There is a tendency, especially in our community, for people to attempt to logically explain their way out of fault for bad behavior. If the logic parses, they are able to convince themselves that the bad behavior is done by someone else or that they did not do it at all.
Good people should point out these rationalizations for what they are.
This is the Mr. Shkreli who Daraprim from $13.50 to $750/pill. Daraprim is an antiparasitic drug, used to treat pneumonia in conjunction with HIV, toxoplasmosis (sometimes called "mad cat lady disease") and another really nasty parasitic disease.
When you do stuff like that, people look really closely at whatever else you are doing.
It also led Imprimis to make a $1/pill replacement for the drug.
I think you are missing a critical distinction. Let's compare a gun and an improvised explosive device (IED). The gun can be used to keep your family fed with venison, etc. It only shoots where you aim it, if properly operated by a trained person and kept locked up the rest of the time. If you were to set a deadfall trap, you'd have to place signs around it warning people away, or you'd be liable for anyone who was hurt. You can't really kid anyone that you've made an IED as a hunting weapon or to remove a tree stump. It's purpose built to surprise someone and maim or kill them.
As far as I've heard, this trojan was meant to eavesdrop on communications and pick up banking credentials. It's not a tool that sysadmins use to remotely assist some naive user. Those things require the user to authorize them first.
This trojan just sneaks up on you and eavesdrops, for someone who intends to scoop out your bank account.
The court is not going after the person who wrote the compiler or assembler meant to produce it, or even the libraries it might use. It's going after an action committed with conscious bad intent.
The Kronos software was not an educational tool for people who would prevent computer penetration or a utility with some other legitimate function. It is not a hunting weapon that just happens to also be capable of shooting people. It looks like it was made to be sold to someone who would commit a crime with it, and for no other purpose.
I met DJB's parents when they were both working at Brookhaven National Labs, and got to talk with them about DJB! I distinctly remember his mom talking about his insisting on having things his own way.
I shared a ski cabin with Eric Allman's sister. Actually, it was sort of the Berkeley and Sun Unix cabin. Everybody but Bill Joy stopped in. So Eric heard from me directly that I didn't like Sendmail.
I changed a number of projects from Autotools (which I am joyous to have left) to cmake. Cmake's language design leaves something to be desired, but it is in general sane, portable, and more capable than make, and you rarely have to look at the makefile (or whatever) it generates.
Tabs descend from the manual typewriter, where they were a poor approximation to properly-formatted columnar layouts. Unfortunately now they join several other forms of white-space (because of Unicode) which are sometimes impossible to distinguish from each other. The safest thing to do is thus to only use space for horizontal spacing. Certainly software should not distinguish white-space characters differently. I'm looking at you, "Make", and yes I've heard the story about it being too late to change because there were already 12 users.
This is a reason to actually support cryptocurrency. I still have a problem with it not being actually worth anything (dollars aren't worth anything either) but I'd support it to get away from folks like Visa.
One of the key things about learning 20 WPM Morse Code was that you could no longer think of it as dots and dashes because that would slow you down. You had to recognize the entire sound of the letter as just a sound. Similarly, good readers read entire words at once, not the letters, and they don't sound anything out. Those things slow you down.
You are also ignoring the paragraph after the one you cited:
Protection Against Additional Restrictions
Usersâ(TM) freedoms cannot be protected if parties can add restrictive terms to the copyleft. The âoeno additional restrictionsâ principle is therefore unwaivable if the GPL licenses are to achieve their primary objective. GPLv2 therefore requires that the only license terms available for works based on GPLv2 works are the terms of GPLv2. GPLv3, in Â7, enumerates a few classes of permissible additional terms, to allow very limited license variations in particular circumstances. But with these exceptions, the âoeno further restrictionsâ principle applies strictly. For these reasons, acceptance requirements or ceremonies, including âoeclick to acceptâ installation routines, violate the terms of GPL.
By this interpretation, both the distributor who offered an additional term and the customer who accepted it in breach.
I should also add that SFLC's interpretation of the GPL is not binding upon anyone but SFLC, and arguably not even them. I certainly don't have to accept it or abide by it.
The infringing derivative work is not the software which the Linux developers license to people under the GPL. It is a separate work to which the GPL does not apply and to which the Linux developers hold a copyright interest and the only remedy which can permit its legal use. The Linux developers never intended to license that work, they still haven't, the GPL doesn't apply to it.
I got a copy of the agreement. It's here. It's pretty clearly in violation. The offending language is:
Notwithstanding these rights and obligations, the User acknowledges that
redistribution of the provided stable patches or changelogs outside of the explicit
obligations under the GPL to User's customers will result in termination of access
to future updates of grsecurity stable patches and changelogs.
The entire point of the langauge in section 6 of the GPL is so that another party can not cause you to negotiate away your GPL rights.
I got a copy of Grsecurity's Stable Patch Access Agreement. It's a written term, given to you before the act of distribution. It's rather imprudent of them to write it down if you ask me.
The entire point of the language against additional terms in the GPL is so that others can not negotiate with you for you to give up any of your GPL rights.
I don't think this gives you an obligation to support software you didn't provide. You are not, in that case, refusing to support the software that you did provide. In contrast, Grsecurity shuts the customer off entirely.
If you wanted to stoke the perception that GPLed code is "toxic" in yet another unhelpful and nebulous way, you couldn't have picked a better way...
Actually, all I see so far is that an intentional GPL violator's customers are not protected from that intentional violation. It's not at all clear that this is in any way different from the proprietary software licensing world, where a contributory infringement case brought on the customer rather than the vendor is a frequent strategy.
I check out the software licenses that are offered to my customers. Sometimes I red-light a proprietary software vendor because I don't believe they have the right to offer their own software. This is often obvious from their licensing. Similarly, a company should not accept a commercial issue of a GPL work if it's not sure the vendor has a right to offer the work.
I am sorry that due diligence is required, but of course the Free Software folks didn't invent this intellectual property mess.
I just copied Eben again this morning, as I'd received a copy of the Grsecurity Stable Patch Access Agreement, which I had not previously had in hand. I also included another link to my article. No word from Eben yet.
While the user may not be responsible for the sins of the distributor, this is only the case after the distributor successfully conveys the GPL to the user upon the work. I contend that the distributor never had the right to convey the GPL to the user at all upon an infringing derivative work, and that a direct grant by the kernel developers to the user is thus never triggered.
Also, keep in mind that if the user does successfully receive the GPL on a work, they must be fully in compliance (section 4) for the GPL to continue. If the "sins" of the distributor are repeated by the user, the user is not in compliance. The point here is that the user need not pay for a "sin" which they do not repeat, nor may the distributor perform a deliberate action which terminates the user's GPL rights unless the user repeats that action.
When the user receives the infringing derivative work, and when the user applies the patch, they inherit the previous infringement from the distributor. The GPL does not wash clean that infringing status for the user.
No. Merely purchasing the existing combination of code does not provide the required right and ability to supervise or control the infringing activity. You are well outside the bounds of your expertise, and it shows.
In this case, it's the reverse. I understand how the software is applied (this is why I'm an expert witness in demand) and you're out of your expertise, sorry. The customer applies the patch. That gives them control of the infringing activity.
Those portions of the original work have been licensed to the customers by the GPLv2 sec 6. The license to those portions of the original work cannot be terminated per GPLv2 sec 4. The customer is also expressly licensed to make such a combination by GPLv2 sec. 2 so long as they do not publish or distribute the combined work.
Weren't you going to ask Eben about this? Why don't you do so, and get back to me. I still don't believe they're licensed.
By the way, I got the Grsecurity agreement. They actually put down in writing how they restrict the customer's GPL rights.
Because the GPL doesn't apply to the infringing derivative work, as it terminated when it was not complied with, and Open Source Security, Inc. doesn't have a right to license it to others or to apply the GPL to it. So, the customers have a work with no valid license and the kernel developers own the only remedy that would permit its legal use.
If the customers had the GPL on that work, distribution might be relevant. They don't. Also keep in mind that distribution is not the only thing you can do to violate the GPL. You can create a derivative work that is in violation even before distribution.
Slashdot Mirror
If somewhere there is an idiot who makes a fertilizer bomb to take out a tree stump, that person is not the topic of this discussion.
There is a tendency, especially in our community, for people to attempt to logically explain their way out of fault for bad behavior. If the logic parses, they are able to convince themselves that the bad behavior is done by someone else or that they did not do it at all.
Good people should point out these rationalizations for what they are.
that should say "raised the price of Diaprim" ...
This is the Mr. Shkreli who Daraprim from $13.50 to $750/pill. Daraprim is an antiparasitic drug, used to treat pneumonia in conjunction with HIV, toxoplasmosis (sometimes called "mad cat lady disease") and another really nasty parasitic disease.
When you do stuff like that, people look really closely at whatever else you are doing.
It also led Imprimis to make a $1/pill replacement for the drug.
Well, welcome back to Slashdot then.
I think you are missing a critical distinction. Let's compare a gun and an improvised explosive device (IED). The gun can be used to keep your family fed with venison, etc. It only shoots where you aim it, if properly operated by a trained person and kept locked up the rest of the time. If you were to set a deadfall trap, you'd have to place signs around it warning people away, or you'd be liable for anyone who was hurt. You can't really kid anyone that you've made an IED as a hunting weapon or to remove a tree stump. It's purpose built to surprise someone and maim or kill them.
As far as I've heard, this trojan was meant to eavesdrop on communications and pick up banking credentials. It's not a tool that sysadmins use to remotely assist some naive user. Those things require the user to authorize them first. This trojan just sneaks up on you and eavesdrops, for someone who intends to scoop out your bank account.
The court is not going after the person who wrote the compiler or assembler meant to produce it, or even the libraries it might use. It's going after an action committed with conscious bad intent.
The Kronos software was not an educational tool for people who would prevent computer penetration or a utility with some other legitimate function. It is not a hunting weapon that just happens to also be capable of shooting people. It looks like it was made to be sold to someone who would commit a crime with it, and for no other purpose.
You get in a traffic jam on 237 at 6:05 am and tell me jobs are fleeing. To avoid traffic you need to get up at 4 AM and leave work at 1 PM.
Keep reading until you get to the Ruby Gem. The kernel patch is community service related to people messing with GPL rights.
Because I can? I don't, however, get hot under the collar about it.
I met DJB's parents when they were both working at Brookhaven National Labs, and got to talk with them about DJB! I distinctly remember his mom talking about his insisting on having things his own way.
You're not reading my blog. I have released new Free Software recently, and never stop coding.
Also, isn't this level of taking offense a bit over the top for a tabs vs. spaces argument? One would think we have bigger fish to fry.
I shared a ski cabin with Eric Allman's sister. Actually, it was sort of the Berkeley and Sun Unix cabin. Everybody but Bill Joy stopped in. So Eric heard from me directly that I didn't like Sendmail.
I changed a number of projects from Autotools (which I am joyous to have left) to cmake. Cmake's language design leaves something to be desired, but it is in general sane, portable, and more capable than make, and you rarely have to look at the makefile (or whatever) it generates.
Tabs descend from the manual typewriter, where they were a poor approximation to properly-formatted columnar layouts. Unfortunately now they join several other forms of white-space (because of Unicode) which are sometimes impossible to distinguish from each other. The safest thing to do is thus to only use space for horizontal spacing. Certainly software should not distinguish white-space characters differently. I'm looking at you, "Make", and yes I've heard the story about it being too late to change because there were already 12 users.
They are the main food of many bats, probably most of the ones we have in the US, and many fish eat the larvae.
It's sufficient to get rid of aedes aegypti and anopheles. And actually it's only 100 of 430 anopheles species that give humans disease.
This is a reason to actually support cryptocurrency. I still have a problem with it not being actually worth anything (dollars aren't worth anything either) but I'd support it to get away from folks like Visa.
I do not vocalize anything when reading.
One of the key things about learning 20 WPM Morse Code was that you could no longer think of it as dots and dashes because that would slow you down. You had to recognize the entire sound of the letter as just a sound. Similarly, good readers read entire words at once, not the letters, and they don't sound anything out. Those things slow you down.
By this interpretation, both the distributor who offered an additional term and the customer who accepted it in breach.
I should also add that SFLC's interpretation of the GPL is not binding upon anyone but SFLC, and arguably not even them. I certainly don't have to accept it or abide by it.
The infringing derivative work is not the software which the Linux developers license to people under the GPL. It is a separate work to which the GPL does not apply and to which the Linux developers hold a copyright interest and the only remedy which can permit its legal use. The Linux developers never intended to license that work, they still haven't, the GPL doesn't apply to it.
The entire point of the langauge in section 6 of the GPL is so that another party can not cause you to negotiate away your GPL rights.
I got a copy of Grsecurity's Stable Patch Access Agreement. It's a written term, given to you before the act of distribution. It's rather imprudent of them to write it down if you ask me.
The entire point of the language against additional terms in the GPL is so that others can not negotiate with you for you to give up any of your GPL rights.
I don't think this gives you an obligation to support software you didn't provide. You are not, in that case, refusing to support the software that you did provide. In contrast, Grsecurity shuts the customer off entirely.
Actually, all I see so far is that an intentional GPL violator's customers are not protected from that intentional violation. It's not at all clear that this is in any way different from the proprietary software licensing world, where a contributory infringement case brought on the customer rather than the vendor is a frequent strategy.
I check out the software licenses that are offered to my customers. Sometimes I red-light a proprietary software vendor because I don't believe they have the right to offer their own software. This is often obvious from their licensing. Similarly, a company should not accept a commercial issue of a GPL work if it's not sure the vendor has a right to offer the work.
I am sorry that due diligence is required, but of course the Free Software folks didn't invent this intellectual property mess.
I just copied Eben again this morning, as I'd received a copy of the Grsecurity Stable Patch Access Agreement, which I had not previously had in hand. I also included another link to my article. No word from Eben yet.
While the user may not be responsible for the sins of the distributor, this is only the case after the distributor successfully conveys the GPL to the user upon the work. I contend that the distributor never had the right to convey the GPL to the user at all upon an infringing derivative work, and that a direct grant by the kernel developers to the user is thus never triggered.
Also, keep in mind that if the user does successfully receive the GPL on a work, they must be fully in compliance (section 4) for the GPL to continue. If the "sins" of the distributor are repeated by the user, the user is not in compliance. The point here is that the user need not pay for a "sin" which they do not repeat, nor may the distributor perform a deliberate action which terminates the user's GPL rights unless the user repeats that action.
When the user receives the infringing derivative work, and when the user applies the patch, they inherit the previous infringement from the distributor. The GPL does not wash clean that infringing status for the user.
In this case, it's the reverse. I understand how the software is applied (this is why I'm an expert witness in demand) and you're out of your expertise, sorry. The customer applies the patch. That gives them control of the infringing activity.
Weren't you going to ask Eben about this? Why don't you do so, and get back to me. I still don't believe they're licensed.
By the way, I got the Grsecurity agreement. They actually put down in writing how they restrict the customer's GPL rights.
Because the GPL doesn't apply to the infringing derivative work, as it terminated when it was not complied with, and Open Source Security, Inc. doesn't have a right to license it to others or to apply the GPL to it. So, the customers have a work with no valid license and the kernel developers own the only remedy that would permit its legal use.
If the customers had the GPL on that work, distribution might be relevant. They don't. Also keep in mind that distribution is not the only thing you can do to violate the GPL. You can create a derivative work that is in violation even before distribution.
What if they used an NDA instead? And how is the effect any different?