Just saw the discussion around the Haier Home Assistant takedown and thought it would be good to materialize the metaphorical blacklist.
It might be a good idea to do the exact opposite I.e. make a OSS whitelist. It will be much easier to maintain given the scale of applications/services/products.
Although I agree, it’s tough to make a whitelist than a blacklist, as the latter requires only 1 bad decision, the former is tough to assess (how many good decision to be on the list, ex Microsoft support lots of open source projects, should they be added?)
The new owner of Simple Mobile Tools? Buying it and then adware stuffing? ZipoApps?
Don’t forget to add Nintendo
I really like seeing codeberg being used more.
Also I’m definitely keeping my eyes on this repo once in a while 👀🧐🍵
I’m shocked that the list only contains one
I created it less than an hour ago. If you have any other suggestions please share (or send a pull request).
EDIT: The list contains 3 companies now
We are writing to inform you that we have discovered two Home Assistant integration plug-ins developed by you ( https://github.com/Andre0512/hon and https://github.com/Andre0512/pyhOn ) that are in violation of our terms of service
Did the guy explicitly agree to their Terms of service? If not, how can he be in breach of them?
cease and desist all illegal activities
What illegal activities exactly?
Feels like unenforceable scare tactics, but IANAL.
Hehehe, somebody really did it after Haier’s act of stupidity
Add Mazda to this list please.
The developer of this plugin for HomeAssistant apparently didn’t have insurance and couldn’t risk the legal fight. This is the DMCA take down that Mazda issued for the reason that the code “provides functionality same as what is currently in Apple App Store and Google Play App Store”
https://github.com/github/dmca/blob/master/2023/10/2023-10-10-mazda.md
Additional Coverage: https://arstechnica.com/cars/2023/10/mazdas-dmca-takedown-kills-a-hobbyists-smart-car-api-tool/
Surprised that most hardware companies aren’t on the list. AMD, Intel, Nvidia, Apple, Broadcom all are hostile to reverse engineering or in Nvidias case, not even bothering to do the bare minimum for an ultra lenient Torvalds.
It’s open to pull requests
As i understand google and Microsoft don’t really fit here
Probably the definition should look something like: companies that proactively did actions towards harming open source culture/community/movement. Don’t respect foss licensing, etc
I nominate Gitea for this one, for hijacking the project, and making it for profit organization
Also, Ultimate Guitar with their kido musescore, for basically trying to do the same thing that manga company is trying to do right now
And my favorite… Facebook for their oculus privacy and for threatening to sue everyone who tries to jailbreak or modify their devices
Simple tools is probably not considered open source anymore
P.S. oh! Really also think about Proton, Brave, and Telegram
Three companies that are famous for saying they are foss, but in really it’s often not exactly that
Proton’s and telegram’s servers are not foss
Telegram and brave had many instances of delaying publishing the source, even though they already updated the apps
Also, not sure how about now, but telegram is famous for having not reproducible builds, brave probably too
Proton’s server code is not Open Source because it contains filter and anti spam detection which if released, would severely hamper their ability to detect spam and keep their users safe + detect abuse for their service.
Proton has had extensive security audits done and their claims have been backed up by independent third parties.
The definition should be further modified to include legitimate reasons for not open sourcing some code + having audits to back up claims.
Facebook has their reasons to keep stuff as closed as possible, and they don’t claim to be opensource
But proton does, and it’s not about privacy or security, but about using banner of foss just for their own benefit, and don’t contribute what they claim to the foss community
They open source all of their clients (when not in beta). They maintain multiple open source cryptographic libraries, in multiple languages, which a lot of developers and companies go on to use. They have a yearly fundraiser for open source and digital rights groups, which they contribute a $100,000 to each year.
Just because their server code is not open source, doesn’t mean they don’t support open source. It’s not an all or nothing situation. Binary thinking and classification is a very dangerous and naïve way to look at things.
Do we even need to say nvidia?
Nice OP! Thank you! I don’t have a codeberg account yet, but you can use this to easily create a TOC https://imthenachoman.github.io/nGitHubTOC.
It would be good to add links/citations as well, instead of just quotes. IE: https://www.bleepingcomputer.com/news/security/haier-hits-home-assistant-plugin-dev-with-takedown-notice/
It would be good to add links/citations as well, instead of just quotes. IE: https://www.bleepingcomputer.com/news/security/haier-hits-home-assistant-plugin-dev-with-takedown-notice/
I would suggest creating a documents archive subdirectory and mirroring as well as linking, in case the takedown notices get takedown-notice’d.
Sure would be a shame if people used this blacklist as a basis for leaving negative reviews on Amazon.