Cnet Apologizes For Nmap Adware Mess

Trailrunner7 writes "Officials at Cnet's Download.com site have issued a statement apologizing for bundling the popular open source Nmap security audit application with adware that installed a toolbar and changed users' search engine to Microsoft properties. Fyodor, the author of Nmap, raised the issue earlier this week, saying that his app was being wrapped in malware on Download.com. It's not unusual for download sites to bundle free applications with some kind of adware or toolbar, but the creators of open-source applications take a dim view of this practice, given the nature and ethic of open source projects. Nmap is a venerable and widely used tool for mapping networks and performing security audits and Fyodor wrote in a message to an Nmap mailing list earlier this week that Download.com, which is part of Cnet, a subsidiary of CBS Interactive, was bundling the application with its installer, which, if a user agreed, would install a search toolbar and change the user's search engine to Bing."

Perfect american corporate business practice

[unity100]

Do some shady/shitty dealing and make big money. Then apologize for the mess you have caused. IF thats not enough and you get sued, pay some reparations which is ridiculously low compared to your profits.

This cycle is what is driving the society down under. What BP did, what Lockheed did, what intel did. im sure you know about what bp did last year - killed an entire ecosystem. you may also know about intel's bribery case with pc manufacturers. but you probably dont know what lockheed did - they have bribed nato country defense ministers to buy f104s over more capable aircraft. as a result numerous things happened, including, approx 600 nato pilots dying due to design deficiencies (it had a tendency to maul its tail on landing and take off - hence nicknamed flying coffin) over the years, british and other european aerospace industries died.

what happened ? lockheed was sued, then admitted to bribery, apologized, paid pathetic sums.

unless people running corporations AND their shareholders start being held responsible for their doings, these will continue.

Re:Perfect american corporate business practice

[InsightIn140Bytes]

But they didn't do anything illegal. They're basically just using their own download application that comes with extra stuff. In fact, Google does exactly the same with Chrome, so you should blame them too.

Re:Perfect american corporate business practice

[InsightIn140Bytes]

Companies can't murder people. People can. And they're already prosecuted under current laws.

Re:Perfect american corporate business practice

True, nothing illegal. But being shitty with someone elses code is just a shitty thing to do.

Maybe if the public at large would just stop using Cnet/download.com/CBS Interactive , that would help drive the point home.

But, as unity100 has pointed out, profit for the sake of profit will drive this out of the public eye within hours.

And they will do it again.

Why do we even try......

Re:Perfect american corporate business practice

[unity100]

today, legal but unethical. tomorrow, barely legal and immoral. the day after, dodgeable illegal and bastardly.

this is the sequence of events once you start allowing/rationalizing/accepting what they do.

Re:Perfect american corporate business practice

[MightyMartian]

Still, I'm thinking that in cases of gross negligence, stripping away corporate personhood and limited liability and making shareholders pay directly would certainly increase shareholder vigilance over the going's on of companies they're investing in. Imagine if BP's shareholders were directly sent a bill in proportion to the size of the Gulf cleanup. I'm thinking BP shareholders would probably be a bit more proactive in assuring the company management behaved themselves.

Re:Perfect american corporate business practice

[Hatta]

They distributed nmap in a manner inconsistent with its licensing, running afoul of copyright law. They should be forced to pay applicable statutory damages.

Re:Perfect american corporate business practice

Corporations are Psychopaths.

They do not respond to trivial things like human suffering or death.
The only thing they respond to is profit (or the lack thereof).

Ergo, the policy should be that all fines levied on corporations are multiplied by 1000.
An act performed by a natural citizen that would incur a $1,000 fine, should cost a corporation $1,000,000.
An act performed by a natural citizen that would incur a $1,000,000 fine, should cost a corporation $1,000,000,000.

When it is no longer profitable to break the law, then corporations will immediately cease doing so.

Re:Perfect american corporate business practice

Illegal? Not sure. Nmap's licence specifically forbids this kind of crap.

Re:Perfect american corporate business practice

This cycle is what is driving the society down under.

Keep such american corporate business practices away from Australia, please (to my distaste, it seems they're quite invasive).

Re:Perfect american corporate business practice

[dhall]

Until I see a Corporation executed by the state of Texas, I refuse to acknowledge that Corporations are truly liable for their actions.

Re:Perfect american corporate business practice

Actually it may be illegal in several countries. Download.com is depriving third party developers of an undisclosed amount of revenue simply by flashing some sort of ToS. This license agreement may or may not be fair (or binding for that matter). It would be reasonable for them to get a fair fee for hosting the file, but the revenue they are getting may exceed a reasonable fee by a huge amount, in which case this ToS of theirs would not hold up in a lot of courtrooms around the world, as an unfair and unclear deal. Thus it would in fact be unlawful.

Please point out a download site that wraps google software/default search engine/homepage or they are doing anything remotely similar.

Re:Perfect american corporate business practice

[stephanruby]

But they didn't do anything illegal. They're basically just using their own download application that comes with extra stuff. In fact, Google does exactly the same with Chrome, so you should blame them too.

No, they didn't. So what?

There are plenty of things that are perfectly legal that people don't like.

In this case, the author of the open source security software should just make his own software blacklist the download.com site for malware/shadyware, which is also completely legal to do. And then hopefully, download.com would retaliate by blacklisting his software, so then everybody is happy. The author is happy. The consumer is happy. And download.com is relieved not to have to his software listed on their site anymore.

Re:Perfect american corporate business practice

[Mr.+Freeman]

This argument comes up a lot. The problem is that whenever a company does something wrong it's always "victim v. the company" and NEVER "victim v. a specific employee(s) of the company". If only people can commit crimes, then why are companies held to account and people never are?

Re:Perfect american corporate business practice

[InsightIn140Bytes]

You could make the same argument for advertising on websites. Is Slashdot depriving me of an undisclosed amount of revenue when I make interesting content for them (post comments) and they pay nothing to me? Would it be reasonable if Slashdot only took their fair share for hosting and paid off rest of the revenue to people who post comments?

Re:Perfect american corporate business practice

[Caerdwyn]

You DO realize that "American" corporate practices are pretty much identical to Australian, Canadian, European, etc. corporate practices, as they all come from English practices? That there is just as much (if not more) corruption in other nations... government, business, individual... as America? That you and your nation are in no way superior to America?

Don't like it? Defend yourself without American help or American military equipment. Hope you like being Indonesian, because they're crowded, resource-hungry, have ten times your population and a military much larger than your own, and not a whole lot of love for you.

Re:Perfect american corporate business practice

Oh really? Corps that have dumped toxic waste have had their employees jailed for causing people cancer?

Re:Perfect american corporate business practice

[Jibekn]

Corporations are people. According to the USA anyway.

Re:Perfect american corporate business practice

No they didn't. There is absolutely nothing in the GPL that forbids bundling other software in an archive or installer, free or not.

Re:Perfect american corporate business practice

I tend to look at your statement as part of a big problem with Americans. You can rationalize any number of clearly unethical or immoral situations by either stating, "...it's not illegal..." or "...XXXXXX does the same thing so why shouldn't YYYYYYY". In both cases, it's a matter of justifying whatever you can get away with by using arguments based on a loose foundation of self-serving needs.

Re:Perfect american corporate business practice

[Daniel+Phillips]

Seems like Microsoft is casting around for some way to top Sony's rootkit.

Re:Perfect american corporate business practice

[cjcela]

The thing is, when talking about what is right and what is wrong, "illegal" should not be the boundary, but a far extreme towards "bad", which most companies should avoid by far. As I see it, the fact that a company does anything that is "legal" and in its power to generate profit, in real life means that the company is driven by greedy individuals and often ethically questionable practices. And if a company does something illegal, somebody somewhere has to go to jail. Period. I know, I know, there is the free market idea, too, and all that argument - if that worked so well, our economy would be in a different place. But you choose whatever you want to believe in, and live the consequences; I think that companies that have some sort of ethical self-regulation are healthier to society as a whole than the ones that just "follow the law". Think about the banking industry for a bad example of legal theft.

Re:Perfect american corporate business practice

[EdIII]

You can't go after shareholders in a public company. Not all of them. It would kill day trading for one, not that I mind that one bit.

It would make investments nearly impossible. All that would end up happening is they would bypass it with strategic revenue sharing agreements and legal clauses preventing the company from funneling assets and revenue out to other companies.

Making a farmer or teacher responsible for their share in a company they invested partly in for retirement is going too far. They lack the sophistication and access to resources to truly assess risk. Most of that is just long term investment in a big well known company.

Going after mutual funds and pension managers probably won't work well either. How could you ever really know what is going on in a company if it is fraud?

I think it would be more reasonable to strip corporate person hood and limited liability for the executives and any shareholder that is an accredited investor. The accredited investor part is really really iffy for me.

Unless you can really define just how shareholder vigilance is supposed to work without an absolute *ton* of micromanaging and audits on a constant basis. Most companies don't want that. So unless the investor is actively involved on the board of directors I just don't see how it is reasonable for you to assume, "they should have known". All they know is what is in the offering and disclosed. They know their risk, not ongoing operations.

Nail the executives and leave it at that.

Re:Perfect american corporate business practice

[boxxertrumps]

No one was talking about music or movies.

Re:Perfect american corporate business practice

[Sulphur]

Until I see a Corporation executed by the state of Texas, I refuse to acknowledge that Corporations are truly liable for their actions.

Does that mean that corporations are not people?

Re:Perfect american corporate business practice

Actually you could not. Slashdot is advertising on their website. You are posting on slashdot having wavered any right of income from slashdot. As you have to cnet. They can advertise on their website however they want on a page that displays your copyrighted material (your application, or your post). However in this case they are incorporating advertisement in _your_ installer. The binary that actually goes to the end user. This is your intellectual property, not cnet's. The rights to profit from this are exclusively yours.

Re:Perfect american corporate business practice

[Forbman]

Nail the executives and the Board members.

Re:Perfect american corporate business practice

[InsightIn140Bytes]

They didn't incorporate the advertising in anyones installer. They only made application that downloads the installer for user, and before that gives the option to install their additional software (toolbar). After user chooses if he wants it or not, the cnet's installer downloads your installer and runs it. They didn't modify the original installer in any way.

Re:Perfect american corporate business practice

[Hatta]

Nmap is distributed with clarifications to the GPL that explicitly define bundling the software as a "derivative work". Since the bundled software was not also GPL licensed, this was in fact contrary to the license.

Re:Perfect american corporate business practice

Btw, regardless, you have yet to answer how Google does anything remotely sketchy as to agree to bundle a wrapper for software/default search/homepage from the repository of a download site. Google actually wont bundle with just any software. For sure not without agreeing with the actual developer of the software. So saying Google does something similar needs a citation desperately imho.

Re:Perfect american corporate business practice

unless people running corporations AND their shareholders start being held responsible for their doings, these will continue.

People should start demanding proper regulation of businesses through legislation. That's all.

Business is there to make money within the boundaries of the law. If the law says "you can pollute all you want", then that's what you will get. If the laws says "don't pollute or we'll make you pay $10/offense", then you'll get pollution too. If the laws says "don't pollute or we'll throw executives and responsible party in jail and/or charge the company 10x cost of cleanup, then you'll get clean much less pollution.

So start demanding real penalties not some absolute values in law that are meaningless a year after they are instituted.

Re:Perfect american corporate business practice

[X0563511]

Because you can hold a single company accountable, something that is very difficult to do to thousands upon thousands of individuals? (just ask the MPAA/RIAA and friends how 'easy' it is)

Re:Perfect american corporate business practice

[Requiem18th]

Where does this psychopathic idea that corporate efficiency must be maintained at all cost come from?

work without an absolute *ton* of micromanaging and audits on a constant basis. Most companies don't want that.

Companies don't want that? OH NOES we can't have that!

Of course these same companies want to monitor all of our forms of communication and behaviour to (enhance their marketing and) make sure we don't touch their oh so precious IP.But we can't have companies watching what they are doing, that would be inefficient.

Re:Perfect american corporate business practice

Cnet's installer made use of the nmap logo, and gave no indication that it was not the offical installer provided by fyodor.

They may not have modified the original installer, but they were implying that there installer WAS the original.

Re:Perfect american corporate business practice

Well in this case what I said doesn't really apply. But trademark issues as AC above says would, from the way it is not made clear that they are separate software. I downloaded cnet2_setup_files_terminator_free_2_1_0_3_exe.exe The name doesn't clearly imply it is cnet "secure downloader". While it installs, it uses the name of the software (that will be downloaded later) as part of the special offer. Intentionally or unintentionally implying it has something to do with the original software author's intentions.

http://seclists.org/nmap-hackers/2011/att-5/cnet-bundles-nmap-with-malware.png

This is misleading.

Re:Perfect american corporate business practice

[fv]

But they didn't do anything illegal. They're basically just using their own download application that comes with extra stuff.

Yes, but Download.com still assures users that they will never bundle that "extra stuff". Their Adware & Spyware Notice says:

In your letters, user reviews, and polls, you told us bundled adware was unacceptable--no matter how harmless it might be. We want you to know what you're getting when you download from CNET Download.com, and no other download site can promise that.

Also, they make it look like a download link for the real installer (which it used to be), and then the user gets this CNET crap. But they still used our name liberally in the trojan installer as if we were somehow responsible for or involved in this abomination. I've got screen shots on my Download.com fiasco page.

Also, this "apology" rings hollow because they aren't fixing the problem along with it. In particular:

1) He claims that bundling malware with Nmap was a “mistake on our part” and “we reviewed all open source files in our catalog to ensure none are being bundled.” Either that is a lie, or they are totally incompetent, because tons of open source software is still being bundled. You can read the comments below his post for many examples.

2) Even if they had removed the malware bundling from open source software, what about all of the other free (but not open source) Windows software out there? They shouldn't infect any 3rd party software with sketchy toolbars, search engine redirectors, etc.

3) At the same time that Sean sent the “apology” to users, he sent this very different note to developers. He says they are working on a new expanded version of the rogue installer and “initial feedback from developers on our new model has been very positive and we are excited to bring this to the broader community as soon as possible”. He tries to mollify developers by promising to give them a cut (“revenue share”) of the proceeds from infecting their users.

4) You no longer need to register and log in to get the small (non-trojan) “direct download” link, but the giant green download button still exposes users to malware.

5) The Download.Com Adware & Spyware Notice still says “every time you download software from Download.com, you can trust that we've tested it and found it to be adware-free.” How can they say that while they are still adding their own adware? At least they removed the statement from their trojan installer that it is “SAFE, TRUSTED, AND SPYWARE FREE”.

Re:Perfect american corporate business practice

[0101000001001010]

"Flying Coffin." Interesting nickname. In my home country it was called the Widow Maker. Erich Hartmann, the highest-scoring fighter ace in the history of air warfare, called it fundamentally flawed and unfit for service. Lockheed's money caused his superiors to force him into early retirement. 115 German pilots were killed in non-combat missions while piloting the F104.

Re:Perfect american corporate business practice

[unity100]

there you go.

Re:Perfect american corporate business practice

Texas has, in fact, revoked corporate charters before.

Re:Perfect american corporate business practice

[lightknight]

Indeed. However, human psychopaths can learn, if only to survive in a society that does not understand them.

Can corporations?

Re:Perfect american corporate business practice

[fsckmnky]

It would kill day trading for one, not that I mind that one bit.

And what exactly is wrong with daytrading ? For every transaction, there is a buyer who wants to purchase, and a seller who wants to sell. If that isn't a mutually beneficial transaction between two consenting parties with predefined and clear rules and an agreed upon price, then no such thing exists. Banning daytrading would be similar to banning the purchase of milk at a restaurant with the intent of selling it by the glass to customers.

Nail the executives and leave it at that.

Even the executives that didn't know anything ? If bribery and corruption are the problem, then the solution would be to punish the people responsible, which is not necessarily, all of the executives.

Re:Perfect american corporate business practice

If you download crap from cnet and not the original source then you get what you deserve.

Re:Perfect american corporate business practice

[EdIII]

Where does this psychopathic idea that corporate efficiency must be maintained at all cost come from?

You're being shortsighted and practicing reductio ad absurdum.

I never promoted the idea that corporate efficiency must be maintained at all costs. Only that efficiency at some level must be maintained otherwise the cost of the products and services would have to rise commensurately. There has to be a balance, otherwise we are just hurting ourselves.

Companies don't want that? OH NOES we can't have that!

Now you are just adding hyperbole. Companies can't have every single investor visiting the offices, or their lawyers offices, and hiring their own counsel and experts to inspect the financials and conduct audits attempting to find fraud or illegal activity.

They must hire experts. Accredited investors would not be excluded either. Just because you are an MD with a net worth of a couple million dollars meeting the current requirements for exemption under the Securities Act of 1933, does not mean you can walk into a mining company and understand what is wrong and what is right, and what is illegal .

Your hyperbole and reductio ad absurdum aside, corporations are already being monitored under current laws. Obviously, that needs to beefed up a bit, but requiring all investors (think how many that would mean for Exxon) to watch the company is just plain ludicrous. It can't work in the real world without making business so inefficient, it can't operate.

What if you own part of a mutual fund? Is it sufficient to investigate the mutual fund managers? Or must you then perform investigations and audits on the possible hundreds or thousands of investments they have? What if a mutual fund owns part of a different financial instrument?

WHAT IF... WHAT IF... (I get to do hyperbole) somebody that owned part of a mortgage backed security? Would they be required to make sure no lending laws were broken on each loan origination? Would they need to physically inspect each security to verify the possession of the note?

Of course these same companies want to monitor all of our forms of communication and behaviour to (enhance their marketing and) make sure we don't touch their oh so precious IP

More hyperbole. Of course things are not balanced. Not even close. However, this has nothing to do with the specific question at hand......

But we can't have companies watching what they are doing, that would be inefficient.

No. We can have increased regulations, penalties, and monitoring of corporate activities. What we can't have is thousands upon thousands of independent parties doing it at the same time. That would be grossly inefficient to the point that it is no longer possible to operate a viable business.

That's why you can't go after the small investor. What I did say was put the executives (and I implied the board of directors) in prison for long sentences. I have a hard time seeing how proposing that, and sparing the small investor makes me a corporate apologist, which is what your raving character assassination seems to be trying to accomplish.

Is this just for public companies or private?

I got some news for you... every company (with few exceptions) needed an IPO to go public. Before that, they had to raise capital. The proposal to make investors liable would raise the bar so high, that new businesses and small business would have a significant and oft insurmountable barrier to entry.

You have a +5 insightful. That means that your hyperbole has sentiments that many can get behind (including myself) but you need to take a couple of deep breaths and realize that you have to be smart, clear headed, and forward thinking when you come up with better ways to regulate corporations and curtail their sociopathic behaviors that we all hate so much.

Re:Perfect american corporate business practice

[EdIII]

I would ban day trading, and I will tell you why.

It's that mentality for short gains that has lead to our economic collapse. If it was illegal from the start to securitize mortgages, or that it would require very very well documented and physical transfers of the mortgage note from one owner to the other, we would not be in this situation.

It was the intense building greed of Wall Street that made the packaging and reselling of mortgage backed securities go faster and faster and faster, and eventually, the demand was so great that loans were originated that anybody with a brain new could not be repaid and would default within 4 years.

Subprime? Subprime my ass. Guaranteed 99.99% Loss Financial Loans is what I would have called them at the end.

The need to trade faster and faster only encourages this bullshit, and I don't buy for one second, that it is beneficial to the stock market by blah blah blah economist reasoning inserted here.

It also introduces arbitrage . Do you think they are building a multi-billion dollar fiber optical trans-Atlantic cable to reduce latency for shits and giggles? No. It is so they can link the stock exchanges and game the system even more. It won't be Call of Duty packets going across that pipe, but it will be warfare.

Why is it that in a certain building in New York that colocation of a server costs 50-100x that of the going rate?

Why is that some people are trying to make microsecond trading and "stock exchange on a chip"?

It's called unfair advantages far worse than insider trading and it is bullshit. So yes, screw day trading.

I want to see a federal tax on all trades based on the time the stock was held. 1 microsecond? 99.99% tax rate. 1 year? .01% tax rate.

That would start people thinking again about what the company will look like in two years instead of two minutes. That's a culture we need to get back to in this country desperately.

Even the executives that didn't know anything ? If bribery and corruption are the problem, then the solution would be to punish the people responsible, which is not necessarily, all of the executives.

Never said that or implied it. Only the executives directly responsible, or had knowledge, would be prosecuted and sent away. At some level, a board member claiming they had no knowledge is unreasonable. BP had a long history of disregarding safety for profit and even if the board member did not specifically know about the decisions around the blow out presenter, he damn well knew everyone had a corporate culture of having such disregard.

In any case, all executives would be innocent until proven guilty. Let the investigators determine who was really at fault and who knew what.

Re:Perfect american corporate business practice

[fafaforza]

Sadly, based on everything that I've read about Australia recently, it would be the first country to see such practices be adopted.

Re:Perfect american corporate business practice

[Tetch]

I tend to look at your statement as part of a big problem with Americans. You can rationalize any number of clearly unethical or immoral situations by either stating, "...it's not illegal..." or "...XXXXXX does the same thing

It's not specifically Americans - it's capitalism (or "unhealthy love of money"). The problem with Americans (generalising like mad here of course) is that they sure do like the ostensible benefits of capitalism, and often fail to see the consequent drawbacks, but the same problem affects (infects) many other western countries these days.

I remember years ago watching an interview with the chairman of Rio Tinto Zinc (RTZ), in which he was being given a hard time about how RTZ was digging up aboriginal sacred burial grounds to look for uranium. His reply, with an apparently straight face, was "What we are doing is not illegal, and as chairman my responsibility is to my shareholders to deliver the maximum profit possible".

He simply couldn't see the immorality (or at least amorality) of the company's actions - or if he could then he simply didn't care, so long as the profit was good

Capitalism doesn't do morality - it just does money. Transcending this is an evolutionary step that must be made if humanity is to have any future.

Re:Perfect american corporate business practice

[ksd1337]

Hm, but it's a binary distribution of Nmap. GPL doesn't extend to binary output. Well, to be more specific, GPL only extends to output when a segment or whole of the source code is in the output. Binaries don't classify.

Re:Perfect american corporate business practice

[arose]

It would be plenty to have shareholders limitedly liable. Right now they tend to profit, so looking the other way is a natural choice.

Re:Perfect american corporate business practice

[arose]

I don't think one year should count as a long term investment though... Make it 20 or so.

Re:Perfect american corporate business practice

[AlanS2002]

No they can't commit murder, they can however commit acts which amount to, were they living/breathing individuals, criminally negligent homicide/gross negligence manslaughter/culpable homicide/etc. (depending which country you live in) and as they are afforded all of the rights of individuals, without all of the responsibilities of living/breathing individuals, they can (for all intents and purposes) get away with it. Clearly this is not an acceptable situation.

Re:Perfect american corporate business practice

[ArsenneLupin]

You've got this backwards. GPL does cover binary, and requires you to make source available if you distribute a binary.

So yes, that means that CNET should either have refrained from bundling, or should have distributed source of the bundled spyware as well in order to be GPL compliant.

Now, if the author of the software added additional clauses on top of the GPL to his software, these are binding too (although, then, technically the license would no longer be the GPL, but a more restrictive license based on the GPL. But the author does have this right)

Re:Perfect american corporate business practice

[fsckmnky]

I would ban day trading, and I will tell you why. It's that mentality for short gains that has lead to our economic collapse. If it was illegal from the start to securitize mortgages, or that it would require very very well documented and physical transfers of the mortgage note from one owner to the other, we would not be in this situation.

You seem to also have the mentality for "short gains" in the terms of a "quick fix" by banning day trading. It *was* illegal to securitize mortgages, but then Barnie Frank and his friends in congress repealed the Glass-Stegal act and failed to monitor the implications of allowing the US banking system more degrees of freedom. They did this because everyone thought it was a great idea that "people who can't afford a home should be able to buy a home."

It was the intense building greed of Wall Street that made the packaging and reselling of mortgage backed securities go faster and faster and faster, and eventually, the demand was so great that loans were originated that anybody with a brain new could not be repaid and would default within 4 years.

Subprime? Subprime my ass. Guaranteed 99.99% Loss Financial Loans is what I would have called them at the end.

Everyone, having the benefit of hindsight, has various different theories for what went wrong. However, at the time, everything *seemed* to be great and very very few people saw it comming. The people who did see it comming, were not in a position to prevent it. Again, this is a failure of government to monitor the industry. We have known for 100's of not 1,000's of years, that capitalism, unregulated, unmonitored, unwatched, and unaccountable, will run amuck in the pursuit of profit. This is why we don't have pure capitalism. We have regulated capitalism, and when the regulators fail, the outcome is not good.

The need to trade faster and faster only encourages this bullshit, and I don't buy for one second, that it is beneficial to the stock market by blah blah blah economist reasoning inserted here.

"The need to trade faster and faster" as you put it, is not the reason the term "daytrading" exists. The fundamental motivation today, for purchasing a stock and selling it before the close of the day, is the limited amount of leverage allowed when purchasing stocks. Due to the speculative excesses that allowed the Kennedy family to rise to power, while at the same time, causing the the Stock Market Crash of 1929, which in turn contributed to the Great Depression, margin rates on stocks have been limited to 2:1. By buying and selling within the same day, this leverage ratio can be raised to 4:1. See https://secure.wikimedia.org/wikipedia/en/wiki/Daytrading for an introduction of the practice. Pay special attention to the bits on the special rules surrounding "Pattern Day Traders."

It also introduces arbitrage . Do you think they are building a multi-billion dollar fiber optical trans-Atlantic cable to reduce latency for shits and giggles? No. It is so they can link the stock exchanges and game the system even more. It won't be Call of Duty packets going across that pipe, but it will be warfare.

There is nothing wrong, or negative, with arbitrage, and it is an important factor in price discovery and market liquidity. As for linking exchanges via fiber optic cable, this reduces the opportunities for arbitrage due to price mismatches. As for you calling it warfare, that would be like someone calling your exercise of emailing 1,000 copies of your resume to potential employers warfare.

Why is it that in a certain building in New York that colocation of a server costs 50-100x that of the going rate?

Why is that some people are trying to make microsecond trading and "stock exchange on a chip"?

It's called unfair advantages far worse than insider trading and it is

Re:Perfect american corporate business practice

Cool story, bro!

Re:Perfect american corporate business practice

[occupyhotelrooms]

Wouldn't be a very liquid market.

Re:Perfect american corporate business practice

[Patch86]

Making a farmer or teacher responsible for their share in a company they invested partly in for retirement is going too far. They lack the sophistication and access to resources to truly assess risk. Most of that is just long term investment in a big well known company.

Why? Why should teachers and farmers even be buying stakes in companies that they don't understand? It's not like that was common practice more than about 70 years ago. It's encouraged by pro-investors, because investment is like a competition, where you only make money if somebody else loses money- and it's far easier to win if there's lots of amateurs competing with you.

The traditional method of investment for people without the time or expertise to do it properly is to put your money in a bank account (so the bank can invest the money and pay you a cut), or a fund (such as a pension fund) which you do not have direct control or responsibility for. Yes you can make more money investing directly- but that's at the cost of requiring a much more in depth and involved understanding of what you're doing.

I say make the shareholders responsible for the companies that they own. If that puts off amateur investors from doing things they don't understand, all the better. Purging amateur investors might on its own even lead to more rational, better managed markets. And if you want to make the big bucks by investing directly, you can damn well deal with the risks and responsibilities that go with it.

Re:Perfect american corporate business practice

[cavebison]

This cycle is what is driving the society down under.

Ah, so that's where all these boat people are coming from!

Re:Perfect american corporate business practice

[Senior+Frac]

Great quote. And true, if you think murder is the only crime an entity should go to jail for.

Re:Perfect american corporate business practice

[Killjoy_NL]

Yes even the executives that didn't know anything, how can they be responsible for a company and not know something going of this magnitude.
People should take responsibility more often.

The best example I saw was a few years ago, a japanese executive publically admitted that his leadership damaged the company and he resigned.
He also implored the people not to blame the people who worked at the company since they were not responsible, he was. I can respect that.

Re:Perfect american corporate business practice

[jimicus]

You won't be surprised to learn that Download.com isn't the only company doing this. There's another one (Wisedownloads, but I'm not about to help their google rankings by posting a link) that occasionally buys up Google ads offering a "Free photoshop alternative!".

This "alternative" is Gimp with an installer that includes about 4 or 5 other "extras". They also offer VLC, equally bundled with rubbish. Looks like a little one-man operation that just does a handful of products that are of interest to a lot of people so I don't think they're doing nmap. Yet.

Re:Perfect american corporate business practice

[gl4ss]

Texas has, in fact, revoked corporate charters before.

plenty of corporations have been "executed" in the past and some execs get bans on running a business. however, the bigger the corporation the less likely it is that the people involved get anything.

Re:Perfect american corporate business practice

BP isn't American. It's British. Says so right in the name.

Re:Perfect american corporate business practice

[InsightIn140Bytes]

Only if CNET changed anything in the program, and they didn't. They're just a distributor, like physical stores are. GPL doesn't require you to distribute source for other bundled software either. For example, Apple doesn't have to open source for the whole OSX when they bundle it with some GPL apps. If they make modifications to those GPL apps, then they need to provide source for those apps, but again not the whole thing. And only if they make modifications - otherwise you have to go ask for the source from original author.

Re:Perfect american corporate business practice

[ArsenneLupin]

Apple doesn't misrepresent their "additional" software as being part of nmap. CNET does.

Just think about your own wording: "Apple ... they bundle it with some GPL apps", versus "CNET bundles GPL app with some spyware".

Re:Perfect american corporate business practice

[InsightIn140Bytes]

It's quite clear from the picture that it is in fact CNET's installer and the Nmap text is just the title to install. There is no trademark issue either, it's perfectly fine to tell user the name of the program he is about to install. Otherwise we would have to shut down all download sites on the internet, and probably slashdot too because /. mentions names of products in their summaries. Oh the horror.

Besides, Nmap author probably has given CNET permission to distribute the program at one point or another. Download sites rarely hunt for programs from the internet. Instead it works by authors either submitting their programs directly to CNET (in this case via https://upload.cnet.com/ ) or by using PAD files and distribution services that were specifically created for distributing software among websites and other services (see http://pad.asp-software.org/ ). In both cases the software authors also give full rights to distribute his software, so even if there would be trademark issues (there isn't), the authors would have given permission to use their softwares name.

Re:Perfect american corporate business practice

[fsckmnky]

Yes, but the executive in your example resigned voluntarily out of a sense of honor and duty. He wasn't lynched en mass because the door man cheated on his witholding. ;)

Re:Perfect american corporate business practice

[WorBlux]

"I got some news for you... every company (with few exceptions) needed an IPO to go public. Before that, they had to raise capital. The proposal to make investors liable would raise the bar so high, that new businesses and small business would have a significant and oft insurmountable barrier to entry."

That's not the only way business can operate. Check out the Mondragon Corporation.

In addition liability would be managed the same way to manage it in the same way as a sole proprietorship. You buy liability insurance, the cost of which is roughly proportional to the perceived risks that current management policies are taking. Any company that represents more than a token amount of stockholders could analyze the records (any insurer below that would have to cooperate with other insurers to get info), which would reduce the inspections to a manageable level.

You've set up a false dichotomy between everyone regulating a corporation for themselves and government regulating corporations for everybody. There is a middle ground and room for market mechanisms to solve the problem. Of course you want a reasonable bottom level the government assures, but complex industry-specific regulation often fails due to regulatory capture, and the fact regulators lack the implicit knowledge necessary to manage the risk.

Externalizing the costs of failed corporations onto the public at large is destructive, unfair, rife with moral hazard, and favors the established players over everyone else. The original point of the corporation was to promote public works such as roads, schools, dams and canals, and not to protect the profiteering of a relative few.

Re:Perfect american corporate business practice

[mcgrew]

But they didn't do anything illegal.

I wouldn't be doing anything illegal if I had consentual sex with your wife, either. Just because it's legal doesn't make it right.

Google does exactly the same with Chrome

"Well, George banged your wife so it's ok for me to." Why do you excuse immoral, unethical assholes?

Re:Perfect american corporate business practice

Can't trust anybody these days. Oh well. They play their games, and we play ours. How should we respond to this?

Re:Perfect american corporate business practice

[Andy+Dodd]

F104s? Seriously, you're bringing up news that is on the order of 30-50 years old, talking about an aircraft that has been out of service for 7 years in ALL countries?

Re:Perfect american corporate business practice

[orgelspieler]

What are you, some kind of racist? Everybody knows that corporations are people. How dare you imply that just because corporations aren't humans (aka meat-people), that they are somehow incapable of doing things "real" people can do. You should be ashamed of yourself. Such narrow-mindedness has no business in the twenty-first century.

Re:Perfect american corporate business practice

[arkenian]

Still, I'm thinking that in cases of gross negligence, stripping away corporate personhood and limited liability and making shareholders pay directly would certainly increase shareholder vigilance over the going's on of companies they're investing in. Imagine if BP's shareholders were directly sent a bill in proportion to the size of the Gulf cleanup. I'm thinking BP shareholders would probably be a bit more proactive in assuring the company management behaved themselves.

Corporate Limited Liability is crucial. Besides in the point you're discussing, why should they? BP's net worth is more than sufficient to pay for the entirety of the cleanup and then some. A shareholder is liable up to the amount of their investment . . . I agree with eliminating corporate personhood, but we don't need to eliminate limited liability, we just need to force the companies to pay their bills, and if that destroys the company, so be it. The next company along, the shareholders will want assurances the same mistake won't happen and/or is sufficiently insured.

Re:Perfect american corporate business practice

[mcgrew]

No, this is much more like OtherOS than XCP. Microsoft will have to go a long way to match Sony's evil, try as they seem to be trying.

XCP (Sony's rootkit) disabled all P2P and disk burning software as well as other damage that they might not have planned, but disabling BitTorrent (keeping you from up and downloading distros) and disabling disk burning (castrating their competetion, the independant musician) was clearly deliberate and vilely evil. Someone should be in prison for that, but I guess rich people only go to prison if they defraud thousands of other rich people in a billion dollar Ponzi scheme, or sell US Senate seats or Commercial Drivers licenses to unqualified drivers who go and kill entire families (which put Ryan in prison for a shorter period than someone caught with an ounce of crack cocaine). I mean, nobody went to prison for the negligent homicide of two dozen miners last year, did they?

Neither Microsoft nor Sony need worry or apologize, idiots will keep shoveling money at them no matter how badly Sony and MS treat them. It's pathetic.

Re:Perfect american corporate business practice

[arose]

Logarithmic scale.

Re:Perfect american corporate business practice

[mcgrew]

And they're already prosecuted under current laws.

Than why were none of Sony's executives imprisoned for vandalizing thousands of PCs with their XCP malware? Why was no one from BP or Haliburton or that other company incarcerated for destroying the ecosystem of the Gulf of Mexico? Why was no one from the mining company not imprisoned for the mass murder (negligent homicide) of two dozen miners last year?

Re:Perfect american corporate business practice

[hesaigo999ca]

I tend to agree with you, but this practice is rampant in ALL industries, mainly the worse is the banking industry....where they can let themselves into an unstable situation then stick their hands out to their governments for some help. These are supposed to be the experts that we give all our money for keepsake.... you would think they would not get involved into something that would put them in a bad position....but they do not care....as long as the profits are here and now....

I heard one bank in Iceland (because of time zone issues) knew the storm was about to hit, called up all their ultra rich clients and told them to take out big loans in the hundred of millions because they knew that these clients would be covered and their slates wiped clean....with a major profit from the money they just pocketed....
but in the end, this was all "legal" as although you could call this insider information, everyone was way to busy dealing with the bigger issue then pay attention to these smaller ones....

Re:Perfect american corporate business practice

[sjames]

Agreed 100% to say the least. 'Illegal' means it's so far on the bad side of the line that we feel confident in saying it deserves punishment. If the best anyone can say is that you're not actually breaking the law, you get a D- in decency.

It's a bit disheartening to see how many consider that to be just fine for corporate behavior. We wouldn't go to a doctor who's best claim is that he is not actually murdering his patients in a legal sense, now would we? We want better from the bus driver than 'never convicted of vehicular homicide'. Nobody wants to buy a car from the guy whose been convicted of anything, much less convicted multiple times on 3 continents.

Re:Perfect american corporate business practice

[mcgrew]

Where does this psychopathic idea that corporate efficiency must be maintained at all cost come from?

From the amoral, out of touch psycopaths who run corporations. Money is their god. They worship it. It matters more to them than anything, more even than their families and children. There isn't a CEO of any big multinational that wouldn't let you rape his mother if you gave him enough money for it.

These are evil people. They do not care about the environment, they do not care care about right and wrong, they do not care whether anyone lives or dies as long as their pile keeps growing.

These people are pathetic.

Re:Perfect american corporate business practice

Sounds like someone who downloaded this should request the source code for the toolbar or whatever then sue CNet when it is not offered.

Re:Perfect american corporate business practice

[mmortal03]

Is there a reason why you are spelling their site name with a capitalized .Com after it, both here and on your page, when it is neither the common convention to do so, or Download.com's convention? I don't bring it up simply to nitpick, I bring it up because it makes an otherwise excellent statement on your webpage look somewhat unprofessional.

Re:Perfect american corporate business practice

Thanks, fixed.

Re:Perfect american corporate business practice

[coinreturn]

It *was* illegal to securitize mortgages, but then Barnie Frank and his friends in congress repealed the Glass-Stegal act and failed to monitor the implications of allowing the US banking system more degrees of freedom.

It was Phil Gram (R-Senate) and Jim Leach (R-House) that sponsored the bill that repealed Glass-Stegal. The Republican majority passed the bill with a veto-proof majority. Don't place the blame on Barney Frank - put it on the anti-regulation republicans where it belongs.

Re:Perfect american corporate business practice

[sjames]

They are not, but for some bizarre reason in law they are granted all of the rights and privileges of being people but only a limited portion of the liabilities as GP suggests.

Re:Perfect american corporate business practice

[fsckmnky]

Don't place the blame on Barney Frank - put it on the anti-regulation republicans where it belongs.

If I blamed it on Republicans I would be participating in partisan politics, and I find partisan politics thoroughly disgusting.

Barney Frank is at the center of the cloud that is the mortgage crisis, hence he was named specifically. His *friends in congress* include every elected member of congress that has had a hand in altering legislation, for whatever reason, and failing to monitor the outcome, regardless of their party affiliation.

Pretending problems are the domain of a specific party when laying blame, is pure idiocy.

Re:Perfect american corporate business practice

[mcgrew]

And what exactly is wrong with daytrading ?

It isn't investment, it's gambling. It does nothing to further the company and much to harm it, since it destroys any long term planning. It harms the economy by taking money out of long term investment and into gambling. Day trading is nothing more than high stakes roulette.

I would raise the capital gains tax to where it was before Reagan. There were no day traders back then, before gambling became more lucrative than investing.

Banning daytrading would be similar to banning the purchase of milk at a restaurant with the intent of selling it by the glass to customers.

Are you the user who used to be badanalogyguy? Because that's about the worst analogy I've ever seen; I see nothing analogous, no relation at all.

Nail the executives and leave it at that.
Even the executives that didn't know anything ?

It's the supervisor's job to know what the guy he's supervising is doing. It's the executive's JOB to know what the hell is going on in their company. If they're ignorant, too bad because they're not supposed to be ignorant.

It's called "responsibility", and today's rich seem to have never heard of the word.

Re:Perfect american corporate business practice

[mcgrew]

Wouldn't be a very liquid market.

Stocks are not supposed to be liquid assets. They're supposed to be investments.

Re:Perfect american corporate business practice

[fsckmnky]

I would address your points individually, but you seem to be operating in class warfare mode, and attacking broad groups of people regardless of any individuals contribution or actions. That strategy might satisfy your internal desire to hold someone, anyone, accountable, but it will turn ugly and you will realize it the moment it is used by someone else against you.

Re:Perfect american corporate business practice

[coinreturn]

Pretending problems are the domain of a specific party when laying blame, is pure idiocy.

You are now the Wikipedia example of the logical fallacy "poisoning the well."

Re:Perfect american corporate business practice

[mjwalshe]

They where the share price dropped and they lost the dividend. Still at least BOP was liable when the Mexican state oil company cased a major blowout in 79 they claimed sovereign immunity and basically said "suck it up gringo"

Re:Perfect american corporate business practice

[mcgrew]

Nice cop-out there. Day traders do not contribute anything whatever. You may refute this if you have facts to refute it, but I doubt you do.

CEOs don't produce, but they (like lawyers and accountants) are necessary, even if they are earning way too much by historical standards. You get the big bucks, you should take the big responsibility.

Glad I haven't....

[CheshireDragon]

...downloaded from download sites since the late 90's. My paranoia has finally paid off!

Re:Glad I haven't....

[fafaforza]

download.com started their crapware bundling a few months ago. Yesterday when I wanted to look up DVR access software, I almost pulled up their side, but then I didn't. Cool story, I know. But here's hoping that more people become aware and start avoiding the site like the plague.

It's Legal

[Bruce+Perens]

It is entirely within the license terms of any OSI-approved Open Source license to aggregate any software, regardless of its nature, on the same medium as Open Source software and to install it with the same installer that installs the Open Source. Even software that is harmful. Only if the software is a derivative work of the Open Source will the license apply to it.

Sure, CNet shouldn't do this, and if they keep doing it we'll eventually start using new licenses that make them copyright infringers. But right now it's legal.

Re:It's Legal

[Midnight_Falcon]

NMap is not licensed under the GPL -- it has its own license that specifically prohibits this type of bundling/installing a wrapper around the executable. This is not legal under NMap's license terms, I'm afraid you're mistaken.

Re:It's Legal

[Bruce+Perens]

Over at nmap.org, there's a GPL license. See this. They also offer a commercial license.

Re:It's Legal

[Midnight_Falcon]

Bruce: This is taken directly from Fyodor's email to nmap-hackers: In addition to the deception and trademark violation, and potential violation of the Computer Fraud and Abuse Act, this clearly violates Nmap's copyright. This is exactly why Nmap isn't under the plain GPL. Our license (http://nmap.org/book/man-legal.html) specifically adds a clause forbidding software which "integrates/includes/aggregates Nmap into a proprietary executable installer" unless that software itself conforms to various GPL requirements (this proprietary C|Net download.com software and the toolbar don't). We've long known that malicious parties might try to distribute a trojan Nmap installer, but we never thought it would be C|Net's Download.com, which is owned by CBS! And we never thought Microsoft would be sponsoring this activity!

Re:It's Legal

But according to CNet, Froyor uploaded the software. If he holds the copyright and agreed to their terms, it doesn't matter what some other license says.

Re:It's Legal

[Bruce+Perens]

I see what you mean, the line that says "Integrates/includes/aggregates Nmap into a proprietary executable installer, such as those produced by InstallShield."

It's nice to know what they consider a derivative work, but it has no legal effect. That would not be a derivative work under copyright law no matter what they think.

Re:It's Legal

[Midnight_Falcon]

There's a concept in common law jurisdictions called a "contract of adhesion." There is substantial case law about ToS and other agreements being overruled on adhese grounds. But yes -- someone agreed to their terms. So de jure, they might have some protection, but de facto, they've angered the internet community and will face some repercussions. I've already blocked download.com through DNS redirection on many of my clients' networks.

Re:It's Legal

[Bruce+Perens]

Sorry, but when Fyodor crosses out some of the GPL terms and writes in new ones in crayon (meaning without the assistance of a lawyer or in a manner contrary to existing law), it doesn't really have the effect he desires.

The GPL explicitly does not define terms such as "derivative work" because these terms are defined in copyright law or case law. Case law is most important here, and in general case law is strongly against Fyodor's interpretation. Go read Judge Walker's finding in CAI v. Altai and tell me that just installing the software makes it a derivative work.

I am also dubious that anything in 18 U.S.C. 1030 (the Computer Fraud and Abuse Act) can really be used to prosecute this particular incident. Can you show me the words that you think would?

Re:It's Legal

[Gerald]

The stub installer conflates "CNET" with the name of the software package, both in its file name and in its installation wizard. For projects and products that that are registered trademarks, wouldn't that constitute some sort of violation?

Re:It's Legal

[Bruce+Perens]

Fyodor should not be clicking YES on anything when uploading his own software. Really bad legal practice.

I think CNet learned their lesson.

Be wary of blocking legitimate sites that you don't approve of. I have not heard of ECPA being used against spam blockers and site blockers, but I think it could be used that way.

Re:It's Legal

[Midnight_Falcon]

As far as contracts go, as long as the terms aren't illegal and you have proper meeting of the minds, assent, etc; you can write whatever you want in crayon. I don't see anything wrong with his terms that would make it unenforceable in court or otherwise illegal. I don't think Fyodor's case hinges on it being a "derivative work." I think that definition is not germane to the fact he included the line about "Nmap into proprietary installer...". Then there's the whole other issue as to whether he agreed to C|Net's terms. On the Computer Fraud and Abuse Act, Note that I was quoting Fyodor and I personally do not think this act can be used in this context, and Fyodor did say "potentially." In the end, I think a reasonably prudent person, and the average jury, would side with Fyodor's interpretation. However the average lawyer or judge would probably not. However, take Stephen Colbert's poll on the South Carolina ballot....are corporations people? The average person would vote "People are people" but the lawyer would say "Corporations are people." It's these systemic shenanigans that are being pointed out by this issue, and C|Net doing such a thing but being legally protected is nothing short of the same shenanigans.

Re:It's Legal

[Bruce+Perens]

Can you make a credible case that the conflation of the CNET name confuses the public regarding the origin of the NMap software? It sounds a bit thin to me.

Re:It's Legal

[Bruce+Perens]

It's not a contract. No proper consent, etc. It's a license. It unilaterally conveys rights without removing any rights you already have. This is what RMS intended with GPL2 and he'd testify to that effect. It wouldn't look so good to a jury as you think.

Re:It's Legal

[Midnight_Falcon]

So when you click "I agree", you're agreeing to a principle, not a contract? Sounds a bit unreasonable. I think the moral of my comments is that you can debate whether or not it is technically legal all day, but this is a very distasteful act and Fyodor had taken measures to prevent it from happening. The fact someone found a legal loophole to get around enforcement of something clearly stated by Fyodor in his license is patently offensive, if not an actual criminal act or tort.

Re:It's Legal

California has a specific law that makes this unlawful, assuming there was no clear right for the individual downloading the software to reject it.

        Cal. Bus. & Prof. Code 22947.2 provides in part:
A person or entity that is not an authorized user, as defined in Section 22947.1, shall not, with actual knowledge, with conscious avoidance of actual knowledge, or willfully, cause computer software to be copied onto the computer of a consumer in this state and use the software to do any of the following:
(a) Modify, through intentionally deceptive means, any of the following settings related to the computer's access to, or use of, the Internet:
(1) The page that appears when an authorized user launches an Internet browser or similar software program used to access and navigate the Internet.
(2) The default provider or Web proxy the authorized user uses to access or search the Internet.
(3) The authorized user's list of bookmarks used to access Web pages.

Re:It's Legal

[Bert64]

It's not a "derivative work" for purposes of the GPL, and thus doesn't require disclosure of source code as per the GPL terms...

On the other hand, nmap is not distributed under the pure GPL, it is distributed under the GPL with added stipulations, kind of like how the linux kernel include explicit exceptions to GPL2...

The copyright holder is free to decide if, when and how their work will be distributed, and Fyodor has decided that in addition to the GPL requirements, he also doesn't want his code distributed as part of third party binary installers.
These installers are not a derivative work, they are just a violation of the distribution terms, and if you don't agree to the terms offered by the copyright holder then you are not allowed to distribute a copyrighted work.

A similar example would be a movie publisher or a tv station that is forced to implement DRM by a movie studio if they want to distribute that studio's movies. If the copyright holder doesn't agree with your terms then you can't redistribute his work.

Re:It's Legal

Sure, CNet shouldn't do this, and if they keep doing it we'll eventually start using new licenses that make them copyright infringers. But right now it's legal.

It may be legal under copyright law, but given that a "bundle of things" containing NMAP is not NMAP, it is a violation of NMAPs trademark... as this is pretty obviously an attempt to deceive/trick/confuse consumers. As such, its very damaging to the NMAP trademark.

If they had called there bundle the NetworkScannerDistroPack, then there would be no problem with including NMAP as long as there was no effort made to deceive folks into thinking they were only gettng NMAP though the marketing materials / download descriptions.

Re:It's Legal

[s.petry]

>>We've long known that malicious parties might try to distribute a trojan Nmap installer, but we never thought it would be C|Net's Download.com, which is owned by CBS! And we never thought Microsoft would be sponsoring this activity!

Sorry, but anyone that believes Microsoft is above playing dirty... #%^#@& I'll just say that you are very ill informed. Microsoft has paid Oracle to do the same thing with the Java installer that CNET did here. Microsoft has paid countless companies to do the same thing in order to try and gain market share on Google's search engine. They play dirty, they do dirty things. Hence more than trips to the DOJ for illegal monopolist practices than any company in history.

I'm also surprised that Microsoft has not released a Powertool yet that looks and acts just like NMAP, but is patented and copyright protected by Microsoft. Maybe that will come out after Windows 8 is released...

Re:It's Legal

[Bruce+Perens]

Click "I Agree" where? On the CNET site? Show me the page, please.

I have NMap on my Debian system, and I never had to click "I Agree" to get it or anything else in Debian.

Yes, it's a repulsive act that CNet did, no argument with that. But why are people getting software from Download.com? What mistakes does our community make that lead to that?

Re:It's Legal

[Bruce+Perens]

I think if you want it to work that way, you need to write a new, and non-Open-Source, license. The way it's stated now, as a definition of derivative works rather than a term of distribution, doesn't work.

Now, ethically, people should do what you want. But the letter of the law would not require them to do so.

Re:It's Legal

[Bruce+Perens]

"Intentionally deceptive means" is the key. Do we have screen shots, etc., that make a case that it was intentionally deceptive?

Re:It's Legal

[Mr.+Underbridge]

It wasn't a question as to whether it's legal. The question was whether it's a kind of crappy thing to do. If the issue was legal, he would have sent a C&D - since the issue instead was CNET's being crappy, he used public shame instead, which is the effective means of attack in that instance.

Re:It's Legal

You are correct that a license cannot take rights away -- but the right to distribute the software as you please is not one you have to begin with. A licensee's rights to redistribute are precisely what the license allows, since copyright laws themselves do not make any such allowance.

Re:It's Legal

[Bruce+Perens]

The license, however, doesn't prohibit you from distributing the software as part of a commercial installation package. Instead, a little note off to the side of the license says that they consider a commercial installation package to be a derivative work. So, that sets the question for the judge: was the commercial installation package a derivative work? All that the judge knows of law and case law says "no".

This is why I referred to those terms as being written "in crayon". The author doesn't seem to have understood what would happen when a judge attempted to parse the information. It doesn't seem to be the work of a legal professional. And it has the effect of deceiving programmers on the project that it is a valid license term, while legal professionals would immediately know that it isn't.

Poorly-written licenses always have this effect of deceiving the programmers who work on the project. This has cost some people real money, Bob Jacobsen (JMRI) being one. His case ended up being terribly more complicated than it should have been, costing years of hardship and some money.

Re:It's Legal

[Khyber]

"Do we have screen shots, etc., that make a case that it was intentionally deceptive?"

Every bit of advertising all over CNet about "ad-ware and spyware free" installers would seem to constitute every bit of evidence you need, since you seem to lack the mental faculties to find such embarrassingly simple things for yourself.

Re:It's Legal

[Bruce+Perens]

What's this, Anonymous Coward changed his name for the evening?

I've not a windows system to try the nmap installer. Didn't figure that out, did you?

Re:It's Legal

[Khyber]

The fact you don't test across all systems (let alone have test systems or environments for the four or five major operating systems) is more than proof of having less-than-stellar competence.

Re:It's Legal

[poena.dare]

"But why are people getting software from Download.com? What mistakes does our community make that lead to that?"

***applause***

A predilection for virtual pitchforks and torches over real ones, for starters. Flaming on forums is all fun and games, but tossing a living marketing exec in a real fire will make you feel alive and in control for the first time in your life. I cannot recommend it highly enough!

Re:It's Legal

[Bruce+Perens]

Oh, biddy kid is in a bad mood. Biddy kid should know I don't have anything to do with testing nmap. But tonight biddy kid is upset because he got in trouble with his mommy. So, he's taking all of his anger to Slashdot! I'll get that Bruce Perens for what my mommy did to me!

Re:It's Legal

[elashish14]

What mistakes does our community make that lead to that?

I blame this one

;-)

Re:It's Legal

[sydneyfong]

Sorry, but when Fyodor crosses out some of the GPL terms and writes in new ones in crayon (meaning without the assistance of a lawyer or in a manner contrary to existing law), it doesn't really have the effect he desires.

You're not an IP lawyer either.

Go read Judge Walker's finding in CAI v. Altai and tell me that just installing the software makes it a derivative work.

I'm not exactly an expert in US Copyright law, but after reading (time is limited mate) the Wikipedia article on the case, I see nothing related to the issue of whether such "aggregation" is a derivative work. My gut feeling is that whether it infringes depends on how it is "aggregated", and I really can't see how one can declare it is "non-infringing" without even looking at the installer itself.

The tricky parts of law are always in the devilry details. The "aggregation does not constitute derivative work, period" is great for OSS advocacy and establishing clear ground rules, but your words (and the community's words) are not the law. Honestly, from my limited understanding, the current case law is far from clear as to a lot of copyright issues than you OSS advocates seem to convey. As I said, that's not necessarily a bad thing from the advocacy perspective, but it's really no good if you actually *believed* what you said where the unequivocal legal position and gave pseudo-legal advice based on this.

Re:It's Legal

[Bruce+Perens]

No, I am not admitted to the bar, but a good deal of my income comes from working on Open Source issues with attorneys, and I teach attorneys, with CLE credit awarded in some states, about Open Source legal issues. I am an expert witness on just the sort of issue that is being discussed.

"Aggregation" is the word we use for the combination of software items on a medium that are not derivative works of the other software. It doesn't really make sense to say "that aggregation is a derivative work", if it were derivative it would not be an aggregation.

I am just not coming up with a theory that would make the installer a derivative work of the payload. The installer package is a medium from which the payload can be extracted and becomes separate files, identical to their form before being archived, that is the function of the installer. The installer copies the and stores data the way that Emacs copies and stores the text that you type while it runs. Yet, nobody attempts to make the case that Emacs is a derivative work of your text, that would be absurd, even if the text, by itself, is highly protected and very valuable. Nor do we find people claiming that GCC is a derivative work of the software they compile.

If I was called on to testify, that's what I'd say.

Re:It's Legal

[sydneyfong]

I'm not saying that you're definitely wrong. I'm just saying I can't see how you're definitely correct.

The installer package is a medium from which the payload can be extracted and becomes separate files, identical to their form before being archived, that is the function of the installer. The installer copies the and stores data the way that Emacs copies and stores the text that you type while it runs.

The problem is while Emacs itself is not a derivative work of my text, if you bundled Emacs together with my text as a single package, then I can't see why it can't be a derivative work of both my text and Emacs. Probably slightly a bit of a stretch, but I wouldn't cross the out.

The fact that you can revert the alleged derivative work back to its original form is neither here nor there -- if I s/wand/wang/g in the Harry Potter books, I almost certainly can return it to the original text by the substituting back. It doesn't mean my modifications isn't a "derivative work".

--
Further, I do have reservations to your claim that such modifications to redefine "derivative works" to the GPL isn't effective. It doesn't have to be a contract for such things to be effective. As long as CNET did not obtain a license to redistribute the work (whether derivative or not, doesn't matter. Copyright law does not allow redistributing of the original work unless licensed either), then it would be a copyright violation.

So did CNET obtain a license to distribute nmap? The nmap is licensed under GPL with explicit exceptions regarding some forms of aggregation. Depending on how a court is inclined to interpret the "patch" to GPL, i.e. whether overloading the term "derivative works" is effective in law, or whether the "spirit" of the license is to be followed, is not so clear cut IMHO. Generally a licensor is free to draft up a license text with strange words and terminology as long as he defines it in clear terms. In the nmap case, basically the author is saying: "ignore the legal meaning of 'derivative work', what we really mean is this:". That may not be the best way to modify the intentions of a GPL license, but I can't see how it is fundamentally fatal.

---
(In case you're wondering, I've studied law in a common law jurisdiction, but I'm not a lawyer either.)

Re:It's Legal

[bcmm]

I'm not sure that the Free Software community is responsible for the lack of meaningful package management on Windows NT.

Re:It's Legal

Nmap licence is not OSI-approved.
It excluded bundling with non-freeware.

Re:It's Legal

Emacs and GCC don't come with your text / software included.

Re:It's Legal

So a license, in this sense, is only valid when external entities agree that it is a valid license and not by those accepting it for use as valid license?

I'm trying to see where terminology, contract agreements, and obfuscation meet since my only conclusion from reading about this is that it should all be done away permanently. Let the rule of 'buyer beware' be equilibrium.

Re:It's Legal

[Khyber]

And it doesn't matter if you test nmap or not. Since you have no relevant experience with the software, you should simply keep your mouth shut. Doesn't matter if you have relevant experience with the specific license or the laws regarding such.

CNet advertises as adware and spyware free. This is obviously a fat case of false advertising, your crappy licensing argument notwithstanding (and you are apprently not even aware of the full T&C of nmap, so again, you open your mouth without being informed.)

"leader in the Open Source / Free Software community"

Not if you aren't aware of your competition (proprietary source software,) and their distributors, you aren't. And given you just admitted you don't test nmap, you're no leader, especially if you haven't tested one of THE MOST POPULAR Open-Source applications around.

Feel free to call yourself a 'leader' when you actually start acting like one, okay? Until then, you're not much of anything, just a mouthpiece.

Re:It's Legal

[Bruce+Perens]

You're smoking too much of that hydroponic crap to think straight, troll. I'm not going to feed you any longer. Doobie doobie do

Re:It's Legal

[Bruce+Perens]

You wrote:

, if you bundled Emacs together with my text as a single package, then I can't see why it can't be a derivative work of both my text and Emacs.

I am afraid this might just be a matter of expertise.

If I included your text in the Emacs source code, as some sort of template, you'd have reason to believe that I was creating a derivative work. However, I also have distributed Emacs on a Debian distribution (I created some of the early Debian distribution masters) along with thousands of texts and programs. I did this free of even the hint of legal challenge that programs aggregated together were derivative of each other .

That Debian CD was self-booting, self-extracting, really very similar to the Windows installer being discussed. If I tried to testify that the Windows installer was derivative, a canny defense expert would cue the lawyer to cross-examine me about that Debian CD, and she'd be right, it would discredit my (theoretical) testimony.

The problem with the redefinition of derivative work isn't that there's no contract, it's that legal professionals already know what derivative works are, and would prove in court, easily, that what Fyodor thinks is derivative actually isn't. Fyodor would have to state it differently than he has to make this stick.

Re:It's Legal

[sydneyfong]

However, I also have distributed Emacs on a Debian distribution (I created some of the early Debian distribution masters) along with thousands of texts and programs

Yes, I'm aware. (And I'm typing this reply on a Debian machine :)

That Debian CD was self-booting, self-extracting, really very similar to the Windows installer being discussed. If I tried to testify that the Windows installer was derivative, a canny defense expert would cue the lawyer to cross-examine me about that Debian CD, and she'd be right, it would discredit my (theoretical) testimony.

The position of an legal issue shouldn't be dependent on the past affairs of an expert witnesses, but then, realistically speaking I suppose you do have a point..

The problem with the redefinition of derivative work isn't that there's no contract, it's that legal professionals already know what derivative works are, and would prove in court, easily, that what Fyodor thinks is derivative actually isn't. Fyodor would have to state it differently than he has to make this stick.

I think this boils down to plain old interpretation of license clauses, the kind that courts frequently have to do when dealing with botched clauses written by laypeople or (sometimes) lousy lawyers. While it''s indeed rather unfortunate that the nmap license is written that way, it's still difficult to simply dismiss the explicit modifications (or "clarifications") to the GPL as ineffective. I'm a bit rusty here, but IIRC it's sufficient to show that the licensor and licensee understood the "real" intent of the text, notwithstanding it's rather lousy expression.

Re:It's Legal

[Bruce+Perens]

The court would probably decide based on testimony of experts on both sides. See my JMRI testimony for an example of how Open Source licenses are explained to judges. In the case of Fyodor's addition, it would be both lawyers and experts on the defense side citing cases that go against Fyodor's interpretation. Some of those cases would be precedential to the court hearing the case, meaning that the court would be required to align itself with the previous opinion unless the judge can produce an explanation of why the opinion in the preveious case does not apply to the present one.

Who? What?

[RichardJenkins]

Who would download a tool like nmap from download.com? What sort of person does this? How is this a thing that happens?

Re:Who? What?

[cavtroop]

I work in security for my company, so we keep an eye on unauthorized software in our enterprise. We had a guy just today download PuTTY from a download site, that came bundled with all kinds of shitty toolbars and adware. This guy is a Sr. Software Manager and Developer at the company and should know better.

I wish I could clue these supposedly 'smart' users in, but they'll download and install anything without any critical thinking at all.

Re:Who? What?

[CheshireDragon]

Windows monkeys?

Or some dense block of lead that does not know about YUM, apt-get, wget or the slew of other download-from-repository apps

Re:Who? What?

[lucm]

What sort of person does this?

The same persons who complain because the "desktop experience" features are disabled by default on Windows Server.

There is no explanation, it is a personality type. I suggest you read "Zen and the art of motorcycle maintenance", it offers a lot of insight about this kind of thing.

Re:Who? What?

[jezwel]

I've found my own team members downloading software from these types of sites under the assumption it was 'free' as there is no purchase required up front.

It's not easy finding switched on people, especially where you can't easily remove someone that can perform fine in most areas but just doesn't really understand the implications of certain software licence T&Cs.

Re:Who? What?

I work in security for my company, so we keep an eye on unauthorized software in our enterprise. We had a guy just today download PuTTY from a download site,

PuTTY is a very bad example, almost ANY URL sounds more authoritative than the real one.

Working in security, you should expect people to screw this one up and have your sysadmin team deploy/maintain it.

www.chiark.greenend.org.uk/~sgtatham/putty/
*blech*

Re:Who? What?

[leenks]

If you mean (and I know you dont, but it can, and does, easily fall into that category in an enterprise) "being able to enter a path into Explorer and it allow you to go there" as opposed to navigating to it from "My Computer" or "Network" directly, then sure. If you mean being able to right click on an application in the taskbar so I can close it, then sure. I complain like hell at these restrictions; it makes my life a right PITA.

Sacrificing basic usability because of some BOFH is under the impression that it will improve security (it wont; there are plenty of ways round these things) is a big nono and just pisses off the technically competent and confuses the incompetent even further.

Re:Who? What?

[ISoldat53]

This used to be a trusted site.

Re:Who? What?

[19thNervousBreakdown]

Unless of course you search for it on Google, Bing, or Yahoo, or probably any other search engine, in which case it's the first result. And, unless you actually read the page you're downloading from, which states "The official PuTTY web page is still where it has always been: http://www.chiark.greenend.org.uk/~sgtatham/putty/"

Unless you don't know what PuTTY is, you'd almost have to try to download it from the wrong place.

Re:Who? What?

[X0563511]

Yea, the userdir really makes you feel warm and safe about the URL.

Re:Who? What?

[X0563511]

So, why would I read a book about motorcycle maintenance when I have little interest in motorcycles or the maintenance of internal combustion engines (and associated machinery)?

Re:Who? What?

[symbolset]

When was that? I don't remember that.

Re:Who? What?

[lucm]

So, why would I read a book about motorcycle maintenance when I have little interest in motorcycles or the maintenance of internal combustion engines (and associated machinery)?

If you read the book you will actually be able to answer this question...

Re:Who? What?

[guruevi]

How about putty.be

Easy to remember and afaik always authentic

Re:Who? What?

[bcmm]

Just last week my dad screwed up doing just this. Searched for "download VLC", clicked the first link on Google (sponsered link, not a search result), got several toolbars.

Re:Who? What?

What sort of person does this?

CNet is considered to be a reliable source for distributeables. They're a relatively well trusted company, and up until now never gave anyone a reason to think otherwise. My question is, how many unsuspecting users are installing nmap who don't know they should opt out of extra "features" bundled with any installer?

trust

It takes years to earn trust. It takes only one event like this to destroy said trust for good. Up to a year ago, I used download.com where they always proclaimed "Spyware free" etc... That trust has been erased and I will never go back to that site. But really, after they began doing the indirect download using their own downloader, that turned me off right then and there and I stopped about a year ago.

Re:trust

[leenks]

Shame you started that with Sarah Palin. Nobody with a brain ever trusted that monster - at least on this side of the pond (we were actually quite scared of her in fact).

Re:trust

[19thNervousBreakdown]

Scared of Sarah Palin? But she has to be elected to be any kind of a threat. What do you think we are, idio...

Yeah. Okay.

One option I think?

They could have donated a chunk of whatever profits they generated back into the project. Or put a big blinking sign saying this is open source software, etc.

Too little.

[Capt.DrumkenBum]

Too late.
They should not have done it in the first place, and I will be looking elsewhere for my downloads.

Re:Too little.

[DarwinSurvivor]

So YOU are the one that actually used that site! Of all the times not to post as AC....

Re:Too little.

[randy+of+the+redwood]

Are there any good freeware / shareware download sites left that are trustworthy?

There was a time when download.com fit this bill. They were early in supporting user ratings so you could tell what was crapware. I guess we get what we pay for though.

Re:Too little.

[malignant_minded]

totally its so hard to find a trustworthy place to download nmap http://nmap.org/dist/nmap-5.51-setup.exe
how about sourceforge?

Re:Too little.

[Capt.DrumkenBum]

The odd time I am dealing with windows and looking for software, a quick google search would often put them at the top of the results. Until they started this crap at least you knew it wasn't virused.
Shear lazyness I admit.
I will from now on taking the extra few moments to fine the original authors site and download from there.

PS: I apologize to geeks everywhere for my lazyness. :)

Re:Too little.

[fafaforza]

bleah, even autors' sites can be traps. Take imgburn for example. Might not be the case right now, but the last time I was downloading, there were no less than 3 download links in various banners to unrelated crapware, some of it going through doubleclick. Windows software has become a complete cesspool.

Re:Too little.

[webheaded]

You do realize that a lot of sites use Download.com as their official download? I usually click whatever link they have as the main one. I'd rather use up Download.com's bandwidth than suck it away from the small little developer site. I'll definitely be avoiding them like the plague now though. This is just ridiculous.

Re:Too little.

[DarwinSurvivor]

http://www.sourceforge.net/
http://www.portableapps.com/
http://www.freshports.org/
http://www.getdeb.net/

Or just man up and install linux and use the repositories. Failing that, go to the program's WEBSITE and download it there like you are SUPPOSED to!

Re:Too little.

[DarwinSurvivor]

Why the hell are you installing software written by someone that uses crapware banners?!?

Re:Glad I haven't.... Sorry I had...

[moichido]

... downloaded from CNet for my first time ever. I got the blasted toolbar, converted to Bing and had random background audio advertising to me.

I used them because I had a good impression of CNet. Bad choice.

Safe, Trusted, and Spyware-Free...

[davegaramond]

Waiting for their tagline to change to "Safe, Trusted, and We Apologize For Spyware"

Re:Glad I haven't.... Sorry I had...

I used them because I had a good impression of CNet. Bad choice.

The giveaway as to their true nature is the fact that their name is an anagram of.... oh, er, actually it's only an anagram of "cent". Sorry about that folks

Near enough, though.

Plus, I don't want them changing their name to CNut to make my poor joke fit, as someone else already has that name. Anyway- CNet....What a bunch of 'King Cnuts.

False positive and false negatives

[Skywings]

While it is good to see a detected false positive rectified it is a situation that should not have happened in the first place. When governments tread down the dangerous road of censorship it is better to err on the side of false negatives than false positives. False negatives do not hurt anyone if the rate is low enough but a false positive can generate much notoriety for the government. It makes the government seem unusually cruel and overbearing and gives the impression they are trying to exert tight and almost claustrophobic control over the population. Erring the other way can make a government appear more benevolent and will appear to be looking out for the best interest of the people and so what if they miss a few, the government is trying its best.

Android people seem to think this is just fine.

Android people seem to think this is just fine there are so many parasites making money off the hard work of others. (So much so that basically the only clean place is FDRoid

Since it is mentioned prior to installing it

[koan]

Should you be using Nmap if you can't pay enough attention to opt out of installing a toolbar?

Re:Since it is mentioned prior to installing it

Should you use nmap if you don't want fyodor to hack your computer?

Re:Since it is mentioned prior to installing it

Really...

Are you saying that you NEVER post or sent an email by accident? You have never clicked a mouse reflective? Do you read all the fine print in your credit card statements and bank statements? Do you read the legalese in every piece of software that you install?

The person may not have the attention to detail that they need.... OR they made a mistake.

Re:Since it is mentioned prior to installing it

[fafaforza]

Or you still have a slight amount of reverence for a CNet site and might click through the prompts, trusting the source. Not cool to have such a trick played on you.

Re:Since it is mentioned prior to installing it

[Patch86]

As a long time user of Windows software, I can tell you now that I ALWAYS read the installer screens before clicking "next". Everything short of the EULA.

The number of "click here to not install our toolbar", "click here to not be added to our permanent email mailing list", "click here not to upgrade to our premium prescription package" tick boxes is always depressing.

Re:Since it is mentioned prior to installing it

[koan]

Really...

Are you saying that you NEVER post or sent an email by accident?

I start before that point, I don't write anything I wouldn't be OK sending.

You have never clicked a mouse reflective?

Reflexively? Yes but not during an install, which goes back to my pay attention point.

 

Do you read all the fine print in your credit card statements and bank statements?

Yes.
   

Do you read the legalese in every piece of software that you install?

The person may not have the attention to detail that they need.... OR they made a mistake.

No I don't read EULA's, and not paying attention is what creates mistakes, so back to my original point "pay attention".

Re:Since it is mentioned prior to installing it

[koan]

I don't think using the word "reverence" when speaking about a web site is the correct way to go, maybe "trust" but not reverence.

Half-assed apology

[TSHTF]

What a half assed apology. They didn't apologize for fucking up, but instead the unrest they caused.

The bundling of this software was a mistake on our part and we apologize to the user and developer communities for the unrest it caused.

Re:Half-assed apology

they disturbed the internet eh?

DMCA Takedown anyone?

[sconeu]

Or if PIPA or SPA were law, he could have tried to seize the domain "download.com"

Re:DMCA Takedown anyone?

[alexo]

Or if PIPA or SPA were law, he could have tried to seize the domain "download.com"

The notion that the same laws apply to both the lords and the serfs is quaint but misguided.

Optional

[Hentes]

If it's optional, what's the problem?

Re:Optional

[Robert+Zenz]

The Nmap-License specifically disallows bundling Nmap into a proprietary installer. So Download.com violated the Nmap-License.

Time for litigation

[Animats]

This is where he should sue CNet for slander of trademark, and tortious interference with business relations.

It won't happen again!

[s.petry]

Until the next time we need a bonus anyway...

A CBS Subsidiary?

CNET is a CBS Subsidiary? I've lost all respect for them.

Typical corporate mindset...

[Hamsterdan]

They're not sorry about the bundled *extras*, they're sorry they *got caught*...

Re:Typical corporate mindset...

[sys_mast]

Lately it's been acceptable to apologize for being caught.

For reference see the NFL: http://msn.foxsports.com/nfl/story/ndamukong-suh-ejected-detroit-lions-green-bay-packers-112411

''I want to apologize to my teammates, my coaches and my true fans for allowing the refs to have an opportunity to take me out of this game,'' Suh said

Re:Typical corporate mindset...

[paladinsama]

They announced in July that downloads would include an installer, and that such installer was going to include "offers for other software" (i.e. Ads)
https://upload.cnet.com/8301-21_5-20084419-9978525.html?part=rss&tag=feed&subj=DownloadProductReview
The next time I downloaded something I noticed such thing and decided to stop downloading anything from Cnet (and I guess a lot of people did too), so I think this is hardly something to be called "they got caught" as it was in the plain view of everybody.
 

Re:Typical corporate mindset...

[Hamsterdan]

And they're betting it on 'people never read the small print' (which should be illegal IMHO, as EULAs)

But it's way from the first corporation that got caught its pants down while trying to skirt the law (or ethics)

Re:Typical corporate mindset...

[Hamsterdan]

*And they're betting it on 'people never read the small print' (which should be illegal IMHO, as EULAs)*

Replying to myself here, /. doesn't want me to edit my posts...

That's why people get to pay 400$/month for a car that is advertised for 169/month. That's just a slimy behavior.

Do they have to use ...

... such slimy tactics to advocate for Bing? Is it that bad?

Agreed - Where else should we go for downloads?

[billstewart]

Cnet and download.com used to be the site I trusted for downloading software, given their consistently good business practices and the number of other sites that included malware, spyware, and/or bloatware along with their downloads. Obviously I still trust Sourceforge, Ubuntu apt-get, and the download sites that various other projects provide for their own code, but for Windows software, download.com used to be the place to go.

So are there other sites that have good collections of Windows software and are reasonably trustable?

Re:Agreed - Where else should we go for downloads?

[thexile]

Filehippo.com

add on software

I would never download nmap from download.com but this happens all the time.
adobe reader comes with google toolbar or mcafee anti-virus
My Windows laptop came preloaded with Symantec toolbar.
WhatMeWorry!

precisely that

[unity100]

Making a farmer or teacher responsible for their share in a company they invested partly in for retirement is going too far. They lack the sophistication and access to resources to truly assess risk.

we are allowing people to reap benefits from things they cannot understand, fathom or use. and naturally, we are not holding them responsible from what they can not comprehend.

waiver of responsibility. no different from having to slap warnings against putting your cat in the oven on appliances. people dumber than the minimum requirement of systems and technologies we have in our modern day are using them.

long story short - whomever invests in something should be responsible with their investment. this may kill capitalism ? oh well.

Re:precisely that

[EdIII]

Your position is not reasonable.

It's like holding the landlord responsible if the tenant murders somebody on the property. Is it reasonable to assume that the landlord would have known about the murder to take place, assuming it is premeditated? Is it reasonable to assume responsibility for crimes of passion?

No small unaccredited investor purchases stock in a company expecting it to perform fraud, and you cannot reasonably hold them accountable for actions that are essentially unknowable.

Your solution raises the barrier to entry for stock ownership so high that only accredited investors and investment gateways (Wall Street investment firms) could meet them.

It will kill capitalism, which is your intent.

Either provide a reasonable solution, like holding the executives and board members personally and criminally liable for fraud, or just admit you want to replace capitalism and the stock market entirely.

Sorry, your position is just not reasonable in any way, shape, or form. Your analogies are false. There is a difference between personal responsibility with a hot coffee cup and indirect fraudulent actions that you have no way of knowing. If the average person did, then so would the authorities, and it would be stopped.

   

Re:precisely that

[unity100]

It's like holding the landlord responsible if the tenant murders somebody on the property. Is it reasonable to assume that the landlord would have known about the murder to take place, assuming it is premeditated? Is it reasonable to assume responsibility for crimes of passion?

landlord is responsible with whom he leases the land to. definition of being a landlord includes performing landlord duties and shouldering its responsibilities. this includes assessing, getting to know, and following up with tenants.

otherwise, there would be nothing barring landlords from continually leasing their land to murderers who would pay higher. just like how shareholders do with corporations.

Re:precisely that

[EdIII]

What are you smoking?

The landlord is not criminally or civilly liable for anything you said. Since when is it the landlord's duty to make sure the husband does not shoot his wife? How would that be accomplished anyways?

Continually leasing their land to murderers? How the heck would they know?!

LOL

Dude... seriously.... put the pipe down.

Re:precisely that

[unity100]

The landlord is not

yes they are not. i didnt say they WERE. i say, they SHOULD BE.

else, landlords just keeping renting their land to the highest bidder, regardless of what they do. just like bp, lockheed, haliburton, intel et al.

Re:precisely that

[EdIII]

yes they are not. i didnt say they WERE. i say, they SHOULD BE.

Well you said...

landlord is responsible

You need to get together with President Clinton and have a lively discussion about the definition of the word "is".

In any case, your just nuts. Not trying to flame you, but you are just nuts. You're holding people responsible for actions they should not logically be held responsible for. Your analogies, which you strongly assert as reasonable, don't have anything to do with corporate responsibility.

Try saying those crazy things over a loud speaker in the park. I don't think I am the only one that will look at you strangely.

Up the dosage buddy.

Re:precisely that

It will kill capitalism, which is your intent.

Quick!! Tell the OWS people how to kill capitalism!! :)

Re:precisely that

[sydneyfong]

To be fair, there's actually multiple levels of responsibilities the law can impose on a person.

From the strictest:
- Strict liability: whenever something goes wrong, you're liable, no matter your actions or intentions.
- Negligence: liable if you've failed to do enough to prevent it from happening
- Gross negligence: liable if you've fucked up badly and caused/allowed it to happen.
- Knowledge required: you're liable only if you knew it will happen
- Intentional: liable only if you intentionally did something to make it happen

Between these shades of responsibility, I do think a shift to a stricter one can be contemplated, I think we're currently only making them liable if knowledge of the wrongdoing can be proved, but I do think some forms of liability on the negligence level should be imposed.

Re:precisely that

[EdIII]

Aptly put.

I never argued that there should be more liability and less protections for executives in corporations. Quit the contrary actually. The landlord analogy is insane because you are holding them strictly liable for all actions of the tenant. For a landlord to be truly negligent they would need to know. Murder is ridiculous, but crack house or meth lab.... might not be so much. Bimonthly inspections that just involve a cursory look through the property would not be unreasonable and are permissible in every rental/lease contract I have seen.

As for the executives and board members I absolutely agree that corporate person hood should not shield executives that meet your standards for negligence, gross negligence, knowledge required, and intentional. Treat them like everybody else. They still performed the act, only used the corporation as a vehicle for their actions. Ironically enough, we have laws for vehicular homicide and negligence for literal vehicles too.

My objection is providing strict liability to the investors. That is unreasonable period. Intentional and knowledge required indicates a conspiracy or aiding & abetting. No excuse for that. Gross negligence does not sound possible in an investor/stock holder context.

Negligence and Knowledge required are where it gets unreasonable to the investors because then it requires investors, even accredited investors, to perform ongoing audits that would be too resource intensive and impractical. It might not even be possible if the executives are actively attempting to hide their activities and falsifying records.

Especially so for somebody that owns a minuscule amount of stock in Exxon. Somebody needs to explain to me how Ma & Pa Johnson on a farm in Kansas could really know that the Valdez incident was about to happen or could have prevented it. Billing them for cleanup and reparations does not sound like a logical and reasoned position to take.

Re:precisely that

[Whibla]

The purpose of the markets is to match people who have surplus capital with those (allowing for the dubious state of companies as people) who have need of it. The lower the barrier to market entry the more readily available capital becomes, allowing companies to access it and use it, hopefully productively. Now, the majority of investors are already likely to carry out some form of oversight before directly investing in a company, through the purchase of shares or what have you, and while most of this oversight is likely to be financially directed - is this a good investment, am I likely to financially profit from this exchange - many people also already include an ethical element to their investment decisions - are the company's business practices reputed to harm the environment, do they manufacture 'bad' (tm) things. Holding individual investors to a higher level of oversight and responsibilty than this is not only not practical it would directly damage the main advantage of a free market, namely the free flows of capital.

As a side note, there is a huge difference between the idea of the (free) market and capitalism per se. Conflating the two does not help in clarifying specific objections to one or the other.

One 'direct' example of the market in action is your bank. You put your savings in the bank, (originally) on the assumption that you will see a small return on that capital, in the form of interest, and the bank, acting as a middle man / broker, lends that money to someone that needs it. This is both a purer form of matching lender to borrower and a more remote one in the fact that you as the lender have no direct say as to the destination of your 'loan'. You are of course free to chose your bank, but, in this day and age the only sure way of ensuring your bank is ethical would be, amongst many other things, if they do not engage in any counter party trades, do not sell stocks and shares isa's, and own no share portfolio of their own. I'm not sure if that would make for a financially viable business as a bank, or merely make them a credit union with a severely restricted remit. Anyway, I get away from the point I was trying to make...

long story short - whomever invests in something should be responsible with their investment.

I'm going to assume you have a bank account. Are you claiming (partial) responsibility for the millions of people who lost their homes / livelihoods / sanity in the recent debacle with the selling, mis-selling, and reselling of sub-prime mortgages? After all, it was your money that was lent to these people that allowed them to buy their homes in the first place, even if they were mis-sold. If so, what penalty should be exacted on you for this crime (and as far as 'evil' acts go this was as large a crime against humanity as any other I can think of in western so called democracies in recent times)? And if not, why not...why are you not being held resposible and accountable for the evils done with your money?

Re:precisely that

[oreaq]

Being responsible for all your action including investments in criminal companies and being held accountable for them does not kill capitalism. It is in fact one of the core principles that make capitalism work. Take a look at Polanyi's work for examples on how the spontaneous order of the market breaks down without it in theory; take a look at the America's current economy on how it breaks down in practice.

It will however kill the kleptocracy that the feeble-minded like to call capitalism.

Re:precisely that

[langelgjm]

I am not an institutional investor, a professional investor, a financial advisor, or a banker. I'm just a person with enough sense and foresight to be saving for retirement. Are you proposing that I be liable for the actions of every company I invest in? Say I purchase 5 shares of IBM, do I thereby become responsible for knowing everything that IBM is going to do in every country? How exactly am I supposed to know this? By flying to shareholder meetings with the $25 in dividends I might make in a year?

Come on. What you're proposing is not impossible, but it would severely limit the willingness of people to invest in any business they don't intimately know (and even then, they still might not). It also would raise the risk (and thus the price) of any financial services you might purchase from someone else (assuming you want to hold the financial advisor responsible). How am I going to get anyone to help me pick investments if they will be held responsible when something goes wrong at one of those companies?

I understand the desire to promote more knowledgeable investing, but what you're proposing would probably eliminate investing as a feasible option for everyone except the very wealthy, who have insider knowledge of the deals they will make, and can afford to buy lawyers for when things go wrong.

Re:precisely that

I'm not military, or very old... so I'm sure there exist /. people have more experience than me.

But I've lived, or planned to live (to the point of getting the contract in my hands and reading) in five states and about a dozen leases mixed between apartments and homes.

Not *one* of them has permitted bi-monthly inspections. Most had an annual inspection. One had a six month inspection.

Now--they do permit entering with 24 hour notice for maintenance (save in emergency...e.g. pipe burst).

I dunno, maybe you're in one of the big states/big cities... but I don't think you should be assuming a bi-monthly intrusion is the standard... I guess I'm running into anecdotal territory here... but at least in the communities I've resided--this is not the standard, and I rather don't think you should be claiming it is.

Re:precisely that

[WorBlux]

Fraud is pretty much the only reason (beside criminal corruption) the corporate veil is broken nowadays, but only against those who were complicit.
However let's examine more common cases, simple debt and negligence. Anyone who invests no matter who small knows or should know that insolvency is a risk of doing business. (However this is a risk that can be spread and mitigated) Liability for negligence usually follows and agent-principal relationship, even when no fault is displayed on the part of the principle. For example an employer is liable for all negligent acts (or inaction) of employees during the course of their employment. (However this has not prevented employment from occurring, as negligence is an insurable and sometimes waivable risk.)
There are of course costs for doing this, but the costs are there no matter what. It's just the internalization of the costs rather than externalizing them.
There is a flaw in the logic that says such a scheme would destroy the market for capital. If the risk is manageable and "worth it" (pays out more than it costs) then shifting the costs to those who benefit most from them only makes sense. Why should non-investors bear the risks of investors? While you ostensibly speak on behalf of capital and markets, you fail to place any faith in their ability to manage mundane risks.

Re:precisely that

[WorBlux]

"How exactly am I supposed to know this? By flying to shareholder meetings with the $25 in dividends I might make in a year?" Pay a portion of the dividend or stock price to an insurer, let those anal-retentive actuarial types worry about quantifying the risks.

Re:precisely that

[WorBlux]

Using legal privileges to foist external costs on the public at large damages the main advantage of the free markets, while a slightly higher direct price upon some forms of capital does not. The main advantage of the free market is that it is a process of creative destruction that continually allocates resources to uses that are more and more valued. Unchecked externalaties interfere and thwart this process, and disproportionately benefit those who have shirked those costs. Good economic analysis involves looking at both the seen and unseen.

Bank accounts are actually set up as trusts, not as a claim on a proportion of assets or a say in management. Credit Unions where there is such a claim by account holders, have by and large avoided the whole sub-prime fiasco.

Re:precisely that

[EdIII]

I understand the desire to promote more knowledgeable investing, but what you're proposing would probably eliminate investing as a feasible option for everyone except the very wealthy, who have insider knowledge of the deals they will make, and can afford to buy lawyers for when things go wrong.

You're wrong about that. It's worse.

Not all investment comes from Wall Street in public offerings.

In private offerings, that can still go through brokerages soliciting accredited investors, often involve limited partnership agreements. That is important. It specifically limits liability which is what wealthy people seeking passive income try to do. As a limited partner you have to be careful about even calling the company up and asking too many pointed questions because it change your status from a limited partner to a general partner. Once in court the executive could be forced to admit, "Yes. I had several conversations with Bob over the Atkinson deal in Canada".

If you remove the protections of a limited partnership agreement, which involves no stock ownership through revenue sharing agreements, then wealthy people will be *much* more reluctant because the risk is so much greater.

The only way to mitigate such risk is to *be* a general partner. Now as a wealthy investor my risk is not just 100% of my money, but whatever actions the executives are performing. That's a 2nd job in addition to the company, practice, firm that I may be working 12 hours a day in right now.

Holding investors strictly liable for all actions of the executives creates a burden, that quite frankly, will be insurmountable. All you will have left is direct partnerships that preclude the possibility of really wealthy investors participating in multiple and diverse investment portfolios.

Great. Now we have even more "dead" money. Wealthy people will just place their money with a bank.... unless the proposal says that is an investment too. So no returns on that unless you want to accept liability.

I hate short term thinking, but taking it this far just means that there will be nearly non-existent abilities to raise capital for small and medium size businesses.

It's a burden that is not logical or viable.

Look, I am a big boy, and I can accept that I can lose 100% of my money. ALL offerings will disclose that. What I cannot accept is that I might be at risk to 1000% (or far more) of my investment in ways that I cannot control (contractually or directly).

nmap on Microsoft Windows?

[leadfoot]

nmap on Windows?

remember that scene in Scanners?
.
.
.

The criminal Fyodor?

[Khyber]

The very one that's managed to break the law and get away with it after essentially admitting to it?

Yea, I don't trust his software anyways so no big loss for me.

Re:The criminal Fyodor?

[bcmm]

You could examine the source, or trust the hundreds of other people who have done so.
You don't need to trust Fyodor. That's sort of the point of open source.

Re:The criminal Fyodor?

[Khyber]

And you think those other people writing fixes aren't inserting their own shit into the code?

Oh please.

One person can go "check this out!" and have a bunch of other friends go "This is awesome!" and suddenly everyone TRUSTS them and blindly executes code that begins to fuck their system.

Social engineering - it's more dangerous than you think.

OR Genius plan....

Annoy users, users then download from alternative site(s), CNet bandwidth costs go down....

Annoy developers, developers start hosting files at alternative site(s), CNet save on hard drive space.... costs go down due less hard drive space during this HDD crisis. (I hear the SAS / SCSI drives cost at least 20x more than our crappy little SATA drives ... almost the price of a small car).

These people are smarter than we know guys .... I will join this great business plan, who's with me.

SAVE download.com .... save the net....

Removed

[Ark42]

Glad I removed all my downloads from cnet a few years back. I was really getting pissed at them for hosting my files, after explicitly telling them they were not authorized to, and could only link to the download on my website. Yet they kept changing the links back and distributing my software with no rights to do so.

They're largely irrelevant now thanks to Google, so I didn't miss much. They like to think they're important and matter, but they're really no different than any other PAD-file-generated spam site that auto-awards 5 stars to everything you submit.

am i alone in thinking..

[jmb1990]

..that they wouldn't have apologized if they didn't get caught.

And the profits?

[bcmm]

No mention of what happens to the money they made so far on this scam, I see.

CNet is lying...

[Stumbles]

Scroll down to the update section: http://insecure.org/news/download-com-fiasco.html

PIPA + SPA + GPL = awesome!

imagine if you could takeover microsoft.com because they violated GPL in some little tiny add-on program.

imagine no more! now with the new draconian copyright protection law, people who write GPL software have the Justice Department at their beck and call to do takeovers, seizures, and 'asset recovery' of those allegedly filthy alleged pirates who allegedly violate the copyright law - namely, Microsoft, Apple, Cisco, Deibold, &c.

Remember, there's no need for proof or evidence. Just tell the DOJ you think they are pirating, and that's it! 100% Pure Awesome.

Thanks lobbyists!

Sorry

[residieu]

We're sorry we got caught.

So long

[alphred]

No reason to put up with crap like this. I blocked to domains cnet.com and download.com from my network. Problem solved.

Keep Fighting These Crooked Sites.

Keep up the fight! You are absolutely right and they need to stop doing what they are doing or we need to educate the public that they have become a pariah.

Far too many "trusted" brands are pulling deceptive crap like this. As well as the various download sites, speedtest.net is another that immediately comes to mind. Having established themselves as a reliable provider of a valuable service, they now hide the testing links by providing large buttons that imply or outright claim to be the desired link but instead install or offer malware.

No Need to Apologize

[xednieht]

Screw me once shame on you, screw me twice shame on you. I stopped using the shitty service after the first time this happened. People who still use anything from Cnet are as stupid as people who still have accounts at Bank of America.

Any consider maybe it was just a screw up?

[bryan1945]

Sure, maybe farfetched considering how it worked, but maybe it was just some type of error. Wouldn't rank on my top 100 of weird shit that's happened to me.
And no, I don't work for CNet or whoever. (Hell, I don't even have a job right now.)

Sorry...

"We're sorry we got caught doing bad unethical things ... and we'll be just as sorry the next time we get caught doing the same thing six months from now."