And this anecdotal data agrees with what the computer industry knows: connectivity is nearly always available.

Now lets consider the situation of our consumer. In a nutshell, they want to "save a file". Let's say we are in charge of the software to do that. Where shall we save it? On the device they're using right now? That is the traditional choice, but it is a bad idea for a variety of reasons. First, the consumer expects that data is seamlessly available on all devices; they expect to open the file they just saved on their laptop using their phone, in 1 minute and next year. So it needs to go "in the cloud", like it or not. Second, the storage on the device is by its nature unreliable: drop the cellphone in the swimming pool (been there, done that), and the file is gone, which will get the consumer very upset. Not at themselves for dropping the phone in the pool (people tend to not take responsibility for their actions), but the provider for making a system that broke due to a small mistake. Third, any single storage device is too unreliable for our expectations of data survival today. Disks have expected error rates, and with the size and error rate of disks today, data loss is no longer a remote possibility, but a near certainty. There is the (very accurate) observation from the CTO of NetApp that storing data with fault tolerance to only 1 disk error is today "professional negligence". We need to make at least >2 copies of the data, and they need to spread over multiple failure domains (not all in the same physical location, not all using the same power grid).

Now take that consumer requirement, and put it together with the observation above, and the solution jumps out: rely on the network connection for data safety. Really, there is no sane other option today. You may not like it, you may be a technology luddite who wants to remain in the 80s and 90s, or you may be an anarchist who doesn't want to leave a trail of evidence online, then you can reject the solution, but for most consumers, the right solution is to put all data in the cloud.

That leaves one little problem: What to do for the rare cases where connectivity is missing or insufficient? And this is where software development gets really hard. You need to start leaving cached copies of the data in various places where it likely to be used. The moment you do that, you have a consistency problem that's somewhere between hard and impossible to solve. Go back and read Satya's Code paper: The solution he outlines (eventual consistency with manual conflict resolution) is an attempt to do this, but an attempt that today would get laughed out of town. So today a lot of effort goes into consistent caching, and resolving updates.

So what does this all say? Relying on the "internet" being on is nearly always the right answer. If you don't like it, feel free to unplug your ethernet cable. But don't expect providers of software or systems to cater to your whims; they are trying to serve the bulk of the users well.


----------



## Phishfry (Oct 6, 2019)

ralphbsz said:


> Relying on the "internet" being on is nearly always the right answer


Until the construction crew down the street cuts your fiber optic cable.
Then you have to explain to your customer why you can't do any work for the day.
Piss poor system management I would call it.
Sorry we can't deposit funds in the payroll account because the internet is down.

I recently questioned our IT guy why he moved our Citrix Xen Server to another company to run Xen for us.
He replied he wanted to work from home like the accountant.
120 seats and he thinks he can work from home.
IT at my workplace is a joke if you ask me. Our guy has a MSSE and has no idea what FreeBSD is.

We recently purchased a used CNC Elb Surface Grinder vintage 1998.
Who do you think had to drag their old P4 laptop with serial connection into work. Me.
I had to make a custom DB25 to DB9 cable and download all the programs and parameters from a Schleicher Promodul-F controller to update the firmware.
This kind of work is nowhere in my job title but the IT guy couldn't even read the cable pinout I provided to him.

Let me tell you the pride I got once I got everything flowing. Some people yearn to learn and some do just enough to get paid.

In closing I understand why the cloud exists. Pure laziness on the part of IT people. Instead of running a system they can pawn it off on someone else. Not my problem. That should be the new IT mantra.


----------



## ralphbsz (Oct 6, 2019)

I'll give you two answers to your observation.

First, as I explained above: Most users are nearly continuously connected. And their expectation is that the system works (really well, much better than a system that uses local storage) when connected, and that it doesn't work when not connected.

Second, if you have a business-critical or life safety system, you need to think through the risks. Any company that uses the internet for payroll needs to have a backup plan for when the construction crew does cut the fiber optic cable. I don't know what the appropriate backup plan would be, that depends on the situation. It might be to use a cell phone as a temporary wireless hot spot. It might be to drive to the nearest coffee shop with a laptop, and perform payroll from there. It might be to have a second data center in another location. Another possible solution is to deliberately *NOT* rely on the network for this function, and keep the data locally. In that case, they need a backup plan for what happens when the fire sprinkler in the server room (or above the payroll person's desk) dowses the computer that has the payroll database with water. Or what happens if the construction crew finds the power cable instead of the fiber optic cable, and they can't even run their computers (because it's dark and they can't find the keyboard). Or what happens if there is a disk error or OS bug that renders the payroll database unreadable. In today's world, the danger from storing data locally is probably much higher than from keeping it offsite, although depending on the situation, local caching needs to be considered.

Now, the nature of the backup plan depends on the expected risk, the expected damage from each risk, and the cost. What works for a heart-lung machine is probably not suitable for payroll, and even that is overkill for the company-internal "fantasy football league".

Any IT organization that fails to make backup plans appropriate to the situation is not just "lazy" (I quoted the word from you), but also incompetent.


----------



## Phishfry (Oct 6, 2019)

I myself have a few Linode instances. So I would not consider myself a luddite.
What I dislike is depending on other organizations for your cloud infrastructure.
Especially considering the sensitivity of many of our business documents.
One leaked document could bring down the entire company.

The fiber line cut was a 1 in a million accident.
So with bean counters running my company they could not justify a second internet provider even though the internet is integral to our survival. It is really hard for bean counters to fathom redundancy.

I have some knowledge of risk management as an old girlfriend was employed by a large insurer to do Risk Analysis for Fortune500 companies. It is an interesting topic. Fiduciary responsibility falls on deaf ears in many organizations until challenged by disaster.


----------



## kpedersen (Oct 6, 2019)

ralphbsz said:


> So what does this all say? Relying on the "internet" being on is nearly always the right answer.



I am not so sure they do (or at least for the right reasons). Consider in a magical world where Apple could come round every 10 minutes and store all a users data on a magical floppy disk. Would users choose the internet or Apple and its magical floppy disk?

I can guarantee that they would choose Apple all the way. Again forfeiting all their own personal security and privacy. The internet is honestly nothing more than a means to an end for the user to end up in a big corporations pocket where oddly enough, they are *both* happy :/

Proof of this is fairly simple when you see people using DropBox instead of pretty much any other personal secure remote file setup (version control, owncloud, ftp, etc). They jump straight into bed the the corporation with the "funnest" logo. Both solutions are online but following from Phishfry, the self hosted solution requires them to lift a finger and do their job properly XD.



CraigHB said:


> Never thought of it quite that way, but it's always a line software crosses for me when an internet connection is required to run.  Not saying I won't cross that line, but rather a demarcation.  More of an "in for a penny, in for a pound".  Either my stuff all runs local or it all runs remote, not a mix and mash of both.



Getting a user tied to an online resource is a strategy to "loosen" them up for further monetisation. For example Windows XP DRM / Activation service (Microsoft's first entry into an always online world). This was a big landmark in changing what Microsoft could get away with in terms of privacy and control. It got people to think "oh well, since I need the internet anyway, I don't mind if my computer can only update online instead of service pack isos". The next step is then "since updates are out of my control and I need to be online to receive them; I might as well stream Office (365) rather than download it. It is also a bit cheaper doing so".

Another important step was Apple getting a user to have to store credit card details on their account in order to access the AppStore. Yes, the user initially thought "fine but I will never use it to pay". However this soon turned into, "oh I'll just pay $1 here and now". That was a big win for Apple and it is why every company now wants a store. Taking 1 cent from everyone on the planet is certainly a worthwhile task.


----------



## Deleted member 30996 (Oct 6, 2019)

kpedersen said:


> Getting a user tied to an online resource is a strategy to "loosen" them up for further monetisation. For example Windows XP DRM / Activation service (Microsoft's first entry into an always online world). This was a big landmark in changing what Microsoft could get away with in terms of privacy and control. It got people to think "oh well, since I need the internet anyway, I don't mind if my computer can only update online instead of service pack isos". The next step is then "since updates are out of my control and I need to be online to receive them; I might as well stream Office (365) rather than download it. It is also a bit cheaper doing so".
> 
> Another important step was Apple getting a user to have to store credit card details on their account in order to access the AppStore. Yes, the user initially thought "fine but I will never use it to pay". However this soon turned into, "oh I'll just pay $1 here and now". That was a big win for Apple and it is why every company now wants a store. Taking 1 cent from everyone on the planet is certainly a worthwhile task.


Get thee behind me, Satan.

Although I do have to admire their subtlety in manipulating the masses.


----------



## ralphbsz (Oct 7, 2019)

Phishfry said:


> What I dislike is depending on other organizations for your cloud infrastructure.


Are you proposing to do it all yourself? Do you think you are smarter than AWS, Azure and Google Cloud?



> Especially considering the sensitivity of many of our business documents.
> One leaked document could bring down the entire company.


Have you ever worried about what happens with the "bad" disk that you get replaced by field service, or throw in the trash? If you care about sensitive documents, encrypt them, and think about the security of the encryption system. Once they are encrypted, you can store them anywhere you want.



> The fiber line cut was a 1 in a million accident.
> So with bean counters running my company they could not justify a second internet provider even though the internet is integral to our survival. It is really hard for bean counters to fathom redundancy.


In that case, you have nothing to worry about: the bean counters caused the outage by refusing the reasonable request for a second internet provider. I know that the bean counters won't believe that, and the executive might very well not believe it either. But you can't fix a sociological problem (broken bean counters) with technical means.


----------



## ralphbsz (Oct 7, 2019)

kpedersen said:


> Proof of this is fairly simple when you see people using DropBox instead of pretty much any other personal secure remote file setup (version control, owncloud, ftp, etc).


I actually use DropBox. Regularly upload things there, and download them from somewhere else. Works like a charm. What is uploaded is a PGP-encrypted tar file, and I have the key, and nobody else does. I will be amazed if DropBox can read it.

And any amateur who thinks they can make their system more secure than DropBox, while having the same accessibility (can get to the data from anywhere quickly) is probably wrong. If you set up distributed version control or ftp, it will probably be less secure and more hackable than DropBox is.


----------



## Remington (Oct 7, 2019)

This is getting way off topic.


----------



## toorski (Oct 7, 2019)

Trihexagonal said:


> Although I do have to admire their subtlety in manipulating the masses.


The laws of nature have nothing to do with who or what is right, wrong, good or bad. It's all about who wins, who losses, who lives and who dies!
Cyber world and artificial life are no different than so called real life in the real world. Basic rules of biology apply in both cases.  Observe mass of ants or bees and think why the mass of them are willing to sacrifice their life to work for their queens. Now observe humans in the real and cyber worlds. 
We are not much different from the ants or bees, other than we also have so called mind. Some of us do mind, others don't mind and the rest have no mind, so they just work for their queens or kings and worship their gods or celebrities.


----------



## kpedersen (Oct 7, 2019)

ralphbsz said:


> And any amateur who thinks they can make their system more secure than DropBox, while having the same accessibility (can get to the data from anywhere quickly) is probably wrong. If you set up distributed version control or ftp, it will probably be less secure and more hackable than DropBox is.



I'm not sure; cloud companies like DropBox or Azure (even GitHub now since owned by Microsoft) often have breaches because they are prime targets.
I think any amateur could put a default install of FreeBSD somewhere, lock all ports apart from ssh and then run a number of services through it (i.e svn, smb, ftp) and it remaining a lot more secure than a public cloud.
If anything because no-one knows that server exists. Otherwise just having OpenSSH as the sole attack vector is pretty robust.
Assuming that a midsize company IT expert is more (or less) than an amateur, it should be even more secure; so long as they don't use stupid things like big PHP web services (which DropBox cannot do anyway).



ralphbsz said:


> Are you proposing to do it all yourself? Do you think you are smarter than AWS, Azure and Google Cloud?



This is the interesting thing. Individually we are not smarter than these guys. But since we aren't sneaky criminals (unlike these guys), we can provide ourselves with a more trustworthy service by design.
Yes, it likely wont be as "fast", but we do have the benefit of possibly not being screwed from all angles. With a commercial cloud service in 2019; we will always be screwed.



Trihexagonal said:


> Although I do have to admire their subtlety in manipulating the masses.



Yes! It really is an art form . I remember wondering before Apple's "ecosystem"; how to make it easy for people just to flippantly give me their loose change from across the planet. Individually it wouldn't affect their life but it would make my life a lot... richer XD. The difficulty was not in getting people to not care about their small change; the difficulty was in ensuring they had enough effort to get it to me (sending a letter with the money in was far too much effort!). It had to be so easy that they wouldn't think twice about it.

I would have never thought of going a "consumption phone" route. I only ever thought of phones as improving human lives; not weaponizing them. Now people just thumb a single button because their bank details are already required to use the phone properly (basically the bait). Very clever move Apple!


----------



## Deleted member 30996 (Oct 7, 2019)

kpedersen said:


> Yes! It really is an art form .



It's the basis of my skills as a Professional and was professionally trained in the art. Rightly reprehensible as that may be, I'm good with it and at it.



toorski said:


> Some of us do mind, others don't mind and the rest have no mind, so they just work for their queens or kings and worship their gods or celebrities.



As such, I know it when I see it and not easily fooled or attracted by "shiny things" in one hand while being grabbed by the other like a dumb animal.


----------



## forquare (Oct 7, 2019)

Source Browser
		


Not the prettiest location, but there is the publically available file that acknowledges FreeBSD (among other parties) for macOS Mojave.
Found it via a DuckDuckGo search.



Phishfry said:


> I myself have a few Linode instances. So I would not consider myself a luddite.
> What I dislike is depending on other organizations for your cloud infrastructure.
> Especially considering the sensitivity of many of our business documents.
> One leaked document could bring down the entire company.
> ...



I've heard of similar incidents before "The Cloud" from colleagues working a project.  Data line got cut, office internet went down.  All "internal" systems were unavaiable because it is housed in an office the other side of the city.  Doing it themselves didn't help...


----------



## Barney (Oct 7, 2019)

Phishfry said:


> That was me until I converted to FreeBSD.
> I got some scary lawsuit letters for downloading torrents too. Ignored them and nothing further came from them.
> Now I have washed my hands clean of that mess.



Equating commercial products you're stealing via torrents and copyright notices for free software seem different to me?


----------



## Barney (Oct 7, 2019)

forquare said:


> Source Browser
> 
> 
> 
> ...



Now just look at how long and silly that thing is. So when some dude in Latvia has a kiosk based on some OS he's supposed to display these 5500+ lines to ack every contributed piece of software on the system? It's ridiculous.


----------



## forquare (Oct 7, 2019)

Barney said:


> Now just look at how long and silly that thing is. So when some dude in Latvia has a kiosk based on some OS he's supposed to display these 5500+ lines to ack every contributed piece of software on the system? It's ridiculous.



`s/display/provide`

I think that'd be more accurate...


----------



## ralphbsz (Oct 7, 2019)

Barney said:


> Now just look at how long and silly that thing is. So when some dude in Latvia has a kiosk based on some OS he's supposed to display these 5500+ lines to ack every contributed piece of software on the system? It's ridiculous.


Sorry, you have a wrong strawman. There is, AFAIK, no need to display the BSD copyright. It needs to be provided with the distribution. That could be a piece of paper shipped with the kiosk before installing it. Or left in the source code, if the source code is shipped with it.

And if you look at the MacOS example, there is indeed a very long file that acknowledges all the contributed pieces of software.


----------



## kpedersen (Oct 7, 2019)

Barney said:


> Equating commercial products you're stealing via torrents and copyright notices for free software seem different to me?


If a commercial company uses some code without correctly following the license (even if it is a free license), it is still _*going against the license agreement*_.
Pirating software is also an example of *going against the license agreement*.

Are either examples of stealing? Debatable since no-one has lost anything. Both however can result in a lawsuit (usually just a small fine however). Some countries do not even see breaking license terms as a criminal matter.

If you are a religious man, you might even consider pirating software to be good (and the opposite of stealing). At least in the bible, sharing is very much recommended to secure a position in a place that the religious figureheads call heaven.

Either way it seems that both myself and Phishfry are at zero risk of breaking commercial license terms these days by simply choosing not to use their broken / crummy products. I imagine many on these forums are in a similar position


----------



## Phishfry (Oct 7, 2019)

ralphbsz said:


> That could be a piece of paper shipped with the kiosk before installing it.


It could even be printed inside the physical kiosk.
What about font size. It could be printed in 4 so nobody could read it and still be legal.
What about embedding it in motherboard ROM. No one would ever see it but you are following the license.
If sued you could prove that you provided it.

None of these scenarios are desired, but consider what lawyers do. They find loopholes.
Our license is very broad and you could drive a truck through it.

Just for clarification my two legal threats actually came from torrent downloading video.


----------



## CraigHB (Oct 8, 2019)

I actually got a notice from my ISP once for that (downloading something through BitTorrent), funny thing is I wasn't even downloading what they claimed I was.  Something in my torrent tripped their system and created a false positive.  Anyway it kind of gave me a wake up call on privacy and the internet.  I always think about what I'm doing "in the clear" now.

The stuff you experienced and knowledgeable guys talk about in terms of the direction of corporations and such is above my pay grade, but it's scary to me for sure. It looks like a pretty Orwellian future in my eyes.

I wouldn't call myself a Luddite, but I don't use cloud services at all.  I do everything through a laptop or desktop computer (use a phone only for text and voice).  All my data is on local disks with backups.  I don't see myself going the cloud route anytime soon.  Hopefully I can keep it that way.


----------

