I find this response (and the class of responses like it) really frustrating, because it uses a (likely feigned) misunderstanding of the scope of the question to attempt to sidestep the real question. My question for the CTO would be, roughly:
You've now answered "Do your lawyers think you can get away with this?". But the questions you're not answering directly, which I think underlie the 'concerns' you're appreciating our sharing, are things like...
- Does the Bitwarden team see no ethical problems with making proprietary a project which many supported and contributed to explicitly because it was open source?
- Given that password management is explicitly a high-trust enterprise, how does your organization intend to navigate the rupture of trust, and subsequent forks and waves of departure, caused by an open-to-proprietary rugpull?
- Is there something that the community could do together which would help your company navigate through the dire situation you must be in to be considering something like this, without resorting to proprietarization?
I know it's his job as CTO right now to be feigning concern, particularly in forums where you can't close the conversation, but the current approach is basically confirming the worst fears ("They believe they can legally do it, and see no problem with their actions"), and that seems like exactly the wrong vibe for a company whose bottom line depends on users trusting the code and the people updating it.
This is wildly impressive. Thank you for doing and sharing this, and the 1337 on either end is just icing on the cake. It's also a beautiful example of just how broken MD5 is. I wish I'd had this to show my students 3 weeks ago when teaching about collision attacks.
I’m disappointed to hear that, just because it’d be very useful for this to be a thing. But I love the science behind it, and this is the way it should be.
Teaching about language in a university setting, we often talk about various forms of evidence for language-like communication among animals.
As I tell students, I would bet that within our lifetimes, as research continues and our instrumentation becomes better at detecting non-human communication means, we'll finally be able to detect and decode 'language' in a non-human animal which is sophisticated and rich enough as to be impossible to handwave away.
But what I keep to myself is that this kind of discovery, and the cross-species conversations it would prompt, has the potential to change the course of the dialogue on animal rights and what it means to be 'human'. But I suspect it will wind up being largely buried outside of certain academic and spiritual communities, mostly because I don't think parts of our society could handle learning the bovine words for 'slaughterhouse' or 'mourning'.
You've now answered "Do your lawyers think you can get away with this?". But the questions you're not answering directly, which I think underlie the 'concerns' you're appreciating our sharing, are things like...
- Does the Bitwarden team see no ethical problems with making proprietary a project which many supported and contributed to explicitly because it was open source?
- Given that password management is explicitly a high-trust enterprise, how does your organization intend to navigate the rupture of trust, and subsequent forks and waves of departure, caused by an open-to-proprietary rugpull?
- Is there something that the community could do together which would help your company navigate through the dire situation you must be in to be considering something like this, without resorting to proprietarization?
I know it's his job as CTO right now to be feigning concern, particularly in forums where you can't close the conversation, but the current approach is basically confirming the worst fears ("They believe they can legally do it, and see no problem with their actions"), and that seems like exactly the wrong vibe for a company whose bottom line depends on users trusting the code and the people updating it.