Hello and welcome to episode 79 of Linux Downtime. I'm Joe.
I'm Gary and I'm Amalith.
Good to talk to you both again.
Recently we got talking about the right to be forgotten
and Gary you brought up some interesting points about
how that affects open source. So for context there are various laws
around the world that EU I believe was the first
that gave you the right to be forgotten from search results
and have your data deleted if you wanted it to be.
But like I said that has some interesting
unintended consequences when it comes to open source.
A lot of the tools that are around we'll just say independent
open source projects right. What I mean by that is things that like
aren't hosted at GitHub or on GitLab or something like that.
A lot of these projects including Pigeon have a long long history
of using stuff like GNU mailman or maybe edge wall track or something like that.
And these tools come from a different era where
people weren't thinking about like deleting stuff right.
Like it was made public on the internet it's just going to stay there.
So what ends up happening when somebody files a request to be forgotten is
there is a boatload of work that ends up having to happen to do that.
And for something simple like track what we would typically do is you know we
just randomize their username and that mostly covers it.
But when it comes to something like GNU mailman where you're talking about
mailing list archives especially for like support mailing list
things can get really really complicated really quick because
the user doesn't necessarily know what needs to be
cleaned up and that means you have to go search for it.
And does that include email signatures does that include
salutations and the whole thing just becomes a giant mess and a giant burden on
the open source project. And I want to be clear I think
right to be forgotten is something that should be supported but like
there needs to be a certain understanding when it comes to
tooling that's just not there. It's like I'm sorry that the tool suck but like I
can't dedicate an entire day to removing your name
because that's detrimental to the project.
Yeah because with a mailing list for example it's not just a case of
deleting just that one person's posts from the mailing list because they'll
then be quoted in a bunch of other emails.
So you end up having to just nuke whole threads which is not ideal for an
open source project. Precisely right what if it's a support
request and that has the one and only solution that everything links to
and now it's deleted. So not only was it detrimental to the project itself by
taking time away from it you've now also hurt all the other users until
that thread gets identified as being deleted and you basically recreate it
until the next person decides they want to be forgotten and you have to
start the whole process over again. Is this an argument against
mailing lists generally maybe and that wikis are way better
form of documenting things and maybe not wikis but other
solutions that don't involve a mailing list. I think it definitely could be
one of the other problems with mailing list are there's a bunch of websites
out there I can't think of any more stuff I had but the mere mailing list
right so in case the mailing list goes down there's a mere of it somewhere
so the other problem with doing right to be forgotten
on a mailing list is then all those mirrors either have to update or you have to
request it from them and stuff like that and it's just this never-ending
process of digging through email to delete somebody's name
because they don't understand what a public mailing list meant.
Now that said at least for Pigeon we've now killed our mailing list because
anybody who's tried to set up and manage email nowadays knows it's
a giant pain so we've migrated everything to discourse which is you know
basically along what you're saying kind of thing and discourse does have it
easy it even does self-service I believe where a user can just anonymize
themselves and they don't have to request anything from us so this gets back
to my thing about you know the tools now support that kind of thing where's
the old stuff doesn't. Discourse also has a mailing list
mode so people who are used to a mailing list type workflow can
interact with discourse that same way. I tried to do a little bit with that
because we had a lot of people that were very set on using email still
and it didn't seem to work nearly as well as mailing list does but maybe
maybe I missed something sorry possible. Yeah and discourse has a bunch of
plugins as well you can make it into almost a reddit-like thing these days as
well that's what Jim from turn-off admins did for example. Yeah one of the
cool things too is there's a plugin where you can mark something as a solution
which will make it very stack overflow-y too so like our support section on
discourse has that plugin turned on so when we actually solve it for somebody
we market that as a solution and that hopefully you know keeps people from
having to triage through everything and looking for stuff and all that
and it just makes our life easier because yeah there's the answer it's already
documented you don't have to go dig for it. What about public IRC logs?
That must be a nightmare. We don't do public IRC logs
but um XMPP can do public logs as well and we also don't do that it's just
because we haven't set it up but um that that would be another
scenario where you have to go through and delete everything but more importantly
a lot of people get upset if you don't tell them that the logs are public when
they join the channel. And with public logs like going off of IRC
matrix recently had a huge problem with illegal content
they had a crawler and this was as far as I'm aware
the matrix foundation itself created this crawler
that spidered all of matrix and joined as many public channels as it could
and it ingested all of the messages and videos and images
and re-hosted those publicly without authentication.
So anyone on the internet could just search for stuff
and find messages in these channels and I started
poking around because I knew matrix has historically had a problem with this
illegal content and it was probably within like five minutes
that I've found a bunch of different channels with a massive
amount of this content and I don't remember exactly how long it was
but very shortly after they made it public
they closed it again because they didn't realize just how big of a problem
it was and how they just made all of it so easily accessible.
Yeah that's one of the things you run into and you start hosting a public chat
is you've got to police that stuff a while ago we launched
an XMPP service for people to reach the pigeon developers
and I very consciously did not federate that virtual host
because I'm like I do not want to become
you know I don't want to have to deal with any of that activity right
so the people that connect to that service they can talk to the pigeon community
they can't get anywhere else that that's the whole point of it is because
I don't have time to go do that or you know the legal expertise to handle it
and you also disallow them from creating groups right
yeah they can't create rooms or anything they can just join existing and DM
each other now DM and each other is still potentially problematic
but it's limited to just them. I wonder if this extends to code even like if you've
contributed to a project and then you want your contributions to be forgotten how
does that even work? So it doesn't due to the way that all
version control systems work right now the author's name is part of the
commit hash the commit hash being a Merkel tree which means that the
hash of the previous commit is in the next commit
makes it impossible to change the author after the fact. You can but it's not
feasible at all because it requires rewriting the entire tree from that point.
Yeah basically you would break everybody's clones and everywhere you have to
and this is one of the ways where right to be forgotten can really be
weaponized against open source projects because if somebody absolutely
insists on that the amount of effort that's going to go into
rewriting your entire code base and making tributes up to date
between support build agents all the broken links for referencing commit
everything it's it's just an absolute nightmare. That's that doesn't mean nobody's
trying to figure out a solution for it. I'm not aware of anybody doing it I have
some thoughts to do it and I keep threatening I'm going to write my own
version control system at some point but I'm not doing it today kind of thing.
Why don't you start with a kernel first? Maybe that'd be a bit easier.
Well I've got a couple pieces of a forge already built so you know just build
my own version control whatever it won't be a big deal.
How hard can it be? Yeah it's just time it's fine it's fine that's
infinite right time is infinite in open source
got enough contributors times infinite. Yeah exactly okay this
episode is sponsored by Hello Fresh with Hello Fresh you get farm fresh
pre-proportioned ingredients and seasonal recipes delivered right to your doorstep
banish the end of summer blues with Hello Fresh.
No need to stress about how you'll handle it all this autumn because Hello
Fresh takes care of the meal planning and delivers pre-proportioned
ingredients right to your home. The key to dinner time success
variety Hello Fresh keeps your taste buds on their toes with 40
chefcrafted recipes to select from every week from family friendly to fit and
wholesome you'll always find new and exciting recipes to try and to love.
Amalith tried Hello Fresh and said the kits came with exactly the right
ingredients in the right amounts and saved his roommate and him from having
to spend hours shopping around at the store. The dishes were all really simple
to prepare and cook and they came out tasting great.
So support the show and go to hellofresh.com slash 50 LDT
and use code 50 LDT for 50% off plus free shipping.
That's hellofresh.com slash 50 LDT and use code 50 LDT for 50% off
plus free shipping. Quick bit of admin then first of all thank you everyone who
supports us with PayPal and Patreon we really do appreciate that.
If you want to join those people you can go to linuxdowntime.com slash support
and remember that for various amounts on Patreon you can get an
advert free RSS feed of either just this show or all the shows in the late
night linux family and if you want to get in contact with us you can email
show at linuxdowntime.com. Let's do some feedback then.
Amal got in touch regarding the episodes that we did with Molly White.
Yes we know you and everyone around the show family hate crypto slash
blockchain slash Bitcoin slash Web3 slash etc with a passion.
That is fine and you've expressed that repeatedly that is also fine
you even have a lot of good points but it is getting tiresome
to just hear the same thing again and again. It would be entertaining if it was
fail him that without nuance repeatedly railed against it any chance he got
but when it's everyone always it gets real old real fast.
I respect that you do not want to promote it in any way by including
any other views on the show but could you at least stop beating the dead
horse and the answer ML is no we are not going to stop beating the dead horse
until the horse is dead until Bitcoin and all the other crypto
shitcoins go to zero dollars of value and people move on
I will not stop going on about it because I don't even know where to start
with it the environmental impact the fact that it's a big Ponzi scheme
the fact that NFTs are somehow still around even though it's just
obviously a scam just the worst kind of grift
and as long as people are promoting it and getting people to join the Ponzi
scheme I and I hope all of us will continue to talk about
why it's bad and why you should not get involved with crypto currencies.
So a lot of you know I stream pigeons development on twitch
and on twitch you know you can set up tips and donations and stuff like that
and for a couple years now I've used a tool that allowed me to accept crypto
and it would show alerts on stream and stuff like that.
Last week Coinbase decided I violated their terms of service somehow
and closed my account. I still have access to the funds
but like everyone's like oh crypto it's free it's borderless
there's no government getting in the way blah blah blah you still have to deal
with the exchanges if you want to get it to fiat currency at some point
and as a US citizen we have very very few choices when it comes to
an exchange and now I've lost access to one of them for apparently no reason
and they're refusing to tell me what I did but you can get your money out if you want it.
Yeah I can transfer it out to another wallet but I can't turn it into fiat currency.
Right so he could maybe send it to another exchange that would allow him to cash it out
but then there were going to be fees in that process and maybe the other exchange has like
I'm going to have to go through KYC again and that other exchange might have like a minimum
withdrawal amount that he doesn't meet there's all this red tape and bureaucracy that's just
a pain in the ass that the crypto proceeds don't exist but it does. Oh yeah for sure.
Well if you keep it in crypto if you pay for things in crypto then it's fine right but
that's just not realistic is it? No and you know for years we had a crypto address a Bitcoin
address for people to donate to and I think that some people did and yeah thank you for that
and that's just going to sit on the blockchain and then I've backed up the keys to the wallet
and everything so if I change my mind on this we'll get access to that but I just think that's
very very unlikely and at some point I just realized what a scam it was and it was NFTs that
opened my eyes to it like I was always like hmm about it and then NFTs happened and I was like
right okay here's this dawning realization that the whole thing is just a scam. I hired a friend
of mine sometime last year to do some work for me and he lives in Albania and I thought oh I'll
go along with the crypto stuff I'll try paying him in a cryptocurrency because it should be pretty
easy for him to get it out with fewer fees than the quote unquote proper routes so I sent him the
money he signed up for Coinbase well Coinbase won't allow him to sell his crypto for fiat currency
because he lives in Albania he looked around at other exchanges and none of them do I don't know
whether that's like an Albania legal system thing or whether exchanges are just like no we don't
want to operate here but he couldn't get the money yet so he couldn't use it so he sent it back
to me and I did have to go through the quote unquote proper channels to pay him and it's funny
that recently there was a bit of drama with the toll project yeah the tour project posted on the
Fediverse about five days ago and said we're happy to be included in the Web 3 open source software
round of this iteration of Gitcoin grants help us unlock up to 300,000 in matching funds by making
a donation to tour and other Web 3 open source projects before August 29th and they link to the
Gitcoin campaign whatever thing and the replies to this post are full of one of two kinds of people
either people who are saying they're extremely disappointed with the tour project for going along
with all this crap or reply guys who are just replying to every single one of those people
who say they're disappointed and saying oh you're just set up financially you're sitting
up in an ivory tower sitting on projects who need money and all this other stuff and it's just
a bit of a shit show yeah someone said encouraging people to use crypto currencies I expected
back from the toll project and then some weird emoji oh yeah I wonder who that was yeah that's
the first reply I see you got in there early I didn't intend to get in there early I just
sought on my timeline and I piled on a little bit because I do expect better from the tour project
it's a great piece of software developed by great people I was at defcon last week and donated
some money to them in person because I believe in it I've run guard nodes I've run exit nodes
I do think tours absolutely necessary but they shouldn't be promoting actively asking people to
donate through cryptocurrencies yeah exactly it just sullies the name of the project doesn't it's
like when Mozilla flirted with it and everyone piled on and you know it just makes you look bad if
you get associated with crypto that's why I took the wallet address off the support page because
ultimately it just isn't worth the reputation of damage I don't think I just didn't want to be
associated with it anymore and Gary I mean you are in a rough position right with pigeon we've
talked many times about the funding problem and so you must have some sympathy with the
toll project wanting to get some you know three hundred thousand dollars there's a lot of money man
it is yeah but I mean it always comes down to the how do you get the money out of the wallet
most people aren't going to accept a salary at Bitcoin which is kind of funny and a question
for you who about the reputational damage my stance now is a little bit more nuanced because for
about a year and a half to two years I worked as a dev op on a large Bitcoin exchange and after
you know just seeing things working and how everything works there it's just like I gotta go this
is not the place for me so like I can understand the appeal because you know we're talking about
large sums of money and stuff like that and that's great but trying to get that money into the people's
hands that are actually going to do the work always becomes a problem and even pigeon we have a
nonprofit above us as our legal entity we would have to run funds through that stuff like that and
I mean we don't have an accountant on staff to like take care of that stuff so we have to figure it out
too right obviously I would assume the tour project has at least a part-time accountant or something
somebody that can help with that but it's these are all extra levels that add on to the simplicity
of cryptocurrency and how it works around the system but once you try to bring that back into the
system that's where everything just gets outrageously out of control so in short sorry ML we'll keep
going on about it as often as anyone reminds us about it I do have a bit of a correction earlier you
said we were going to keep beating the dead horse until it was dead well if it's dead you can't
make it more dead well exactly it's not a dead horse yeah that's the whole point of this it's very
much alive and still scamming people left right and center desperate people who think that it's
some get rich scheme maybe not get rich quick but the whole point of it is that people who got
in early need to get new people involved all the time they need to spread the word of it to keep
the whole pyramid scheme going and the only way to shut it down is to stop new people being
attracted into it and buying into it and it's just very disappointing when you see people
who got in early trying to get other people in because that's just what it is it's just a pyramid
scheme anyway I'm supposed to be stopping ranting about this it pisses some people off
but I would apologize but I won't because it needs to be said to the people who don't fully
understand how bad this stuff is I agree yep right well we're better get out of here then
we'll be back in a couple of weeks but until then I've been Joe I've been Gary and I've been
see you later