I was pointing out the hypocrisy of saying that the trolls win simply because you take some measures to avoid them.
You didn't point that out. You used a poor analogy. Because most people would consider burning a Koran on TV to be trolling itself, rather than a normal, everyday thing that people do until they are themselves trolled.
I didn't start with the extreme IF/THEN logic.
Umm, yes, you did. The trolls are looking to cause a behavior change, so yes, they have "won" if they cause it. You didn't refute that. Instead, you gave a very poor, extreme "Because you are so concerned about getting beheaded by some crazy person that you wouldn't dare burn a silly book." when nobody who is not themselves trolling wants to publicly burn such a book.
The other party in this discussion said if I change my behavior in any way to avoid the trolls it has a chilling effect and the trolls win. that's just bullshit.
It's not bullshit if your original behavior wasn't something that a normal human being would not consider incendiary. It probably is bullshit if your normal behavior is to burn books on TV for the lulz.
Next issue. This is boring.
Yeah, I get it. You've had your say. And so have I.
... and you "do your best to avoid being a target", they've won.
Really? Then burn a Koran on national TV right now...
Oh wait... then the extremist muslims have won. Because you are so concerned about getting beheaded by some crazy person that you wouldn't dare burn a silly book.
Judging from the rest of your comment, you probably didn't mean this, but this makes it look like, from your viewpoint, the only alternative to "doing your best to not be a target" is "doing your best to be a target."
It is all about how you say things and where you say them. Take any dumb position you like and it won't automatically get a response from the trolls.
To some extent you're right. If you're rambling over in the corner and nobody notices you, you're good. But if you have something useful to say and a forum where you can get noticed, you will definitely be noticed by people who don't like what you say, and if they happen to be trolls, they will troll you.
Google Search exists to help people find what they're looking for,
There's your problem, right there. Google exists to make money. They do this by doing a good enough job to make most people use them first for search. If you think that google exists to make your job as a website administrator easier, then you've got a huge sense of misplaced entitlement.
and you're saying it's our job to tell Google how to help people find our site?
There seems to be a bit of projection going on here -- you're getting on my case for not reading what I wrote, then turning around and claiming I wrote things that I didn't.
But even though I never wrote that, if it's your job to help your customers find your site, and a lot of your customers are miffed (and complaining, and defecting and/or wasting your time) because they can't find you through google, then (assuming 2+2 still equals 4) yes, of course, it behooves you to spend a bit of time to understand google's crawler well enough to make sure that google dumps your customers on the page you'd like to see them on.
For example, if it were my site, the very first thing I would do is check to make sure that I didn't have a misconfigured robots.txt anywhere in the search path. Then I would figure out what, if anything, google is actually serving from that site (using the site: option in the search), and then I would google (yes, the devil!) for SEO techniques for my exact situation. Finally, if I figured out that google really did have difficulty reconciling two different email web pages for the same domain, then I would probably chalk it up to competence, rather than incompetence -- on a web host, figuring out the primary webmail portal and always directing to that could probably cut down on a lot of phishing attacks -- and then either unify the webmail portals, or put a link from one to the other, or separate the domains, or anything else that was required to prove to google that my second webportal wasn't just a phishing site.
But since you're entitled to google doing all your shit for you even though you're not paying them to babysit your customers, you probably can't be bothered to do any of that stuff.
If people want to find our web mail portal they can come to the website we print on their damn bill, or they can call and ask us how to get to it.
That's a perfectly lovely attitude, and I wish you and your company all the success in life you both deserve.
Or did they interview women who were still in the field?
Interviewing disgruntled people will certainly tell you why they think they are disgruntled, but most of the I know manage to be disgruntled no matter what.
What if it hadn't been the same company? What if it was a phishing site?
Google's actually pretty darn good about warning about phishing. Which means that the usual warning you get from them is extremely helpful, especially in comparison to the complete lack of warning you would ever get from typing raw URLs into the browser.
All these people who thought they had reached the right destination
Why should google cater to companies that are so technically backward that they can't figure out how to unify their email portals?
If I were one of your company's customers, I would rightfully be blaming you, not google, for your inability to make google understand how I should get to my email.
Maybe but Google is no more at fault for that than the phone companies are for texting while driving.
This is damning with faint praise.
Phone texting is the direct descendant of phone conversations.
Do you realize how much hard technical work went into making cell-tower handoff work seamlessly at highway speeds? Do you think the phone companies did that merely to capture revenue from the conversations the passengers were having?
I sincerely doubt the exploit was merely hypothetical, but I know for a fact that that's exactly the sort of thinking that leads to real exploits.
Who cares? It was real, not hypothetical.
"Pics or it didn't happen" is a cute saying that has no bearing on reality. Are you from that generation? Any security expert will tell you that an 18 month unpatched hole like the Apple one is, in fact, a huge deal.
Speaking of pics, it's my understanding that more of those surfaced recently from iCloud.
Never remotely said that
Who never remotely said that? The original post I was responding to was from macs4all -- are you him? His argument was essentially that your data is safer with Apple, ostensibly because of their privacy policy, and that their business model is the perfect one because everybody is tired of being data-mined, so Apple is who you should trust your data with.
That's a bit disingenuous -- if you read more of the articles about the Apple bug, you will find insiders that claim, basically, that it was bound to happen, because of the culture inside Apple.
Look I don't care whether or not you believe that at some point enough anecdotes stacked end to end amount to data.
But I still think it's stupid to say Apple is incented to do a better job with your data. Google absolutely needs people to be able to trust the internet, and AFAICT, it is in their DNA to take this seriously and to work hard to try to find and report flaws in, e.g. Apple's browser, as well as in their own stuff, because if enough Apple users stop doing stuff online, yes, google will be hurting.
Apple absolutely needs this trust too, in order to have the market keep growing. But they weren't born an internet company, and although they are learning, IMHO, their security is nowhere near as mature as Google's.
My point is a bunch of anecdotes don't make an argument
Which is obviously why you keep focusing on the anecdotes and ignoring, e.g. the study I pointed to, which says, for the typical user using applications from the exact same well-known companies, more data gets leaked on Apple than on google.
Which says it's not just their security model. I would say that Apple is still learning about how to use data properly, Facebook and linkedin are focused on exactly how far they can go, and google has internalized some sort of compromise on data handling that nobody who uses Facebook should bat an eyelash at, and that even a lot of people who hate facebook can accept.
More to the point, google actually tries to apply this consistently as much as possible, which only nets them grief because of their universal privacy policy.
Apple's privacy policy may be "better" than google's in some theoretical fashion, but if more user data is leaked via iOS apps than Android apps, how is that better in the real world for a typical phone user?
The blaze was just the first one that came up when I searched on terms I remembered from last winter.
You can easily google for it on lots of other sites, but you knew that right? We may never know if it was exploited, but it was certainly extremely easy to exploit, so it doesn't fall anywhere near the realm of a "hypothetical" bug.
As far as google serving up ads with malware, (a) that didn't go on for 18 months, and (b) while I don't condone javascript in ads (or ever have this enabled), this is actually, generally, a lot safer than it used to be. This particular malware, which made the news precisely because it is rare for google to serve malware, requires either an ancient flash install or an unpatched XP/IE installation, in order to infect a system.
Trying to serve others' javascript safely is a much more complex problem than implementing SSL correctly, and that this attack for ancient systems went on for half-a-month, while Apple's exploit for all current iOS systems was available for 18 months, may not be making the point you think it is.
cherry picking is not a good argument
No, much better to make blanket assertions that Apple handles data better because that isn't its business (which is the original assertion that I was responding to).
Those examples were just that -- examples. Did you bother to read the link I gave about how apps from the same companies leak more user data on Apple than on Android?
Well, you can read all the headline news about how all the malware is on Android because Apple keeps it off of iWhatever, or you can try to figure out which system is better for the stuff you're actually going to use:
You can read the false equivalence narrative about how both Apple and google suffered data breaches recently, or you could use your brain and realize that you have seen evidence that it's pretty easy to get "private" stuff out of Apple's cloud, but there's not much evidence of getting it out of google's cloud:
You can read about how Apple is going to revolutionize payments, or you can read some of the user stories here about how people have been using google for payments for a long time with no problems, and you might think about how, even a few months ago, Apple had a major https problem:
And finally, you can ooh and aah about how iOS is now encrypting everything in a way that only the user can decrypt it "unlike [Apple's] competitors" and google is playing catchup, or you can dig deeper and find out that this has been an option on Android for three years, and all google has to do to match Apple is turn it on by default. (They probably had it off by default simply so Apple wouldn't be beating them in storage benchmarks.)
So you actually approve of a Business Model based on Tracking (and Selling) your every online move?
Now I have to ask you for a citation. Google targets ads to you, but AFAIK, unlike, say, Facebook, they don't actually sell your data directly to others. That's because, believe it or not, it is precious to them. Whether or not I approve the business model is immaterial, but I reject the premise that Apple is capable of handling data better because their business isn't based on handling data. Seriously, doesn't that sound like a stupid claim?
...and people think Apple aficionados are delusional???
That's only because enough of them are that it's a thing.
such that every software patent would be viewed by most programmers as describing something novel that advanced the state of the art...
I wouldn't have a problem with that.
But that seems unlikely. The system is out of control, and the societal costs of bad patents are both huge and unfairly distributed.
Since lots of great software was written before it was patentable, there is no reason to believe that patents are necessary to help create good software.
Since lots of great open source software is still being written now, there is still no reason to believe this.
So we have a system that provably isn't needed, and that provably causes great harm in some cases. The best fix for such a situation is a wooden stake to the heart.
Dudes and gals who get their panties in a bunch about corporations "controlling" open source will steer clear, while people passionate about open source and looking for an employer might take a closer look.
Maybe. If I'm in front and want to lean back a little, and feel some resistance, I'll just say "excuse me", pull forward as far as I can, and then jam it back hard and fast enough to fuck up your kneecap.
I'll reiterate my main point, and then you can keep arguing if you want.
From what I read, several national, well-respected print and web publications have reached out to the original sheriff for clarification, and he has said squat.
If we misunderstand what he's saying, it's his own damn fault.
How the heck does it matter if Apple works with elcomsoft or not? If reverse-engineering a protocol is all it takes to jeapordize user's data, it's security-by-obscurity in the best case.
How can we be sure that really is what caught their attention? Can we be sure that this isn't just WBOC16 playing up the only sliver of fact they have?
You're making my point for me. The article didn't say that the sheriff confirmed the answer to a question; it said the sheriff volunteered this information. It appears that most of what we know from this sheriff has to do with the books. Why would he have said anything about them if they weren't perceived to be relevant to the investigation?
There is more information at the Atlantic article now; but it all came from a sheriff in a different county -- this particular sheriff apparently realized he fucked up, and now appears to be maintaining radio silence.
Dr. K.S. Voltaer is better known by some in Dorchester County as Patrick McLaw, or even Patrick Beale. Not only was he a teacher at Mace's Lane Middle School in Cambridge, but according to Dorchester Sheriff James Phillips, McLaw is also the author of two books: "The Insurrectionist" and its sequel, "Lillith's Heir."
OK, WTF do (did) the books have to do with it? It's not McLaw's fault or my fault that I think the police might have arrested him over the books -- it's obviously the police's fault I think that. And it's also their fault that they have a lot of credibility to recover, and saying that it's not about the books rings hollow.
Also, note the careful phrasing -- it didn't start or end with the books, and the books are not a focus now. So, at one point they were obviously the focus, and merited enough focus to be the only thing that was disclosed to the news organizations.
Since all the authorities have apparently chosen to share is that he had the temerity to write scary fiction while teaching, we should assume that's what happened until they tell us otherwise.
It's not a bad thing that this assumption may be completely unfair to the authorities, because we should always be pressuring them to be more transparent.
The code is not produced by a charity; it is produced by a business. From the perspective of a business, the GPL is a marketing tool -- a great marketing tool. "Here's the source; try it out! Talk to others who are using it! Just contact us if you want to merge it with your proprietary code and make money!"
Any business can use the GPL this way, and many have. Just because a business uses the GPL does not mean that their politics align with the FSF.
You don't absolutely need a lawyer, but you do have to read the docs carefully and structure your answers carefully to give them what they need. If you are incapable of this, then, yes, you should get a lawyer.
I say this as one who just last year successfully set up a 501(c)3 for a community band, receiving a favorable determination letter, with no request for follow-up, in under 4 calendar months (which included the short government shutdown).
Yes, there is precedent and there are already lots of community bands, but you could say the same thing about software. And it was obvious from reading all the IRS material that it would be quite easy to screw up even a community band application. If I were doing a software 501(c)3, I think I would have been even more careful to stress the things that the IRS was looking for, and might have even told the other board members that we should amend the bylaws and/or do a few other things (like hold educational events or write scholarly treatises or whatever) before submitting the application.
FWIW, I completely disagree with all the people saying "well, duh, it should be a non-profit" because they distribute free software. A lot of for-profit companies distribute free software, too, and the IRS deals with innumerable shysters who try to turn their business into non-profits in all fields of endeavor.
Although, as I said, you do not need to be a lawyer to get through the process, if I had received a request for more information from the IRS for more information, I would have viewed that as a huge red flag that I was on the verge of fucking it up, and would have spent a few hundred dollars on an attorney at that point to try to salvage the $400 that I had to give the IRS for the application.
But obviously, that wasn't the mindset of the people at yorba.
From the yorba foundation blog post:
Some [questions] were odd: "Will any of your directors or employees reside at your facility [i.e. our office]?"
The fact that they found this question odd is ample evidence that they did not try to get into the mindset of the IRS before sending the initial application, and the fact that they apparently still find it odd means that they failed to take the request for more information seriously enough and still weren't trying to get inside the IRS's thinking. Given that, it's not surprising, not news, not corporatism, not david-v-goliath, and certainly not the end of the world for free software as we know it that this particular application was rejected.
Slashdot Mirror
Snapchat's response was "they captured images by violating the TOS".
That's like a bank telling you it's not their fault if you lost money because the bank robber violated their posted TOS.
You didn't point that out. You used a poor analogy. Because most people would consider burning a Koran on TV to be trolling itself, rather than a normal, everyday thing that people do until they are themselves trolled.
Umm, yes, you did. The trolls are looking to cause a behavior change, so yes, they have "won" if they cause it. You didn't refute that. Instead, you gave a very poor, extreme "Because you are so concerned about getting beheaded by some crazy person that you wouldn't dare burn a silly book." when nobody who is not themselves trolling wants to publicly burn such a book.
It's not bullshit if your original behavior wasn't something that a normal human being would not consider incendiary. It probably is bullshit if your normal behavior is to burn books on TV for the lulz.
Yeah, I get it. You've had your say. And so have I.
Judging from the rest of your comment, you probably didn't mean this, but this makes it look like, from your viewpoint, the only alternative to "doing your best to not be a target" is "doing your best to be a target."
To some extent you're right. If you're rambling over in the corner and nobody notices you, you're good. But if you have something useful to say and a forum where you can get noticed, you will definitely be noticed by people who don't like what you say, and if they happen to be trolls, they will troll you.
Admit it -- you didn't expect the German Inquisition!
Why, yes, yes, I did.
There's your problem, right there. Google exists to make money. They do this by doing a good enough job to make most people use them first for search. If you think that google exists to make your job as a website administrator easier, then you've got a huge sense of misplaced entitlement.
There seems to be a bit of projection going on here -- you're getting on my case for not reading what I wrote, then turning around and claiming I wrote things that I didn't.
But even though I never wrote that, if it's your job to help your customers find your site, and a lot of your customers are miffed (and complaining, and defecting and/or wasting your time) because they can't find you through google, then (assuming 2+2 still equals 4) yes, of course, it behooves you to spend a bit of time to understand google's crawler well enough to make sure that google dumps your customers on the page you'd like to see them on.
For example, if it were my site, the very first thing I would do is check to make sure that I didn't have a misconfigured robots.txt anywhere in the search path. Then I would figure out what, if anything, google is actually serving from that site (using the site: option in the search), and then I would google (yes, the devil!) for SEO techniques for my exact situation. Finally, if I figured out that google really did have difficulty reconciling two different email web pages for the same domain, then I would probably chalk it up to competence, rather than incompetence -- on a web host, figuring out the primary webmail portal and always directing to that could probably cut down on a lot of phishing attacks -- and then either unify the webmail portals, or put a link from one to the other, or separate the domains, or anything else that was required to prove to google that my second webportal wasn't just a phishing site.
But since you're entitled to google doing all your shit for you even though you're not paying them to babysit your customers, you probably can't be bothered to do any of that stuff.
That's a perfectly lovely attitude, and I wish you and your company all the success in life you both deserve.
Interviewing disgruntled people will certainly tell you why they think they are disgruntled, but most of the I know manage to be disgruntled no matter what.
Google's actually pretty darn good about warning about phishing. Which means that the usual warning you get from them is extremely helpful, especially in comparison to the complete lack of warning you would ever get from typing raw URLs into the browser.
Why should google cater to companies that are so technically backward that they can't figure out how to unify their email portals?
If I were one of your company's customers, I would rightfully be blaming you, not google, for your inability to make google understand how I should get to my email.
This is damning with faint praise.
Phone texting is the direct descendant of phone conversations.
Do you realize how much hard technical work went into making cell-tower handoff work seamlessly at highway speeds? Do you think the phone companies did that merely to capture revenue from the conversations the passengers were having?
I sincerely doubt the exploit was merely hypothetical, but I know for a fact that that's exactly the sort of thinking that leads to real exploits.
"Pics or it didn't happen" is a cute saying that has no bearing on reality. Are you from that generation? Any security expert will tell you that an 18 month unpatched hole like the Apple one is, in fact, a huge deal.
Speaking of pics, it's my understanding that more of those surfaced recently from iCloud.
Who never remotely said that? The original post I was responding to was from macs4all -- are you him? His argument was essentially that your data is safer with Apple, ostensibly because of their privacy policy, and that their business model is the perfect one because everybody is tired of being data-mined, so Apple is who you should trust your data with.
That's a bit disingenuous -- if you read more of the articles about the Apple bug, you will find insiders that claim, basically, that it was bound to happen, because of the culture inside Apple.
And a couple of months later, it happened again -- Apple patched 26 bugs, each of which could allow remote code execution, and half of those had been reported to them by google.
Look I don't care whether or not you believe that at some point enough anecdotes stacked end to end amount to data.
But I still think it's stupid to say Apple is incented to do a better job with your data. Google absolutely needs people to be able to trust the internet, and AFAICT, it is in their DNA to take this seriously and to work hard to try to find and report flaws in, e.g. Apple's browser, as well as in their own stuff, because if enough Apple users stop doing stuff online, yes, google will be hurting.
Apple absolutely needs this trust too, in order to have the market keep growing. But they weren't born an internet company, and although they are learning, IMHO, their security is nowhere near as mature as Google's.
Which is obviously why you keep focusing on the anecdotes and ignoring, e.g. the study I pointed to, which says, for the typical user using applications from the exact same well-known companies, more data gets leaked on Apple than on google.
Which says it's not just their security model. I would say that Apple is still learning about how to use data properly, Facebook and linkedin are focused on exactly how far they can go, and google has internalized some sort of compromise on data handling that nobody who uses Facebook should bat an eyelash at, and that even a lot of people who hate facebook can accept.
More to the point, google actually tries to apply this consistently as much as possible, which only nets them grief because of their universal privacy policy.
Apple's privacy policy may be "better" than google's in some theoretical fashion, but if more user data is leaked via iOS apps than Android apps, how is that better in the real world for a typical phone user?
You can easily google for it on lots of other sites, but you knew that right? We may never know if it was exploited, but it was certainly extremely easy to exploit, so it doesn't fall anywhere near the realm of a "hypothetical" bug.
As far as google serving up ads with malware, (a) that didn't go on for 18 months, and (b) while I don't condone javascript in ads (or ever have this enabled), this is actually, generally, a lot safer than it used to be. This particular malware, which made the news precisely because it is rare for google to serve malware, requires either an ancient flash install or an unpatched XP/IE installation, in order to infect a system.
Trying to serve others' javascript safely is a much more complex problem than implementing SSL correctly, and that this attack for ancient systems went on for half-a-month, while Apple's exploit for all current iOS systems was available for 18 months, may not be making the point you think it is.
No, much better to make blanket assertions that Apple handles data better because that isn't its business (which is the original assertion that I was responding to).
Those examples were just that -- examples. Did you bother to read the link I gave about how apps from the same companies leak more user data on Apple than on Android?
Well, you can read all the headline news about how all the malware is on Android because Apple keeps it off of iWhatever, or you can try to figure out which system is better for the stuff you're actually going to use:
http://www.sciencedaily.com/releases/2013/10/131011092523.htm
You can read the false equivalence narrative about how both Apple and google suffered data breaches recently, or you could use your brain and realize that you have seen evidence that it's pretty easy to get "private" stuff out of Apple's cloud, but there's not much evidence of getting it out of google's cloud:
http://www.v3.co.uk/v3-uk/news/2364799/google-confirms-five-million-customer-data-dump-but-denies-breach
You can read about how Apple is going to revolutionize payments, or you can read some of the user stories here about how people have been using google for payments for a long time with no problems, and you might think about how, even a few months ago, Apple had a major https problem:
http://www.theblaze.com/stories/2014/02/24/apples-security-breach-should-scare-you-more-than-targets-did/
And finally, you can ooh and aah about how iOS is now encrypting everything in a way that only the user can decrypt it "unlike [Apple's] competitors" and google is playing catchup, or you can dig deeper and find out that this has been an option on Android for three years, and all google has to do to match Apple is turn it on by default. (They probably had it off by default simply so Apple wouldn't be beating them in storage benchmarks.)
Now I have to ask you for a citation. Google targets ads to you, but AFAIK, unlike, say, Facebook, they don't actually sell your data directly to others. That's because, believe it or not, it is precious to them. Whether or not I approve the business model is immaterial, but I reject the premise that Apple is capable of handling data better because their business isn't based on handling data. Seriously, doesn't that sound like a stupid claim?
That's only because enough of them are that it's a thing.
I wouldn't have a problem with that.
But that seems unlikely. The system is out of control, and the societal costs of bad patents are both huge and unfairly distributed.
Since lots of great software was written before it was patentable, there is no reason to believe that patents are necessary to help create good software.
Since lots of great open source software is still being written now, there is still no reason to believe this.
So we have a system that provably isn't needed, and that provably causes great harm in some cases. The best fix for such a situation is a wooden stake to the heart.
It's their lifeblood.
Self-selecting, too.
Dudes and gals who get their panties in a bunch about corporations "controlling" open source will steer clear, while people passionate about open source and looking for an employer might take a closer look.
Maybe. If I'm in front and want to lean back a little, and feel some resistance, I'll just say "excuse me", pull forward as far as I can, and then jam it back hard and fast enough to fuck up your kneecap.
From what I read, several national, well-respected print and web publications have reached out to the original sheriff for clarification, and he has said squat.
If we misunderstand what he's saying, it's his own damn fault.
How the heck does it matter if Apple works with elcomsoft or not? If reverse-engineering a protocol is all it takes to jeapordize user's data, it's security-by-obscurity in the best case.
You're making my point for me. The article didn't say that the sheriff confirmed the answer to a question; it said the sheriff volunteered this information. It appears that most of what we know from this sheriff has to do with the books. Why would he have said anything about them if they weren't perceived to be relevant to the investigation?
There is more information at the Atlantic article now; but it all came from a sheriff in a different county -- this particular sheriff apparently realized he fucked up, and now appears to be maintaining radio silence.
Now:
OK, WTF do (did) the books have to do with it? It's not McLaw's fault or my fault that I think the police might have arrested him over the books -- it's obviously the police's fault I think that. And it's also their fault that they have a lot of credibility to recover, and saying that it's not about the books rings hollow.
Also, note the careful phrasing -- it didn't start or end with the books, and the books are not a focus now. So, at one point they were obviously the focus, and merited enough focus to be the only thing that was disclosed to the news organizations.
It's not a bad thing that this assumption may be completely unfair to the authorities, because we should always be pressuring them to be more transparent.
Err, that is, mod up the AC parent which shows that the math is wrong, and netflix 24x7 is 972 GIGABYTES per month.
Mod parent up!
The code in question is dual-licensed.
The code is not produced by a charity; it is produced by a business. From the perspective of a business, the GPL is a marketing tool -- a great marketing tool. "Here's the source; try it out! Talk to others who are using it! Just contact us if you want to merge it with your proprietary code and make money!"
Any business can use the GPL this way, and many have. Just because a business uses the GPL does not mean that their politics align with the FSF.
Likewise, it's my understanding that most digital hardware is written in Verilog, not VHDL.
It's a bit different in the FPGA world, and in Europe, but AFAIK, in US chip development, Verilog reigns supreme.
I say this as one who just last year successfully set up a 501(c)3 for a community band, receiving a favorable determination letter, with no request for follow-up, in under 4 calendar months (which included the short government shutdown).
Yes, there is precedent and there are already lots of community bands, but you could say the same thing about software. And it was obvious from reading all the IRS material that it would be quite easy to screw up even a community band application. If I were doing a software 501(c)3, I think I would have been even more careful to stress the things that the IRS was looking for, and might have even told the other board members that we should amend the bylaws and/or do a few other things (like hold educational events or write scholarly treatises or whatever) before submitting the application.
FWIW, I completely disagree with all the people saying "well, duh, it should be a non-profit" because they distribute free software. A lot of for-profit companies distribute free software, too, and the IRS deals with innumerable shysters who try to turn their business into non-profits in all fields of endeavor.
Although, as I said, you do not need to be a lawyer to get through the process, if I had received a request for more information from the IRS for more information, I would have viewed that as a huge red flag that I was on the verge of fucking it up, and would have spent a few hundred dollars on an attorney at that point to try to salvage the $400 that I had to give the IRS for the application.
But obviously, that wasn't the mindset of the people at yorba. From the yorba foundation blog post:
The fact that they found this question odd is ample evidence that they did not try to get into the mindset of the IRS before sending the initial application, and the fact that they apparently still find it odd means that they failed to take the request for more information seriously enough and still weren't trying to get inside the IRS's thinking. Given that, it's not surprising, not news, not corporatism, not david-v-goliath, and certainly not the end of the world for free software as we know it that this particular application was rejected.