The people crossing picket lines may have run afoul of BC's anti-scab law, in which case, posting their pictures is no more wrong than posting the pictures of anyone else committing a crime.
Also, crossing a picket line in public isn't a private matter - so there's no expectation of privacy, and the union can post pics.
Third (yeah, pedantic, but its Monday and I'm working on my second cup of coffee, etc...) the proper way to handle it is to go to court, not block your subscribers from visiting a site that you don't even host.
"Telus - the future is friendly - the present still sucks"
Even as a Brit I know that the Canadian Charter applies only to interactions between the government and the citizens of Canada.
Boy, are you *SO* wrong!
The Canadian Constitution is the supreme law in Canada. Everyone is subject to it. Everyone benefits from it. Doesn't matter whether its' a civil or criminal matter - all law in Canada must defer to the Constitution.
... and of course, any Telus union member who uses Telus as their ISP can ask for an investigation because Telus is interfering with communications between the union and its' members. Gotta wonder who was the mensa member who ordered the bits twiddled to block the site in the first place...
Look at the differences between a book store and Telus:
Your book store isn't a regional monopoly. Telus is.
Your book store isn't a common carrier - Telus is (but may have just jeopardized that status)
Telus isn't hosting the site - its blocking its paying customers from seeing a site critical of it - this would be like the book store physically preventing its customers from shopping elsewhere for books "because it can"
Telus - their motto is "The future is friendly" - my guess it should be changed to "Telus - The future is Telus-friendly, citizen!"
T
No, its working fine - (you may be on a line leased by Telus to a 3rd party, but Videotron (another Canadian ISP) customers can see it no problemo...
Of course, Telus just opened up a big can of worms: The Canadian Constitution (1982) guarantees freedom of expression (including on the internet) as a fundamental right:
Fundamental Freedoms
2. Everyone has the following fundamental freedoms: a) freedom of conscience and religion b) freedom of thought, belief, opinion and expression, including freedom of the press and other media of communication c) freedom of peaceful assembly d) freedom of asociaton
Seems pretty open and shut - Telus is going to get its ass wupped.
Okay - first, I learned how the law works by watching professional lawyers in court for several hundred hours, and actually considered making it a career when I was younger. Came in handy later on in life. I've had a chance to argue and win several criminal cases as well as the usual complement of civil cases. I keep up to date on what goes on in the legal field (I have a copy of the latest Code Civile in french - yes, I can do it in both languages), and also know enough about basic procedures to file writs, briefs, etc.,
the last criminal case I argued was in 1998. This was, iirc, about the 4th (they tend to come along every decade or so).
It was fun baiting the opposition, catching them in one lie after another, and getting them so enraged that they totally lost it and had to be ejected from the courtroom - twice! It was also a good exercise in debating, finding ways to get voir-dire (heresay) testimony admitted indirectly (yes, Virginia, heresay isn't admissible in court, except when it is:-) (I know, I should write a book, but who'd believe all the shit I've done:-)
That one was 4 days, and I had the time of my life. Enjoyed every minute of it. The previous one, late '80s, iirc, was less then 10 minutes. And I won that one, too, while 63 other people lost (even though they all insisted on using a lawyer instead of taking my advice. I told them I knew more about how to do a protest legally than most lawyers, but would they listen? No... So they all ended up with criminal records. Me? Nothing.). The one before that, early eighties, an hour or so. And I won that one too, without even working up much of a sweat.
This isn't including 2 lame-ass tickets that I won on constitutional grounds. in the early '80s when the Canadian constitution was all fresh and newly minted (I know, wtf - using the constitution to beat a ticket? Isn't that like using a grenade launcher to kill a fly? Yes. So what? It was quick, and it worked). And a bunch of civil cases (the last was earlier this year, and, again, I had FUN!!! and I won.) Want to win all the time? Simple. Pick. Your. Battles! Alwasy be reasonable, always offer to settle on reasonable terms if you're in the wrong (and even if you're in the right), and then, if you're in the right, kick them in the teeth if they're stupid enough to take you to court.
So, I hope that explains it a bit better, that unlike most slashdotters, I've had the opportunity to actually put my money where my mouth is, in terms of whether my interpretation of the law is better than someone elses...
Now, back on to the points that are still relevant ---
I never said that software developers can't remove functionality in future releases of the product. What they don't have is the legal right to get you to remove functionality from your system under the guise of an "update". I've posted the relevent laws in a JE at the bottom of this post.
The test for informed consent is what a reasonable person would believe. A reasonable person has no reason to expect that an update will INTENTIONALLY cripple software on his computer. So my "bitching and moaning" about their clumsy, ham-handed tactics is entirely appropriate, as what the developers did was contrary to any test of "reasonable expectations."
The developer is not "issuing a recall." A recall notice clearly states the defect, it doesn't masquerade as an "update". Besides, nobody has the right to trick (remember, there is a test for reasonableness, and this soi-disant "update" fails it) a user into rendering software functional just because the developer thinks there's a problem. Or would you then argue that Microsoft or Apple should be able to arbitrarily kill off features on your computer because of what they consider a problem?
That's what you imply with the "stability is a feature" mantra. For example, if tomorrow they decide that Firef
Well, nobody ever said that greater freedom didn't come with greater responsibility (and that greater responsibility and freedom requires more work/vigilance:-)
I could always cop out, and say that the solution is left as an exercise for the reader, but that IS a cop-out. There is no perfect solution. But some will read it on slashdot. Others on k5, or google news. And some won't for a while, until they get an email from a friend, or one of the tech newsletters they subscribe to. But isn't that the way it should work?
The developers are free to change how their program works. They are NOT free to sneak those changes onto a users computer without their **informed** consent. Two different issues.
What I actually said in my original post was:
It should be up to the individuals to decide if they want to make such significant mods to their system as purposefully crippling software.
One of the freedoms of "free as in beer" software is supposed to be that YOU control your system. (I can't believe it - I'm turning into an RMS clone!)
And, since so many people have taken me to task on this, I've backed up my claim of it being illegal in many jurisdictions in this reply in a JE (sorry the laws at the bottom of the post - I was replying to another poster... you know how these things sometimes end up with long discussions...)
What I think is preferable is what I've been saying - inform the users up front that there is a problem, and let them decide if they should remove it, work around it, or take you up on the "neutered update."
Besides, if they want to read my files, I'll just make a symlink between/dev/urandom and some interesting file names, like "latest porn collection". If you want an idea of how bad that will be for them, just run "cat/dev/urandom" in a terminal...
Nice analysis, except that I found about it from RTFA (gawd, yes, I'm actually someone who Reads The Finbe Articles. You found out my secret! Agggh! I'll have to turn in my geek card AND get a 900000-range UID! Sob:-(
All kidding aside, I wouldn't have known if I hadn't read the article. My beef wasn't with removing functionality, it was with the way it was done, and the thought processes that seemed to be behind it (at least, from what I could tell from the post that I cut-n-pasted here that started this whole thing...)
Add that to them possibly trying to make previous versions unavailable so that anyone who DID "update" and then found that they needed the previous functionality, and were now SOL... as I said originally, the whole mess doesn't sit right with me.
Lets take another case. If it were, for example, software that I was using on one of the servers here, and the distro maintainers decided to pull a shot like this it would make me start checking out other distros RSN. Its about trust, open communications, and how you handle a problem.
I mean, this message:
I found out that since Greasemonkey is distributed on addons.mozilla.org it will automatically update itself, even though I didn't put that in the code.
Neat. I'm going to upload the neutered versions at 7pm PST. It'd be great if people could poke it a little before then.
knowing that you can always revert to your old car within moments any time you so choose to."
If you look elsewhere, you'll see that there has been some discussion about getting the previous versions pulled to prevent that. Rather heavy-handed, IMO.
To answer your last question first, it ends up with reduced functionality - no more calls to the xmlhttprequest goodness a la AJAX.
The whole legal question was a side-issue that I brought up because people were missing my main point - that users have the right to know and control what is going on with their computers.
I like the way SuSE update works. I get to select what I want to install, I have all sorts of info as to what each update does, what it provides, what issues it addresses, what it needs, dependencies, increased functionality, etc.
Its what updating should be like. Quick. Easy. Informative. Under MY control.
Now, on to your first point. Even the developer/supplier has no legal right to "turn off" something on my computer without my consent. This consent can be obtained, for example, by stating up-front that it is a time-limited demo version that dies after x number of days/runs/whatever. On a side note, even then, you are not allowed to "hold a users' data hostage" - which, believe it or not, some companies tried to do as a way of keeping their customers.
By your own admission, this "update" is exceptional. It disables functionality, not a "fix", at least in all but the most exotic sense.
Shouldn't it inform you first (perhaps by presenting the changelog) before screwing things up?
When I do my updates on my SuSE system, I get to see every update, and what's been changed, and I have the option of saying "no".
I also have the option of making it completely automatic. That is my choice, and I choose to say "no".
Me, I think all updates should be this way, but at the very least, updates that are known to break things should say so before install.
But one of my beefs wasn't just that there was a problem, but with the way it was handled, as I originally posted:
------------ snippage ---------
Its the next one that people should be alarmed about.
I found out that since Greasemonkey is distributed on addons.mozilla.org it will automatically update itself, even though I didn't put that in the code.
Neat. I'm going to upload the neutered versions at 7pm PST. It'd be great if people could poke it a little before then.
It should be up to the individuals to decide if they want to make such significant mods to their system as purposefully crippling software.
If the Bitch from Redmond pulled a stunt like that, we'd be all over them like viruses on a Windows Box.
------------ snippage ---------
I keep coming back to this point, that this way of "fixing" a problem doesn't pass the "smell test" - its sleazy. As RMS says, it's about freedom, not about price. and part of freedom is that the end user should be both informed and in control, not just "well, there's an update - guess I should install it, because updates are supposed to be good for you" and cross your fingers, throw the I Ching, and hope for the best.
The lesson is to check what changes an update makes before downloading it.
As another poster suggested, a change log that the user can look at would be a great addition.
Many security holes are the result of increased functionality, so the easiest way to fix them is to remove it.
Ouch. sounds a bit like how I used to write software. Have a whole bunch of features, get as many of them done as possible, then start trimming back the ones that would break the release date.
Microsoft does this all the time.
The comparison hurts:-)
Actually, Microsoft takes care to publicize any intentional breakage (nobody can, by definition, publicize the unintentional). I think we should at least meet, if not exceed, the same level of disclosure. This is what bugs me - the "end run" around informing the user. It's a pretty prevailent problem, but there really is no excuse, and ther's no other business where this is acceptable.
As I posted in my latest JE, I think this has turned into a flame war because I think it was handled wrong, and it highlights our hypocrisy vis. the double standard in how we treat F/LOSS vs proprietary software.
Oddly enough, part of the problem is that I have a higher expectation for F/LOSS, in terms of what I expect in regards to informed consent, full disclosure, and leaving the choice up to the end user. I'm more than a bit disconcerted that most of the posters don't seem to agree.
It should be up to the individuals to decide if they want to make such significant mods to their system as purposefully crippling software.
If the Bitch from Redmond pulled a stunt like that, we'd be all over them like viruses on a Windows Box.
Purposefully breaking an app because of a possible exploit is arrogant, dishonest, alarmist, and just plain stupid. If we applied the same thinking to all other areas of our life, we wouldn't be able to do anything, paralyzed by possible fear of a possible bad meal, a potential flat tire, a possible power failure.
It was only after everyone went ape-shit (something like 15 responses one after the other, al disagreeing) that I extended the argument into the legal realm. My first concern was, and still is, that this is NOT the way to handle a bug.
It bears repeating: this is NOT the way to handle an exploit, a bug, a programmer error. Posting stuff like this:
I found out that since Greasemonkey is distributed on addons.mozilla.org it will automatically update itself, even though I didn't put that in the code.
Neat. I'm going to upload the neutered versions at 7pm PST. It'd be great if people could poke it a little before then.
... makes it sound like you don't credit your users with possessing 2 brain cells. What would be so wrong with publicizing the potential flaw, and just letting people decide for themselves whether to uninstall/install the neutered version/make their own workaround?
THAT is what gets my goat!
It has nothing to do with the potential damage of the exploit. Time and again, we've heard calls from all over that F/LOSS has to take a more responsible approach. That includes being up front about mistakes, going the full disclosure route, then empowering the USER to make the decision.
Sure, we take a credibility hit temporarily, but our long-term credibility is enhanced, not degraded, by such a course.
The examples I gave of this, such as Tylenol (poisoned pills), Wendy's (finger food) , and Coke (syringes) are, I think, examples of demonstrating to the public that you DO stand behind your product, and are willing to take the hit, if and when necessary, because you have integrity.
This is what the suits want to see. This is part of what they mean by "open-source support." but people just don't get it. They still act like they can "sneak something by", or that, if ignored, it will go away.
One of these days we're going to have a major exploit that IS widely deployed, and how we react to it is going to say more about us than how quickly we patch it. Full disclosure, with cohntrol by the now-informed end user, is the only way to go, long-term.
Like or not, the legal profession is exactly that - handled by professionals. Since you're clearly an amateur in both the legal arena and in the concepts of computer security, it's irresponsible, at best, for you to go bleating about whats illegal and whats not. You know what opinions are like.
Nice ad hominem attack, but I've probably spent more time in court than you (hundreds of hours) - and I've probably won more cases than you. And I've had the pleasure of arguing both civil and criminal cases. Some people just aren't smart enough to leave well enough alone, and every decade or so, I get to play lawyer in the criminal system again - and I always win. I'm a real prick when it comes to cross-examining certain liars on the stand, and I don't give a shit how pissed the judge gets - because for me, winning was the only thing that counts. And I win. Every time.
No provable increase in security, because no exploit has been found in the wild? Christ. Maybe you should just stay away from computers.
Again, lay off the ad hominems as a form of argument. I've been writing code for a quarter-century, so I trust my judgment more than someone who writes something like this:
I found out that since Greasemonkey is distributed on addons.mozilla.org it will automatically update itself, even though I didn't put that in the code.
Neat. I'm going to upload the neutered versions at 7pm PST. It'd be great if people could poke it a little before then.
I'm not saying there isn't a problem - just that THIS is not the way to go around fixing it. It doesn't pass the "smell test."
Now I have to agree with you about one thing:
But thats because I'm responsible about my computing habits and don't expect the little fucking computer fairy to sprinkle dust on my computer when I'm sleeping.
What I'm trying to argue here is exactly that - it is your computer, and your choice as to whether to install an update that "fixes" a potential exploit by killing off functionality, after YOU have the facts and make your own risk/benefit analysis - not the developers' in trying to say its' an update, which implies a bug fix (which this is NOT).
I'm not saying that patches that accidently kill off some feature are wrong - quite the contrary - only those that INTENTIONALLY do so, while posing as "updates".
What has surprised me is that so many people have come out against informed consent/refusal in this case. It looks more and more like the people who are saying that F/LOSS supporters have a double standard are on to something, and that disappoints me. Actually, it more than disappoints me - it pisses me off, because there's a certain amount of truth in it. I believed we had a double standard, but one where we held ourselves to higher standards than the "evil empire." Guess I was wrong on that one.
It is IRRESPONSIBLE behavior to NOT give users, via the normal upgrade path, critical security updates, even if those upgrades cripple something. And this is about as critical an update as they come. Or have you forgotten that your computer contains a lot of passwords?
Fortunately, most businesses don't run with the same mentality you're exhibiting. They DON'T automatically just roll out a "patch" for what is only a potential exploit, or one that can be worked around in other ways.
If your computer depends on the disabled functionality in the greasemonkey api, you're going to be mighty pissed. You would rather have the opportunity to work around the problem, by, for example, isolating/hardening the machines in question, rather than having them go off the air completely.
As for the Tylenol reference, there were alternative equivelent generic drugs available as a "drop-in replacement". A more apt comparison would be to, say, an operation. You are explained the risks and benefits, and then decide whether you want the "upgrade." Nobody else can make that decision for you. It's your "hardware" after all.
My whole point is that this:
I found out that since Greasemonkey is distributed on addons.mozilla.org it will automatically update itself, even though I didn't put that in the code.
Neat. I'm going to upload the neutered versions at 7pm PST. It'd be great if people could poke it a little before then.
... is NOT the way to handle the problem. the people affected aren't your average 'net users. Let them (the users) make the decision, based on their own risk/benefits analysis. Do you REALLY have an issue with that?
... and if they actually read my JEs they'll find that I was going to do a few Burma Shave "trolls", but never got around to it...
Why? Because I can't believe that anyone would be STUPID enough to try to "fix" a potential exploit in such a dumb-as way. And that, when I called "bullshit" on it, I immediately got dumped on by a bunch of syncopating knee-jerk "open source devs can do no wrong" posters who don't want us to operate to the same standards as closed-source devs? Yeah, its a flame war, all right, but its not trolling. Not in the least!
So look at the facts:
There was a "potential" - exploit. Not one in the wild. Just a possible one, that affects only a small subset of users
To reduce the damage caused by their mistake, the developer unilaterally decides that its better to cripple the software through an "update" rather than give the users the information they need to make an informed decision, and decide for themselves whether they want to continue using the functions in question
The (the developers) post on their list that they're going to intentionally cripple it through the update mechanism, doing an end-run around the whole informed consent issue, and, incidently acting illegally
So, how the fuck is this trolling? Did you see a single post with a "Burma Shave" jingle in it? No...
More Facts:
Fact: The L'Oreal case I cited was profiled on W5 almost 20 years ago. It bankrupted the IT company. Unfortunately, it's a bit before most posters time, but it established in court that developers can't unilaterally "throw the switch".:
Fact: It is YOUR RIGHT to be informed as to what the intent of any update is. Not just "this is an update that closes a potential exploit", but "this is an update that will intentionally fuck up any scripts that depend on this API, so if you need to make calls to gm_API_xxxx, don't patch"
Fact: We would all be bitching if Microsoft pulled something like this. They don't. Every patch contains an explanation to what its INTENDED (as opposed to accidental side-effects) effect is, and includes the possibility to "just say no."
Fact: We're acting like a bunch of hypocrites if we don't hold F/LOSS to the same standards of disclosure.
So, please tell us, mister A. C., just how the fuck this is a troll?
As for the mods, I don't mind taking the karma hit for speaking the truth. But if they go back through my JEs, they'll also see that Troll Tuesday has ZERO to do with "trolling" in the way that you seem to think it does, and that it's more about raising the level of debate, specifically, about challenging the conventional, knee-jerk reactions that have turned slashdot into slushpot.
Sorry, but I'm not a district attorney. It's not up to me to prosecute criminal offenses.
Maybe you shouldn't be telling people whats illegal and whats not, then.
Nice troll. What the FUCK does one have to do with the other? You really don't understand how the legal system works, do you? Extending your logic, the only people who can ever make a complaint are people in the legal profession.
you'd have to prove your position that increased security is "damaging".
No. There is a demonstrated decrease in functionality. Some scripts no longer work. This is damage. This damage was intentionally caused by an "update" that was purposefully designed to cause this specific behaviour, and didn't disclose that it would do this. Sounds just like the definition of malware to me. And there is no provable increase in security, as the "exploit" has yet to be seen in the wild.
The courts have done no such thing. In fact, they have done the opposite, in far more underhanded situations - such as Claria. Your argument, in fact, would demand that *any* update would have to be a 100% superset featurewise (and who decides exactly what a "feature" is, anyway - immunity to an enourmously dangerous exploit is a feature in my book), or else it would be "illegal".
You missed the part where I said that you have to inform the user. If you properly inform the user that functionality may be decreased/altered, and give them a chance to refuse the mod, younow have informed consent. THAT is what the courts have okayed. In this case, unilaterally deciding to reduce functionality because of a non-exploited potential exploit, passing it off as an "update", and not giving proper disclosure anre what I'm pissed about. If I pulled that shit on you,. you'd be pissed too, wouldn't you>
Would it be nice if the Firefox update feature included a mechanism for showing a changelog or whatever? Yes it would. Maybe you should go file an RFE.
Now THAT's something that makes sense! No disagreement there. This would be part of the "informed consent" I'm talking about.
Oh come on. There's nothing illegal about removing functionality from software.
Do you *really* want to defend that position?
Forget the legality for a moment - do you really want to give a third party the right to unilaterally decide that an update should intentionally bork existing functionality on your box, without first telling you that its going to do this, and then giving you the opportunity to refuse>
I assure you, every user in the world who is not insane considers "removes a vulnerability that potentially allows any website to read your hard drive" an "update".
Think:
there's a big difference between "potential" and actual.
the choice is legally mine as to whether to reduce the functionality of the software after its installed on my computer, not the developers
the decision can only be made by the end user, as only the end user is in a position to evaluate how it will impact on him/her
turning off functionality of software because of a potential exploit, without informing the user that this is what the update will do, is illegal
also assure you that if you want to engender trust among your users, removing as immediately as possible bits that would allow any website to read your hard drive is the way to do it.
No - full disclosure, then informed consent to any changes, is the only way to engender trust. Ask Tylenol (poison pils), Coke (syringes in cans), Wendys (finger food chilli). They're pros, and they did it right.
If upgrades that incidentally break features are illegal, then every single software company in the world would be in jail by now. The legal reference you are vomiting all over this comment tree has nothing whatsoever to do with what WebMonkey did today, it concerns something different.
there's a difference between an upgrade that accidently breaks features on some computers, and an "upgrade" designed specifically to disable features, again w/o proper disclosure and consent.
If you're so incredibly upset that a point release of a minor third-party extension for a minority web browser broke something minor in the process of fixing a truly huge and dangerous broken aspect of the previous point release, then the thing to do would be re-install the previous point release, not come make 30 posts whining about it on slashdot.
Again, think for 2 seconds. If Microsoft had done this, we'd be over them like flies on shit. When adware companies do this, or spammers do this, again, we're royally pissed.
So why is this situation any different - or are we really like our opponents say, just a bunch of hypocrites who believe that others have to play by the rules, but we don't?
As I pointed out elsewhere, its not a civil offense - its a criminal offense - its not up to me to sue.
As for "refund the entire purchase price", any damages have nothing to do with how much or how little you paid for it, or even whether its free.
This whole thing is NOT about whether they should be sued - its about informed consent to altering software on your computer to degrade its functionality. It is up to the individual to make that choice, after examining the options - not the developer. The developer has no legal right whatsoever to try to "sneak in" removing existing functionality under the guise of a "patch" or "fix".
Lets put it in another context. Someone fixes your car, then says "oops, I've got to make some adjustments to the repairs I made because I made a mistake." You would want to know:
what the mistake is
what the proposed fix is
... and then you decide if you want to let the person continue, or take your car elsewhere, or say "forget it - the fix will take away something else I value more."
Ah, don't you just hate ACs who are stupid enough NOT to read the whole thread?
The person thinks they're getting an update, rather than being informed, as required by LAW, that the "update" decreases functionality.
If you have an issue with this, take it up with your local congresscritter - but remember, if you allow F/LOSS developers to unilaterally sneak in degredations without informed user consent, then you also have to allow Microsoft the same liberty. Do you REALLY want that legislated into law?
The current situation, which requires disclosure and informed consent, is the best we've come up with to date.
Wrong. Damage is defined as anything that degrades the functioning of the computer. As I pointed out, this was decideded almost 20 years ago in the L'Oreal case. You can't just "turn off" a feature without first informing the user, and giving them the option of declining.
Even Microsoft is smart enough not to try this sort of shit.
Tell you what. You sue the GM developer responsible, and then I'll give a shit about your whining.
Sorry, but I'm not a district attorney. It's not up to me to prosecute criminal offenses.
Security updates that disable insecure functionality are normal and accepted.
... only after proper informed consent, not sneaking them in like this:
I found out that since Greasemonkey is distributed on
addons.mozilla.org it will automatically update itself, even though I
didn't put that in the code.
Neat. I'm going to upload the neutered versions at 7pm PST. It'd be
great if people could poke it a little before then.
... so..
Furthermore, the manual update process is at least as much an acceptance as an EULA is.
Acceptance requires that you have been informed as to what you are accepting. Your argument would allow for all trojans that people click on to be considered "acceptance" - after all, they clicked on "AnnaKorina.jpg.exe"...
It is up to the individual, once the software has been installed on their computer, to decide whether they want to disable potentially insecure features. The original author has absolutely zero rights to try to take such an action "under the radar," and the courts have taken this position time and again.
the people using greasemonkey aren't your average users - they're (hopefully) not complete n00bs. They should be able to decide, on an individual basis, whether the perceived benefits are greater than the potential risks.
Ahh - another wonderful product placement for Microsofts' next, even more (in)secure offal^Woffering :-)
Also, crossing a picket line in public isn't a private matter - so there's no expectation of privacy, and the union can post pics.
Third (yeah, pedantic, but its Monday and I'm working on my second cup of coffee, etc ...) the proper way to handle it is to go to court, not block your subscribers from visiting a site that you don't even host.
"Telus - the future is friendly - the present still sucks"
The Canadian Constitution is the supreme law in Canada. Everyone is subject to it. Everyone benefits from it. Doesn't matter whether its' a civil or criminal matter - all law in Canada must defer to the Constitution.
And, yes, I DO live in Canada.
... and of course, any Telus union member who uses Telus as their ISP can ask for an investigation because Telus is interfering with communications between the union and its' members. Gotta wonder who was the mensa member who ordered the bits twiddled to block the site in the first place ...
- Your book store isn't a regional monopoly. Telus is.
- Your book store isn't a common carrier - Telus is (but may have just jeopardized that status)
- Telus isn't hosting the site - its blocking its paying customers from seeing a site critical of it - this would be like the book store physically preventing its customers from shopping elsewhere for books "because it can"
Telus - their motto is "The future is friendly" - my guess it should be changed to "Telus - The future is Telus-friendly, citizen!" TOf course, Telus just opened up a big can of worms: The Canadian Constitution (1982) guarantees freedom of expression (including on the internet) as a fundamental right:
Seems pretty open and shut - Telus is going to get its ass wupped.the last criminal case I argued was in 1998. This was, iirc, about the 4th (they tend to come along every decade or so).
It was fun baiting the opposition, catching them in one lie after another, and getting them so enraged that they totally lost it and had to be ejected from the courtroom - twice! It was also a good exercise in debating, finding ways to get voir-dire (heresay) testimony admitted indirectly (yes, Virginia, heresay isn't admissible in court, except when it is :-) (I know, I should write a book, but who'd believe all the shit I've done :-)
That one was 4 days, and I had the time of my life. Enjoyed every minute of it. The previous one, late '80s, iirc, was less then 10 minutes. And I won that one, too, while 63 other people lost (even though they all insisted on using a lawyer instead of taking my advice. I told them I knew more about how to do a protest legally than most lawyers, but would they listen? No ... So they all ended up with criminal records. Me? Nothing.). The one before that, early eighties, an hour or so. And I won that one too, without even working up much of a sweat.
This isn't including 2 lame-ass tickets that I won on constitutional grounds. in the early '80s when the Canadian constitution was all fresh and newly minted (I know, wtf - using the constitution to beat a ticket? Isn't that like using a grenade launcher to kill a fly? Yes. So what? It was quick, and it worked). And a bunch of civil cases (the last was earlier this year, and, again, I had FUN!!! and I won.) Want to win all the time? Simple. Pick. Your. Battles! Alwasy be reasonable, always offer to settle on reasonable terms if you're in the wrong (and even if you're in the right), and then, if you're in the right, kick them in the teeth if they're stupid enough to take you to court.
So, I hope that explains it a bit better, that unlike most slashdotters, I've had the opportunity to actually put my money where my mouth is, in terms of whether my interpretation of the law is better than someone elses ...
Now, back on to the points that are still relevant ---
I never said that software developers can't remove functionality in future releases of the product. What they don't have is the legal right to get you to remove functionality from your system under the guise of an "update". I've posted the relevent laws in a JE at the bottom of this post.
The test for informed consent is what a reasonable person would believe. A reasonable person has no reason to expect that an update will INTENTIONALLY cripple software on his computer. So my "bitching and moaning" about their clumsy, ham-handed tactics is entirely appropriate, as what the developers did was contrary to any test of "reasonable expectations."
The developer is not "issuing a recall." A recall notice clearly states the defect, it doesn't masquerade as an "update". Besides, nobody has the right to trick (remember, there is a test for reasonableness, and this soi-disant "update" fails it) a user into rendering software functional just because the developer thinks there's a problem. Or would you then argue that Microsoft or Apple should be able to arbitrarily kill off features on your computer because of what they consider a problem?
That's what you imply with the "stability is a feature" mantra. For example, if tomorrow they decide that Firef
I could always cop out, and say that the solution is left as an exercise for the reader, but that IS a cop-out. There is no perfect solution. But some will read it on slashdot. Others on k5, or google news. And some won't for a while, until they get an email from a friend, or one of the tech newsletters they subscribe to. But isn't that the way it should work?
The developers are free to change how their program works. They are NOT free to sneak those changes onto a users computer without their **informed** consent. Two different issues.
What I actually said in my original post was:
One of the freedoms of "free as in beer" software is supposed to be that YOU control your system. (I can't believe it - I'm turning into an RMS clone!)And, since so many people have taken me to task on this, I've backed up my claim of it being illegal in many jurisdictions in this reply in a JE (sorry the laws at the bottom of the post - I was replying to another poster ... you know how these things sometimes end up with long discussions ...)
What I think is preferable is what I've been saying - inform the users up front that there is a problem, and let them decide if they should remove it, work around it, or take you up on the "neutered update."
Besides, if they want to read my files, I'll just make a symlink between /dev/urandom and some interesting file names, like "latest porn collection". If you want an idea of how bad that will be for them, just run "cat /dev/urandom" in a terminal ...
All kidding aside, I wouldn't have known if I hadn't read the article. My beef wasn't with removing functionality, it was with the way it was done, and the thought processes that seemed to be behind it (at least, from what I could tell from the post that I cut-n-pasted here that started this whole thing ...)
Add that to them possibly trying to make previous versions unavailable so that anyone who DID "update" and then found that they needed the previous functionality, and were now SOL ... as I said originally, the whole mess doesn't sit right with me.
Lets take another case. If it were, for example, software that I was using on one of the servers here, and the distro maintainers decided to pull a shot like this it would make me start checking out other distros RSN. Its about trust, open communications, and how you handle a problem.
I mean, this message:
... just doesn't pass the smell test.The whole legal question was a side-issue that I brought up because people were missing my main point - that users have the right to know and control what is going on with their computers.
I like the way SuSE update works. I get to select what I want to install, I have all sorts of info as to what each update does, what it provides, what issues it addresses, what it needs, dependencies, increased functionality, etc.
Its what updating should be like. Quick. Easy. Informative. Under MY control.
Now, on to your first point. Even the developer/supplier has no legal right to "turn off" something on my computer without my consent. This consent can be obtained, for example, by stating up-front that it is a time-limited demo version that dies after x number of days/runs/whatever. On a side note, even then, you are not allowed to "hold a users' data hostage" - which, believe it or not, some companies tried to do as a way of keeping their customers.
Hope this helps :-)
Shouldn't it inform you first (perhaps by presenting the changelog) before screwing things up?
When I do my updates on my SuSE system, I get to see every update, and what's been changed, and I have the option of saying "no".
I also have the option of making it completely automatic. That is my choice, and I choose to say "no".
Me, I think all updates should be this way, but at the very least, updates that are known to break things should say so before install.
But one of my beefs wasn't just that there was a problem, but with the way it was handled, as I originally posted:
I keep coming back to this point, that this way of "fixing" a problem doesn't pass the "smell test" - its sleazy. As RMS says, it's about freedom, not about price. and part of freedom is that the end user should be both informed and in control, not just "well, there's an update - guess I should install it, because updates are supposed to be good for you" and cross your fingers, throw the I Ching, and hope for the best.Actually, Microsoft takes care to publicize any intentional breakage (nobody can, by definition, publicize the unintentional). I think we should at least meet, if not exceed, the same level of disclosure. This is what bugs me - the "end run" around informing the user. It's a pretty prevailent problem, but there really is no excuse, and ther's no other business where this is acceptable.
As I posted in my latest JE, I think this has turned into a flame war because I think it was handled wrong, and it highlights our hypocrisy vis. the double standard in how we treat F/LOSS vs proprietary software.
Oddly enough, part of the problem is that I have a higher expectation for F/LOSS, in terms of what I expect in regards to informed consent, full disclosure, and leaving the choice up to the end user. I'm more than a bit disconcerted that most of the posters don't seem to agree.
My original post stated the following:
It was only after everyone went ape-shit (something like 15 responses one after the other, al disagreeing) that I extended the argument into the legal realm. My first concern was, and still is, that this is NOT the way to handle a bug.It bears repeating: this is NOT the way to handle an exploit, a bug, a programmer error. Posting stuff like this:
... makes it sound like you don't credit your users with possessing 2 brain cells. What would be so wrong with publicizing the potential flaw, and just letting people decide for themselves whether to uninstall/install the neutered version/make their own workaround?THAT is what gets my goat!
It has nothing to do with the potential damage of the exploit. Time and again, we've heard calls from all over that F/LOSS has to take a more responsible approach. That includes being up front about mistakes, going the full disclosure route, then empowering the USER to make the decision.
Sure, we take a credibility hit temporarily, but our long-term credibility is enhanced, not degraded, by such a course.
The examples I gave of this, such as Tylenol (poisoned pills), Wendy's (finger food) , and Coke (syringes) are, I think, examples of demonstrating to the public that you DO stand behind your product, and are willing to take the hit, if and when necessary, because you have integrity.
This is what the suits want to see. This is part of what they mean by "open-source support." but people just don't get it. They still act like they can "sneak something by", or that, if ignored, it will go away.
One of these days we're going to have a major exploit that IS widely deployed, and how we react to it is going to say more about us than how quickly we patch it. Full disclosure, with cohntrol by the now-informed end user, is the only way to go, long-term.
Is what I'm saying THAT far out in left field?
Now I have to agree with you about one thing:
What I'm trying to argue here is exactly that - it is your computer, and your choice as to whether to install an update that "fixes" a potential exploit by killing off functionality, after YOU have the facts and make your own risk/benefit analysis - not the developers' in trying to say its' an update, which implies a bug fix (which this is NOT).I'm not saying that patches that accidently kill off some feature are wrong - quite the contrary - only those that INTENTIONALLY do so, while posing as "updates".
What has surprised me is that so many people have come out against informed consent/refusal in this case. It looks more and more like the people who are saying that F/LOSS supporters have a double standard are on to something, and that disappoints me. Actually, it more than disappoints me - it pisses me off, because there's a certain amount of truth in it. I believed we had a double standard, but one where we held ourselves to higher standards than the "evil empire." Guess I was wrong on that one.
If your computer depends on the disabled functionality in the greasemonkey api, you're going to be mighty pissed. You would rather have the opportunity to work around the problem, by, for example, isolating/hardening the machines in question, rather than having them go off the air completely.
As for the Tylenol reference, there were alternative equivelent generic drugs available as a "drop-in replacement". A more apt comparison would be to, say, an operation. You are explained the risks and benefits, and then decide whether you want the "upgrade." Nobody else can make that decision for you. It's your "hardware" after all.
My whole point is that this:
... is NOT the way to handle the problem. the people affected aren't your average 'net users. Let them (the users) make the decision, based on their own risk/benefits analysis. Do you REALLY have an issue with that?Why? Because I can't believe that anyone would be STUPID enough to try to "fix" a potential exploit in such a dumb-as way. And that, when I called "bullshit" on it, I immediately got dumped on by a bunch of syncopating knee-jerk "open source devs can do no wrong" posters who don't want us to operate to the same standards as closed-source devs? Yeah, its a flame war, all right, but its not trolling. Not in the least!
So look at the facts:
- There was a "potential" - exploit. Not one in the wild. Just a possible one, that affects only a small subset of users
- To reduce the damage caused by their mistake, the developer unilaterally decides that its better to cripple the software through an "update" rather than give the users the information they need to make an informed decision, and decide for themselves whether they want to continue using the functions in question
- The (the developers) post on their list that they're going to intentionally cripple it through the update mechanism, doing an end-run around the whole informed consent issue, and, incidently acting illegally
So, how the fuck is this trolling? Did you see a single post with a "Burma Shave" jingle in it? NoMore Facts:
- Fact: The L'Oreal case I cited was profiled on W5 almost 20 years ago. It bankrupted the IT company. Unfortunately, it's a bit before most posters time, but it established in court that developers can't unilaterally "throw the switch".:
- Fact: It is YOUR RIGHT to be informed as to what the intent of any update is. Not just "this is an update that closes a potential exploit", but "this is an update that will intentionally fuck up any scripts that depend on this API, so if you need to make calls to gm_API_xxxx, don't patch"
- Fact: We would all be bitching if Microsoft pulled something like this. They don't. Every patch contains an explanation to what its INTENDED (as opposed to accidental side-effects) effect is, and includes the possibility to "just say no."
- Fact: We're acting like a bunch of hypocrites if we don't hold F/LOSS to the same standards of disclosure.
So, please tell us, mister A. C., just how the fuck this is a troll?As for the mods, I don't mind taking the karma hit for speaking the truth. But if they go back through my JEs, they'll also see that Troll Tuesday has ZERO to do with "trolling" in the way that you seem to think it does, and that it's more about raising the level of debate, specifically, about challenging the conventional, knee-jerk reactions that have turned slashdot into slushpot.
Forget the legality for a moment - do you really want to give a third party the right to unilaterally decide that an update should intentionally bork existing functionality on your box, without first telling you that its going to do this, and then giving you the opportunity to refuse>
Passing this off as an "update" is just wrong.
- there's a big difference between "potential" and actual.
- the choice is legally mine as to whether to reduce the functionality of the software after its installed on my computer, not the developers
- the decision can only be made by the end user, as only the end user is in a position to evaluate how it will impact on him/her
- turning off functionality of software because of a potential exploit, without informing the user that this is what the update will do, is illegal
No - full disclosure, then informed consent to any changes, is the only way to engender trust. Ask Tylenol (poison pils), Coke (syringes in cans), Wendys (finger food chilli). They're pros, and they did it right.there's a difference between an upgrade that accidently breaks features on some computers, and an "upgrade" designed specifically to disable features, again w/o proper disclosure and consent.Again, think for 2 seconds. If Microsoft had done this, we'd be over them like flies on shit. When adware companies do this, or spammers do this, again, we're royally pissed.So why is this situation any different - or are we really like our opponents say, just a bunch of hypocrites who believe that others have to play by the rules, but we don't?
As for "refund the entire purchase price", any damages have nothing to do with how much or how little you paid for it, or even whether its free.
This whole thing is NOT about whether they should be sued - its about informed consent to altering software on your computer to degrade its functionality. It is up to the individual to make that choice, after examining the options - not the developer. The developer has no legal right whatsoever to try to "sneak in" removing existing functionality under the guise of a "patch" or "fix".
Lets put it in another context. Someone fixes your car, then says "oops, I've got to make some adjustments to the repairs I made because I made a mistake." You would want to know:
The person thinks they're getting an update, rather than being informed, as required by LAW, that the "update" decreases functionality.
If you have an issue with this, take it up with your local congresscritter - but remember, if you allow F/LOSS developers to unilaterally sneak in degredations without informed user consent, then you also have to allow Microsoft the same liberty. Do you REALLY want that legislated into law?
The current situation, which requires disclosure and informed consent, is the best we've come up with to date.
Even Microsoft is smart enough not to try this sort of shit.
It is up to the individual, once the software has been installed on their computer, to decide whether they want to disable potentially insecure features. The original author has absolutely zero rights to try to take such an action "under the radar," and the courts have taken this position time and again.
the people using greasemonkey aren't your average users - they're (hopefully) not complete n00bs. They should be able to decide, on an individual basis, whether the perceived benefits are greater than the potential risks.