The Winamp Situation Is Crazy
Summary
TLDRThe video discusses the chaotic state of the recently released Winamp source code on GitHub. Despite promises to make it open source, the project has been mishandled by its new owners, who lack understanding of software licensing and repository management. The license is restrictive, preventing distribution and forking, contradicting the principles of open-source software. Additionally, the repo contains unlicensed code, troll issues, and even expired security certificates. The creator critiques the current management, predicting further mishaps, while contrasting it with projects like WACUP, led by developers familiar with Winamp’s original code.
Takeaways
- 🕹️ **Flappy Bird Comparison**: The speaker references how 'Flappy Bird' reappeared with microtransactions and Web3 elements after the original developer lost the trademark, drawing a parallel to the current state of Winamp.
- 💾 **Winamp Ownership**: The people who own Winamp today are not the original developers. There was an announcement in May that Winamp's source code would be released, and it happened on September 24th.
- 🤯 **Repo Mess**: The released Winamp source code repository is described as a mess, with many issues, including poor understanding of the codebase by the new owners.
- 📜 **Custom License Issues**: Winamp's source code is under a custom 'Winamp Collaborative License (WCL)', which is presented as copyleft but contradicts the principles of copyleft by restricting modification and distribution.
- ⚖️ **Contradictory License**: The license claims to ensure freedom to use and modify the software but forbids distribution of modified versions, contradicting the spirit of copyleft licenses.
- 🔑 **Copyrighted Code**: The repo contains copyrighted code from Dolby and Shoutcast, potentially exposing Winamp to legal issues due to the inclusion of confidential and copyrighted material.
- 🔐 **Expired Certificates**: The repo also leaked certificates that expired in June, narrowly avoiding a bigger security issue where others could have signed things as if from Winamp.
- 👨💻 **Amateur Git Use**: The repo history indicates a poor understanding of Git, with improper handling of sensitive data, like certificates, and leaving traces of what was removed.
- 📂 **Non-Essential Tools**: The repo includes unnecessary tools like 7zip and Git executables, which aren't relevant to building Winamp, showing further mismanagement.
- 🧑🔧 **Not Open Source**: Despite the claim, Winamp is not truly open source, as the license blocks forking and modifications, making it impossible for collaboration in the typical GitHub open-source manner.
Q & A
What happened to the original Winamp development team?
-The current owners of Winamp are not the same people who originally developed the software. The original team no longer has control over the project.
What did the new Winamp owners promise in May?
-They promised to release the source code of Winamp on September 24th, and they kept this promise by making a GitHub repository available.
What are some issues with the Winamp source code repository?
-The repository is a mess, containing copyrighted code (like from Dolby), expired certificates, unnecessary files, and improper handling of GitHub commits.
What is problematic about the license used for the Winamp source code?
-The license, called the Winamp Collaborative License (WCL), claims to be copyleft but restricts distribution and modification, which contradicts the core principles of copyleft.
Why is the restriction on forking in the license controversial?
-GitHub's terms of service require public repositories to allow forking, but the Winamp license blocks forking, which makes collaboration difficult and violates GitHub's terms.
What was the issue with Dolby code in the repository?
-The repository contains copyrighted Dolby code, which the new developers do not have the rights to distribute, potentially leading to legal issues.
What other intellectual property issues are present in the repository?
-In addition to Dolby's code, the repository contains source code for Shoutcast DNAs, another project that may not be authorized for distribution.
Why was the presence of expired certificates in the repository a concern?
-Even though the certificates are expired, if they were still valid, anyone could use them to sign code and make it appear as if it came officially from Winamp.
How has the management of the GitHub repository been described?
-The repository is being managed by someone with a rudimentary understanding of Git and GitHub, with many changes made publicly and improper handling of sensitive code and commits.
Is the current Winamp source code truly open source?
-No, despite some claims, the Winamp source code is not open source. It is source-available but with severe restrictions on modifications and distribution, making it far from an open-source project.
Outlines
📱 The Return of Flappy Bird and Winamp's Open Source Promise
This paragraph begins by recalling the surprise reappearance of Flappy Bird on app stores, now filled with microtransactions and Web3 features. The original developer wasn’t involved, having let go of the trademark. The story is then compared to Winamp, which is now under different ownership. The new owners promised to release the source code on September 24th, and to their credit, they kept that promise. However, the released code is described as a chaotic mess, revealing issues with licensing, copyright, and other problematic elements.
⚠️ Licensing, Copyright, and Code Leaks
This paragraph highlights the various problems with Winamp's released code. It points out that Dolby copyrighted material, which should not have been shared, was included in the release. The person responsible for the repo showed a lack of understanding, mistaking header files (which are legally sharable) for implementation files. In addition, there was a leak of expired certificates, which could have been dangerous if still active. The repo’s commits and changes were made publicly instead of privately, leading to even more confusion and exposure.
🔧 Incompetence in Managing the Winamp Repo
Further chaos in the repo is described here, where the developers inadvertently left commercial software, including a directory for QT, in the public code dump. The directory was eventually deleted, but the act of publicly managing these changes is criticized. Additionally, the repo includes tools like 7zip and Git executables, which don't belong in a codebase of this kind. The repo management appears amateurish, with poor decisions in handling the code, the tools, and the public visibility of these changes.
📜 License Confusion and GitHub's Terms of Service
The Winamp collaborative license used is dissected, with attention drawn to its contradictions. It claims to be copyleft, but restricts modifications and distribution, which goes against the basic principles of open source. GitHub’s Terms of Service are also referenced, stating that public repos must allow forking, a key aspect of collaboration. The repo’s license is deemed non-functional, limiting meaningful contributions and violating GitHub’s expectations for open collaboration.
Mindmap
Keywords
💡Winamp collaborative license (WCL)
💡Copyleft
💡Forking
💡Source available
💡Dolby copyrighted code
💡Shoutcast DNAs
💡GitHub Terms of Service (TOS)
💡Leaked certificates
💡Build tools directory
💡Open-source vs. Source-available
Highlights
Flappy Bird reappeared with microtransactions and Web3 content, but it wasn’t developed by the original creator.
Winamp's current ownership differs from its original creators, yet they promised to release the source code, which they did.
The Winamp repository is a mess, with the new owners making several mistakes in handling the code.
The license they use is a custom 'Winamp Collaborative License' (WCL), which they claim is copyleft but contradicts copyleft principles by restricting distribution of modified versions.
Despite claiming to be copyleft, the license prohibits distributing modified versions, which goes against the concept of copyleft.
The repo contains copyrighted Dolby code and source code for Shoutcast DNAs, which they likely do not have rights to distribute.
The repo included expired certificates, which could have been dangerous if still valid.
The repo also contains unnecessary build tools like 7zip and TortoiseSVN, which are not essential for the project.
The license initially blocked forking of the project, which violates GitHub’s terms of service, forcing them to make changes.
Many developers mistakenly believed that the release made the code open source, when in fact it was merely source available with restrictions.
The Winamp project is farming people who misunderstand what open source means, leading to confusion among developers.
The commit history of the repo still exposes sensitive information, even after the removal of some files.
The project leaders demonstrate amateurism, leaving troll issues and making inappropriate changes in public.
There are deleted issues in the repo, including one about modifying the readme by a user whose account was deleted.
The speaker expresses disbelief at the incompetence of those running the repo and predicts more issues to arise from this situation.
Transcripts
Do you recall a few weeks back when out of nowhere, Flappy Bird suddenly reappeared and
was available on the app stores? But something was weird. It was full of microtransactions
and had some Web3 nonsense in it. Well that's because the original developer had absolutely
nothing to do with it and had let go of the trademark. Now Winamp isn't in the exact same
situation but it's effectively the same thing. The people that own Winamp today are not at all
the people that made Winamp when you're using it as a kid. And back in May they said this,
big news, Winamp source code will be available on September 24th. And would you look at that?
It's past September 24th and you know what? They actually kept their promise. There is actually
a repo that contains the source code. Oh my god, where do we start with this thing? This is an
absolute mess of a repo. When you buy a codebase and you have absolutely no idea what's inside
the codebase, you may do some things that you probably shouldn't do. You know what? Let's start
with the license. Now the first bad sign is it doesn't actually say the license version on GitHub,
it says view license. And the reason for that is they use a custom license, Winamp collaborative
license WCL. Now custom doesn't necessarily mean bad, it just usually does. And I'll talk about
why it's 1.01 instead of 1.0 in just a bit. Let's have a read of this. The Winamp collaborative
license is a free copyleft license for software and other kinds of work. Wait, it's a copyleft
license? Hold up. They might actually be cooking here. Let's read the rest. It is designed to
ensure that you have the freedom to use, modify, and study the software, but with certain restrictions
on the distribution of modifications to maintain the integrity and collaboration of the project.
Let's go down to where it says the restrictions. No distribution of modified versions. You may
not distribute modified versions of the software, whether in source or binary form.
Official distribution. Only the maintainers of the official repository are allowed to distribute
the software and its modification. As a brief reminder, this is the definition of copyleft.
Copyleft is a general method for making a program or other work free in the sense of freedom,
not zero price, and requiring all modified and extended versions of the program to be free as
well. So you have a license that blocks distribution and modified versions that is claiming to be
copyleft, a concept entirely built around distributing modified versions.
I guess there's a first for everything, or, or hear me out. I don't think they know what they're
doing. Now look, most developers don't really understand licenses. If this was the only thing,
it wouldn't really matter, but look at how long is left in the video. We're just getting started.
There is obviously a bunch of troll issues and troll pull requests. The voices, the voices,
the voices, you cannot silence us. Fatass reddit mod, we will rise up.
Why, what, sure. You cannot silence us. Good morning everyone.
This, this is, this is a repo. Obviously this was going to happen. However, do not be mistaken
to thinking that every single issue, every single PR is just a joke. Some of them point out a very,
very legitimate issue. Dolby copyrighted code in repo. Can't wait for lawsuit from Dolby.
Because yes, yes, would you be surprised to know that there are things in this repo
that they decided to include in their dump on GitHub that they probably don't have the rights
to distribute. Copyright 2000, 2002, Dolby laboratories, Inc. All rights reserved. Do not
copy. Do not distribute confidential information. Again, if this was just one file,
it wouldn't really matter. And initially the developer, I'm not even going to call him the
developer, the grifter, didn't realize there was implementation files in here and thought it was
just header files. And header files would be fine. That is protected under Google versus Oracle.
The whole thing about like building off of APIs, you can't copyright an API. It's not just header
files though. It's very clearly implementations. But hey, it's not just Dolby code. Tree includes
source code for shoutcast DNAs. Not only do you leak one project source code,
you leak another project source code. Now whilst we're on the topic of leaking things,
too bad they're expired because this could have been so much better. They leaked a bunch of certs.
Luckily for them, they expired in June. Because if they didn't expire, you could just start signing
things as if you're from Winamp and it looks like it's officially from the project. Now you might
notice these 29 commits here and it is crystal clear to me that the person running this repo has
a rudimentary understanding of both Git and GitHub. All of these changes they are making
are being done in the public. This is the commit right here where they removed the certs.
You can still go and see all of the certs here. Whilst this commit here that has the potentially
unlicensed code, the absolutely unlicensed code and code that you don't have the license to,
this isn't in the Git history anymore, they don't know how to remove it from GitHub so you can
still see all of it. They still have a direct link to it on the repo. Can anybody at all explain to
me why this is being done in public? Why didn't the repo go private so you can fix up everything
that shouldn't be in here? Why are things not rebased so it actually has a clean history
that you can start building off of that doesn't continue leaking the things that you should
have removed? Honestly the easier thing to do at this point is delete everything, start with a clean
repo, make sure the things that shouldn't be getting leaked are not getting leaked and then go from there.
However, do not fear there are still things present in the repo that probably shouldn't be there so
wait wait they literally just did it as I was recording.
Okay so there was a directory here called deleteqt directory. This contained commercial
release of QT, they just put it in the repo. How, how, how are you this incompetent? Also
it's probably not going to get rebased, it's probably still just going to be sitting there
for anybody to go and grab. Now the other thing we have is this build tools directory. Now
this doesn't include anything that is like paid for, it's just a very funny directory.
This contains 7zip portable, just like all of 7zip portable. For some reason
we have another version of 7zip, we have a git exe and tortoise sv, why is there a git exe
in this, in this repo, if you've got the repo you've got git already. Also none of this repo is svn.
Why is tortoise svn here? Let me be clear about something. 7zip, git and tortoise svn
are not build tools at all. Like there are some build related things in here. I don't know if
they can even distribute these, they probably can't, all things considered, but at least these
are build tools. We have SDKs in here, but these are not build tools. Now let's get back to that
license. This had a change 17 hours ago. Let's see exactly what changed in that commit. So we
changed the version number, we removed this line here and this is the exact same sentence. I have
no idea why this is being shown as modified. If I'm missing something that changed here, please
let me know. So they had another restriction. No forking. You may not create, maintain or
distribute a forked version of the software. Why you may ask, did they change that? Well,
there is an issue on the GitHub. License violates GitHub TOS. That is obviously an extreme statement
and this is what it says in the TOS. License grant to other users. Any user generated content you
post publicly, including issues, comments and contributions to other user repository may be
viewed by others. By setting your repositories to be viewed publicly, you agree to allow others to view
and fork your repositories. This means the others may make their own copies of content from your
repositories in repositories they control. If you set your pages and repositories to be viewed publicly,
you grant each user GitHub a non exclusive worldwide license to use, display and perform
your content through the GitHub service and to reproduce your content solely on GitHub
as permitted through GitHub's functionality. For example, through forking, you may grant further
rights if you adopt a license. If you are uploading content you did not create or own,
you are responsible for ensuring the content you upload is licensed under terms that grant
these permissions to other GitHub users. Source available code is allowed on GitHub.
It doesn't say you can't block modification or block distribution. When it's talking about
making a fork, it's through the GitHub service. But by using the GitHub service, you are implicitly
agreeing to allow every single user to fork your repo. If you have a public repo, you can't go and
say users are not allowed to fork it. Also, this is the most important thing. They call this a
collaborative license. Do you know how you collaborate on GitHub? You fork the repo,
you make modifications and then you try to merge them back into the main repo.
By having a license that blocks forking, that blocks modification,
you literally are not able to work on the project. Now, this right here is my favorite issue.
Please tone it down. I don't want Winamp to regret open sourcing.
They never did. They never open sourced. They never plan to open source. And I highly doubt
they ever actually will open source it. If they want to go open source, they can do so.
They own the code. They can release it under MIT. This is not open source. What this is,
is trying to farm absolute morons like this and a bunch of other people in this repo who are like,
actually, open source only means that I can see the code. The OSI does not actually own the definition
of open source. So it's open. No, shut up. You're an idiot. It is not open source.
It is source available. Trying to pretend it's open source is not going to make it open source.
Now, just for good measure, here is one of the issues that has already been deleted.
The read me by xx RIS master xx. Sadly, we cannot see the commits that were made.
And their GitHub account is deleted or the repo is deleted. So we can't actually see what
raising the read me actually means. But I don't hate it. Also, random picture of Steve Jobs
for some reason. The people running this repo, the people that own Winamp have no
clue what they're doing. Amateurs should not be writing software licenses. It's one thing
if you want to write a meme license, right? Go ahead, write a meme license. But
there's a reason most people do not suggest ever trying to do so. This is a non functional license.
All of this repo is a mess. This should not be public. You shouldn't be removing things
like this publicly and then just leaving a commit there.
I don't know what they're doing. But you know what? This is a gold mine, an absolute
gold mine of stupidity. And I have no doubt that there is going to be more that comes out of this.
So keep an eye on it and just watch what they do because it's going to be fun.
But let me know your thoughts down below. Were you a Winamp user at one point in time?
Did you like Winamp? And do you use WACUP today, which is the re implementation
by some of the people that used to work on Winamp who actually know what's in the code base?
For the record, anyone who thinks that they can make use of the Winamp code now,
no they can't. The license literally forbids it because it's not open source at all.
Anyway, if you liked the video, go like the video. And if you really liked the video and
you want to become one of these amazing people over here, you've got the Patreon,
SubscribeStar and LiberaPay, linked in the description down below. That's going to be it for me and...
What are you doing? Just, just, just what are you doing?
関連動画をさらに表示
GitHub's Devin Competitor, Sam Altman Talks GPT-5 and AGI, Amazon Q, Rabbit R1 Hacked (AI News)
¿El nuevo Visual Studio Code? 🔥 ¡ZED, el nuevo editor de código!
These AI editors are getting out of hand
Jak pół sekundy uratowało świat przed zagładą?
This VS Code Killer Just Went Open Source (Written In Rust BTW)
What is Git and Github?
5.0 / 5 (0 votes)