You’ve got a good point. I wonder if this an example of a trade-off between convenience and security. If you’re logging in and you get an MFA prompt, a Yubikey has to be physically searched, while Bitwarden or Proton Pass only have to be clicked. A Yubikey can only hold a limited amount of accounts, while Bitwarden or Proton Pass could hold many more. Of course, a Yubikey could be used as MFA for Bitwarden or Proton Pass, but that would create a single point of failure and reduce factor separation (which I think is your original point).

While I posted a Bitwarden or Proton Pass recommendation of sorts, I genuinely wonder if it’s advisable to not use MFA at all if the factors will not be separated. Or, perhaps, the best security solution is the one you’ll actually use. I guess the answer is the good ol’ “What’s your security model?”

These are not local solutions, but are cross-platform and open source: Bitwarden or Proton Pass.

There’s a fair bit of bias in the terms “restrictive” and “permissive”, which make MIT seem like a ‘better’ choice than a give-and-take license like GPL.

The truth is, MIT is risky for developers. Using just one line from an MIT-licensed project will automatically allow others to exploit your work without giving back. I’d prefer to advocate for balanced licenses that protect both user and developer interests.

We are at risk

of losing many developers who would otherwise choose a license like the GPL. Fortunately, I’m glad to be surrounded by people, just like you, who care about licenses like GPL. By uploading this type of content and engaging with it, be show our commitment to it. I wish to suggest how we can deal with this threat.

We will lose developers who choose GPL if we use words that suggest GPL is “restrictive”. Sure, the word “restrictive” was avoided in this meme by using the word “copyleft”, but the cognitive jump from “permissive” to “restrictive” is minimal: just add an “opposite” and you’ve got “permissive is the opposite to restrictive”. It really is that simple. That’s how brain works (check out Relational Frame Theory to see how that works).

So what can we do about it?

Well, we can approach this with science. There is a historical global trend towards people being more meta-cognitive. That means that people are becoming more aware of how our thoughts interpret everyday reality and how to be intentional with our relationship with our thoughts so that we live better lives. We know this trend is happening to virtually everyone everywhere because of the work of brilliant sociologists like Anthony Giddens and Christian Welzel. Heck, even the history of psychology —going from noticing and changing behaviors (behaviorism) to noticing and changing behaviors and thoughts (cognitive-behaviorism), to noticing and changing the context and function of behaviors, thoughts, and emotions (functional contextualism)— reflects this trend.

We can use meta-cognition in our favor; we can use the meta-cognitive tool of framing to change how we think about GPL and MIT licenses. Effective communicators like influencers, political campaign experts, and influential activists use framing all the time. For example, instead of using the dangerous framing that suggests GPL is ‘restrictive’, we can use another one that truly displays the virtues of the license.

What would this other frame look like? I may not have a perfect answer, but here are some

ways of framing (thinking about) the relationship between licenses like GPL and MIT:

(ironically!!!, these were ‘suggested’ by an LLM; I wonder if these frames already existed)

• “Investment-Protecting Licenses” vs. “Investment-Risking Licenses” (as in developers invest by working on projects that they could (not) lose the ability to contribute to)
• “Community-Resource-Guarding Licenses” vs. “Exploitation-Vulnerable Licenses”
• “Give-and-Take Licenses” vs. “Take-and-Keep Licenses” ⭐
• “Freedom-Ensuring Licenses” vs. “Freedom-Risking Licenses” ⭐
• “Contribution-Rewarding Licenses” vs. “Contribution-Exploiting Licenses”
• “Open-Source-Preserving Licenses” vs. “Closed-Source-Enabling Licenses”

I’d be happy to hear what you think, including suggestions!

It’s about time Instagram enshittifies in a grotesque way, grotesque enough for people to realize it’s shit (because it’s enshittified).

Out of curiosity, what makes you say so?

Edit: Oh. Did a “Wooosh” happen to me right now? Are you being ironic and referring to the XKCD thing about how to make a secure password using words in phrases?