well, IANAL - but if you have no legal right to the money (according to the contract, admittedly) unless you agree to the contract, and you are bound by your local law not to be able to sign contracts waiving rights - do you still get the right to accept money via paypal?
First, there are no lawyers allowed in California Small Claims Court (no representation anyway, either the plaintiff or defendant can be a lawyer). Not sure about US law (as I mention once or twice:) and iirc the T&C changed recently to include the compulsory arbitration clause after a court in another state broke the old one - they seem to believe the new one is enforcable, but I imagine until it is tested in court nobody will know. In the UK at least you are permitted to "cost" your time preparing and attending a small claims court as "legal costs" although normally in the UK small claims courts do not award costs... each side pays their own
Second, "you may only sue us in our home state/county/whatever" clauses get beaten in court regularly. Specifically, there is precedent for this WRT internet companies, since even though they have no physical presence they can still be said to be doing business in another state.
I can't think of a single instance where a US court has accepted a US internet company is liable for breaking the laws (or being sued) of another *country* - and a few high-profile ones that say that US law applies to the internet regardless (IANAL so I could have missed some important ones a google search doesn't turn up:). It is possible that a US court might be more friendly to your actions if you are a (taxpaying) us citizen in another state, but of course you then have to get your judgement *enforced* in the company's home state.... I don't know how such things work across state lines in the US, but they may well get it held in stasis by claiming you didn't follow the contractually-agreed arbitration procedure...
Third, according to the T&C they can only recover costs up to $1000, not all their costs as you say, so just add $1000 to your claim to cover that (max $5000 in CASCC).
I must admit I missed the full stop in that one - probably why they expressed it as $1000.00 not just $1000:)
So yes, if you have more than $1000 at stake but less than $5000, they could only take the $1000 (and not take the lot then close your account) and you could sue then for the full original amount (plus presumably your own costs)
Finally, there are other avenues. If you don't live in CA, for example, the FTC might be very interested in what Paypal is doing with your money. As would I be. They claim to be legally your (or your clients, depending on which is convenient for them) agent; the money in limbo is either in the process of arriving in your account - or in the process of leaving theirs...
CA is also one of those states where the Better Business Beurau is actually effective, and you can easily lodge a complaint with them online. I've personally seen some truely amazing results from BBB complaints.
interesting - it might be worthwhile you posting an URL or email address that international (or out of state) readers here who may have had problems with paypal could get in contact with them though.
If they do any of the things you mention you are free to file a lawsuit against them
Actually - you aren't. go look at their T&C - you are prohibited from filing suit anywhere but in their home county in california, and further they can instead opt for arbitration; if you don't use their policy, you pre-agree they can recover all their lawyers costs directly from you (and guess where they would take that money from??)
Plus of course their T&C actually *say* they can and will do those things - the T&C are here if you want to go take a look - so odds are good they have already beaten that ground with their default arbitrators, so taking their choice would be an automatic lose; you can of course instead switch to a "Mutually agreed" arbitator, but the clock will be ticking all the time you are trying to agree one....
*shrug*
If I contribute something to a GPLed project, the copyright to that code is still *mine* - I can do what I want with my code, including selling it myself and including it in commercial code I write.
I also grant (if only implictly) a GPL *licence* for anyone using that project to do anything they want with that code - they can sell it, they can strip it out and paste it into other projects, they can do what they like - *but* they can only do that under the terms of the gpl, which says anything that uses that gpl'ed code must itself be gpled; if the original author wishes to co-licence *his* code to a commercial company for use in a closed-source product, he had better get a licence allowing that from me (and everyone else who contributed to his project) or re-write the bits we added on his own (without using our code as a reference work, which would be bloody awkward.
note the gpl is *supposed* to be this hard to work around - it isn't an accident, and Moz ducked the whole issue by switching to a licence that does allow commercial exploitation by the original owners.
I know - but I am answering CashCarStar's post here not the original question, and my argument is that it is fair for me to add a link to their reply on *their* site on request, (and for a link back to my reply to their reply) but not fair for there to be an expectation of a "reply" box right on the page (requiring backend storage, cgi and so forth)
I am not sure that is going to be enough, but it would definitely make it inconvenient for them - I know paypal claim the right to remove funds from any or all bank accounts you own (not just the ones you have registered with them) but the other side of that coin would be they would have no pre-written authority to do so, so would need to track down your alternate accounts and convince a bank to give them access - much, much harder than just doing an EFT.
I notice few of the big commercial news sites (eg CNN) have an automated comment system - some provide an email link to the author, and some provide a limited feedback section on selected news items (the bbc site does this) with the proviso that the feedback is subject to inspection and editing by the site owners before it is actually posted to the web...
If its my site, I am buggered if I am paying for the bandwidth for my competitors to give "opposing views", possibly including huge graphics and/or annoying flash animations.
However, if I say something about another company, it is only fair to provide a link to that company's reply (and of course, for that reply to contain a link to my reply to... well, you know where this is going)
Not everything uploaded is ideal for analysis and discussion - at least, not on my dime:)
They are apparently considerably more "generous" with your personal info and transaction record than a bank would be - there are horror stories out there of competitors claiming they are beginning legal action (I am not up on the american legal system, but something to do with "discovery"?) and not only getting your your ability to withdraw cash from your paypal account blocked (although of course your customers can still pay in) but a complete list of all the customers who have paid you in the last year or so, helpfully complete with Email addresses ready for spamming.... I don't know this personally, as the last time they changed their T&C (to make it a breach of contract to sue them and to require me (in england) to travel in person to califoria for arbitration (at my expense - both the travel and the cost of the arbitration) if I have a problem with their service) I closed my account. Its a pity, as they started so promisingly.
Kernel Changes Provided you know about (and design for) the GPL in advance, kernel modules *can* be closed source. Changes to prewritten modules (patches, in effect) can't be, but then you aren't doing work youself, you are just bugfixing/improving what is already there. Certainly, certain makes of car are improved by adding multifocus mirrors to them, but that doesn't allow you to claim design ownership of any cars you modify, at best you can claim the mirror.
Compiler downsize your lawyer - immediately. he is obviously unable to read and understand licences - output of a gcc compiler and the standard linux libraries are only GPL if you want them to be. you can successfully write closed source programs in almost any compiler with no licencing hangups (or nobody would use them)
Source avaliability You are not required to give any source to anyone who doesn't have a binary; therefore, only your customers can possibly request a copy (although you can't stop them passing same to your competitors, you can limit distribution; if you have a small number of customers you can also "customise" the source in order to be able to track down which customers are being a little unfaithful....
Rewrite you *really* need to change lawyers; either they should have warned you about the limitations of the GPL long before you started coding, or they should have known how to work around it for a commercial product. the written off development time (and/or rewrite time) has a commercial value you can almost certainly reclaim from them (although sueing lawyers is often a exercise in futility)
If nothing else, some *big* names are releasing under custom linuxen - and I am sure Oracle would have a problem or two with giving away their source to any customer who asks!
Bearing in mind of course that, unless your contributors assign copyright to you for their patches, you can't sell (for inclusion into a commercial product) anything but your own buggy original code.
Of course, this is the same problem NS had, hence the Moz licence explicitly states patches are backlicenced to the original team for commercial exploitation without source if they choose.
Unfortunately, there are two sorts of "product" that are suited to the commercial world that awaits you outside of schooling.
The first type is a cookie-cut worker who will put in his 9-5 for minimum wage (without even thinking the word "union") then take his pay and spend it on whatever fad advertising tells him he can't live without
The second type goes on to university, performs useful research and/or innovates to fuel the next generation of fads (under the exclusive contract-locked control of the market leaders in those areas of course - which is why universities are so keen on retaining patents or copyright to work done by the students *paying* to be there)
There seems to be absolutely no attempt to promote the second type - perhaps those pushing for more corporate involvement assume that those who actually can think will manage to do so anyhow, and they can concentrate on "optimising" the development of the rest of the crowd into the former type?
Try posting something pro-microsoft and see how much strift you get from slashdotters (and ms *must* have done something right in the last ten years, although possibly accidentally; they are sueing spammers for instance:)
That isn't entirely a bad thing - There is draft European legislation to mandate that - if requested, any web page or blog entry be amended to include a link to the requester's counter-comment.
I suggest the text "And if you want to know what PR-spun bullshit this firm uses to justify this, click >here" be used:)
Given the extent to which various forces act on the big commercial media companies, Surely it makes more sense to doubt almost all media coverage in isolation? compare Fox/CNN with Indymedia with the BBC with various web blogs from people who are *there* and then come to your own conclusions.... each of those sources will be biassed (either by the opinions of their owners or their governments) but by comparing enough sources you might find a germ of truth somewhere....
I do think that companies that use opensource projects should be willing to kick back some profit sharing to the actual developers and offer to hire the developers if they can afford to do so.
Agreed - if your company is using $FOO to the extent you rely on its continued existence for your company's continued existence (and Embedix is about the only product that company has that is worthwhile:) then you must by definition have at least one full-time staff member dealing with it. Why shouldn't that staff member be the core developer? its not is if you can claim someone else is better qualified for the job:)
The main one is that they are desperate not to get involved in any sort of money-laundering or porn scam - to the point that a single complaint (even anonymous) can get an account (potentially containing thousands of dollars) "frozen" until you prove your innocence; sometimes they just won't give a reason, and your money is just locked for months while they perform their own investigations.
The second is an extension - paypal reserve the right to pull cash directly from any bank account or CC you give them if (in *their* opinion) they are justified in doing so. you get no appeal from them and there is no regulatory body to complain to (paypal are careful to stay outside of the criteria that would make them a regulated bank; they are simply "agents" for the financial transactions, although exactly how that works if you have $20,000 in their possession (paid by your customers but not forwarded to you) for months at their whim is a little difficult for me to figure..)
There are other issues (like the privacy ones) but those are the main two.
Seems ok until you consider the effect on an individual's website. The true power of the web is that anyone can publish thier thoughts. Imagine you critize a company that you had a bad experience with on your personal website. Imagine them shutting you down because you didn't allow them to counter. Most ISPs will do that *anyhow* - on a simple lawyers letter saying the site is defamatory and/or contains copyrighted material of their client
Or, you allow them to reply, but they then create a reply that voilates your bandwidth TOS. Either way you're off the net. Your single voice will be stifled. A link to a reply is apparently acceptable - you could just insist they host their own reply, and provide you with an url....
This particular bottle of snakeoil was discussed here back when they first announced it in 1998; also when they announced it again in 1999 Cryptogram chose to use it as a sterling example of snakeoil; when they announced it yet again in 2000 and 2001, we seemed to have gotten bored with it.
No doubt it is the "anti terrorist yet homeland security friendly edition" this time around.
Single DES can be cracked by a specialised machine in under a day.
DES is computationally expensive - you could, for little extra design effort, use a *decent* encryption algo (CAST, or the new AES) that at todays level of technology could not be broken in the expected lifetime of the earth. DES was designed weak enough for TLAs to crack...
how is this revolutionary (other than the pun)?
I remember having a toy plane with fans instead of wings when I was a kid.... and that was a lot of years ago now.
OTP is provably secure, easy to impliment (you can do it with a pencil and paper if you need to - try that with RSA) and gets reinvented at least once a week.
however, nobody ever uses it outside of very specialised setups (like embassies for high-security traffic). Why? because it is too hindering awkward actually to use. for any given message, you need to *already* have a shared pad with your correspondent of equal size to the message; the security of the scheme then devolves to the security of that pad - if anyone has copied it (either enroute to you or after you got it) it is broken. Few people can provide a provably-secure transportation method (really only a trusted courier with a sealed, tamperproof container will do) for the key material.
Slashdot Mirror
well, IANAL - but if you have no legal right to the money (according to the contract, admittedly) unless you agree to the contract, and you are bound by your local law not to be able to sign contracts waiving rights - do you still get the right to accept money via paypal?
Not sure about US law (as I mention once or twice
Second, "you may only sue us in our home state/county/whatever" clauses get beaten in court regularly. Specifically, there is precedent for this WRT internet companies, since even though they have no physical presence they can still be said to be doing business in another state. :). It is possible that a US court might be more friendly to your actions if you are a (taxpaying) us citizen in another state, but of course you then have to get your judgement *enforced* in the company's home state.... I don't know how such things work across state lines in the US, but they may well get it held in stasis by claiming you didn't follow the contractually-agreed arbitration procedure...
I can't think of a single instance where a US court has accepted a US internet company is liable for breaking the laws (or being sued) of another *country* - and a few high-profile ones that say that US law applies to the internet regardless (IANAL so I could have missed some important ones a google search doesn't turn up
Third, according to the T&C they can only recover costs up to $1000, not all their costs as you say, so just add $1000 to your claim to cover that (max $5000 in CASCC). :)
I must admit I missed the full stop in that one - probably why they expressed it as $1000.00 not just $1000
So yes, if you have more than $1000 at stake but less than $5000, they could only take the $1000 (and not take the lot then close your account) and you could sue then for the full original amount (plus presumably your own costs)
Finally, there are other avenues. If you don't live in CA, for example, the FTC might be very interested in what Paypal is doing with your money.
As would I be. They claim to be legally your (or your clients, depending on which is convenient for them) agent; the money in limbo is either in the process of arriving in your account - or in the process of leaving theirs...
CA is also one of those states where the Better Business Beurau is actually effective, and you can easily lodge a complaint with them online. I've personally seen some truely amazing results from BBB complaints.
interesting - it might be worthwhile you posting an URL or email address that international (or out of state) readers here who may have had problems with paypal could get in contact with them though.
If they do any of the things you mention you are free to file a lawsuit against them Actually - you aren't. go look at their T&C - you are prohibited from filing suit anywhere but in their home county in california, and further they can instead opt for arbitration; if you don't use their policy, you pre-agree they can recover all their lawyers costs directly from you (and guess where they would take that money from??)
Plus of course their T&C actually *say* they can and will do those things - the T&C are here if you want to go take a look - so odds are good they have already beaten that ground with their default arbitrators, so taking their choice would be an automatic lose; you can of course instead switch to a "Mutually agreed" arbitator, but the clock will be ticking all the time you are trying to agree one....
If I contribute something to a GPLed project, the copyright to that code is still *mine* - I can do what I want with my code, including selling it myself and including it in commercial code I write.
I also grant (if only implictly) a GPL *licence* for anyone using that project to do anything they want with that code - they can sell it, they can strip it out and paste it into other projects, they can do what they like - *but* they can only do that under the terms of the gpl, which says anything that uses that gpl'ed code must itself be gpled; if the original author wishes to co-licence *his* code to a commercial company for use in a closed-source product, he had better get a licence allowing that from me (and everyone else who contributed to his project) or re-write the bits we added on his own (without using our code as a reference work, which would be bloody awkward.
note the gpl is *supposed* to be this hard to work around - it isn't an accident, and Moz ducked the whole issue by switching to a licence that does allow commercial exploitation by the original owners.
I know - but I am answering CashCarStar's post here not the original question, and my argument is that it is fair for me to add a link to their reply on *their* site on request, (and for a link back to my reply to their reply) but not fair for there to be an expectation of a "reply" box right on the page (requiring backend storage, cgi and so forth)
I am not sure that is going to be enough, but it would definitely make it inconvenient for them - I know paypal claim the right to remove funds from any or all bank accounts you own (not just the ones you have registered with them) but the other side of that coin would be they would have no pre-written authority to do so, so would need to track down your alternate accounts and convince a bank to give them access - much, much harder than just doing an EFT.
I notice few of the big commercial news sites (eg CNN) have an automated comment system - some provide an email link to the author, and some provide a limited feedback section on selected news items (the bbc site does this) with the proviso that the feedback is subject to inspection and editing by the site owners before it is actually posted to the web...
However, if I say something about another company, it is only fair to provide a link to that company's reply (and of course, for that reply to contain a link to my reply to... well, you know where this is going) Not everything uploaded is ideal for analysis and discussion - at least, not on my dime :)
check out the leaf project at sourceforge - its a fork of lrp, and the bering sub-branch in particular has 2.4+freeswan+shorewall(firewalling)
They are apparently considerably more "generous" with your personal info and transaction record than a bank would be - there are horror stories out there of competitors claiming they are beginning legal action (I am not up on the american legal system, but something to do with "discovery"?) and not only getting your your ability to withdraw cash from your paypal account blocked (although of course your customers can still pay in) but a complete list of all the customers who have paid you in the last year or so, helpfully complete with Email addresses ready for spamming.... I don't know this personally, as the last time they changed their T&C (to make it a breach of contract to sue them and to require me (in england) to travel in person to califoria for arbitration (at my expense - both the travel and the cost of the arbitration) if I have a problem with their service) I closed my account. Its a pity, as they started so promisingly.
- Kernel Changes
- Compiler
- Source avaliability
- Rewrite
If nothing else, some *big* names are releasing under custom linuxen - and I am sure Oracle would have a problem or two with giving away their source to any customer who asks!Provided you know about (and design for) the GPL in advance, kernel modules *can* be closed source. Changes to prewritten modules (patches, in effect) can't be, but then you aren't doing work youself, you are just bugfixing/improving what is already there. Certainly, certain makes of car are improved by adding multifocus mirrors to them, but that doesn't allow you to claim design ownership of any cars you modify, at best you can claim the mirror.
downsize your lawyer - immediately. he is obviously unable to read and understand licences - output of a gcc compiler and the standard linux libraries are only GPL if you want them to be. you can successfully write closed source programs in almost any compiler with no licencing hangups (or nobody would use them)
You are not required to give any source to anyone who doesn't have a binary; therefore, only your customers can possibly request a copy (although you can't stop them passing same to your competitors, you can limit distribution; if you have a small number of customers you can also "customise" the source in order to be able to track down which customers are being a little unfaithful....
you *really* need to change lawyers; either they should have warned you about the limitations of the GPL long before you started coding, or they should have known how to work around it for a commercial product. the written off development time (and/or rewrite time) has a commercial value you can almost certainly reclaim from them (although sueing lawyers is often a exercise in futility)
Bearing in mind of course that, unless your contributors assign copyright to you for their patches, you can't sell (for inclusion into a commercial product) anything but your own buggy original code.
Of course, this is the same problem NS had, hence the Moz licence explicitly states patches are backlicenced to the original team for commercial exploitation without source if they choose.
The first type is a cookie-cut worker who will put in his 9-5 for minimum wage (without even thinking the word "union") then take his pay and spend it on whatever fad advertising tells him he can't live without
The second type goes on to university, performs useful research and/or innovates to fuel the next generation of fads (under the exclusive contract-locked control of the market leaders in those areas of course - which is why universities are so keen on retaining patents or copyright to work done by the students *paying* to be there)
There seems to be absolutely no attempt to promote the second type - perhaps those pushing for more corporate involvement assume that those who actually can think will manage to do so anyhow, and they can concentrate on "optimising" the development of the rest of the crowd into the former type?
Try posting something pro-microsoft and see how much strift you get from slashdotters (and ms *must* have done something right in the last ten years, although possibly accidentally; they are sueing spammers for instance :)
That isn't entirely a bad thing - There is draft European legislation to mandate that - if requested, any web page or blog entry be amended to include a link to the requester's counter-comment. :)
I suggest the text "And if you want to know what PR-spun bullshit this firm uses to justify this, click >here" be used
Given the extent to which various forces act on the big commercial media companies, Surely it makes more sense to doubt almost all media coverage in isolation? compare Fox/CNN with Indymedia with the BBC with various web blogs from people who are *there* and then come to your own conclusions.... each of those sources will be biassed (either by the opinions of their owners or their governments) but by comparing enough sources you might find a germ of truth somewhere....
I do think that companies that use opensource projects should be willing to kick back some profit sharing to the actual developers and offer to hire the developers if they can afford to do so. :) then you must by definition have at least one full-time staff member dealing with it. Why shouldn't that staff member be the core developer? its not is if you can claim someone else is better qualified for the job :)
Agreed - if your company is using $FOO to the extent you rely on its continued existence for your company's continued existence (and Embedix is about the only product that company has that is worthwhile
The main one is that they are desperate not to get involved in any sort of money-laundering or porn scam - to the point that a single complaint (even anonymous) can get an account (potentially containing thousands of dollars) "frozen" until you prove your innocence; sometimes they just won't give a reason, and your money is just locked for months while they perform their own investigations.
The second is an extension - paypal reserve the right to pull cash directly from any bank account or CC you give them if (in *their* opinion) they are justified in doing so. you get no appeal from them and there is no regulatory body to complain to (paypal are careful to stay outside of the criteria that would make them a regulated bank; they are simply "agents" for the financial transactions, although exactly how that works if you have $20,000 in their possession (paid by your customers but not forwarded to you) for months at their whim is a little difficult for me to figure..)
There are other issues (like the privacy ones) but those are the main two.
Most ISPs will do that *anyhow* - on a simple lawyers letter saying the site is defamatory and/or contains copyrighted material of their client
Or, you allow them to reply, but they then create a reply that voilates your bandwidth TOS. Either way you're off the net. Your single voice will be stifled.
A link to a reply is apparently acceptable - you could just insist they host their own reply, and provide you with an url....
No doubt it is the "anti terrorist yet homeland security friendly edition" this time around.
In watford's opinion, open means "for personal use, where personal means you aren't employed by any commercial, non-commercial or government body"
I have trouble considering this open :(
Single DES can be cracked by a specialised machine in under a day.
DES is computationally expensive - you could, for little extra design effort, use a *decent* encryption algo (CAST, or the new AES) that at todays level of technology could not be broken in the expected lifetime of the earth. DES was designed weak enough for TLAs to crack...
how is this revolutionary (other than the pun)?
I remember having a toy plane with fans instead of wings when I was a kid.... and that was a lot of years ago now.
Bruce Schneier's take on this from the ever-excellent cryptogram is here:
Full Disclosure Article
OTP is provably secure, easy to impliment (you can do it with a pencil and paper if you need to - try that with RSA) and gets reinvented at least once a week.
however, nobody ever uses it outside of very specialised setups (like embassies for high-security traffic). Why? because it is too hindering awkward actually to use. for any given message, you need to *already* have a shared pad with your correspondent of equal size to the message; the security of the scheme then devolves to the security of that pad - if anyone has copied it (either enroute to you or after you got it) it is broken. Few people can provide a provably-secure transportation method (really only a trusted courier with a sealed, tamperproof container will do) for the key material.