His arguments are those of a layman, not a lawyer. If you're going to sue you'd better have a lawyer that agrees with you.
Some examples:
* All it really says is that you can do whatever you like but anything built on top of the GPL must be GPL itself. That's the crux of it.
Sorry Matt, but you're wrong. A script can run lots of GPL'd programs yet not be GPL'd.
* Also, the Nintendo case, or whatever, which I think was from the 1980s or 1990s, has nothing to do with GPL.
Sorry again Matt, but they don't have to be about the GPL to be relevant. Those cases have to do with what are and are not derivative works, that's fundamental to the GPL and thus those cases are entirely relevant.
* I think just one way to test it is, you know, take a screenshot of a website running WordPress without Thesis and then take a screenshot of a website running Thesis without WordPress. It would be a blank screen. It wouldn't work. That's just a very simple test.
BFD Matt. You don't WTF you're talking about. That has NOTHING to do with whether the GPL applies or not.
Matt may ultimately prevail in a lawsuit, but his lawyer damned well better make better arguments than Matt is making here.
"MySQL Outpacing Oracle Among Eclipse Developers In Wake of Acquisition"
Of course, that headline isn't particularly newsworthy. As the article cited states "it would be a stretch to say that these results from the 457 respondents represent the overall market".
1. You own the code created prior to you beginning work for the university.
2. You and the university co-own the final code (as it was derived from your code) UNLESS some employment agreement you signed gave them sole ownership when you began work (unlikely).
3. And yes, absolutely the university can not release the source even if it uses GPL libraries. People constantly get this wrong. The university is only required to release the source to the project if it DISTRIBUTES the code outside of the university. And then it need only distribute the code (or least offer to distribute the code) to those whom it distributed binaries. It is not obligated to distribute the source to the general public, at least not because of the GPL.
Companies can still protect themselves to a degree via documenting even if they don't file. If it ever goes to court a small company is at such a disadvantage anyway because of the cost that I think this isn't really that big a deal.
One thing it would change is that small companies with cool IP but no sales look less interesting as acquisition targets.
The length of the submission isn't the concern, the quality is. And even if it was a high quality description that does not mean he included everything needed to reproduce the problem. Often times a user does not understand the implementation enough to know what is relevant and what is not.
"I've had other vendors demand I spend time helping them understand the issue, basically consulting for free for them. Have you ever knocked on a neighbor's door to tell them they left their headlights on? Did they then require you to cook them dinner? Exactly..."
You say it happens, they can't reproduce it. Thus, you have to help them understand what it is you're doing. It's not unusual for people to think they've found a bug when they in fact have not.
"Some said the law applies to SF just because they host the projects. If the law was strict to this level then the whole internet should be banned to these countries."
The law IS that strict. And no, the whole internet should not be banned. This is about encryption, not information.
But my company does contractually forbid GPL software being included in any software written for use in our products.
Your problem is easily solved by just modifying the existing license to forbid redistribution of the source code. That would make the license no longer open source.
"Being that the case is that when a zero-day exploit is published big names are able to respond within hours I'll bet that yes, a month or two is quit enough."
You lose the bet.
I work for one of those "big names" and I can tell you unequivocally it ain't enough time. And a few hours? You obviously have no fucking clue what you're talking if you write such nonsense.
It can take more than a few hours just to do a full BUILD of a product. Running even a small test matrix can take a day. Running the full test matrix often takes over a week. And that doesn't even count the time to find the bug and fix it which can take much longer in complicated cases.
You may only write "hello, world" software and yes, finding a bug in that kind of project doesn't take much time. In real world software, with millions of lines of code, it's more difficult.
While I don't blame them for releasing two year old vulnerabilities, they're going too far by not giving firms ANY TIME to fix vulnerabilities. Give them six months and then release them, but give them time. This does as great a disservice to users as those firms do by not fixing the vulnerabilities.
Slashdot Mirror
His arguments are those of a layman, not a lawyer. If you're going to sue you'd better have a lawyer that agrees with you.
Some examples:
* All it really says is that you can do whatever you like but anything built on top of the GPL must be GPL itself. That's the crux of it.
Sorry Matt, but you're wrong. A script can run lots of GPL'd programs yet not be GPL'd.
* Also, the Nintendo case, or whatever, which I think was from the 1980s or 1990s, has nothing to do with GPL.
Sorry again Matt, but they don't have to be about the GPL to be relevant. Those cases have to do with what are and are not derivative works, that's fundamental to the GPL and thus those cases are entirely relevant.
* I think just one way to test it is, you know, take a screenshot of a website running WordPress without Thesis and then take a screenshot of a website running Thesis without WordPress. It would be a blank screen. It wouldn't work. That's just a very simple test.
BFD Matt. You don't WTF you're talking about. That has NOTHING to do with whether the GPL applies or not.
Matt may ultimately prevail in a lawsuit, but his lawyer damned well better make better arguments than Matt is making here.
Defective phones and lies about it?
Yeah, just look at the Internet. Oh
Oh wait...
"MySQL Outpacing Oracle Among Eclipse Developers In Wake of Acquisition"
Of course, that headline isn't particularly newsworthy. As the article cited states "it would be a stretch to say that these results from the 457 respondents represent the overall market".
"getting Red Hat to $5 billion meant 'replacing $50 billion of revenue'"
Cow manure. Red Hat isn't one tenth the cost of proprietary software, not even close.
The real problems are:
1. It's hard to scale services.
2. You have to have the demand for the services.
3. In nearly all cases, proprietary solutions have first mover advantages.
1. You own the code created prior to you beginning work for the university.
2. You and the university co-own the final code (as it was derived from your code) UNLESS some employment agreement you signed gave them sole ownership when you began work (unlikely).
3. And yes, absolutely the university can not release the source even if it uses GPL libraries. People constantly get this wrong. The university is only required to release the source to the project if it DISTRIBUTES the code outside of the university. And then it need only distribute the code (or least offer to distribute the code) to those whom it distributed binaries. It is not obligated to distribute the source to the general public, at least not because of the GPL.
Companies can still protect themselves to a degree via documenting even if they don't file. If it ever goes to court a small company is at such a disadvantage anyway because of the cost that I think this isn't really that big a deal.
One thing it would change is that small companies with cool IP but no sales look less interesting as acquisition targets.
> Sue them
On what grounds? They didn't do what he wanted them to do?
The length of the submission isn't the concern, the quality is. And even if it was a high quality description that does not mean he included everything needed to reproduce the problem. Often times a user does not understand the implementation enough to know what is relevant and what is not.
"I've had other vendors demand I spend time helping them understand the issue, basically consulting for free for them. Have you ever knocked on a neighbor's door to tell them they left their headlights on? Did they then require you to cook them dinner? Exactly..."
You say it happens, they can't reproduce it. Thus, you have to help them understand what it is you're doing. It's not unusual for people to think they've found a bug when they in fact have not.
Excellent points.
Sadly, I doubt the politicians will see it that way. They'll be more interested in campaign contributions than in doing what's right.
But my company is still using IE6 as its standard browser. IE6 ain't dead yet...
Of course not. It's total BS.
All you need for evidence is the readdir bug that began in BSD and was for around 25 years.
"Some said the law applies to SF just because they host the projects. If the law was strict to this level then the whole internet should be banned to these countries."
The law IS that strict. And no, the whole internet should not be banned. This is about encryption, not information.
"`Sanctions` are acts of WAR"
Don't be silly.
"Anonymity is a shield from the tyranny of the majority."
Of course, Scalia and Thomas disagreed.
I'd love to see a static code analysis tool for C/C++ that was as good as FindBugs.
"Is that even legal?"
Of course it is. What a silly question.
But my company does contractually forbid GPL software being included in any software written for use in our products.
Your problem is easily solved by just modifying the existing license to forbid redistribution of the source code. That would make the license no longer open source.
"Being that the case is that when a zero-day exploit is published big names are able to respond within hours I'll bet that yes, a month or two is quit enough."
You lose the bet.
I work for one of those "big names" and I can tell you unequivocally it ain't enough time. And a few hours? You obviously have no fucking clue what you're talking if you write such nonsense.
It can take more than a few hours just to do a full BUILD of a product. Running even a small test matrix can take a day. Running the full test matrix often takes over a week. And that doesn't even count the time to find the bug and fix it which can take much longer in complicated cases.
You may only write "hello, world" software and yes, finding a bug in that kind of project doesn't take much time. In real world software, with millions of lines of code, it's more difficult.
"if they've contacted the vendor and the vendor hasn't patched it in a month or two"
A month or two is not enough time.
While I don't blame them for releasing two year old vulnerabilities, they're going too far by not giving firms ANY TIME to fix vulnerabilities. Give them six months and then release them, but give them time. This does as great a disservice to users as those firms do by not fixing the vulnerabilities.
He wants to build another business on MySQL and force Oracle into letting him do it.
This is greed masquerading as virtue.
"Jail for a website?"
Damn, not only can you not read the article, you can't even bother to read the summary.
Ah, Republicans hate it when a Dem starts giving back what they've been shoveling for years now...