German Court Says CEO Of Open Source Company Liable For 'Illegal' Functions Submitted By Community

from the unclear-on-the-concept dept

We just had an article mentioning that Germany has a ridiculous (and dangerously anti-innovation) view towards secondary liability, in which the country's courts often default to making third parties liable for actions they did not do. We noted that a court in Stuttgart had decided that the Wikimedia Foundation could be held liable for content submitted by a community member on the site, though only after the organization was alerted to the content (which still has significant problems for what are hopefully obvious reasons).

And now it appears that a court in Hamburg has gone even further, saying that the CEO of Appwork, a company that offers the open source JDownloader software can be held personally liable for "illegal" code that was submitted by an anonymous programmer, and which automatically showed up in the nightly build of the JDownloader 2 beta (not the officially released product). The code in question allowed JDownloader to record certain copy-protect streams, violating an anti-circumvention law. Appwork made it clear that it had no idea the functionality had been added, that anyone can contribute to the source and that it goes out automatically in the nightly build of the beta. Furthermore, the company carefully reviews the code and features of any official releases, and would have blocked such functionality from appearing in that code. All of this would lead most people to realize that it's crazy to blame Appwork (and even crazier to blame the CEO).

But not the court, apparently. The court relied on the bizarre argument that since Appwork offers the product commercially, that makes it automatically liable for anything that appears in the open source beta. Basically, such a ruling will make it exceptionally difficult to have a commercial open source product in Germany, since you could face liability if someone contributes code that somehow is considered illegal. If these kinds of secondary liability rulings keep cropping up in Germany, the hot startup scene in Berlin may realize that the country's outdated laws make it quite difficult to do anything all that innovative, especially if it involves any contributions from outside the company. Given how important community contributions are these days, that cuts off a huge amount of internet innovation from the German market.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: germany, hamburg, jdownloader, jdownloader2, open source software, secondary liability
Companies: appwork


Reader Comments

The First Word

So the programmers that release the software should not be liable to not auditing their code.

As pointed out by silverscarcat, they do audit the code. They do not, however, audit the nightly builds - which (if it's like most open-source build tools) is automatically generated nightly from the working code base.

If you have user submitted code, it is your duty to audit it before releasing it.

If it's an open source project, "you" is often "the users." More specifically, the community of programmers that is actually writing and using the code. The beauty of open source is that if someone submits code that is questionable, it is almost immediately spotted and fixed - since otherwise, it wouldn't be useful to that community.

Moreover, "you" won't be the only one releasing it. Open source means that any user can branch the code, and release their version of it themselves. (Provided, of course, that they also release the source code, and allow others to do the same.)

What else is there in the code? Trojans? Malware? Who knows, we just get the binary, and they don't audit until they get sued...

If it's open source, then by definition, you also get the source code. If there are trojans, malware, or whatever, then either you or one of the thousands of programmers who look at the code will be able to tell.

It's the primary reason that open source code is generally more secure than closed source code.

As someone who has used, and contributed to, open source software, I can tell you flat out that your concerns are a fantasy. Your scenarios have never, once, happened with any open source software that I'm aware of.
—Karl

Subscribe: RSS

View by: Time | Thread


  1. icon
    Ninja (profile), 5 Dec 2013 @ 5:57am

    Cue the German RIAA suing Appwork for enabling infringing downloads via JDownload.

    Welcome to the age where people want to make money without doing any actual work. Let's blame phone carriers and auto makers for what's being done with the tools they provide.

    link to this | view in thread ]

  2. icon
    silverscarcat (profile), 5 Dec 2013 @ 6:22am

    Re:

    I think we should shut down all the Walmarts, Targets and K-Marts across the country, they sell knives! Sharp, pointy knives! They're used for stabbing people!

    Obviously, them selling knives is the reason that people are getting stabbed! Let's shut them down so that people don't get stabbed any more!

    link to this | view in thread ]

  3. icon
    That One Guy (profile), 5 Dec 2013 @ 7:16am

    Re:

    Isn't there a saying that goes something like 'the best way to repeal a bad law is to enforce it completely'?

    So yeah, I'd love to see a whole range of lawsuits aimed at gun, car, and knife and alcohol manufacturers, phone companies, mail services... all claiming they are responsible for what their customers use their products/services for, maybe after a few lawsuits like that the insanity of rulings like this would be exposed for the crazy that they are.

    Well, that or they'd dial the crazy up to 11 and start ruling that those services/manufacturers were also suddenly liable as well, though given whereas a smaller tech company might not have much political clout and lawyers, the same would not be true of the others listed, I'd find that unlikely.

    link to this | view in thread ]

  4. icon
    Ninja (profile), 5 Dec 2013 @ 7:25am

    Re: Re:

    Agreed 100%. I'm in favor of a lot of chaos. It tends to make people actually work to fix things. I wonder if the German courts would maintain their verdict in these cases or they just flip the secondary liability switch when there is the "on the internet" tag in the case.

    link to this | view in thread ]

  5. identicon
    Anonymous Coward, 5 Dec 2013 @ 7:50am

    the MPAA and RIAA have hands in many pockets it seems .. I wonder if the German political parties have to show who their contributors are and how much they receive

    link to this | view in thread ]

  6. This comment has been flagged by the community. Click here to show it
    identicon
    out_of_the_blue, 5 Dec 2013 @ 7:56am

    "making third parties liable for [harmful] actions they did not do" but are in position to police.

    This isn't exactly "third party", it's the code base they control. And now everyone knows to police it rigorously.

    Mike believes any and all "innovation" must be allowed in his libertarian fantasy land, that no corporation should be responsible, that alleged ignorance instead of due diligence is an excuse, and above all, that copyright must be done away with entirely: "record certain copy-protect streams, violating an anti-circumvention law".

    Listen, kids: "innovation" is EASY when it's to steal and disrupt the good; building is the difficult part. Any silly holding that all "innovation" must be allowed and that all responsiblity can be dodged is anti-civilization.

    Even if Mike is absolutely right about problems, he has no solutions to even suggest.

    03:55:56[d-026-2] [ This suppresses the kids from fraud of using my screen name. ]

    link to this | view in thread ]

  7. icon
    silverscarcat (profile), 5 Dec 2013 @ 8:02am

    Re: "making third parties liable for [harmful] actions they did not do" but are in position to police.

    Hey, blue, ever go to a store that sells knives or guns?

    Do people buy those guns or knives?

    Some of those people who buy guns and knives do bad things with them.

    Should we shut down the stores for selling those guns and knives?

    Should we outlaw guns and knives?

    Or should we go after the ones who breaks the law?

    Same thing here.

    link to this | view in thread ]

  8. icon
    Ninja (profile), 5 Dec 2013 @ 8:06am

    Re: "making third parties liable for [harmful] actions they did not do" but are in position to police.

    Being in position to police doesn't mean you should or that you have the resources to do so.

    Still, you seem to find quite easy to do so. Why don't you volunteer to watch all 48 hours that are posted to youtube every minute to "police" the content eh mr cop? Maybe then you'll have enough to occupy your day and we'll be rid of your idiocy. See? It's a win-win scenario.

    link to this | view in thread ]

  9. identicon
    Anonymous Coward, 5 Dec 2013 @ 8:08am

    Re: "making third parties liable for [harmful] actions they did not do" but are in position to police.

    " it's the code base they control"

    Wipe the foam from your mouth, read the article, then read up on how open source development works and rethink your comment (I know you wont do that, and probably wont read this either).

    link to this | view in thread ]

  10. This comment has been flagged by the community. Click here to show it
    identicon
    Anonymous Coward, 5 Dec 2013 @ 8:09am

    So the programmers that release the software should not be liable to not auditing their code.

    Great logic.

    If you have user submitted code, it is your duty to audit it before releasing it. What else is there in the code? Trojans? Malware? Who knows, we just get the binary, and they don't audit until they get sued...

    link to this | view in thread ]

  11. identicon
    Anonymous Coward, 5 Dec 2013 @ 8:12am

    Re:

    But but but, I didn't code Zeus spyware into the software, some random people pushed it in! And I just released it without knowing and distributed it as much as I could. I'm innocent I tell you! ......

    People don't understand that when you use other people's code, and allow others to submit in your code, it needs to be very carefully analyzed and tested. Claiming ignorance after failing such a blatant disregard for code security is hilarious at best.

    link to this | view in thread ]

  12. icon
    silverscarcat (profile), 5 Dec 2013 @ 8:13am

    Re:

    the company carefully reviews the code and features of any official releases, and would have blocked such functionality from appearing in that code

    learn to read.

    link to this | view in thread ]

  13. identicon
    Anonymous Coward, 5 Dec 2013 @ 8:15am

    Re: "making third parties liable for [harmful] actions they did not do" but are in position to police.

    Mike isn't the messiah .. he simply puts it out there for others to discuss as well as himself. .. there is no anti civilization never has been never will be it's made up to make the masses run to a belief system to adhere to others words .. the self appointed hierarchy

    link to this | view in thread ]

  14. This comment has been flagged by the community. Click here to show it
    identicon
    Anonymous Coward, 5 Dec 2013 @ 8:18am

    Re: Re: "making third parties liable for [harmful] actions they did not do" but are in position to police.

    FreeBSD security officers volunteers audit the entire distribution before a release. Why can't a (probably paid) team of developers audit their own few thousand lines of code?

    This is the worst sort of "open source" development out there, the one where the people releasing code have no clue what's in it. They just release it, and fix if/when someone discovers something bad.

    I'm not saying they're still leaving code unaudited, and hoping they learned what releasing software actually means, but if this taught us anything is that they are not serious developers, nor a serious company that cares about their code security.

    link to this | view in thread ]

  15. identicon
    Anonymous Coward, 5 Dec 2013 @ 8:21am

    Re: Re: "making third parties liable for [harmful] actions they did not do" but are in position to police.

    So, explain how it works then?

    They released the code, not a third party. They control the code base, in which one of their main developers added "something illegal". They released a compiled beta with the illegal code in it. They did not audit the code inserted, just released it, assuming all was ok.

    They need to learn how to release software.

    link to this | view in thread ]

  16. This comment has been flagged by the community. Click here to show it
    identicon
    Anonymous Coward, 5 Dec 2013 @ 8:22am

    Re: Re:

    Learn to troll better.



    Oh also, learn to read too.

    link to this | view in thread ]

  17. icon
    Gwiz (profile), 5 Dec 2013 @ 8:22am

    Re: "making third parties liable for [harmful] actions they did not do" but are in position to police.

    This isn't exactly "third party", it's the code base they control.

    Did you even read the article? We are talking about a nightly beta (is in test) release. The company stated that it does carefuly review the code for the actual releases.


    And now everyone knows to police it rigorously.

    Or move out of Germany.


    Listen, kids: "innovation" is EASY when it's to steal and disrupt the good; building is the difficult part.

    Ummm. They are "building". What do you think they are trying to produce, chopped liver?


    Any silly holding that all "innovation" must be allowed and that all responsiblity can be dodged is anti-civilization.

    Who, beside you, has ever stated that? Nice strawman.


    Even if Mike is absolutely right about problems, he has no solutions to even suggest.

    Well except for Mike suggesting, all the time, that we hold those actually responsible for the problems accountable, not the makers of the tools or the providers of the platform that are used.

    link to this | view in thread ]

  18. identicon
    Anonymous Coward, 5 Dec 2013 @ 8:25am

    Re: Re:

    Then why is Monsanto still able to get away with what it does by abusing bad laws?

    link to this | view in thread ]

  19. identicon
    Anonymous Coward, 5 Dec 2013 @ 8:26am

    Re: Re:

    So let's just push public betas with unknown code.

    Gotcha.

    Someone needs to learn how a release cycle works.

    link to this | view in thread ]

  20. identicon
    Anonymous Coward, 5 Dec 2013 @ 8:27am

    Re: Re: Re:

    This is why there are warnings like "BETA RELEASE MAY NOT BE STABLE" and other such things whenever you do download beta versions of software.

    YOu want stable, clean version? You wait for the official release.

    link to this | view in thread ]

  21. identicon
    Anonymous Coward, 5 Dec 2013 @ 8:28am

    Re: Re: Re:

    ... That's what beta's are. To test things.

    link to this | view in thread ]

  22. identicon
    Anonymous Coward, 5 Dec 2013 @ 8:30am

    Re: Re: Re: Re:

    To test code you're sure about, yes. Not to test unknown unaudited code.... seriously. That's pre-alpha release.

    Also that sentence seems to have been made up by Mike. The original articles makes no mention of auditing or code reviewing of any kind.

    Please link to the source if you have it.

    link to this | view in thread ]

  23. icon
    Gwiz (profile), 5 Dec 2013 @ 8:31am

    Re:

    If you have user submitted code, it is your duty to audit it before releasing it. What else is there in the code? Trojans? Malware? Who knows, we just get the binary, and they don't audit until they get sued...


    Look up the definition of "beta release" first:

    https://en.wikipedia.org/wiki/Software_release_life_cycle#Beta

    Then look at what is on Jdownloader's beta testing download page:
    JDownloader 2 is not in a stable final state. The current JDownloader 2 version is ment to be used for testing purposes only. This means that there will be unfinished features, bugs, many updates and even untested modules, code & plugins.

    These installers require a internet connection for installation, because they download the latest version directly from our update servers.

    Don't say you haven't been warned! Source


    Beta testing is ALWAYS at your own risk.

    link to this | view in thread ]

  24. icon
    John Fenderson (profile), 5 Dec 2013 @ 8:33am

    Re: Re:

    You do understand that it wasn't released, and wouldn't have been released, right?

    link to this | view in thread ]

  25. icon
    McGreed (profile), 5 Dec 2013 @ 8:33am

    Re: Re:

    As usual, we need to ban cars, seriously! They are used for any kind of criminal activity, from the common person killing other people, to drugs and weapon transport to pedophilia to smuggling ect.

    Cars actually kill lot more people then cars, but there is no bans for them. If they are going to go mad with laws against things like these, they might as well go all the way.

    link to this | view in thread ]

  26. icon
    Mcgreed (profile), 5 Dec 2013 @ 8:34am

    Re: Re: Re: Whoops

    "kill lot more people then GUNS" ... sorry.

    link to this | view in thread ]

  27. icon
    John Fenderson (profile), 5 Dec 2013 @ 8:35am

    Re: Re: Re: "making third parties liable for [harmful] actions they did not do" but are in position to police.

    The always have, and continue to, audit their released code. This was not released code.

    link to this | view in thread ]

  28. identicon
    The Real Michael, 5 Dec 2013 @ 8:37am

    Re: Re:

    I believe that this is but one step in what is to become a series of attacks on open source software. The animosity harbored towards open-source software by large corporations is no secret. They want everything to be locked and controlled behind walled gardens, after all. This case suggests to me that the German courts are engaging in a witch hunt on behalf of corporate interests, i.e. fascism. They'll create or interpret any law, no matter how devoid of logic, to satisfy that purpose.

    link to this | view in thread ]

  29. icon
    Gwiz (profile), 5 Dec 2013 @ 8:38am

    Re: Re: Re: Re: Re:

    Please link to the source if you have it.


    Run the linked article through Google Translate and you get this:
    AppWork had by his own admission no knowledge of the existence of the functionality, since a comprehensive control is apparently carried out before the official release.

    link to this | view in thread ]

  30. identicon
    Anonymous Coward, 5 Dec 2013 @ 8:39am

    A country with some foresight should take advantage of fear created by the privacy violations of the US' Federal agencies and the legal liability fears of Germany etc and promote a friendliness toward innovators and their customers. The seat of the worlds tech giant nations seem to be up for grabs right now.

    link to this | view in thread ]

  31. icon
    That One Guy (profile), 5 Dec 2013 @ 8:40am

    Re: Re: Re:

    It's amazing what you can get away with when you give enough 'campaign contributions' to the right politicians...

    link to this | view in thread ]

  32. icon
    That One Guy (profile), 5 Dec 2013 @ 8:42am

    Re: Re: Re:

    Well german courts have already shown a willingness to kick common sense and sanity to the curb when it comes to 'protecting' the recording industry in their country, certainly wouldn't be surprising to see them take similar actions against competition to large tech companies.

    link to this | view in thread ]

  33. icon
    techflaws (profile), 5 Dec 2013 @ 8:51am

    You're welcome, Mike. BTW, golem.de had this news earlier than gulli (as usual) and they've come up with the next crazy story, this time from regional court Cologne: some user is getting a cease and desist order for streaming a pr0n movie from redtube.

    link to this | view in thread ]

  34. identicon
    Anonymous Coward, 5 Dec 2013 @ 8:57am

    Re: Re: Re:

    Hell, if you're rich enough, you don't even have to go to jail when your reckless driving causes someone to lose their life. Just read about the owner of Mars Candy getting off with a fine and suspended license.

    link to this | view in thread ]

  35. icon
    Ninja (profile), 5 Dec 2013 @ 9:03am

    Re: Re: Re: Re: Re:

    That's pre-alpha release.

    Nightly builds, anyone? That's EXACTLY the type of release where the code was found. And yet you are ignoring the fact that it's a goddamn open source project where anyone can butt in and give contributions and a retarded German judge is trying to blame entirely different parties for something that COULD be used for infringing activities (God forbid if cars were used for transporting drugs, eh?).

    Also, fail at checking for facts. The company site itself has all the info you claim Mike made up.

    link to this | view in thread ]

  36. icon
    Karl (profile), 5 Dec 2013 @ 9:06am

    Re:

    So the programmers that release the software should not be liable to not auditing their code.

    As pointed out by silverscarcat, they do audit the code. They do not, however, audit the nightly builds - which (if it's like most open-source build tools) is automatically generated nightly from the working code base.

    If you have user submitted code, it is your duty to audit it before releasing it.

    If it's an open source project, "you" is often "the users." More specifically, the community of programmers that is actually writing and using the code. The beauty of open source is that if someone submits code that is questionable, it is almost immediately spotted and fixed - since otherwise, it wouldn't be useful to that community.

    Moreover, "you" won't be the only one releasing it. Open source means that any user can branch the code, and release their version of it themselves. (Provided, of course, that they also release the source code, and allow others to do the same.)

    What else is there in the code? Trojans? Malware? Who knows, we just get the binary, and they don't audit until they get sued...

    If it's open source, then by definition, you also get the source code. If there are trojans, malware, or whatever, then either you or one of the thousands of programmers who look at the code will be able to tell.

    It's the primary reason that open source code is generally more secure than closed source code.

    As someone who has used, and contributed to, open source software, I can tell you flat out that your concerns are a fantasy. Your scenarios have never, once, happened with any open source software that I'm aware of.

    link to this | view in thread ]

  37. icon
    streetlight (profile), 5 Dec 2013 @ 9:07am

    A better analogy

    Many folks have posted an analogy involving stores selling knives and guns. I'd suggest as an analogy of a home owner whose house is broken into for a burglary or home invasion. Under the idea that the web hosting company should be responsible for what others post, the home owner should be held responsible for the break in. The home was not fortified enough to prevent the break in. Windows that can't be forced or broken and doors with locks that are 100% impervious to forcing open regardless of the kind of method used should be required. Should a break in occur, the home owner will pay fines, restitution and go to jail for allowing the break in. If the residents are injured or killed, too bad. They deserve what they got because the house was not 100% fortified against the bad guys.

    link to this | view in thread ]

  38. icon
    Karl (profile), 5 Dec 2013 @ 9:08am

    Re: Re: Re:

    So let's just push public betas with unknown code.

    You pretty much have to do that with open source software. Otherwise, how is the community going to know what is in the code that they're helping to write?

    link to this | view in thread ]

  39. identicon
    Anonymous Coward, 5 Dec 2013 @ 9:08am

    Re: Re: Re: Re: Re:

    "nightly build" as mentioned in the article refers to a script that normally runs daily and compiles a testing development version on a daily basis. Then when a promising level of functionality appears, the code is given a once over, bug fixing changes etc, and an "Alpha" version is born. After some testing and again another once over, bug fixing changes etc, and an "Beta" version is born. After some testing and again another once over, bug fixing changes etc, and an "Release Candidate" version is born. If it passes testing it may be released at that point as "Stable" else the process is reverted to Beta and carried out through again. Only after a "Release Candidate" has passed testing will there be a "Stable" release.

    A nightly build is the opposite of a stable release.

    As indicated by the naming conventions:

    "Nightly Build" is current code in flux containing code written on the same day.
    "Stable" Release is after code has been (vetted, modified, debugged, tested) multiple times then frozen and retested.

    link to this | view in thread ]

  40. identicon
    Anonymous Coward, 5 Dec 2013 @ 9:13am

    Maybe I'll sue...

    ...I believe the RIAA has made disparaging comments about *me*, calling me a pirate and a thief, when clearly that can be shown an inaccurate description. Maybe I should sue them ... in Germany.

    link to this | view in thread ]

  41. identicon
    Anonymous Coward, 5 Dec 2013 @ 9:17am

    Re: Re: Re:

    It was made available publically for download. I actually do not think that this ruling is very ridiculous at all.

    The larger issue - declaring CODE that COULD be used for infringing to be illegal through *criminal* law and holding the publisher liable - very much is (as is the even larger issue of making copyright infringement a subject of criminal law at all).

    link to this | view in thread ]

  42. icon
    That One Guy (profile), 5 Dec 2013 @ 9:21am

    Re: Maybe I'll sue...

    Uhh, maybe pick a different country for something like that, as GEMA has made abundantly clear, german politicians and judges tend to fall all over themselves 'helping' the legacy music industries over there, at times to the point where they might as well be officially employed by them.

    link to this | view in thread ]

  43. icon
    That One Guy (profile), 5 Dec 2013 @ 9:24am

    Re: Re: Re: Re:

    It was made available publically for download.

    As opposed to... what? It's an open source program, people kinda need to be able to download it to use and modify it, locking it down so it wasn't publicly available would rather defeat the whole purpose behind going open source.

    link to this | view in thread ]

  44. identicon
    Anonymous Coward, 5 Dec 2013 @ 9:28am

    Re: Re: Re: Re:

    "It was made available publically for download"...

    Just like your dumb comment. Mike should be held liable for what your written stupidity right?

    link to this | view in thread ]

  45. identicon
    JEDIDIAH, 5 Dec 2013 @ 9:37am

    Re: "making third parties liable for [harmful] actions they did not do" but are in position to police.

    Moving out of Germany won't help. These kind of anti-circumvention laws are all over the place.

    This isn't some random project on GitHub. This is something that a particular company was putting it's name on.

    Also, while they were calling it a beta that's not what it really is. It sounds more like a raw unaudited dump of their source repository. Calling that a "release" of any kind is disturbing on a number of levels.

    Plenty of open source developers have been paranoid about this kind of thing for quite some time already and actively discourage even talking about anti-circumvention stuff. It's not even a new issue really.

    This company was just being sloppy.

    Although criminal penalties for the CEO seem a hit harsh and overly fascist.

    link to this | view in thread ]

  46. identicon
    Anonymous Coward, 5 Dec 2013 @ 9:41am

    Re: Re: Re: "making third parties liable for [harmful] actions they did not do" but are in position to police.

    You do understand that coders are not lawyers right?

    They can find malware but they cannot and probably will never find "illegal" code unless someone points out that it breaks the law and which law in which country.

    link to this | view in thread ]

  47. icon
    Votre (profile), 5 Dec 2013 @ 9:43am

    Re: Maybe I'll sue...

    File in the UK. Their defamation laws are more insane and tilted towards the plaintiff than anywhere else in the world hands down.

    link to this | view in thread ]

  48. icon
    silverscarcat (profile), 5 Dec 2013 @ 9:51am

    Re: Re: Re:

    You have no idea how betas work, do you?

    link to this | view in thread ]

  49. identicon
    Anonymous Coward, 5 Dec 2013 @ 10:17am

    Just ban opensource because it causes damages to proprietary.

    /sarscam

    link to this | view in thread ]

  50. identicon
    Anonymous Coward, 5 Dec 2013 @ 10:20am

    Re: Re: Re: Re: Re:

    I was merely clarifying in case somebody misunderstood "not released" as "at some point there were a bunch of lines checked in a source code repository somewhere and that was it". It was available as a binary, wrapped in an installer, on the website owned by the company, with a copyright notice *in* the software for the company name, while the (without question silly, ridiculous, terrible) law that got them into trouble was on the books and in effect. Sure, not for long, it was a nightly build after all. The plaintiff obviously timed the pressing of charges pretty well and perhaps had just been waiting for the opportunity to do it.

    Still, under these circumstances, I do not think anybody should be surprised that the court ruled like it did. Publishing software in Germany as a German company (or a German citizen for that matter) comes with increased risks thanks to the dismal legal situation there.

    There is an interesting aspect to this story which was not explored in the trial of this particular case: What if the stream-ripping code in question was not in fact contributed by a random anonymous coder, but somebody associated with the plaintiff for the exact purpose of enabling legal action?

    link to this | view in thread ]

  51. icon
    JackOfShadows (profile), 5 Dec 2013 @ 10:44am

    Re: Re: Re: Re: Re: Re:

    Since the code was as checked anonymously, how much do you want to bet as to the source of the submission?

    link to this | view in thread ]

  52. identicon
    Anonymous Coward, 5 Dec 2013 @ 10:49am

    Re: Re: Re: Re: Re: Re: Re:

    Yeah. The fact that it was caught in something as transient as a nightly build is rather suspicious. Smells a bit like how all those Prenda-enforced movies got released.

    link to this | view in thread ]

  53. icon
    JackOfShadows (profile), 5 Dec 2013 @ 10:52am

    Luck?

    That was why I thought of it in the first place. It reminds me of a certain Joe Isuzu advertisement where the potential other guys customers say "Lucky we ran into you" to which he replies, "I wouldn't call it luuuck." (tortured grammar there, sorry.)

    link to this | view in thread ]

  54. icon
    John Fenderson (profile), 5 Dec 2013 @ 10:56am

    Re: Re: Re: Re:

    It was made available publically for download. I actually do not think that this ruling is very ridiculous at all


    The ruling is absolutely ridiculous, as it makes it impossible to do open source development. The developers have to be able to download the code that is currently in development.

    Being made available to developers is not the same thing as releasing it. Releasing it is giving it a stamp of approval, declaring that it has been vetted, and offering it to the public for use. Nightly builds are none of those things.

    link to this | view in thread ]

  55. identicon
    Anonymous Coward, 5 Dec 2013 @ 10:57am

    Re: Re: Re: Re:

    Common sense dictates you know what code you are releasing. Not fight to defend yourself after you released unknown code to the public.

    link to this | view in thread ]

  56. identicon
    Anonymous Coward, 5 Dec 2013 @ 10:58am

    Re: Re: Re:

    It was released. As a compiled binary. It can still be downloaded. Google is your friend.

    link to this | view in thread ]

  57. This comment has been flagged by the community. Click here to show it
    identicon
    Anonymous Coward, 5 Dec 2013 @ 11:01am

    Re: Re: Re: Re: "making third parties liable for [harmful] actions they did not do" but are in position to police.

    Do you have anything substantial to back up your claim that they do?

    link to this | view in thread ]

  58. identicon
    Anonymous Coward, 5 Dec 2013 @ 11:02am

    Re:

    Moronic comment of the day.

    link to this | view in thread ]

  59. identicon
    Anonymous Coward, 5 Dec 2013 @ 11:05am

    Re: Re: Re: Re: Re: Re:

    Wow, lol. Seriously, you made me laugh so much with your mightiness fact failing.

    Nightly builds don't allow write access to random people, so an official developer added this code. This is EXACTLY why nightlies are controlled. Security fail.

    Open source does NOT mean EVERYONE can add code to the main repo/git/whatever. Learn what it means instead of defending your erroneous definition.

    The judge is blaming an OFFICIAL developer (or the company for lacking basic security skills) for adding code into the main branch. Code which is still available to use today, because you know, revisions and interwebz.

    Also, fail at fact check fail. Never said Mike made it up, said appears. Reading fail.

    link to this | view in thread ]

  60. This comment has been flagged by the community. Click here to show it
    identicon
    Anonymous Coward, 5 Dec 2013 @ 11:09am

    Re: Re: Re: Re: Re: Re:

    And of course not a single company ever in the history of humanity after being exposed for bad code, said "we don't audit our code"!

    *yawn*.

    link to this | view in thread ]

  61. identicon
    Anonymous Coward, 5 Dec 2013 @ 11:42am

    Notice to German Chancellor Angela Merkel

    M'Lady, I would suggest to you, in the strongest possible terms, that you get a firm grip on your Judicial staff. If you don't, Germany will shortly be on the outside looking in at the entire software development community, not to mention being a laughing stock for the totally ridiculous rulings being handed down.

    link to this | view in thread ]

  62. icon
    Karl (profile), 5 Dec 2013 @ 11:58am

    Re: Re: Re: Re: Re: Re: Re:

    Open source does NOT mean EVERYONE can add code to the main repo/git/whatever.

    Yeah, actually, that usually is what it means. In the case of JDownloader, you just need SVN access. Like almost all open source projects, they grant SVN write access to anyone that agrees to the license terms.

    It's like you've never worked on an open source project before. I have (and am). Granting access to anyone who wants to upload code is SOP.

    link to this | view in thread ]

  63. identicon
    Brazenly Anonymous, 5 Dec 2013 @ 12:03pm

    Re: Re: Re: Re: Re:

    Such "beta" releases have all sorts of "unstable" warnings all over them for a reason. It really should be just potential developers using them.

    link to this | view in thread ]

  64. identicon
    Brazenly Anonymous, 5 Dec 2013 @ 12:08pm

    Re: Re: Re: Re:

    You are engaging in equivocation over the word release. There is some difference between the meaning of a software release and the root word from which the phrase was derived.

    link to this | view in thread ]

  65. identicon
    Brazenly Anonymous, 5 Dec 2013 @ 12:11pm

    Re: Re: Re: "making third parties liable for [harmful] actions they did not do" but are in position to police.

    FreeBSD security officers volunteers audit the entire distribution before a release. Why can't a (probably paid) team of developers audit their own few thousand lines of code?


    And how do you imagine those volunteers get access to the code to audit it? Could it be that they download the source and the binary and play around with the nightly build?

    Hmm....

    link to this | view in thread ]

  66. identicon
    Brazenly Anonymous, 5 Dec 2013 @ 12:14pm

    Re: Re: Re: Re: Re:

    To test code you're sure about, yes.


    Or to distribute unfinished code to developers for testing and comment so you can become sure about it.

    link to this | view in thread ]

  67. icon
    John Fenderson (profile), 5 Dec 2013 @ 12:51pm

    Re: Re: Re: Re: Re: "making third parties liable for [harmful] actions they did not do" but are in position to police.

    It depends on what you mean by "substantial", I suppose. I am going by what the team itself says in their documents -- which is pretty much the same process as is followed by all major open source projects.

    link to this | view in thread ]

  68. icon
    John Fenderson (profile), 5 Dec 2013 @ 12:55pm

    Re: Re: Re: "making third parties liable for [harmful] actions they did not do" but are in position to police.

    They did not audit the code inserted, just released it, assuming all was ok.


    Really, you should look at what the development process is for these types of projects. You do not audit the checkins that go into the nightly development build, because that would make the development process impossible. It doesn't matter anyway, because everyone using these builds know that they contain potentially dangerous code.

    You audit & review the code before it goes into a build that is going to be released for general use. The build you are talking about is not this. It was a nightly build for developer use, not a release build for use by the general public.

    It was not "released code".

    link to this | view in thread ]

  69. identicon
    Anonymous Coward, 5 Dec 2013 @ 1:11pm

    Re: Re:

    "Dear Everyone:

    I have no fucking clue what 'beta' means and just wanted everyone to know.

    Regards,
    AC"

    link to this | view in thread ]

  70. identicon
    Anonymous Coward, 5 Dec 2013 @ 1:15pm

    Re: Re: Re: Re: "making third parties liable for [harmful] actions they did not do" but are in position to police.

    They imagine it. It's the only way to prevent copyright violations.

    link to this | view in thread ]

  71. identicon
    Anonymous Coward, 5 Dec 2013 @ 4:00pm

    Re: Re: Re: "making third parties liable for [harmful] actions they did not do" but are in position to police.

    You keep using this word "They"... I do not think it means what you think it does.

    The automated nightly build process released the code, not a third party. They do control the beta code base, in which one of the opponents of open source software (aka anonymous developer)added "something illegal in certain countries in order to get a bad legal ruling". The nightly process released a compiled beta with the illegal code in it. The next day during an audit of the code by the open source community into which the code was inserted, identified it as a potential issue which would never have been released in the commercial version.

    "They" (aka anonymous commenter) need to learn how to read the article.

    FTFY (Bold omitted for the shade impaired...)

    link to this | view in thread ]

  72. identicon
    Anonymous Coward, 5 Dec 2013 @ 4:13pm

    Re: Re: Re: "making third parties liable for [harmful] actions they did not do" but are in position to police.

    So, how mch do you get paid at Microsoft?

    Are the benefits any good, do they take care of your health and dental funds?

    Honestly, I do want to know. I think that I can do a much better job of shilling than you.

    Open source software is the work of the Devil, it is evil incarnate. Terrorists and Paedefiles use Open source software.

    see, makes about as much sense as what you have written, but I at least appeal to emotion, rather than just blatantly false statements.

    link to this | view in thread ]

  73. identicon
    Anonymous Coward, 5 Dec 2013 @ 5:38pm

    Re: Notice to German Chancellor Angela Merkel

    Second only to the US. You're in rarified company.

    link to this | view in thread ]

  74. icon
    PaulT (profile), 6 Dec 2013 @ 2:54am

    Re: Re: Re: Re: Re:

    "Common sense dictates you know what code you are releasing."

    Common sense also dictates that there's a massive difference between an automatic nightly beta build and a released product. Why would a non-developer be on such a build, and what's the difference between this and Microsoft's development process other than you don't have to be an employee to contribute to JDownloader? That's what open source is, and it makes perfect sense.

    But that's inconvenient to your arguments, isn't it? Let me guess, just another anonymous moron defending a legacy corporate business model.

    link to this | view in thread ]

  75. icon
    PaulT (profile), 6 Dec 2013 @ 3:13am

    Re: Re: Re: Re: Re: Re: Re:

    It's no wonder you people post anonymously. You have no clue what you're talking about. The fact that you try to act like others don't, when it's clear to anyone with passing familiarity with FOSS processes that you're full of shit, it's astounding. At the very least, you don't understand the descriptions of where the code was found.

    Either you're really this stupid,or you *really* need to find a new hobby.

    link to this | view in thread ]

  76. identicon
    Henrie Schnee, 6 Dec 2013 @ 10:26am

    Hamburg

    A bit of context for the non-german readers: The noteworthy part of this news is not the what, but the where: Hamburg is in-famous for this sort of rulings.
    Basically, in germany you have what is called the "fliegender Gerichtsstand", (literarlly "the flying location of the court"), meaning that if you want to sue somebody over a civic issue, you can choose where in Germany you want to do it.

    Hamburg proved to be… shall we say "friendly" towards every whim of the content-industrie, so over the last two decades, said court became the go-to adress for all things copyright, infringement and new media. It's like the Wizard of Oz for copyright owners. They're dashing out scandalous, contra-productive rulings left and right, but there's nothing we, the people, can do… in the end, it just sits with the german mentality: If you want your rights to be taken seriously, you should have become rich yourself.

    On a broader note, though: The reason for this restrictive, backwards handling of copyright law is a deep rooted fear of the german industry: There's virtually nothing we've got left to make business with (no ressources, few relevant companies left in the consumer-marked, plus the big brain drain of talented people virtually fleeing the country), safe for the "german know how", that enormous pile of patents, inventions and trade secrets we came up with in the 20th century.
    And once this iceberg has melted under the sun of todays realities, there won't be any poker chips left for our country. Streaming services, filesharer and transparency-advocates are just unfortunate victims of a much broader, deeper rooted fear of losing our intellectual "property".

    link to this | view in thread ]

  77. identicon
    sheukel, 7 Dec 2013 @ 1:57am

    German "legal system" is a joke. It still has the same attitude as in Nazi-Germany. Complete ignoring reality, and creating their own uber-mensch legal rules.
    What a bunch of suckers!!

    link to this | view in thread ]

  78. identicon
    Anonymous Coward, 8 Dec 2013 @ 7:04pm

    Re: Re: Re: Re: Re: Re: Re:

    average_joe just hates it when due process is enforced.

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.