Gov't Contractor Uses Copyright, Fear Of Hackers To Get Restraining Order Against Open Source Developer
from the the-same-goddamn-hammers-used-every-time dept
A recent copyright infringement (+ "threat to national security") lawsuit filed by a government contractor against its former employee highlights two terms the government frequently fears: open source and hacking.
Open source software (especially free open source software) is often portrayed by government officials as inherently unsafe to deploy. If anyone can see the source code then surely anyone can exploit it, they state. This is institutional resistance is aided greatly by companies like Microsoft who would prefer to see lucrative software licensing contracts continue indefinitely. Not that "closed source" software is any more secure, as Microsoft itself (along with Adobe) can certainly attest. But that irrational fear remains, and greatly hinders the adoption of open source software by government agencies.
Hacking is another of the government's favorite boogeymen. The oft-abused CFAA has turned exploration of software and systems into a crime. The government uses the words "hacking" and "hacker" almost exclusively to denote criminal activities and criminals. This continues long after the words have entered the mainstream to reflect positive activities. (See also: the extremely popular Lifehacker website; any number of events with the word "-hack" appended that result in extremely constructive outcomes.)
Andreas Schou brought this restraining order granted by an Idaho judge to many people's attention on Google+. (H/T to unnamed Techdirt reader for the submission.) It's an ultra-rare "no notice" restraining order that resulted from a wholly ex parte process involving only the plaintiff, government contractor Battelle Energy Alliance. The restraining order allowed Battelle to seize its former employee's computer, as well as prevent him from releasing the allegedly copied software as open source.
Schou details how he heard about the case.
Yesterday afternoon, my good friend (and former client) got a panicked call from his wife. Attorneys for the government contractor he formerly worked for had showed up at his door with some sort of order, demanding to be let in to seize his computers. While his wife was held out on the lawn by private attorneys, the contractor's counsel tried to call in the sheriff to -- I guess -- break down his door.The arguments made in Battelle's original complaint were bought almost in their entirety by Judge B. Lynn Winmill. Battelle claims copyright infringement, citing Corey Thuen's software, Visdom, resembles its own Sophia software. As evidence of this, it offers the following:
My first thought, obviously, was: this is all some sort of misunderstanding. Because Corey [Thuen] -- who's a professional security researcher -- has worked for the government his entire career, both at the FBI and as a security researcher specializing in SCADA systems, cyberterrorism, and critical infrastructure. He's a straight-laced, church-attending guy with three kids and an admittedly strange job.
And here's what he's been accused of: threatening national security by open-sourcing a network visualization and whitelisting tool.
- Thuen worked on Sophia and had access to the code.Battelle also points out that Thuen's company, Southfork, made a bid to license Sophia but withdrew it a short while later, inferring that Thuen's allegedly infringing copy made licensing software an unneeded expense. (Thuen's response claims that Southfork withdrew its bid when it became apparent Battelle wasn't interested in pursuing an open source option.)
- Visdom's name is remarkably similar to Sophia. (The short version: Sophia is the goddess of wisdom. Wisdom/VISDOM.)
- There's no way Thuen could have come up with his own program in such a short period of time without copying substantial amounts of Sophia's code.
Schou points out that if Battelle had done any due diligence, it would have realized that its infringement claim -- especially the claim that Thuen couldn't have created competing software in that time frame without copying Sophia -- is just plain wrong.
Somehow, despite spending a great deal of money on a BigLaw firm and getting an unprecedented ex parte order for the seizure of critical business infrastructure, they didn't check Github. And if they had, they'd have found out that the open-source project is built in a different language, using open libraries. They'd have been able to check the code commits to look at the period the software was written in.
And they wouldn't have sued to begin with.Thuen breaks it down even more simply in his response:
Visdom, unlike Sophia, makes heavy use of third party open source libraries to accomplish many of the tasks for which the Sophia development team had to write code ourselves. An example for illustration: as part of my work on Sophia, I created a scrollbar from scratch, which means I had to implement the click and drag behavior (along with buttons) that causes a scrollbar to do what the average user expects a scrollbar to do. Visdom, on the other hand, builds on top of other, third party components that make scrollbars inherent. In other words, on Sophia development I spent significant time creating basic components to a user interface, whereas Visdom did not require such efforts. Visdom's heavy use of open source libraries facilitated its development in a matter of several months.As Schou states, it's also written in a completely different coding language. Battelle and its representation may think it's just a simple copy-paste job to "port" software from one language to another, but Thuen dismantles this misperception.
Visdom was written in HTML, Javascript, and Go. As previously mentioned, Sophia was written in C. Visdom is not a translation of Sophia from C to the languages in which Visdom is written. We did not have the Sophia code when we created Visdom.What the judge determined to be "adequate circumstantial evidence" to justify ordering a no-notice restraining order (which included the seizure of Thuen's computer -- because he's a "hacker" -- more on that in a bit) completely falls apart when confronted with technical knowledge and observable facts.
Further, a program written in one programming language cannot be cut-and-pasted into another programming language. Programming languages have different lexicographical grammars. As an example, if I'm writing code in C I have to deal with memory management; I have to keep track of the resources used by my programs. Javascript has no such concept, and any C code that does these functions would be impossible to translate into Javascript. Further, Javascript is an interpreted language and C is a compiled language. In other words, C creates software that runs on hardware, whereas Javascript creates software that runs in programs that run on hardware.
No two programmers who translate from one language to another, or from C to Javascript in particular, would produce the same output for any complex program. Those two languages, and their paradigms, are incompatible. A program written in C will inherently solve the problem to which it is directed in a different way than a program directed at the same problem but written in Javascript.
In developing Visdom, I specifically avoided any code, modules, sequences, routines, structures, screenshots, or any other materials that may have constituted some part of Sophia, based on my knowledge of Sophia as of the end of my access to it on or about August 2, 2012. Visdom is intended to solve the same problems as Sophia, but it is not a copy of Sophia, just as an electric car is not a copy of a gas-powered car simply because both are used for the same purpose.
Thuen's project is still listed at github where anyone can view related information, including development time, commits and, most importantly, the source code itself, where anyone with the technical knowledge would have seen that a) it pulled from other sources to speed production and b) is written in a completely different language.
Unfortunately, Battelle also abused the term "hacking" to justify the seizure of Thuen's computer without notice. Its arguments in the original complaint quotes one of its own employees in support of its "if we notify him, he'll just wipe the hard drive" theory. The court cites this in its justification of the ex parte restraining order
[B]attelle asserts that defendants are likely to wipe the hard drives on Thuen's computer, thus destroying direct evidence of wrongdoing. Battelle suggests that either of these actions would render further prosecution of the lawsuit fruitless...The supposedly damning declaration by Thuen comes from Southfork's home page.
The Court finds it significant that defendants are self-described hackers, who say, "We like hacking things and we don't want to stop."
A well-known characteristic of hackers is that they cover their tracks… This makes it likely that defendant Thuen will delete material on the hard drive of his computer that could be relevant to this case...
The Court has struggled over the issue of allowing the copying of the hard drive. This is a serious invasion of privacy and is certainly not a standard remedy, as the discussion of the case law above demonstrates. The tipping point for the Court comes from evidence that the defendants - in their own words - are hackers. By labeling themselves this way, they have essentially announced that they have the necessary computer skills and intent to simultaneously release the code publicly and conceal their role in that act. And concealment likely involves the destruction of evidence on the hard drive of Thuen's computer. For these reasons, the Court finds this is one of the very rare cases that justifies seizure and copying of the hard drive.
We're pretty good at hacking things. The idea is:Southfork will test system security when hired by a company specifically for that purpose. Battelle's filing attempts to spin Southfork's technical knowledge into a purely evil thing. According to Battelle, hackers are always adversaries, even when the company's own front page statement proclaims otherwise. Just because the knowledge is there doesn't mean it will only be deployed to cause damage. Thuen's response points out the flaw in this reasoning.
Identify what you want looked at
We hack it
You fix it
Your customers love you and you gain a little bit more peace of mind. We wouldn't mind bringing your people in to participate and see first-hand how an attacker views your system. We'd love to train ourselves out of a job.
As a cybersecurity professional, I am aware of, and possess ability for, many “hacking” techniques that may be used in illegal ways, but I put them to use improving my customers’ security. In other words, I’m much like a locksmith who possesses the ability to pick a lock and uses his knowledge to help as a contributing member of society… In my career, I have held government clearances with the Federal Bureau of Investigation and the United States Department of Energy, which required me to pass multiple lie detector tests, psychological tests, extensive background checks, and other miscellaneous tests.Battelle's goes even further than this in its complaint, painting Thuen's hacking ability and his "threat" to take his project open source as a danger to national security.
BEA's copyrighted software is called Sophia and protects the United States' energy infrastructure by alerting utility administrators of potential hackers or other threats to the integrity of the nation's energy grid.Fortunately, this stretched argument doesn't weigh in the judge's restraining order, but it's still a part of Battelle's complaint against Thuen. This argument is baseless as well, relying heavily on the allegation that Thuen's code is Battelle's code. Theun points out the flaw in Battelle's portrayal of open source code as inherently dangerous.
Given the nature of Sophia, Defendants' actions have implications for our national security. Defendants know of these implications but have ignored them.
I disagree with Battelle that security software like Sophia or Visdom cannot be open source because then hackers would have access to the source code. Security systems are better served by being open source so that complicated things, like cryptographic algorithms and implementations, can be reviewed by independent expert auditors rather than sitting behind smoke screens. The plethora of open source software used in secure systems today completely debunks the notion that you cannot have valuable and secure software that is also open source…In the statements dealing with irreparable harm, Battelle claims it wouldn't be able to compete with Southfork's Visdom if Thuen chose to give it away (earning money from support packages and custom modules). Clearly, Battelle and its lawyers are unaware that top selling programs like Microsoft Office (LibreOffice) and Photoshop (GIMP) compete with fully-featured (and open source) free programs all the time.
There are many more flawed arguments in Battelle's filing, but it appears that both the plaintiff and the presiding judge had just enough knowledge between them to reach a bad conclusion. Thuen's response tackles every accusation from Battelle's complaint, punching some big holes in its filing. Unfortunately, the court decided to handle this ex parte and is only now aware of the weaknesses of Battelle's allegations.
What this looks like is a government contractor hoping to shut down a competitor by deploying two "chilling" favorites: copyright infringement and "threats to national security." It also hurts itself by falling for government FUD -- "open source is dangerous" and "hackers are bad" -- both of which contributed to the general level of failure contained in its complaint.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: copyright, corey thuen, hackers, open source, restraining order, sophia, visdom
Companies: battelle, battelle energy alliance
Reader Comments
Subscribe: RSS
View by: Time | Thread
BEA's copyrighted software is called Sophia and protects the United States' energy infrastructure by alerting utility administrators of potential hackers or other threats to the integrity of the nation's energy grid.
Does that mean there are grid operators stupid enough to put that critical infra structure in contact with the Internet?
Ahem. Other than that it's one epic argumentation there with very proper analogies. I'd go for Visdom after reading this.
[ link to this | view in chronology ]
Re:
Yes. There are. MANY of them. And their collective reaction to having this pointed out has been:
1. No we didn't!
2. Okay we did but it's safe.
3. You're hackerterrorist!
I don't work in this area, and WON'T work in this area, not because I couldn't be successful, but because I don't want my door kicked down by jackbooted thugs at 4 AM.
[ link to this | view in chronology ]
Re:
Don't forget the government a couple years ago was saying Anonymous could take over the power grid and shut it down at hospitals and such...
My first reaction to that was "who's the dumbass who connected this information to the Internet? He needs to be fired!" It's one thing to be able to read from the system on the internet so you have access to warnings and system information, but to be able to write (or shut off) a critical system, something is wrong.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
Why is the person on the other side of the planet required to access the system? Why are they required to do so with such a level of administrative access that the whole system is at risk should someone else gain that access?
Before asking how they are connected, you should ask why. If that answer's not good enough, they shouldn't be connected in the first place.
[ link to this | view in chronology ]
Re: Re: Re:
You have a system that Only 1 person can Fully control?
You dont have a second or third??
Then you are a CHEAP CORP..Over charging your customers and giving 1 employee to much POWER..
You dont have manual control?? Overrides??
Please forgive me, but that is STUPID.
[ link to this | view in chronology ]
Re: Re: Re: Re:
You're an idiot.
[ link to this | view in chronology ]
Re: Re:
DUH!
[ link to this | view in chronology ]
Re: Re:
I know this is hard to believe, but there are readily accessible global communications systems other than the internet.
Hooking these systems up to the internet is not the only option to obtain the desired functionality. It's merely the cheapest and easiest option. For critical systems, though, "cheapest and easiest" is often the wrong answer.
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re:
Do what countless sysadmin had to do every time one left the SSH machine "reboot". Call someone on the phone and ask them to login into the machine so they could re-estabilish a new SSH session.
You could say that people should use a proxy, physical human firewall etc.
[ link to this | view in chronology ]
Re: Re:
Security vs usability, this will an eternal battle for balance there.
[ link to this | view in chronology ]
Re:
"
Generally NO, they don't, but most have the ability for operators to "dial in" and perform operations remotely, or you can go out and buy a VHF radio, and a radio modem, and set yourself up in a car between two nodes, and take over a node and gain access that way.
[ link to this | view in chronology ]
Re:
Lets ADD..
BASIC security features..BASIC.
Those security reasoning that were LEARNED LONG AGO..
ASK anyone older then 40..ASK any personal computer user in the past 30 years..
What would you do to protect yourself IF' you had the money?
Something I dont think Many of those here see..
WOW, insted of having people ONSITE to watch and control..
You have some IDIOT in PAKISTAN monitoring your machines??
AND we are stilling more and more money for ???
[ link to this | view in chronology ]
a) the judge is a prick who knows absolutely fuck all about the case, but to prevent himself from looking like the prick that he is, he has gone down the road of least resistance and agreed with the other prick, who is shit scared of someone with a better product getting the goods!!
b) even though a person is dead right in what he has been doing and how he has been doing it, he has been royally screwed by someone who is shit scared of losing out to someone with a better product getting the goods, even though he knows full well that there has been absolutely no underhanded goings on!!
as is so usual, the guilty gets the deal because he shouts the loudest (or in this case, went to court while the other guy was away!)
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
The judge heard ONE side and then decided to send goons over to hold the guy's wife prisoner and break the guy's doors.
Oh, yeah. Sounds really reasonable.
After all, the judge had a sworn affidavit upon which to base his finding that probable cause existed to believe that a crime had been committed or was being committed.
[ link to this | view in chronology ]
"While his wife was held out on the lawn by private attorneys"
is remotely legal. They are not sworn law enforcement officers. How can they detain anyone?
[ link to this | view in chronology ]
Mind your jurisdiction.
[ link to this | view in chronology ]
Re: Mind your jurisdiction.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
Well, they can detain you rudely: Shove a gun in your face and growl, “Freeze or I kill you.”
Or, they can detain you politely: “Ma'am, you're under detention.”
Either way, it amounts to the same thing. They have the power and you don't.
[ link to this | view in chronology ]
Re: Re:
> > How can they detain anyone?
> Or, they can detain you politely: "Ma'am,
> you're under detention."
> Either way, it amounts to the same thing. They
> have the power and you don't.
Which is why it's great to exercise you're 2nd Amendment rights and own a gun. The power then shifts from them to you.
[ link to this | view in chronology ]
Re: Re:
Since when do "private attorneys" have the power?
[ link to this | view in chronology ]
Re: Re: Re:
Colt Firearms: Home
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re:
[ link to this | view in chronology ]
Re:
START TAKING PICTURES AND RECORDING THE CONVERSATION..
Iv suggested to all my friends..
GET READY with a Audio recorder and camera..
[ link to this | view in chronology ]
GIMP and LibreOffice DO NOT compete with MS Office or Photoshop, nor are they anything like "fully featured"
Its been proven time and time again that it a myth that "many eyes" makes software better or more secure, or that there are in fact really "many eyes' looking at the code.
Its the mantra, but not the reality.
[ link to this | view in chronology ]
Re:
Must be a while since you checked out either of those projects. I'm a Graphic Designer and I substitute GIMP for Photoshop all the time. The only thing I find lacking is the inclusion of the Pantone color system which is proprietary in itself.
I haven't touched a MS Office product in years with the exception of people who send me Publisher files. The file format itself is proprietary and usually not even compatible between it's own versions.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: LAB and other color spaces
[ link to this | view in chronology ]
Re: "its (sic) been proven time and time again..."
[ link to this | view in chronology ]
Re:
I also prefer GIMP too, you can do anything in GIMP that you can in Photoshop bar CYMK output.
I got my Mum using Libreoffice without her realising it, she actually prefers the interface to the 2007+ MS Office offerings.
[ link to this | view in chronology ]
Re:
T he US Navy disagrees with your security assessment.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
They absolutely compete. I can tell that based on the fact that I know a number of people who use them to get real work done, rather than using Office or Photoshop.
As to "fully featured," well, what does "fully featured" actually mean? GIMP has features that Photoshop doesn't and OpenOffice has features that Office doesn't. I guess that means that Office and Photoshop are not "fully featured".
The reality, though, is that the vast majority of features people want are in both the closed and open source products.
[ link to this | view in chronology ]
Re: Re:
USE those products, then YOU TELL ME !!!!
it's also the term the author of this article used, so ask him.
A feature of MS Office for example, is that it used ubiquitously by business and personal use, that is a 'feature' as is being supported by a stable and professional company, that is a 'feature' LibreOffice does not have, that is a VERY IMPORTANT feature.
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
I use both Office and OpenOffice, and I use GIMP, professionally. Let's focus on Office, as that's what I know best. Both Office and OO have 99% of the same features. Where there's a difference, it's mostly features that OO has that Office doesn't.
So what's your point?
Being used ubiquitously is unimportant as long as you can use the same files in both products. Which you can. As to support, I call BS. Have you actually used the "support" Microsoft offers for Office? I have. I can resolve my problems faster and easier with OpenOffice, and I don't have to go through the agony of calling a support line.
However, if you really want Microsoft-style support for LibreOffice, OpenOffice, et. al, you can get that, too, through your choice of commercial support operations. SO, it's not really a feature unique to Office.
[ link to this | view in chronology ]
Re: Re: Re: Re:
Another is over-dependence on niche features. For example, some people *do* have a legitimate reason not to be able to consider a competitor to MS Office such as advanced collaboration functionality that's unique to MS. But those people often don't understand that most people don't ever touch those features, and that the features that are used by most people are supported equally in competing programs. Like it or not, even Google Docs gives a large number of people the complete feature set they actually use.
Another is a lack of awareness of the nature and history of the marketplace. AC above, for example, gives MS Office's ubiquity as a selling point but fails to realise both the shady practices that led to that ubiquity and the fact that those who have stuck with MS have done so due to lack of need to consider alternative (e.g. they're still happy with the features of Office 2003 so why move?). Over time, more of those people will move, and if they stick with MS it's more due to a familiar brand rather than an actual evaluation of features and support. Finally, they also base their ideas on assumptions rather than reality - for example, because they didn't pay for support packages if they tried FOSS in the past, they assume that nobody has professional support.
So, they end up is this fantasyland where the only "usable" software is the big name brands and nobody can possibly be happy with FOSS and other alternatives.
[ link to this | view in chronology ]
Work for the man -- get screwed
Well, what can I say…
If you work for the man, he's gonna screw you sometime… maybe today, maybe tomorrow, maybe next week… but, sooner or later, he's gonna screw you hard. Hard.
That's what you get.
[ link to this | view in chronology ]
Claiming national security over network topology software, is absurd. As is the claim that he copied Sofia's coding, line for line, especially if they're different programming languages.
Just another case of a corporation trying to bankrupt a young upstart company, using legal expenses and lawsuits.
CFAA is a trash law written by neanderthal politicians, who view anything more complicated than a typewriter as a possible WMD being launched on their political careers.
[ link to this | view in chronology ]
Big RED heiring
An application like this one would be written "top-down" where you start with features and functions and 'fill in' the low level functionality.
No you cannot 'cut n paste' but you can duplicate the functionality, and with any decent application development environment, you don't even have to consider much of the 'low level' stuff, the compiler/interpreter does that for you.
You might be able to pull the wool over on some of you less educated, but he knows, and I know he's talking shit.
[ link to this | view in chronology ]
Re: Big RED heiring
Nor is duplicating functionality (with different code) inherently going to expose vulnerabilities in the original. They're written differently and will have different vulnerabilities.
[ link to this | view in chronology ]
Re: Re: Big RED heiring
This. 100 times over. Copyright has no place in this unless the code is copy/pasted.
There may be a potential ethics issue, but that should have been stated in any employment hiring documentation by the company. For example, I cannot work on similar work to the projects I work on for my job within 6 months of separation from the company). Since no proof has been presented or complaint made on this, you can't just say that doing something similar is copyright even if you take similar IDEAS. No matter how you look at it, IDEAS aren't (supposed to be) copyrightable, just the IMPLEMENTATION which is the low level coding which is clearly different.
[ link to this | view in chronology ]
Re: Re: Re: Big RED heiring
With top down programming you "implement features, look and functions".
So your argument does not hold up,, sorry.
So if you 'copy' a $100 bill, using a photocopier, your not using the same code as "real" money, real money is printed on a printing press, you used a photocopier.
Because you used a photocopier, and not a printing press are you innocent of forgery ?
I would say NO, to that question.
If you copy "features and functions" it might not be a breach of copyright, it might just be a forgery !
Whatever 'term' you use, the intent for doing it is the same.
The Judge agrees, is it possible the Judge is more savvy that TD 'writers' !!
[ link to this | view in chronology ]
Re: Re: Re: Re: Big RED heiring
Are you mixing copyright with patents?
Copyright protect specific forms of expression not the expression itself, meaning it doesn't protect function neither ideas but only looks behind any implementation.
Doubt look it up the law and caselaw Mr.
Reallife example:
Game producer can copy each other game mechanics exactly and they can't be stopped from doing so, but if they use graphical assets they are infringing copyrights.
Patents on the other hand are there to protect functionality and even then it is supposedly only to be applied to specific implementations of it.
But in specific this was filed as a copyright claim, a bogus copyright claim by the way.
Which the plaintiff could have easily have checked if there has occurred any breach of copyright by just looking at the code released in a public space. So the counsel for plaintiff's is incompetent, cheep, malicious or all.
[ link to this | view in chronology ]
Re: Re: Re: Re: Big RED heiring
Copying a one dollar bill using a photocopy(copy & paste equivalent) is illegal, making your own fantasy money bill with readily available materials copying certain aspects off of it (e.g. form of the note) is not.
Here is an example
http://seedstock.ca/about/the-seedstock-bills
It has:
- Printed value like real currency does.
- Serial numbers like real currency does.
- It has the same shape and form as real currency does.
- It can be used as real currency.
It has copied many aspects of real currency and it is still legal, why?
Because the law says so.
Also you do know that you can copy money in a copy machine right? you just can't make it the exact same size it has to be 2 times bigger according to the laws of the land in the US.
[ link to this | view in chronology ]
Re: Re: Re: Re: Big RED herring (fixed)
You seemed to have strung a strange set of misconstrued and misunderstood ideas to come up with both of your comments.
When you have had 30 or more years in a technical field come back and make your arguments. Otherwise, stop making comments that show you are a folly-filled fool.
tl;dr Shouldn't have bothered correcting a ....
[ link to this | view in chronology ]
Re: Re: Re: Re: Big RED heiring
There was a case a number of years ago where an artist was drawing money and selling it as art. The mint tried to prosecute her for forgery but couldn't make it stick because she wasn't claiming it was a real bank note. That case is where the mint started claiming copyright over currency.
[ link to this | view in chronology ]
Re: Re: Big RED heiring
[ link to this | view in chronology ]
Re: Re: Big RED heiring
If it is a "functional exact copy" there is potential for copyright issues.
Does not matter what the underlying code is or looks like, if it looks the same, acts the same, and is based on the same concepts it's a copy.
But saying 'its different code', but DOES EXACTLY THE SAME THINGS, LOOKS the SAME, and is clearly "based, stolen, copied, lifted, cloned" to look and act just like what he was doing elsewhere, there is a VERY STRONG legal case that it is a copy, or forgery.
That has nothing to do with using Java or C, again I call bullshit on that one.
[ link to this | view in chronology ]
Re: Re: Re: Big RED heiring
You're partially right. If it LOOKS the same, there might be an issue with copyright. You can certainly have copyright in the UI distinct from your copyright in the code - if I go and write an EXACT copy of Microsoft Word with every menu option in the same place and every color the same, I would be infringing even if my code was different. But having the same functionality is not an issue. Functionality is not copyrightable, no matter how much you want it to be. I could write a program that does 100% of what Word does and I would be fine as long as I didn't copy the layout.
In this case, the scrollbar issue alone tells me that the UI was not copied. They wouldn't bother making their own scrollbar unless it looked or acted in some nonstandard way - otherwise they'd obviously use the standard scrollbar.
FURTHERMORE, they had not even SEEN the code OR the software yet (assuming they hadn't seen what was on GitHub - if they knew about that, they are in big trouble, because the code being available means there was no reason for the seizure.) So how could they possibly know it's infringing with enough certainty to start seizing the guy's computers before letting him even attempt to defend himself?
And saying it's a "forgery" is totally bogus. That would mean they were taking their own code and trying to pass it off as written by somebody else! Do you even know what the words mean that you are using?
[ link to this | view in chronology ]
Re: Big RED heiring
And, it appears that you are trying to pull the wool over others eyes instead of Thuen. If you had ever written a C program(and more then a "Hello World" program), then his statement about "low level" stuff like memory management is extremely accurate for C language programs. Java, JavaScript and .NET for example implement automatic memory management and garbage collection, but C leaves it all up to the individual programmer. Having been a professional software developer for 30 years and developing programs in each of those languages I can personnaly attest to Thuen's accurracy on this matter.
Before you start calling anyone uneducated, you really should get yourself an education and do some fact checking before submitting a rant that demonstrates your lack of said education.
[ link to this | view in chronology ]
Re: Re: Big RED heiring
[ link to this | view in chronology ]
Re: Big RED heiring
just sayin'
[ link to this | view in chronology ]
Re: Big RED heiring
[ link to this | view in chronology ]
Re: Big RED heiring
Wow, spot the Battelle shill...
[ link to this | view in chronology ]
BTW, I do agree that this matter was handled by attorneys and management in a ham fisted way. There are ways to do this without coming off like jack booted thugs.
[ link to this | view in chronology ]
Re:
Here's a free clue: They are jack-booted thugs.
[ link to this | view in chronology ]
That says it all. Every time I see some organization has written its own scrollbar code I know to RUN AWAY FAST! Do you think Batelle got paid to write scrollbar code that already exists? And it is certain that the scrollbars suck compared to professional bars.
[ link to this | view in chronology ]
Re:
Put that red flag together with the other red flag of going nuclear over this guy's project and Sophia sounds like a really badly run software house. I pity the developers working there, not to mention their customers.
[ link to this | view in chronology ]
Re: Re:
Why? Why pity them?
Each of developers freely chose to work for a company that will happily take their wife prisoner on her own front lawn.
They knew what they were getting into when they took the job. If they didn't want their wives taken prisoner, they should've gone to work somewhere else.
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
It can be hard to tell that Idaho is full of Ku-Klukkers and Neo-Nazis until you actually live there.
But if you live in Washington state, you might hear a rumor or two.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re:
Supernova, maybe?
[ link to this | view in chronology ]
Re:
Writing code in C in the 21st century is approaching insanity. As an expert in C who has written tens of thousands of lines of code for embedded systems and PC applications, the only legit reasons I can think of for still writing in C is a) target system has less than 2MB of RAM or b) it fits in with other archaic corporate practices of carving office memos in clay tablets, offering sacrifices to the gods before business meetings and providing official company water jugs so that employees can wash their hand off after they take a shit in the field out back.
If it has a scroll bar it seems unlikely to be a payload or actual gaffe code... so WTF were they thinking?
Sounds to me like they've still has at least one foot the 1970's, like many large corporations.
Anyone thinking about engaging a security consultant should definitely consider the former employee over the company he used to work for! At least he used modern tools!
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re:
That's not true. There are other reasons, such as more direct access to the hardware layer (drivers, embedded systems). Or when garbage collection causes problems, and you want to manage memory yourself (audio, games).
But, yeah, writing a slider in C is just asking for trouble.
[ link to this | view in chronology ]
Re: Re: Re:
Heck, these days just dedicate a core to nothing but memory management, you'll probably still have plenty left to run the app.
It's really hard for me to imagine a valid reason for using C on anything other than a micro-controller. Glue a USB connector to it and write the rest of whatever it is in a real language, throw a few more cores at it, add a few more nodes to the cluster... spend an extra $10,000 on the hardware and save a $1,000,000 in wasted development effort, missed business opportunities and maintenance nightmares.
In any case, Batelle sounds exceptionally backwards to me, in technology as well as in their morals and ethics. Certainly changes my opinion when I hear the company name.
[ link to this | view in chronology ]
All code is open
[ link to this | view in chronology ]
Re: All code is open
[ link to this | view in chronology ]
Re: Re: All code is open
Yes, it is hard.
No, it is not impossible. People do it all the time. Sure, it requires a certain set of skills that most people don't have, and a certain amount of dedication. So does flying an airplane.
It's a lot like the Matrix. Once you know what it all means, you don't see numbers and letters anymore. You see a global variable holding the private key for the KeyBLOB being passed into the CryptImportKey Win32 API.
[ link to this | view in chronology ]
Re: All code is open
[ link to this | view in chronology ]
Re: Re: All code is open
While names like r1 and i23 don't necessarily mean a whole lot...that's why you look at the code, figure out what it's doing, what variable is being passed to what function as what argument of the call, look at the function to see what that variable is. That's why you set read and write breakpoints. That's why you get a disassembler that can fill in the names of function calls like __imp_EnterCriticalSection.
Saying that obfuscation or assembly renders code unreadable is like saying RSA cannot be broken. It shows a lack of understanding. RSA *can* be broken, and in fact Team Twiizers broke RSA on the Wii (thanks to Nintendo's failed implementation - good job guys, checking binary values with a strcmp...)
[ link to this | view in chronology ]
Re: Re: Re: All code is open
Nothing a good eieio can't fix :)
[ link to this | view in chronology ]
Re: Re: Re: Re: All code is open
For one, PPC has a TON of registers, x86 only has a few. PPC almost always passes arguments and return values via the same registers, x86 can sometimes use registers and sometimes the stack. PPC has three operand op codes, so destination can be a separate register, x86 has two operand op codes, so destination is one of the source registers. PPC is RISC, x86 is CISC. PPC uses "normal" registers for floating point operations, x86 uses a stack.
I would rather read optimized PPC than unoptimized x86 any day of the week.
[ link to this | view in chronology ]
Re: Re: All code is open
[ link to this | view in chronology ]
Re: All code is open
Welcome to the cloud and SaaS, where none of the code is ever distributed. If it were, we wouldn't be able to upgrade it as you're using it without you ever noticing it.
[ link to this | view in chronology ]
Re: Re: All code is open
[ link to this | view in chronology ]
Re: Re: All code is open
[ link to this | view in chronology ]
Happens more often than you think
Yea, I was "V" on the west coast and "K" was on the east coast and a subsidiary of the biggest "G" out there; the Judge was in South Carolina. Not bitter ... much ... anymore.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re: Judges
Andreas Schou (who is incidentally a lawyer in Idaho) said that he has a good opinion of this judge, overall. It's just that the lawyers from Battelle misled him about technical details, and also presented "facts" that were not actually true.
Lawyers being misleading is not exactly news. This is supposed to be solved by having two sides to the case, so if one side tries to go full bullshit the other can call them out. Of course this was an ex parte order, which means there was only one side, which means it's open season.
The other issue is factual misrepresentations. Judges do not like being lied to. The lawyers here might get a little slack by claiming "we had no way to know it was already on GitHub", but they also might run afoul of willful blindness or some other bad-faith charge. For example, did they even try to contact Southfork/Thuen before petitioning the court? If so, why wasn't that communication submitted with the complaint?
[ link to this | view in chronology ]
Re: Re: Judges
True, but a judge should have at least the modicum of knowledge required to understand what "hacker" does and does not mean.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: The Point
I suspect the judge is going to be less than happy that they convinced him to issue an invasive ex parte restraining order to stop something that had already happened.
[ link to this | view in chronology ]
Re: Re: The Point
Do you really think the judge is going to give two snaps about taking the guy's wife prisoner on her own front lawn?
[ link to this | view in chronology ]
Re: Re: Re: The Point
Yes.
It is bad form to assume the judge is evil because he issued a bad order. Judges follow specific rules about the facts presented to them. In this case, the judge's order was not completely out of line, if you accept the "national security" arguments. And again, we know that those are bullshit, but he did not and cannot assume bad faith.
However, lawyers have an ethical obligation to be truthful (for a certain value of truthful). That's what allows the whole system to work. If a lawyer starts lying to a judge, the judge has incredible powers to make him pay for it.
[ link to this | view in chronology ]
Re: Re: Re: Re: The Point
When a judge authorizes taking prisoners and breaking doors to seize items, there's no textual exception for “national security.”
“The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation…”
[ link to this | view in chronology ]
Re: 4th Amendment
Also, the judge did not authorize taking prisoners. It's unclear exactly what "held" means in this context, but if you bother to read the order there is no mention of imprisoning anyone. Nor was Thuen's property permanently seized; the order was for them to take his computer, copy it, and then immediately give it back. And despite Andreas' language, I don't think they actually broke down his door. (I could be wrong about that, I should ask him.)
The order was bad, and both the judge and lawyers are (hopefully) going to be held responsible. But don't try to make up evils; if you start lying about what happened, you're no better than the idiot lawyers who started this whole mess.
[ link to this | view in chronology ]
Re: Re: 4th Amendment
You're claiming the guy's house was on an international border?
Right.
See? You don't think “being detained” is anything serious.
The judge doesn't give two snaps about taking the guy's wife prisoner on her own front law. He's going to downplay it —just like you are now— and chuckle it off.
[ link to this | view in chronology ]
Re: Re: Re: 4th Amendment
Be fair. I didn't see anything in the news reports that indicated that she was detained. What I saw was that she was intimidated by some asshole lawyers. She could have left at any time she wanted to. She also could have told them to leave her property and call the cops when they didn't.
[ link to this | view in chronology ]
Re: Re: Re: Re: 4th Amendment
From the story above:
According to dictionaries, the word “held” often means a physical grasp, such as that contemplated by Idaho statute 18-903 (Battery).
In any case, the word “held” indicates that the woman was not free to leave, or to re-enter her house. When someone is not free to leave, they are being detained. That's pretty basic.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: 4th Amendment
Nothing in the story indicates that she was physically restrained. It is more likely that she was simply told not to leave or enter the house. That is not being detained, that is being intimidated. She should have ignored them totally. If they laid a finger on her, she could then charge them with one or more of the laws meant to handle this kind of thing: battery, illegal detention, etc.
[ link to this | view in chronology ]
Re: Re: Re: 4th Amendment
No, I was giving a well-known example of an exception to the 4th Amendment. I apologize for not being clear about that.
I'm sorry if I gave that impression, because that is not at all true. I think being detained is a very serious thing. I just don't think illegal detention plays a part in this story.
Full disclosure: I am one of the people who submitted this story. (I suspect someone else did a better write-up, since I sent in the link with this account.) I know Andreas Schou, and I have access to other information from his perspective. (beyond what is publicly posted).
So with that said, no one involved in the story is claiming that the judge acted unconstitutionally, or that the order was in any way illegal. It was wrong, it was based on misleading and/or false information, and I very much hope that Corey Thuen is justly compensated for his trouble. But it was not illegal.
As for how the judge is going to play it, I'll defer to the original G+ thread:
[ link to this | view in chronology ]
Re: Re: Re: Re: 4th Amendment
[ link to this | view in chronology ]
Re: Re: Re: Re: The Point
But given the long history of the cynical use of "national security" as a way to get around the Constitution, any judge worth a damn must view such claims with extra skepticism, in my opinion.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: The Point
In a bone fide national security investigation, the probable cause to believe that a crime has been committed, or is being committed, is usually averred by an officer of the United States.
Additionally, bone fide warrants in national security case are usually executed by officers of the United States. You know, the FBI wearing their raid jackets, with the yellow letters saying “FBI” on them—those guys.
I don't believe for an instant that the judge thought he was authorizing the breaking of doors and the taking of prisoners in any kind of bone fide national security case.
Only a bone-headed fool would believe that.
[ link to this | view in chronology ]
I need your INPUT..
STUFF learned over the last 30+ years?
WHO here has enough programming knowledge, to be able to Tell these people What is going on?
IF' you had the money, what would you BASICALLY DO??
(Im an old programmer from the BASIC1, Fortran1, RPG days)
(been dealing with computers from the C64 and teletypes)
Give me the BASIC. SIMPLE things you would do?
(I dont want to feel alone here, in thinking most of this is BLATANTLY STUPID)
[ link to this | view in chronology ]
Re: I need your INPUT..
Since I do this professionally, with nearly 30 years of experience, I suppose I qualify. However, for the life of me, I don't know know what you're asking.
If you just want to understand the essentials for writing secure software, you're in luck. There are tons of tutorials and basic information all over the net, and it all essentially boils down to one basic piece of advice: do not trust any data that has been exposed to the outside world.
[ link to this | view in chronology ]
Re: Re: I need your INPUT..
[ link to this | view in chronology ]
At what point do blatantly incorrect filings become perjury?
It would seem to me that with a good lawyer he stands to make BEA pay our a fairly large settlement for their behavior on this. Or am I missing something?
[ link to this | view in chronology ]
Re: At what point do blatantly incorrect filings become perjury?
Yes, appeals of every decision that goes against the big company, and every tactic available to the lawyers to extend the the time the case takes. In other words the corporations will make the case too expensive for an individual to win, unless they can get a pro-bono lawyer to act for them.
[ link to this | view in chronology ]
Re: Blatantly incorrect filings
IANAL, but I suspect that the "information and belief" line sets a low bar for how accurate the claims have to be. That is, if the lawyers can keep a straight face while claiming that they didn't realize the source code was on GitHub, they might be able to avoid misconduct charges. (It's entirely possible that they really didn't realize this; I'm more inclined to believe incompetence on their part than pointless malice.)
That said, Battelle probably isn't getting their bond money back and may end up owing Southfork/Thuen attorney's fees, if not actual damages.
[ link to this | view in chronology ]
Re: Re: Blatantly incorrect filings
Why are you more inclined to believe this? BTW, the malice is hardly pointless.
[ link to this | view in chronology ]
Re: Re: Re: Blatantly incorrect filings
[ link to this | view in chronology ]
Re: Re: Blatantly incorrect filings
[ link to this | view in chronology ]
Re: Re: Re: Blatantly incorrect filings
[ link to this | view in chronology ]
Re: At what point do blatantly incorrect filings become perjury?
When a company does it, never.
When your average person does it, as soon as the judge realizes they were lied to.
[ link to this | view in chronology ]
HACKING.
HACK.
Pirate.
Ever want something to change on your VCR? make it easier to do something? HACK
Ever wonder why your remote control sucks, and if it could be better? HACK
Ever wonder if you could record a football show? PIRATE
Want to record that OLD show thats HARDLY ever on TV? PIRATE
Give access to a recording of a show, that hasnt seen the LIGHT of day for 20 years...and have an Advert on the side. PIRATE..(gong show would do)
Want to play a recording to more then 2-3 people in your HOME of Martin luther king...PIRATE
Want your Cellphone to last longer, and use STANDARD BATTERIES??? HACK
Forgot your PASSWORD and want to use a program to find it on your computer INSTED of re-install? HACK
Want to RESET your BIOS PASSWORD?? HACK
...
...
...
[ link to this | view in chronology ]
Re: ECA
I am pleased to see that you share a common viewpoint with myself, and indeed with the editors of this site and the majority of its readers. It is always pleasant to have another voice in the fight against overreaching copyright law and innovation-stifling legal threats.
That said, you appear to be BATSHIT CRAZY and need to CHILL OUT.
Among the signs of your complete mental breakdown:
- Uncontrollable use of EMPHASIS by CAPSLOCK.
- Unusual and (inconsistent) punctuation..
- Forming complete sentences or paragraphs. FAILURE.
- Inability to express a coherent idea.
- Repeated top-level posts within 10 minutes.
- Rampant mispelings.
Please seek help. If a licensed therapist or English teacher is not available, there are many online resources that may also be of assistance.
I look forward to reading (and understanding) your posts at a later date.
- Khaim
[ link to this | view in chronology ]
Strizaneded
[ link to this | view in chronology ]
Re: Strizaneded
Is it anything like a Streisand?
[ link to this | view in chronology ]
Quick, get Visdom at Git
https://github.com/visdom/mimir
Before it gets taken down.
[ link to this | view in chronology ]
Deja vu...
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Bets?
They have the code now, after all.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Countersue Countersue Countersue
[ link to this | view in chronology ]
[ link to this | view in chronology ]