Firefox uses on-device downloaded-on-demand ML models for privacy-preserving translation.

@neal The dependency of fetching metalinks from fedora.org for each update is of primary concern. Decent package management should be able to verify everything even if the central org is never contacted. Everyone should be able to see what everyone has access to – including signatures or hash lists. Making that a secret between the vendor and each client for each update is unacceptable.

but saying that Red Hat is secretly undermining the world because of this is somewhere between laughable and insane.

Excuse me, but major vendors are complying with spyware orders in a growing number of jurisdictions. Samsung, a top Android vendor, is now openly doing this in some countries. Gosh, what are Microsoft and Apple doing in China and similar states? The answer is in the news. The EU and UK have been on the edge of making this mandatory for years. So, save us the 2009 pearl-clutching about "CT".

And it's not "subscription control", the TLS certificate is used to authenticate you to the Red Hat CDN and get you access to the download location.

You contradict yourself.

As for Red Hat's motivations, Red Hat has declared they will not honor the GPL any longer when distributing patched code (i.e. their modifications) to customers. This is despite the GPL being focused on redistribution of modified code. They've gone to war with it and that is a simple fact. The takeover and dissolution of stable CentOS should have been a lesson learned; they weren't doing it out of any kind of "community spirit".

Have a sane day...

@neal @memoria "Firstly, Red Hat Enterprise Linux doesn't have signed repository metadata"

OK, well they changed it after many years of signing (and Fedora having no metadata protection at all).

"they have a special scheme involving pinned TLS certs generated by subscription-manager."

Interesting.... subscription control.

"Fedora doesn't have signed repository metadata because the tooling doesn't support it. That's it."

Very special. Gold star! I won't inquire about their motivations any further while their parent eviscerates the GPL.

@memoria The quick version: Fedora doesn't sign their repository metadata while everyone else (incl. sister RHEL) does. There was an outcry, and their response was to invent a new scheme that requests hashes of the metadata from a special server (not local mirror) for each update session over https.

@angelfeast @twifkak No, I don't think so. It says this (with a takedown compliance process posted afterward)...

License

These data are released under this licensing scheme: PD

We do not own any of the text from which these data has been extracted.
We license the actual packaging of these parallel data under the Creative Commons CC0 license ("no rights reserved").

@twifkak Also notice that Mastodon instances are using LibreTranslate.

Has that been debated as well?

@twifkak They're using the "PD" mark, thus public domain.

@twifkak I think you're mixing up "We do not own" with "We do not have rights to".

@twifkak Wouldn't that be a valid working definition of "open"?

@zzt @firefoxwebdevs OK, now make the same argument for the spell-checker, sync, and the set of CAs, etc. etc. supplied with the browser. Its as if y'all were trained by Microsoft PR to take the arguments Mozilla used against tying IE to Windows and extend them ad-absurd-um to features in Mozilla's own browser ("just turn it around back in their faces" said the Armani suit).

Meanwhile, Red Hat is quietly undermining any legal basis for copyleft and leaning into the idea that gratis products (Fedora) shouldn't have robust & transparent system update tools. Oh and the umpteen other for-profit controlled (opposite of Mozilla) FOSS projects that get plugged in these spaces pretty much constantly. Linux Foundation being controlled by Microsoft and Google...? crickets chirping.

This is what makes me tired of IT and geek culture. Its become like everything else, just kneejerk crap with zero reflection and sense of proportion. As I hinted above, it morphs into this shadow of corporate PR. Consider, if people spent their time criticizing actual badness in Firefox, like ad tracking and DoH, that would be inconvenient for certain interests from Brave on up to Apple and Google. I think the style and quality of venting we usually see about Mozilla serves those interests, much of it probably fed by sock puppets.

@zzt That would be funny.

But look at the Firefox forks... some had to bring back translation after (mistakenly) disabling it. I don't think any of the local ML API should be suppressed. The discussion should be about shoving LLMs into places where they don't belong.

@zzt @firefoxwebdevs I've used it numerous times this week and it looks good to me.