Never will a client ever know what they want ahead of time, and never will anyone want to waid through weeks or months of specification agreements. Also, their business is changing as the project grows and they become integrated around it. There's just no way to determine things ahead of time. If your clients don't know what they need up front, then your development is going to be disorganized. You will have to charge your customers accordingly (and they will probably pay through the nose). FWIW, I don't get spec agreements from my customers either, but there are many times when we spend weeks ensuring that I understand what they need well enough to do it. It saves months of development time:-)
Secondly there is a *huge* difference between wanting to just dump a Perl structure and wanting to dump it in a way that would be user-accessible. The fact that you write this off as a mere format difference suggests you don't really know what is involved. Let me see, you wanted a DHTML table.... What sort of DHTML table? etc.... In this case, I would *hope* you would know up front that this was going to be web-based. If not then the customer will need to pay for this lack of specificity and they will pay through the nose.
TemplateToolkit is huge. Why on Earth would I allow my developer to pull in an enormous module to do something really simple? Especially when the next little change is going to have him pushing yet another module -- what's next? Because evidently you want some magical code which allows you to dump structures in any format, is tested, and is flexible. Yes it is huge, and it is a good module for what it does. But if you don't know what sort of layout you want, it makes things *much* easier. In LedgerSMB, we use it for LaTeX and HTML generation. I think we also use it for CSV, XLS, ODS files as well.
In the end, you are blaming your developer for not creating something you didn't ask him to create. In general this is counterproductive. The way to go is to charge your customer to make it happen, if that is really what your customer needs.
You are probably correct regarding patents. However, at least in this case, you have one author to look for patents on, so it shouldn't be too hard to keep out of trouble.
What does "this software" mean? I would suggest that it means the software elements under this license. Copyrighted elements would include code fragments, nonliteral code elements, and non-code elements (such as graphical design elements).
When you create a derivative work from "this software" the license to "this software" remains intact. However, the derivative work as a whole may carry additional restrictions because elements you add are not part of "this software" and you can license them however you choose. I.e. I am not requiring you to provide any downstream rights to *your* contributions. You just have to leave mine intact.
So, suppose I take OpenBSD (picking on Theo because he is obnoxious), add a bunch of drivers, and license the whole thing under the GPL. I can do this (I don't even think that Theo's past arguments apply). However, I can't pretend to license to you portions of the code under the GPL that I didn't write. The work as a whole would carry the restrictions of the GPL but this would not prevent you from taking Theo's work and using it under the BSD license even if the only person you got it from was me.
In this case, you have:
OpenBSD under mostly the ISC license + various elements under GPL license == GPL work as a whole. GPL work as a whole - the elements I wrote == OpenBSD (BSD License). Theo's permissions to people who remove my elements don't go away just because I was the distributor.
THis is what causes concern about the GPL v3 and section 7. A simple reading of section 7 would suggest that unless I can remove Theo's permission grant downstream, that the license is not compatible. Indeed, this was the sense I got from discussing the issue with Eben Moglen. However it is not the sense that I have gotten from discussing the matter with many other people from the SFLC and elsewhere.
Not really, libraries are an implementation, not a ISO/ANSI/DIN/whatever standard, so their behavior is defined for most part by implementation, not by specification. So you don't find an independent implementation of GTK or QT or most other stuff, aside from a few libraries that clones other libraries (i.e. lesstif vs motif, Wine, etc.), but even there its not following a defined standard but just cloning things as best as you can. Some libraries are indeed standardized (standard libraries for C for example). I guess the question is why one would want every library to be standardized. There is, however, a standard *process* for determining what people should put into libraries: Analyze the code, identify reusable routines, and put them in libraries.
I think that is a huge problem, not only are the standard libraries to small, but they are often also terrible buggy and outdated, i.e. string handling in C is a total garbage, you have function like gets() which will cause buffer/heap overflows no matter what you do, you can't use that function correctly. And the alternatives like fgets() and such are cumbersome to use so that everybody ends up building its own little string library. I think in a day and age where security updates are installed on a weekly basis it would really help a lot to extend the standards a little more often instead of just every ten years, so that often used parts are more easily available and don't have to be reinvented each and every time. This would also help a lot in making libraries more compatible to each other, since you wouldn't need to convert forward and backward between types that are basically identical in their design. Ok, that is a fair statement gets() really should be removed and replaced by something with a max size argument.
However, since standards bodies move at a glacial rate, why not create a little LGPL/BSDL library for the required functionality and advertise it to the world? Why does the process require standardization?
Ultimately, my point is that when you control every line of code, you aren't hampered by other people's restrictions. I would have been happy had my programmer written his own dumping code from scratch, but I also would have been happy had he started with the cpan dump code, searned from it, and created a derivative version. Hell, in this case, I'd have been happy if he had studied it to the point where he could have modified it easily. Sadly here is where you are terribly wrong. They key to doing what you want to do is to understand what you want from the beginning, do the requirements analysis up front, etc. and so forth. There is a *huge* difference between dumping a Perl object (the way Data::Dumper does) and creating a nice HTML document from it.
Your programmer, if he was smart, grabbed the CPAN module, wrote a little wrapper around it, and integrated it into your application. If you had known what you wanted up front, he would have done the same with TemplateToolkit. (LedgerSMB uses both so I have experience here!)
Even if your programmer wrote all the code from scratch, adjusting it to output valid HTML tables that Javascript would reliably work on would be more work than just starting over with TT.
A while back, I asked one of my programmers to write a routine to dump out a Perl structure. I said I needed it in about a week. Lo and behold, it worked on-time and all was good. What is wrong with Data::Dumper? Or rather did you need something that worked with Data::Dumper?
Turns out, as any Perl expert here knows, my programmer simply took the Dump module, which dumps perl structures. I wanted to have the dump be a nice dynamic javascript html table thing, and my programmer told me no -- or rather that it would require him to do it from scratch, and of course now, a month later, we didn't have the time. Having done a lot of work with Perl, I would say that Data::Dumper is the wrong thing to use for that. TemplateToolkit, OTOH, would allow you to quite quickly generate HTML based on your data structure. A competent Perl programmer shouldn't require too much time to do that, esp. if it is in a different document.
I think that in some rare cases, code scavenging is helpful. However, in most cases, it does not lead to solidly engineered software. Basically you get a piece of code, review your code, analyze the interface, prefactor, debug, postfactor, and now it is working well. By that time, you could have written a rough draft, debugged, and postfactored in less time and gotten a more consistent codebase out of it.
So I am not sure at all to what extent this code scavenging is sufficiently helpful to make formalize the process.
Posting again because I meant no karma bonus, not anonymously.
Interesting. Mods seem to be harsh on you today. I figure that insightful would have been a better mod.
Haven't seen anything good lately though. Anyone got a spyware infection in WA that needs a uh cough cough, inspection? Do you travel to Chelan? Didn't think so... Anyway, I do know some other businesses in Western Washington you may want to talk with either about referrals etc. Please send me an email (better to sent to chris.travers@gmail.com).
BTW, notice you are from Oly. Are you a Greener too?
There are times and places where you should reformat. Unfortunately, most techs reformat when they shouldn't and don't when they should. Hence we have botnets...
Suppose, for example, that you find a virus which opens up a back door to the computer allowing system-level compromise. Reformatting is the right thing to do in this case because you cannot guarantee that someone hasn't used that to put another back door into the system.
Suppose you are able to find good evidence that someone has broken into the computer? Reformat. For reasoning, see above.
However reformatting because it is fast and easy is a real problem and points to a real lack of ethics in the GP.
Most of the time, if I am on-site doing Windows support (not so frequent anymore), I spend 1 hr, maybe 2 (current rates for consumer tech support are $60/hr). The computer is fixed and they are happy.
Reformatting/reinstalling all of the software takes a minimum of 2 hours, sometimes more (depending on the amount of software to be reinstalled, what needs to be backed up, etc). Sure, when the computer is brought in, not all of that time is billable, but when I am on-site, it is.
I reformat/reinstall on specific cases; 1) Confirmed security breach. 2) Virus or trojan which offers system-level compromise. 3) Suspected virus or trojan which I cannot detect or confirm.
When I do this, I know why I am doing it and I explain it to the customer. Most of my customers do want to have their computers fixed.
This way you are not coercing others out of work but are helping to build a recognizable presence which helps ensure quality.
For example, I am a member of the IEEE and the IEEE Computer Society. I have found that my membership has helped me become a better software engineer, and there are standards of membership. And I am quite happy with how it has helped me and my business. Of course computer repair is outside our scope, but if a viable industry association doesn't exist for that, perhaps it is time to form one.
IANAL, TINLA, etc.
1: If you download a copy of the GCC under the GPL v3, are you licensing your patents which the GCC infringes on to all third parties? I fail to see how it takes a lot of discussion to arrive at a "no". The GPL is a license to redistribute. If you're only downloading a copy of the GCC, you're not bound by any license, period. If you're redistributing it, that's when it affects you. It is more complex than it would appear. The question is: does internal distribution count as conveying? This depends on what "other parties" means. For example, download the GCC, put it on a file share, other team members install to do their work. Is that conveying? (Probably not but it is debatable-- depends exactly what is meant by "other parties.")
The real issue has to do with section 11 paragraph 6, however, which means that when you convey the software relying on a patent license, you grant that patent license to all other users of the software. THe wording of the paragraph suggests that the above *could* be considered an arrangement which might qualify, but patent licenses are defined in such a way as to rule out a "yes" answer *even if* it is conveying and *even if* this qualifies as an arrangement under section 11, paragraph 6.
The reason is that patent licenses are defined as express arrangements. Saying "we hire you to do a job" may carry with it an implicit patent license, but it is not an express arrangement.
Other lawyers in the SFLC have suggested that one is *not* allowed to change licenses on such files unless they are modified. I'm not sure I follow. Why not? Ok, suppose I release my work under a license which requires the following notice to be kept: "Permission is hereby granted, free of charge, to anyone who comes into possession of this software to modify, redistribute, and deal in the software without restriction provided that this notice remains intact along with the warranty disclaimer below."
Can you take a copy of this software and apply the restrictions of the GPL to it (without modifying it)? My argument (and the argument of at least a substantial number of lawyers I have talked with) is no for the following reasons:
1) The license addresses all downstream recipients. Everyone who gets my copyrighted work has my permission to do certain things with it. 2) Implied sublicense rights (as in all implied licenses) tend to be defined based in what is minimally necessary to exercise all explicit rights. I.e. you might be able to sublicense my work under the GPL as a necessary part of negotiating with publishers, but you could not change the terms of use on my code (because you aren't required to in this process). I argue that even the variants of the MIT license which allow sublicensing require that the permissions grant by the original owner get passed downstream (so additional restrictions on the licensed copyrighted elements have no effect).
While the language differs, most permissive licenses tend to be fairly similar in actual substance.
Now, here is the catch, you could make people agree to the GPL in order to download the copy from you. But anyone who gets the software from them could still use it based on the broader permissions I have given.
Also, neither of the above points prevent you from making substantive, copyright-worthy changes and licensing those changes (and hence the work as a whole) under the GPL or any other license. But this is very different from, say, taking PostgreSQL, and putting a notice at the top of the file stating that these copies were now legally governed by the GPL.
As for the amount of content required under copyright law to qualify as an original work... We don't have a lot of case law to draw from. Obviously fixing a bug by changing an = to an == would not be enough (no expressive content is changed), nor would editorial changes matter. The general rule is that the changes need to be recognizably your own (whatever that means).
Before I quit to go into business for myself, I never cared who I pissed off. I did my job and I brought up concerns to management (even fighting to a point with mid to upper level management when there were problems). I have done this as a contract, as an employee, and as a consultant.
I found something interesting: doing this as a contractor was seen as good. I figure I got hired at Microsoft partly because I got involved and tried to fix problems. However, doing so as an employee was a two-edged sword-- it alienated my immediate managers but did help to get real problems solved. Now, as a consultant, it is part of my job. The point is that in all cases, my loyalty is unquestionable, and people know I am *trying* to help. I would add that if I were to be fired, I would suggest that such a company is not one I would want to work at.
For me the larger issue is one of worker/manager politics and dynamics. I just don't see a real payoff for a union in this industry (I didn't when I was at Microsoft and my opinion hasn't changed).
The basic problem is that unions tend to interfere with the already difficult-at-best communication lines between workers and management. I think that they tend to create more problems than they solve because they force large sets of issues to go through the union rather than to management.
Secondly the writers' union is more of a trade union than a labor union. While trade unions are a far better match, they tend to address contractor-type roles rather than employee type roles better.
At the same time, I think there *is* room for organization. One need not fully unionize, but still get industry associations going (IEEE Computer Society is one, CompTIA is a very different one). Such organizations can help address industry ills, and also help promote best practices. (Note that while both the IEEE Computer Society and CompTIA offer certifications, this is not what I am talking about. Membership in the organization is what is desirable.)
Our organizations ought to promote excellence, and thus value, so that the members are in better positions to deal with real problems in the IT world (note that IEEE CS is probably not the place for the Geeksquad manager).
First, there *are* cases where one might want to do such a thing. Hypercube Beowulf cluster topologies come to mind. However, it is definitely in the category of "if you don't know why you want to do this, then you don't want to try" category,
When I was in college I had an employer refuse to pay me promised retro pay. I complained to the a) Congress (i.e. you might want to have the IRS see if this is just the tip of the iceberg), b) landlord, c) largest customer. They went belly up the next year, in part because of bad press. I would have gone to L&I too, but for $100 in retro pay due to a raise that I given but never showed up on my paycheck, it didn't seem worth it.
I know people modded you insightful, but I would have modded it funny.
They key is not what you say. I.e. you *will* be exposed to confidential data. It is just that there need to be 3 basic rules in this area: 1) Don't go looking for data you don't need. 2) Don't copy or otherwise remove data from the customer's location without appropriate permission. 3) Don't go blabbing secrets of one customer to others.
Really, it isn't rocket science.
BTW, I do have medical industry customers (HIPAA, etc) and our privacy policy has to meet the regulations. Basically we say we will not retain customer data unless asked to do so, that we will keep customer data in confidence, and that in medical environments we will train employees to respond to exposure to sensitive data appropriately.
Well, when we were doing computer repair, we found the real limiting factor was that when we fixed computers, they generally stayed fixed. Hence we did get repeat business, but not a lot (referrals were where we really get going).
IMO, computer repair is an area where $40-$60/hr is entirely reasonable. Even a bit more. I still do a little (just because it is nice to have variety).
It also doesn't say anything about trademarks, but since those need to be actively defended you would probably hear rather quickly if that was being used for a stealth attack. Patents are different. This is why most people intending stealth attacks prefer patents. Even then there are limits, but you don't want the expense of being on the wrong end of a patent suit, no matter how frivolous. The GPL says something about trademarks? That is news to me. I don't know of *any* FOSS license which provides any trademark rights which are wider ranging than what you get with the public domain.
You are obscuring my question with FUD. You can't be sure that any piece of code out there is free from third party patents because our patent system is so screwed up, and every sane company protects their trademarks. Nothing in the GPL (v2 or v3) prohibits me from saying "if you want to modify this code, you *must* remove all my trademarks first.
Finally, regarding patent licenses, if I give you a functional invention (in the form of a copyrighted work) and say, "I hereby give you permission to do whatever you want with it" that seems to carry with it a pretty broad implicit license. I read the BSD, MIT, etc. licenses to grant patent rights along with the copyright license as does everyone except a few MIT administrators.
The major reason why people don't generally release a lot of code to the public domain is that they can't force disclaimers of warranty in the product, so there is a perception that the author is more open to lawsuit. I am not sure that this is the case.
They also misrepresent the downsides of atropine use.
Basically organophosphates (including certain pesticides and all current generations of nerve gasses) work by disabling cholinesterase. When this enzyme is disabled, Ach builds up in nerve endings and never stops, hence the nerve essentially loses its off-switch. Eventually the muscles whcih support breathing seize up and/or paralyze from overstimulation, and the subject dies.
Atropine works by binding to the same receptors as ACH without activating them, hence turning off the nerves artificially. It is toxic, and the combination of the two together ought to have some interesting side effects (which interestingly have been known since ancient times-- there were certain Greek cults which used a combination of muscarine-producing mushrooms and belladonna in initiation rituals). At very least, the subject would be incapacitated for the duration of the poisoning.
However, if you can re-activate the cholinesterase directly, then the level of side effects from the poison go way down.
Most of these points have come out of arguments with both developers and lawyers as to the restrictions in the GPL:
1: If you download a copy of the GCC under the GPL v3, are you licensing your patents which the GCC infringes on to all third parties? After a lot of discussion on and off various lists, the answer is no, but you have to stop using the GCC prior to suing anyone or else other people could conceivably sue you. However, this is confusing because it is easy to miss the definition of patent license in section 11 (which excludes any implicit licenses).
2: Can one incorporate whole files from the public domain or permissive licenses into at GPL v3 work? While everyone seems to answer "yes" the different reasonings behind the answers leave a lot of confusion.
According to Mr Moglen, for example, *all* code in a GPL v3 project is governed by the restrictions of the GPL v3, and one can only use, say, ISC-licensed files because one can convert the license to the GPL v3 plus the attribution notice. Mr Moglen in my conversations with him seems to feel that section 7, paragraph 2 (removal of additional permissions) *does* apply to any files included in verbatim under more permissive licenses (and the only limitation is what the courts will allow one to enforce). In public speeches, RMS seems to take a similar view (arguing that a right to relicense the work is a prerequisite for license compatibility).
However, I would note that the Software Freedom Law Center does *not* recommend changing the licenses on permissively licensed files included verbatim, seemingly contradicting Mr Moglen's viewpoint. Other lawyers in the SFLC have suggested that one is *not* allowed to change licenses on such files unless they are modified. They get around this argument by stating that additional things you can do with code under such licenses in other projects are outside the scope of section 7, paragraph 1 definitions of additional terms and therefore are *not* governed by the GPL. Hence another license only conflicts with the GPL if it imposes additional restrictions which the GPL does not allow, or prevents modifications to those files from being licensed under the GPL.
So, if the BSD, ISC, and MIT licenses are to be interpreted as *not* allowing license changes on verbatim or non-literal (i.e. those with minor edits) copies, then would people like Mr Moglen and RMS state that this means they are incompatible? This is something where ideally we should have public commentary about this specific issue from both the FSF and the SFLC. Otherwise, projects, IMO (IANAL) should probably get proper legal help and add licensing FAQ's to help clarify these issues.
THere are some legitimate complaints about Qmail (the fact that it defaults to obviously non-failsafe settings, for example the fact that Qmail by default is an open relay) but the only cases I know of where there are exploits are on new servers with lots of memory.
However, DJB is obviously more of a math guy than a software developer (he is obviously a programmer because if he wasn't, he wouldn't have written a computer program). His source code stinks in terms of maintainability in part because it is difficult to follow. He also insists on doing just about everything different so while there are a lot of good proof of concept ideas in DJB's code they can never be implemented elsewhere. Also sometimes DJB is wrong to move from established ways of doing things and his massive ego gets in the way.
Slashdot Mirror
Secondly there is a *huge* difference between wanting to just dump a Perl structure and wanting to dump it in a way that would be user-accessible. The fact that you write this off as a mere format difference suggests you don't really know what is involved. Let me see, you wanted a DHTML table.... What sort of DHTML table? etc.... In this case, I would *hope* you would know up front that this was going to be web-based. If not then the customer will need to pay for this lack of specificity and they will pay through the nose. TemplateToolkit is huge. Why on Earth would I allow my developer to pull in an enormous module to do something really simple? Especially when the next little change is going to have him pushing yet another module -- what's next? Because evidently you want some magical code which allows you to dump structures in any format, is tested, and is flexible. Yes it is huge, and it is a good module for what it does. But if you don't know what sort of layout you want, it makes things *much* easier. In LedgerSMB, we use it for LaTeX and HTML generation. I think we also use it for CSV, XLS, ODS files as well.
In the end, you are blaming your developer for not creating something you didn't ask him to create. In general this is counterproductive. The way to go is to charge your customer to make it happen, if that is really what your customer needs.
They are evolving into birds?
;-)
I think the last thing I want to see Comcast do is dive bomb me because I look like lunch
You are probably correct regarding patents. However, at least in this case, you have one author to look for patents on, so it shouldn't be too hard to keep out of trouble.
What does "this software" mean? I would suggest that it means the software elements under this license. Copyrighted elements would include code fragments, nonliteral code elements, and non-code elements (such as graphical design elements).
When you create a derivative work from "this software" the license to "this software" remains intact. However, the derivative work as a whole may carry additional restrictions because elements you add are not part of "this software" and you can license them however you choose. I.e. I am not requiring you to provide any downstream rights to *your* contributions. You just have to leave mine intact.
So, suppose I take OpenBSD (picking on Theo because he is obnoxious), add a bunch of drivers, and license the whole thing under the GPL. I can do this (I don't even think that Theo's past arguments apply). However, I can't pretend to license to you portions of the code under the GPL that I didn't write. The work as a whole would carry the restrictions of the GPL but this would not prevent you from taking Theo's work and using it under the BSD license even if the only person you got it from was me.
In this case, you have:
OpenBSD under mostly the ISC license + various elements under GPL license == GPL work as a whole.
GPL work as a whole - the elements I wrote == OpenBSD (BSD License). Theo's permissions to people who remove my elements don't go away just because I was the distributor.
THis is what causes concern about the GPL v3 and section 7. A simple reading of section 7 would suggest that unless I can remove Theo's permission grant downstream, that the license is not compatible. Indeed, this was the sense I got from discussing the issue with Eben Moglen. However it is not the sense that I have gotten from discussing the matter with many other people from the SFLC and elsewhere.
However, since standards bodies move at a glacial rate, why not create a little LGPL/BSDL library for the required functionality and advertise it to the world? Why does the process require standardization?
That is basically what libraries are, right?
That is very different than taking a bunch of code, stitching it together, and building a system out of it.
Your programmer, if he was smart, grabbed the CPAN module, wrote a little wrapper around it, and integrated it into your application. If you had known what you wanted up front, he would have done the same with TemplateToolkit. (LedgerSMB uses both so I have experience here!)
Even if your programmer wrote all the code from scratch, adjusting it to output valid HTML tables that Javascript would reliably work on would be more work than just starting over with TT.
I think that in some rare cases, code scavenging is helpful. However, in most cases, it does not lead to solidly engineered software. Basically you get a piece of code, review your code, analyze the interface, prefactor, debug, postfactor, and now it is working well. By that time, you could have written a rough draft, debugged, and postfactored in less time and gotten a more consistent codebase out of it.
So I am not sure at all to what extent this code scavenging is sufficiently helpful to make formalize the process.
Interesting. Mods seem to be harsh on you today. I figure that insightful would have been a better mod. Haven't seen anything good lately though. Anyone got a spyware infection in WA that needs a uh cough cough, inspection? Do you travel to Chelan? Didn't think so... Anyway, I do know some other businesses in Western Washington you may want to talk with either about referrals etc. Please send me an email (better to sent to chris.travers@gmail.com).
BTW, notice you are from Oly. Are you a Greener too?
There are times and places where you should reformat. Unfortunately, most techs reformat when they shouldn't and don't when they should. Hence we have botnets...
Suppose, for example, that you find a virus which opens up a back door to the computer allowing system-level compromise. Reformatting is the right thing to do in this case because you cannot guarantee that someone hasn't used that to put another back door into the system.
Suppose you are able to find good evidence that someone has broken into the computer? Reformat. For reasoning, see above.
However reformatting because it is fast and easy is a real problem and points to a real lack of ethics in the GP.
I would hate to have your customers.
Most of the time, if I am on-site doing Windows support (not so frequent anymore), I spend 1 hr, maybe 2 (current rates for consumer tech support are $60/hr). The computer is fixed and they are happy.
Reformatting/reinstalling all of the software takes a minimum of 2 hours, sometimes more (depending on the amount of software to be reinstalled, what needs to be backed up, etc). Sure, when the computer is brought in, not all of that time is billable, but when I am on-site, it is.
I reformat/reinstall on specific cases;
1) Confirmed security breach.
2) Virus or trojan which offers system-level compromise.
3) Suspected virus or trojan which I cannot detect or confirm.
When I do this, I know why I am doing it and I explain it to the customer. Most of my customers do want to have their computers fixed.
This way you are not coercing others out of work but are helping to build a recognizable presence which helps ensure quality.
For example, I am a member of the IEEE and the IEEE Computer Society. I have found that my membership has helped me become a better software engineer, and there are standards of membership. And I am quite happy with how it has helped me and my business. Of course computer repair is outside our scope, but if a viable industry association doesn't exist for that, perhaps it is time to form one.
The real issue has to do with section 11 paragraph 6, however, which means that when you convey the software relying on a patent license, you grant that patent license to all other users of the software. THe wording of the paragraph suggests that the above *could* be considered an arrangement which might qualify, but patent licenses are defined in such a way as to rule out a "yes" answer *even if* it is conveying and *even if* this qualifies as an arrangement under section 11, paragraph 6.
The reason is that patent licenses are defined as express arrangements. Saying "we hire you to do a job" may carry with it an implicit patent license, but it is not an express arrangement. Other lawyers in the SFLC have suggested that one is *not* allowed to change licenses on such files unless they are modified. I'm not sure I follow. Why not? Ok, suppose I release my work under a license which requires the following notice to be kept: "Permission is hereby granted, free of charge, to anyone who comes into possession of this software to modify, redistribute, and deal in the software without restriction provided that this notice remains intact along with the warranty disclaimer below."
Can you take a copy of this software and apply the restrictions of the GPL to it (without modifying it)? My argument (and the argument of at least a substantial number of lawyers I have talked with) is no for the following reasons:
1) The license addresses all downstream recipients. Everyone who gets my copyrighted work has my permission to do certain things with it.
2) Implied sublicense rights (as in all implied licenses) tend to be defined based in what is minimally necessary to exercise all explicit rights. I.e. you might be able to sublicense my work under the GPL as a necessary part of negotiating with publishers, but you could not change the terms of use on my code (because you aren't required to in this process). I argue that even the variants of the MIT license which allow sublicensing require that the permissions grant by the original owner get passed downstream (so additional restrictions on the licensed copyrighted elements have no effect).
While the language differs, most permissive licenses tend to be fairly similar in actual substance.
Now, here is the catch, you could make people agree to the GPL in order to download the copy from you. But anyone who gets the software from them could still use it based on the broader permissions I have given.
Also, neither of the above points prevent you from making substantive, copyright-worthy changes and licensing those changes (and hence the work as a whole) under the GPL or any other license. But this is very different from, say, taking PostgreSQL, and putting a notice at the top of the file stating that these copies were now legally governed by the GPL.
As for the amount of content required under copyright law to qualify as an original work... We don't have a lot of case law to draw from. Obviously fixing a bug by changing an = to an == would not be enough (no expressive content is changed), nor would editorial changes matter. The general rule is that the changes need to be recognizably your own (whatever that means).
Before I quit to go into business for myself, I never cared who I pissed off. I did my job and I brought up concerns to management (even fighting to a point with mid to upper level management when there were problems). I have done this as a contract, as an employee, and as a consultant.
I found something interesting: doing this as a contractor was seen as good. I figure I got hired at Microsoft partly because I got involved and tried to fix problems. However, doing so as an employee was a two-edged sword-- it alienated my immediate managers but did help to get real problems solved. Now, as a consultant, it is part of my job. The point is that in all cases, my loyalty is unquestionable, and people know I am *trying* to help. I would add that if I were to be fired, I would suggest that such a company is not one I would want to work at.
I would second this. Please send me your resume. (Preferably PDF format)
For me the larger issue is one of worker/manager politics and dynamics. I just don't see a real payoff for a union in this industry (I didn't when I was at Microsoft and my opinion hasn't changed).
The basic problem is that unions tend to interfere with the already difficult-at-best communication lines between workers and management. I think that they tend to create more problems than they solve because they force large sets of issues to go through the union rather than to management.
Secondly the writers' union is more of a trade union than a labor union. While trade unions are a far better match, they tend to address contractor-type roles rather than employee type roles better.
At the same time, I think there *is* room for organization. One need not fully unionize, but still get industry associations going (IEEE Computer Society is one, CompTIA is a very different one). Such organizations can help address industry ills, and also help promote best practices. (Note that while both the IEEE Computer Society and CompTIA offer certifications, this is not what I am talking about. Membership in the organization is what is desirable.)
Our organizations ought to promote excellence, and thus value, so that the members are in better positions to deal with real problems in the IT world (note that IEEE CS is probably not the place for the Geeksquad manager).
First, there *are* cases where one might want to do such a thing. Hypercube Beowulf cluster topologies come to mind. However, it is definitely in the category of "if you don't know why you want to do this, then you don't want to try" category,
When I was in college I had an employer refuse to pay me promised retro pay. I complained to the a) Congress (i.e. you might want to have the IRS see if this is just the tip of the iceberg), b) landlord, c) largest customer. They went belly up the next year, in part because of bad press. I would have gone to L&I too, but for $100 in retro pay due to a raise that I given but never showed up on my paycheck, it didn't seem worth it.
I know people modded you insightful, but I would have modded it funny.
They key is not what you say. I.e. you *will* be exposed to confidential data. It is just that there need to be 3 basic rules in this area:
1) Don't go looking for data you don't need.
2) Don't copy or otherwise remove data from the customer's location without appropriate permission.
3) Don't go blabbing secrets of one customer to others.
Really, it isn't rocket science.
BTW, I do have medical industry customers (HIPAA, etc) and our privacy policy has to meet the regulations. Basically we say we will not retain customer data unless asked to do so, that we will keep customer data in confidence, and that in medical environments we will train employees to respond to exposure to sensitive data appropriately.
Well, when we were doing computer repair, we found the real limiting factor was that when we fixed computers, they generally stayed fixed. Hence we did get repeat business, but not a lot (referrals were where we really get going).
IMO, computer repair is an area where $40-$60/hr is entirely reasonable. Even a bit more. I still do a little (just because it is nice to have variety).
You are obscuring my question with FUD. You can't be sure that any piece of code out there is free from third party patents because our patent system is so screwed up, and every sane company protects their trademarks. Nothing in the GPL (v2 or v3) prohibits me from saying "if you want to modify this code, you *must* remove all my trademarks first.
Finally, regarding patent licenses, if I give you a functional invention (in the form of a copyrighted work) and say, "I hereby give you permission to do whatever you want with it" that seems to carry with it a pretty broad implicit license. I read the BSD, MIT, etc. licenses to grant patent rights along with the copyright license as does everyone except a few MIT administrators.
The major reason why people don't generally release a lot of code to the public domain is that they can't force disclaimers of warranty in the product, so there is a perception that the author is more open to lawsuit. I am not sure that this is the case.
They also misrepresent the downsides of atropine use.
Basically organophosphates (including certain pesticides and all current generations of nerve gasses) work by disabling cholinesterase. When this enzyme is disabled, Ach builds up in nerve endings and never stops, hence the nerve essentially loses its off-switch. Eventually the muscles whcih support breathing seize up and/or paralyze from overstimulation, and the subject dies.
Atropine works by binding to the same receptors as ACH without activating them, hence turning off the nerves artificially. It is toxic, and the combination of the two together ought to have some interesting side effects (which interestingly have been known since ancient times-- there were certain Greek cults which used a combination of muscarine-producing mushrooms and belladonna in initiation rituals). At very least, the subject would be incapacitated for the duration of the poisoning.
However, if you can re-activate the cholinesterase directly, then the level of side effects from the poison go way down.
Most of these points have come out of arguments with both developers and lawyers as to the restrictions in the GPL:
1: If you download a copy of the GCC under the GPL v3, are you licensing your patents which the GCC infringes on to all third parties?
After a lot of discussion on and off various lists, the answer is no, but you have to stop using the GCC prior to suing anyone or else other people could conceivably sue you. However, this is confusing because it is easy to miss the definition of patent license in section 11 (which excludes any implicit licenses).
2: Can one incorporate whole files from the public domain or permissive licenses into at GPL v3 work? While everyone seems to answer "yes" the different reasonings behind the answers leave a lot of confusion.
According to Mr Moglen, for example, *all* code in a GPL v3 project is governed by the restrictions of the GPL v3, and one can only use, say, ISC-licensed files because one can convert the license to the GPL v3 plus the attribution notice. Mr Moglen in my conversations with him seems to feel that section 7, paragraph 2 (removal of additional permissions) *does* apply to any files included in verbatim under more permissive licenses (and the only limitation is what the courts will allow one to enforce). In public speeches, RMS seems to take a similar view (arguing that a right to relicense the work is a prerequisite for license compatibility).
However, I would note that the Software Freedom Law Center does *not* recommend changing the licenses on permissively licensed files included verbatim, seemingly contradicting Mr Moglen's viewpoint. Other lawyers in the SFLC have suggested that one is *not* allowed to change licenses on such files unless they are modified. They get around this argument by stating that additional things you can do with code under such licenses in other projects are outside the scope of section 7, paragraph 1 definitions of additional terms and therefore are *not* governed by the GPL. Hence another license only conflicts with the GPL if it imposes additional restrictions which the GPL does not allow, or prevents modifications to those files from being licensed under the GPL.
So, if the BSD, ISC, and MIT licenses are to be interpreted as *not* allowing license changes on verbatim or non-literal (i.e. those with minor edits) copies, then would people like Mr Moglen and RMS state that this means they are incompatible? This is something where ideally we should have public commentary about this specific issue from both the FSF and the SFLC. Otherwise, projects, IMO (IANAL) should probably get proper legal help and add licensing FAQ's to help clarify these issues.
THere are some legitimate complaints about Qmail (the fact that it defaults to obviously non-failsafe settings, for example the fact that Qmail by default is an open relay) but the only cases I know of where there are exploits are on new servers with lots of memory.
However, DJB is obviously more of a math guy than a software developer (he is obviously a programmer because if he wasn't, he wouldn't have written a computer program). His source code stinks in terms of maintainability in part because it is difficult to follow. He also insists on doing just about everything different so while there are a lot of good proof of concept ideas in DJB's code they can never be implemented elsewhere. Also sometimes DJB is wrong to move from established ways of doing things and his massive ego gets in the way.