Gov't Contractor Uses Copyright, Fear Of Hackers To Get Restraining Order Against Open Source Developer

from the the-same-goddamn-hammers-used-every-time dept

A recent copyright infringement (+ "threat to national security") lawsuit filed by a government contractor against its former employee highlights two terms the government frequently fears: open source and hacking.

Open source software (especially free open source software) is often portrayed by government officials as inherently unsafe to deploy. If anyone can see the source code then surely anyone can exploit it, they state. This is institutional resistance is aided greatly by companies like Microsoft who would prefer to see lucrative software licensing contracts continue indefinitely. Not that "closed source" software is any more secure, as Microsoft itself (along with Adobe) can certainly attest. But that irrational fear remains, and greatly hinders the adoption of open source software by government agencies.

Hacking is another of the government's favorite boogeymen. The oft-abused CFAA has turned exploration of software and systems into a crime. The government uses the words "hacking" and "hacker" almost exclusively to denote criminal activities and criminals. This continues long after the words have entered the mainstream to reflect positive activities. (See also: the extremely popular Lifehacker website; any number of events with the word "-hack" appended that result in extremely constructive outcomes.)

Andreas Schou brought this restraining order granted by an Idaho judge to many people's attention on Google+. (H/T to unnamed Techdirt reader for the submission.) It's an ultra-rare "no notice" restraining order that resulted from a wholly ex parte process involving only the plaintiff, government contractor Battelle Energy Alliance. The restraining order allowed Battelle to seize its former employee's computer, as well as prevent him from releasing the allegedly copied software as open source.

Schou details how he heard about the case.

Yesterday afternoon, my good friend (and former client) got a panicked call from his wife. Attorneys for the government contractor he formerly worked for had showed up at his door with some sort of order, demanding to be let in to seize his computers. While his wife was held out on the lawn by private attorneys, the contractor's counsel tried to call in the sheriff to -- I guess -- break down his door.

My first thought, obviously, was: this is all some sort of misunderstanding. Because Corey [Thuen] -- who's a professional security researcher -- has worked for the government his entire career, both at the FBI and as a security researcher specializing in SCADA systems, cyberterrorism, and critical infrastructure. He's a straight-laced, church-attending guy with three kids and an admittedly strange job.

And here's what he's been accused of: threatening national security by open-sourcing a network visualization and whitelisting tool.
The arguments made in Battelle's original complaint were bought almost in their entirety by Judge B. Lynn Winmill. Battelle claims copyright infringement, citing Corey Thuen's software, Visdom, resembles its own Sophia software. As evidence of this, it offers the following:
- Thuen worked on Sophia and had access to the code.
- Visdom's name is remarkably similar to Sophia. (The short version: Sophia is the goddess of wisdom. Wisdom/VISDOM.)
- There's no way Thuen could have come up with his own program in such a short period of time without copying substantial amounts of Sophia's code.
Battelle also points out that Thuen's company, Southfork, made a bid to license Sophia but withdrew it a short while later, inferring that Thuen's allegedly infringing copy made licensing software an unneeded expense. (Thuen's response claims that Southfork withdrew its bid when it became apparent Battelle wasn't interested in pursuing an open source option.)

Schou points out that if Battelle had done any due diligence, it would have realized that its infringement claim -- especially the claim that Thuen couldn't have created competing software in that time frame without copying Sophia -- is just plain wrong.
Somehow, despite spending a great deal of money on a BigLaw firm and getting an unprecedented ex parte order for the seizure of critical business infrastructure, they didn't check Github. And if they had, they'd have found out that the open-source project is built in a different language, using open libraries. They'd have been able to check the code commits to look at the period the software was written in.
And they wouldn't have sued to begin with.
Thuen breaks it down even more simply in his response:
Visdom, unlike Sophia, makes heavy use of third party open source libraries to accomplish many of the tasks for which the Sophia development team had to write code ourselves. An example for illustration: as part of my work on Sophia, I created a scrollbar from scratch, which means I had to implement the click and drag behavior (along with buttons) that causes a scrollbar to do what the average user expects a scrollbar to do. Visdom, on the other hand, builds on top of other, third party components that make scrollbars inherent. In other words, on Sophia development I spent significant time creating basic components to a user interface, whereas Visdom did not require such efforts. Visdom's heavy use of open source libraries facilitated its development in a matter of several months.
As Schou states, it's also written in a completely different coding language. Battelle and its representation may think it's just a simple copy-paste job to "port" software from one language to another, but Thuen dismantles this misperception.
Visdom was written in HTML, Javascript, and Go. As previously mentioned, Sophia was written in C. Visdom is not a translation of Sophia from C to the languages in which Visdom is written. We did not have the Sophia code when we created Visdom.

Further, a program written in one programming language cannot be cut-and-pasted into another programming language. Programming languages have different lexicographical grammars. As an example, if I'm writing code in C I have to deal with memory management; I have to keep track of the resources used by my programs. Javascript has no such concept, and any C code that does these functions would be impossible to translate into Javascript. Further, Javascript is an interpreted language and C is a compiled language. In other words, C creates software that runs on hardware, whereas Javascript creates software that runs in programs that run on hardware.

No two programmers who translate from one language to another, or from C to Javascript in particular, would produce the same output for any complex program. Those two languages, and their paradigms, are incompatible. A program written in C will inherently solve the problem to which it is directed in a different way than a program directed at the same problem but written in Javascript.

In developing Visdom, I specifically avoided any code, modules, sequences, routines, structures, screenshots, or any other materials that may have constituted some part of Sophia, based on my knowledge of Sophia as of the end of my access to it on or about August 2, 2012. Visdom is intended to solve the same problems as Sophia, but it is not a copy of Sophia, just as an electric car is not a copy of a gas-powered car simply because both are used for the same purpose.
What the judge determined to be "adequate circumstantial evidence" to justify ordering a no-notice restraining order (which included the seizure of Thuen's computer -- because he's a "hacker" -- more on that in a bit) completely falls apart when confronted with technical knowledge and observable facts.

Thuen's project is still listed at github where anyone can view related information, including development time, commits and, most importantly, the source code itself, where anyone with the technical knowledge would have seen that a) it pulled from other sources to speed production and b) is written in a completely different language.

Unfortunately, Battelle also abused the term "hacking" to justify the seizure of Thuen's computer without notice. Its arguments in the original complaint quotes one of its own employees in support of its "if we notify him, he'll just wipe the hard drive" theory. The court cites this in its justification of the ex parte restraining order
[B]attelle asserts that defendants are likely to wipe the hard drives on Thuen's computer, thus destroying direct evidence of wrongdoing. Battelle suggests that either of these actions would render further prosecution of the lawsuit fruitless...

The Court finds it significant that defendants are self-described hackers, who say, "We like hacking things and we don't want to stop."

A well-known characteristic of hackers is that they cover their tracks… This makes it likely that defendant Thuen will delete material on the hard drive of his computer that could be relevant to this case...

The Court has struggled over the issue of allowing the copying of the hard drive. This is a serious invasion of privacy and is certainly not a standard remedy, as the discussion of the case law above demonstrates. The tipping point for the Court comes from evidence that the defendants - in their own words - are hackers. By labeling themselves this way, they have essentially announced that they have the necessary computer skills and intent to simultaneously release the code publicly and conceal their role in that act. And concealment likely involves the destruction of evidence on the hard drive of Thuen's computer. For these reasons, the Court finds this is one of the very rare cases that justifies seizure and copying of the hard drive.
The supposedly damning declaration by Thuen comes from Southfork's home page.
We're pretty good at hacking things. The idea is:

Identify what you want looked at
We hack it
You fix it


Your customers love you and you gain a little bit more peace of mind. We wouldn't mind bringing your people in to participate and see first-hand how an attacker views your system. We'd love to train ourselves out of a job.
Southfork will test system security when hired by a company specifically for that purpose. Battelle's filing attempts to spin Southfork's technical knowledge into a purely evil thing. According to Battelle, hackers are always adversaries, even when the company's own front page statement proclaims otherwise. Just because the knowledge is there doesn't mean it will only be deployed to cause damage. Thuen's response points out the flaw in this reasoning.
As a cybersecurity professional, I am aware of, and possess ability for, many “hacking” techniques that may be used in illegal ways, but I put them to use improving my customers’ security. In other words, I’m much like a locksmith who possesses the ability to pick a lock and uses his knowledge to help as a contributing member of society… In my career, I have held government clearances with the Federal Bureau of Investigation and the United States Department of Energy, which required me to pass multiple lie detector tests, psychological tests, extensive background checks, and other miscellaneous tests.
Battelle's goes even further than this in its complaint, painting Thuen's hacking ability and his "threat" to take his project open source as a danger to national security.
BEA's copyrighted software is called Sophia and protects the United States' energy infrastructure by alerting utility administrators of potential hackers or other threats to the integrity of the nation's energy grid.

Given the nature of Sophia, Defendants' actions have implications for our national security. Defendants know of these implications but have ignored them.
Fortunately, this stretched argument doesn't weigh in the judge's restraining order, but it's still a part of Battelle's complaint against Thuen. This argument is baseless as well, relying heavily on the allegation that Thuen's code is Battelle's code. Theun points out the flaw in Battelle's portrayal of open source code as inherently dangerous.
I disagree with Battelle that security software like Sophia or Visdom cannot be open source because then hackers would have access to the source code. Security systems are better served by being open source so that complicated things, like cryptographic algorithms and implementations, can be reviewed by independent expert auditors rather than sitting behind smoke screens. The plethora of open source software used in secure systems today completely debunks the notion that you cannot have valuable and secure software that is also open source
In the statements dealing with irreparable harm, Battelle claims it wouldn't be able to compete with Southfork's Visdom if Thuen chose to give it away (earning money from support packages and custom modules). Clearly, Battelle and its lawyers are unaware that top selling programs like Microsoft Office (LibreOffice) and Photoshop (GIMP) compete with fully-featured (and open source) free programs all the time.

There are many more flawed arguments in Battelle's filing, but it appears that both the plaintiff and the presiding judge had just enough knowledge between them to reach a bad conclusion. Thuen's response tackles every accusation from Battelle's complaint, punching some big holes in its filing. Unfortunately, the court decided to handle this ex parte and is only now aware of the weaknesses of Battelle's allegations.

What this looks like is a government contractor hoping to shut down a competitor by deploying two "chilling" favorites: copyright infringement and "threats to national security." It also hurts itself by falling for government FUD -- "open source is dangerous" and "hackers are bad" -- both of which contributed to the general level of failure contained in its complaint.







Reader Comments (rss)

(Flattened / Threaded)

  •  
    icon
    Ninja (profile), Oct 23rd, 2013 @ 6:18am

    Holy epic crap! I'll skip to the business:

    BEA's copyrighted software is called Sophia and protects the United States' energy infrastructure by alerting utility administrators of potential hackers or other threats to the integrity of the nation's energy grid.

    Does that mean there are grid operators stupid enough to put that critical infra structure in contact with the Internet?

    Ahem. Other than that it's one epic argumentation there with very proper analogies. I'd go for Visdom after reading this.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Oct 23rd, 2013 @ 7:52am

      Re:

      Does that mean there are grid operators stupid enough to put that critical infra structure in contact with the Internet?

      Yes. There are. MANY of them. And their collective reaction to having this pointed out has been:

      1. No we didn't!
      2. Okay we did but it's safe.
      3. You're hackerterrorist!

      I don't work in this area, and WON'T work in this area, not because I couldn't be successful, but because I don't want my door kicked down by jackbooted thugs at 4 AM.

       

      reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Oct 23rd, 2013 @ 7:52am

      Re:

      "Does that mean there are grid operators stupid enough to put that critical infra structure in contact with the Internet?"

      Don't forget the government a couple years ago was saying Anonymous could take over the power grid and shut it down at hospitals and such...

      My first reaction to that was "who's the dumbass who connected this information to the Internet? He needs to be fired!" It's one thing to be able to read from the system on the internet so you have access to warnings and system information, but to be able to write (or shut off) a critical system, something is wrong.

       

      reply to this | link to this | view in chronology ]

    •  
      icon
      R.H. (profile), Oct 23rd, 2013 @ 7:58am

      Re:

      I have the feeling that certain critical infrastructure systems are connected to the internet for the purpose of remote administration or monitoring. If a person who needs to have access is on the other side of the planet when you need them to have access, how else do you plan on getting them connected?

       

      reply to this | link to this | view in chronology ]

      •  
        icon
        PaulT (profile), Oct 23rd, 2013 @ 8:32am

        Re: Re:

        "If a person who needs to have access is on the other side of the planet when you need them to have access, how else do you plan on getting them connected?"

        Why is the person on the other side of the planet required to access the system? Why are they required to do so with such a level of administrative access that the whole system is at risk should someone else gain that access?

        Before asking how they are connected, you should ask why. If that answer's not good enough, they shouldn't be connected in the first place.

         

        reply to this | link to this | view in chronology ]

        •  
          icon
          ECA (profile), Oct 23rd, 2013 @ 11:13am

          Re: Re: Re:

          dear paul..

          You have a system that Only 1 person can Fully control?
          You dont have a second or third??

          Then you are a CHEAP CORP..Over charging your customers and giving 1 employee to much POWER..

          You dont have manual control?? Overrides??

          Please forgive me, but that is STUPID.

           

          reply to this | link to this | view in chronology ]

          •  
            icon
            PaulT (profile), Oct 24th, 2013 @ 3:39am

            Re: Re: Re: Re:

            WTF are you on about? I say that you shouldn't be giving someone on the other side of the planet complete access to systems without good reason, and you use that to attack me for ripping off customers in a company? Plus, you assumed that means that only one person can possibly have access?

            You're an idiot.

             

            reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Oct 23rd, 2013 @ 8:34am

        Re: Re:

        The answer's simple: quantum entanglement at the processing level.

        DUH!

         

        reply to this | link to this | view in chronology ]

      •  
        icon
        John Fenderson (profile), Oct 23rd, 2013 @ 8:55am

        Re: Re:

        If a person who needs to have access is on the other side of the planet when you need them to have access, how else do you plan on getting them connected?


        I know this is hard to believe, but there are readily accessible global communications systems other than the internet.

        Hooking these systems up to the internet is not the only option to obtain the desired functionality. It's merely the cheapest and easiest option. For critical systems, though, "cheapest and easiest" is often the wrong answer.

         

        reply to this | link to this | view in chronology ]

        •  
          icon
          Ninja (profile), Oct 23rd, 2013 @ 9:45am

          Re: Re: Re:

          That. The banking systems is a good example. Even if some criminal can seize control of accounts the basic infra-structure is entirely safe. There are some smart grid options that allow people to control their home electric grids from the distance but it shouldn't be able to mess with basic power plant systems or non-domestic stuff.. If it can then there's a fundamental problem with how it was setup that no amount of legislation can fix.

           

          reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Oct 23rd, 2013 @ 10:26am

        Re: Re:

        A critical system should only be controllable over a ring back system. Upgrades should only be possible by an on-site engineer so that they are there when it is tested and can recover from any problems due to the upgrade. Further if a remote upgrade is possible then the administrators could wake up one fine morning to a down system, which is responding only to someone else's control.

         

        reply to this | link to this | view in chronology ]

      •  
        icon
        Kenpachi (profile), Oct 23rd, 2013 @ 10:44am

        Re: Re:

        never go full retard

         

        reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Oct 23rd, 2013 @ 7:24pm

        Re: Re:

        Hmmm...no need to give direct access to one person over the otherside of the world.

        Do what countless sysadmin had to do every time one left the SSH machine "reboot". Call someone on the phone and ask them to login into the machine so they could re-estabilish a new SSH session.

        You could say that people should use a proxy, physical human firewall etc.

         

        reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Oct 23rd, 2013 @ 7:32pm

        Re: Re:

        Also operational viability, some systems don't operate on the minute/hour they have to be realtime that means milliseconds, although you could use a human proxy for security it could hurt other areas like productivity and quality of service.

        Security vs usability, this will an eternal battle for balance there.

         

        reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Oct 23rd, 2013 @ 8:02am

      Re:

      "Does that mean there are grid operators stupid enough to put that critical infra structure in contact with the Internet?
      "

      Generally NO, they don't, but most have the ability for operators to "dial in" and perform operations remotely, or you can go out and buy a VHF radio, and a radio modem, and set yourself up in a car between two nodes, and take over a node and gain access that way.

       

      reply to this | link to this | view in chronology ]

    •  
      icon
      ECA (profile), Oct 23rd, 2013 @ 11:07am

      Re:

      Good comment..
      Lets ADD..

      BASIC security features..BASIC.
      Those security reasoning that were LEARNED LONG AGO..
      ASK anyone older then 40..ASK any personal computer user in the past 30 years..
      What would you do to protect yourself IF' you had the money?

      Something I dont think Many of those here see..
      WOW, insted of having people ONSITE to watch and control..
      You have some IDIOT in PAKISTAN monitoring your machines??
      AND we are stilling more and more money for ???

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Oct 23rd, 2013 @ 7:38am

    regardless of what should have happened and what did happen, surely the two most important things that come out of this nd many similar cases are

    a) the judge is a prick who knows absolutely fuck all about the case, but to prevent himself from looking like the prick that he is, he has gone down the road of least resistance and agreed with the other prick, who is shit scared of someone with a better product getting the goods!!

    b) even though a person is dead right in what he has been doing and how he has been doing it, he has been royally screwed by someone who is shit scared of losing out to someone with a better product getting the goods, even though he knows full well that there has been absolutely no underhanded goings on!!

    as is so usual, the guilty gets the deal because he shouts the loudest (or in this case, went to court while the other guy was away!)

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Oct 23rd, 2013 @ 7:58am

      Re:

      It has nothing to do with shouting the loudest, the company greased the right palms and became a government contractor. Their now protecting their (bribery) investment.

       

      reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Oct 23rd, 2013 @ 12:37pm

      Re:

      So far that appears to be an unfair characterization of the judge. After all, the judge only heard ONE side and based on what was presented to him, it seemed reasonable even if it was as far disconnected from the truth as it was. What remains to be seen is how the judge reacts to the the truth when it is presented before him.

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Oct 23rd, 2013 @ 12:46pm

        Re: Re:

        After all, the judge only heard ONE side…

        The judge heard ONE side and then decided to send goons over to hold the guy's wife prisoner and break the guy's doors.

        Oh, yeah. Sounds really reasonable.

         

        After all, the judge had a sworn affidavit upon which to base his finding that probable cause existed to believe that a crime had been committed or was being committed.

         

        reply to this | link to this | view in chronology ]

  •  
    identicon
    ac2, Oct 23rd, 2013 @ 7:52am

    Okay, IANAL. So someone please explain how this:

    "While his wife was held out on the lawn by private attorneys"

    is remotely legal. They are not sworn law enforcement officers. How can they detain anyone?

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      JEDIDIAH, Oct 23rd, 2013 @ 7:56am

      Mind your jurisdiction.

      I believe that you could get yourself shot in some places for pulling a stunt like that and the happy homeowner would be well within his rights.

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Oct 23rd, 2013 @ 8:00am

        Re: Mind your jurisdiction.

        In Kentucky, the castle doctrine now extends to our cars even, so yeah you could.

         

        reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Oct 23rd, 2013 @ 7:59am

      Re:

      She should have called the police and said she was being held against her will.

       

      reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Oct 23rd, 2013 @ 8:06am

      Re:

      They are not sworn law enforcement officers. How can they detain anyone?

      Well, they can detain you rudely:   Shove a gun in your face and growl, “Freeze or I kill you.”

      Or, they can detain you politely:  “Ma'am, you're under detention.”

      Either way, it amounts to the same thing. They have the power and you don't.

       

      reply to this | link to this | view in chronology ]

    •  
      icon
      ECA (profile), Oct 23rd, 2013 @ 11:18am

      Re:

      1 answer..
      START TAKING PICTURES AND RECORDING THE CONVERSATION..

      Iv suggested to all my friends..
      GET READY with a Audio recorder and camera..

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Oct 23rd, 2013 @ 7:57am

    being open source does not make it any more OR LESS secure than 'proprietary' software.

    GIMP and LibreOffice DO NOT compete with MS Office or Photoshop, nor are they anything like "fully featured"

    Its been proven time and time again that it a myth that "many eyes" makes software better or more secure, or that there are in fact really "many eyes' looking at the code.

    Its the mantra, but not the reality.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      Gwiz (profile), Oct 23rd, 2013 @ 8:12am

      Re:

      GIMP and LibreOffice DO NOT compete with MS Office or Photoshop, nor are they anything like "fully featured"


      Must be a while since you checked out either of those projects. I'm a Graphic Designer and I substitute GIMP for Photoshop all the time. The only thing I find lacking is the inclusion of the Pantone color system which is proprietary in itself.

      I haven't touched a MS Office product in years with the exception of people who send me Publisher files. The file format itself is proprietary and usually not even compatible between it's own versions.

       

      reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Oct 23rd, 2013 @ 8:16am

      Re: "its (sic) been proven time and time again..."

      lol. links or it didn't happen.

       

      reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Oct 23rd, 2013 @ 8:33am

      Re:

      I prefer libre office to MS office and am not aware of any missing features, it actually has a lot of features that are unavailable to MS users.

      I also prefer GIMP too, you can do anything in GIMP that you can in Photoshop bar CYMK output.

      I got my Mum using Libreoffice without her realising it, she actually prefers the interface to the 2007+ MS Office offerings.

       

      reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Oct 23rd, 2013 @ 9:01am

      Re:

       

      reply to this | link to this | view in chronology ]

    •  
      icon
      Not an Electronic Rodent (profile), Oct 23rd, 2013 @ 9:32am

      Re:

      GIMP and LibreOffice DO NOT compete with MS Office or Photoshop,
      Er... What??? So you think loads of people use LibreOffice and shell out a small fortune for the MS product? Would you care to explain how they don't compete rather than an unsupported sweeping statement?
      nor are they anything like "fully featured"
      This is true(ish at least), but then many many people in the market for these products don't use and don't/wouldn't miss many of these "features". MS has a long habit of adding pointless "features" to their products to justify the "brand new" version they can charge businesses again for and as for Gimp, well I know since moving to it I miss neither any "extra features" of Photoshop nor the ludicrous amount of resources it needs even to start.

       

      reply to this | link to this | view in chronology ]

    •  
      icon
      John Fenderson (profile), Oct 23rd, 2013 @ 9:39am

      Re:

      GIMP and LibreOffice DO NOT compete with MS Office or Photoshop, nor are they anything like "fully featured"


      They absolutely compete. I can tell that based on the fact that I know a number of people who use them to get real work done, rather than using Office or Photoshop.

      As to "fully featured," well, what does "fully featured" actually mean? GIMP has features that Photoshop doesn't and OpenOffice has features that Office doesn't. I guess that means that Office and Photoshop are not "fully featured".

      The reality, though, is that the vast majority of features people want are in both the closed and open source products.

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Oct 23rd, 2013 @ 6:27pm

        Re: Re:

        "As to "fully featured," well, what does "fully featured" actually mean?"

        USE those products, then YOU TELL ME !!!!

        it's also the term the author of this article used, so ask him.

        A feature of MS Office for example, is that it used ubiquitously by business and personal use, that is a 'feature' as is being supported by a stable and professional company, that is a 'feature' LibreOffice does not have, that is a VERY IMPORTANT feature.

         

        reply to this | link to this | view in chronology ]

        •  
          identicon
          Anonymous Coward, Oct 23rd, 2013 @ 7:47pm

          Re: Re: Re:

          Professional as in "push 1 if you want help, push 2 for a sales representative, push 3 for a live staff".

           

          reply to this | link to this | view in chronology ]

        •  
          icon
          John Fenderson (profile), Oct 24th, 2013 @ 8:53am

          Re: Re: Re:

          USE those products, then YOU TELL ME !!!!


          I use both Office and OpenOffice, and I use GIMP, professionally. Let's focus on Office, as that's what I know best. Both Office and OO have 99% of the same features. Where there's a difference, it's mostly features that OO has that Office doesn't.

          So what's your point?

          A feature of MS Office for example, is that it used ubiquitously by business and personal use, that is a 'feature' as is being supported by a stable and professional company


          Being used ubiquitously is unimportant as long as you can use the same files in both products. Which you can. As to support, I call BS. Have you actually used the "support" Microsoft offers for Office? I have. I can resolve my problems faster and easier with OpenOffice, and I don't have to go through the agony of calling a support line.

          However, if you really want Microsoft-style support for LibreOffice, OpenOffice, et. al, you can get that, too, through your choice of commercial support operations. SO, it's not really a feature unique to Office.

           

          reply to this | link to this | view in chronology ]

          •  
            icon
            PaulT (profile), Oct 25th, 2013 @ 3:22am

            Re: Re: Re: Re:

            It's my experience that people who make those sorts of anti-FOSS arguments fall in a number of camps. One is that they're not up-to-date. A lot of the arguments made might have applied to Linux 5 years ago or to OpenOffice 1.0 (perhaps the last time they tried them) but not now.

            Another is over-dependence on niche features. For example, some people *do* have a legitimate reason not to be able to consider a competitor to MS Office such as advanced collaboration functionality that's unique to MS. But those people often don't understand that most people don't ever touch those features, and that the features that are used by most people are supported equally in competing programs. Like it or not, even Google Docs gives a large number of people the complete feature set they actually use.

            Another is a lack of awareness of the nature and history of the marketplace. AC above, for example, gives MS Office's ubiquity as a selling point but fails to realise both the shady practices that led to that ubiquity and the fact that those who have stuck with MS have done so due to lack of need to consider alternative (e.g. they're still happy with the features of Office 2003 so why move?). Over time, more of those people will move, and if they stick with MS it's more due to a familiar brand rather than an actual evaluation of features and support. Finally, they also base their ideas on assumptions rather than reality - for example, because they didn't pay for support packages if they tried FOSS in the past, they assume that nobody has professional support.

            So, they end up is this fantasyland where the only "usable" software is the big name brands and nobody can possibly be happy with FOSS and other alternatives.

             

            reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Oct 23rd, 2013 @ 8:01am

    Work for the man -- get screwed

    Corey [Thuen] -- who's a professional security researcher -- has worked for the government his entire career

    Well, what can I say…

    If you work for the man, he's gonna screw you sometime… maybe today, maybe tomorrow, maybe next week… but, sooner or later, he's gonna screw you hard.    Hard.

    That's what you get.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Oct 23rd, 2013 @ 8:04am

    Seems like Visdom is network analysis software. The author must be a is coding/networking guru, and his ex-employer doesn't want a former employee making a similar product for 1/10th the cost using free as in freedom to use and modify, open-source software.

    Claiming national security over network topology software, is absurd. As is the claim that he copied Sofia's coding, line for line, especially if they're different programming languages.

    Just another case of a corporation trying to bankrupt a young upstart company, using legal expenses and lawsuits.

    CFAA is a trash law written by neanderthal politicians, who view anything more complicated than a typewriter as a possible WMD being launched on their political careers.

     

    reply to this | link to this | view in chronology ]

  • This comment has been flagged by the community. Click here to show it
     
    identicon
    Anonymous Coward, Oct 23rd, 2013 @ 8:17am

    Big RED heiring

    To talk about the difference between type of source code, and all this "low level and memory management" bullshit.

    An application like this one would be written "top-down" where you start with features and functions and 'fill in' the low level functionality.

    No you cannot 'cut n paste' but you can duplicate the functionality, and with any decent application development environment, you don't even have to consider much of the 'low level' stuff, the compiler/interpreter does that for you.

    You might be able to pull the wool over on some of you less educated, but he knows, and I know he's talking shit.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      Arsik Vek (profile), Oct 23rd, 2013 @ 8:29am

      Re: Big RED heiring

      Duplicating the functionality is not a violation of copyright. He admits he's created similar functionality, that's not illegal. If you come at a problem in a different language, the methodology (and therefor the code) you use to recreate that functionality will be different.

      Nor is duplicating functionality (with different code) inherently going to expose vulnerabilities in the original. They're written differently and will have different vulnerabilities.

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Oct 23rd, 2013 @ 8:38am

        Re: Re: Big RED heiring

        "Duplicating the functionality is not a violation of copyright. He admits he's created similar functionality, that's not illegal."

        This. 100 times over. Copyright has no place in this unless the code is copy/pasted.

        There may be a potential ethics issue, but that should have been stated in any employment hiring documentation by the company. For example, I cannot work on similar work to the projects I work on for my job within 6 months of separation from the company). Since no proof has been presented or complaint made on this, you can't just say that doing something similar is copyright even if you take similar IDEAS. No matter how you look at it, IDEAS aren't (supposed to be) copyrightable, just the IMPLEMENTATION which is the low level coding which is clearly different.

         

        reply to this | link to this | view in chronology ]

        •  
          identicon
          Anonymous Coward, Oct 23rd, 2013 @ 6:21pm

          Re: Re: Re: Big RED heiring

          you "implement" a feature or function, it has nothing to the low level code, but everything to do with the function, look and "idea" behind that implementation.

          With top down programming you "implement features, look and functions".

          So your argument does not hold up,, sorry.

          So if you 'copy' a $100 bill, using a photocopier, your not using the same code as "real" money, real money is printed on a printing press, you used a photocopier.

          Because you used a photocopier, and not a printing press are you innocent of forgery ?

          I would say NO, to that question.

          If you copy "features and functions" it might not be a breach of copyright, it might just be a forgery !

          Whatever 'term' you use, the intent for doing it is the same.
          The Judge agrees, is it possible the Judge is more savvy that TD 'writers' !!

           

          reply to this | link to this | view in chronology ]

          •  
            identicon
            Anonymous Coward, Oct 23rd, 2013 @ 7:58pm

            Re: Re: Re: Re: Big RED heiring

            you "implement" a feature or function, it has nothing to the low level code, but everything to do with the function, look and "idea" behind that implementation.


            Are you mixing copyright with patents?

            Copyright protect specific forms of expression not the expression itself, meaning it doesn't protect function neither ideas but only looks behind any implementation.

            Doubt look it up the law and caselaw Mr.

            Reallife example:
            Game producer can copy each other game mechanics exactly and they can't be stopped from doing so, but if they use graphical assets they are infringing copyrights.

            Patents on the other hand are there to protect functionality and even then it is supposedly only to be applied to specific implementations of it.

            But in specific this was filed as a copyright claim, a bogus copyright claim by the way.

            Which the plaintiff could have easily have checked if there has occurred any breach of copyright by just looking at the code released in a public space. So the counsel for plaintiff's is incompetent, cheep, malicious or all.

             

            reply to this | link to this | view in chronology ]

          •  
            identicon
            Anonymous Coward, Oct 23rd, 2013 @ 8:13pm

            Re: Re: Re: Re: Big RED heiring

            Let me fix that for ya.

            Copying a one dollar bill using a photocopy(copy & paste equivalent) is illegal, making your own fantasy money bill with readily available materials copying certain aspects off of it (e.g. form of the note) is not.

            Here is an example
            http://seedstock.ca/about/the-seedstock-bills

            It has:

            - Printed value like real currency does.
            - Serial numbers like real currency does.
            - It has the same shape and form as real currency does.
            - It can be used as real currency.

            It has copied many aspects of real currency and it is still legal, why?

            Because the law says so.


            Also you do know that you can copy money in a copy machine right? you just can't make it the exact same size it has to be 2 times bigger according to the laws of the land in the US.

             

            reply to this | link to this | view in chronology ]

          •  
            identicon
            Anonymous Coward, Oct 24th, 2013 @ 1:46am

            Re: Re: Re: Re: Big RED herring (fixed)

            I don't know what kind of background you have (maybe you are a former fine arts student in some area of esoteric literature), but you obviously know nothing of computer programming, engineering or other technical fields.

            You seemed to have strung a strange set of misconstrued and misunderstood ideas to come up with both of your comments.

            When you have had 30 or more years in a technical field come back and make your arguments. Otherwise, stop making comments that show you are a folly-filled fool.

            tl;dr Shouldn't have bothered correcting a ....

             

            reply to this | link to this | view in chronology ]

          •  
            icon
            Not an Electronic Rodent (profile), Oct 26th, 2013 @ 3:23am

            Re: Re: Re: Re: Big RED heiring

            Because you used a photocopier, and not a printing press are you innocent of forgery ?
            Actually, yes you are. Guilty of copyright infringement possibly, but not of forgery unless you try and pass off the copied note as a real one.
            There was a case a number of years ago where an artist was drawing money and selling it as art. The mint tried to prosecute her for forgery but couldn't make it stick because she wasn't claiming it was a real bank note. That case is where the mint started claiming copyright over currency.

             

            reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Oct 23rd, 2013 @ 8:39am

        Re: Re: Big RED heiring

        Don't worry, AJ doesn't have a logic engine installed in his brain.

         

        reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Oct 23rd, 2013 @ 6:14pm

        Re: Re: Big RED heiring

        I agree, but I did not say it was a breach, I said this bullshit about it being different type of code means its a copy of the functionality/features, and yes copying functionality and features, COPYING the APPLICATION certainly could fall under copyright.

        If it is a "functional exact copy" there is potential for copyright issues.
        Does not matter what the underlying code is or looks like, if it looks the same, acts the same, and is based on the same concepts it's a copy.

        But saying 'its different code', but DOES EXACTLY THE SAME THINGS, LOOKS the SAME, and is clearly "based, stolen, copied, lifted, cloned" to look and act just like what he was doing elsewhere, there is a VERY STRONG legal case that it is a copy, or forgery.

        That has nothing to do with using Java or C, again I call bullshit on that one.

         

        reply to this | link to this | view in chronology ]

        •  
          identicon
          Anonymous Coward, Oct 23rd, 2013 @ 9:47pm

          Re: Re: Re: Big RED heiring

          If it is a "functional exact copy" there is potential for copyright issues.
          Does not matter what the underlying code is or looks like, if it looks the same, acts the same, and is based on the same concepts it's a copy.


          You're partially right. If it LOOKS the same, there might be an issue with copyright. You can certainly have copyright in the UI distinct from your copyright in the code - if I go and write an EXACT copy of Microsoft Word with every menu option in the same place and every color the same, I would be infringing even if my code was different. But having the same functionality is not an issue. Functionality is not copyrightable, no matter how much you want it to be. I could write a program that does 100% of what Word does and I would be fine as long as I didn't copy the layout.

          In this case, the scrollbar issue alone tells me that the UI was not copied. They wouldn't bother making their own scrollbar unless it looked or acted in some nonstandard way - otherwise they'd obviously use the standard scrollbar.

          FURTHERMORE, they had not even SEEN the code OR the software yet (assuming they hadn't seen what was on GitHub - if they knew about that, they are in big trouble, because the code being available means there was no reason for the seizure.) So how could they possibly know it's infringing with enough certainty to start seizing the guy's computers before letting him even attempt to defend himself?

          And saying it's a "forgery" is totally bogus. That would mean they were taking their own code and trying to pass it off as written by somebody else! Do you even know what the words mean that you are using?

           

          reply to this | link to this | view in chronology ]

    •  
      icon
      TasMot (profile), Oct 23rd, 2013 @ 8:37am

      Re: Big RED heiring

      If you are going to contest the facts, you should at least start with correct spelling... as in a "Big RED herring". The other fact you should start with is that "features and functions" are not copyrightable. The code set down in a fixed form can get a copyright but not the features and functions. Otherwise, there would only be one word processor, one spreadsheet, one accounting program, and so on (they all have the same features and functions in their respective areas). Could you imagine if only one program could have a general ledger function?
      And, it appears that you are trying to pull the wool over others eyes instead of Thuen. If you had ever written a C program(and more then a "Hello World" program), then his statement about "low level" stuff like memory management is extremely accurate for C language programs. Java, JavaScript and .NET for example implement automatic memory management and garbage collection, but C leaves it all up to the individual programmer. Having been a professional software developer for 30 years and developing programs in each of those languages I can personnaly attest to Thuen's accurracy on this matter.
      Before you start calling anyone uneducated, you really should get yourself an education and do some fact checking before submitting a rant that demonstrates your lack of said education.

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Oct 24th, 2013 @ 5:29pm

        Re: Re: Big RED heiring

        darryl can't use words. Words make his head hurt. This is the state of the solar panel industry in Australia. God save Australia.

         

        reply to this | link to this | view in chronology ]

    •  
      icon
      MonkeyFracasJr (profile), Oct 23rd, 2013 @ 9:25am

      Re: Big RED heiring

      um ... its spelled herring.

      just sayin'

       

      reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Oct 23rd, 2013 @ 9:39am

      Re: Big RED heiring

      As someone who's been a software engineer for over 20 yrs., it is YOU that sounds "less educated."

       

      reply to this | link to this | view in chronology ]

    •  
      icon
      JMT (profile), Oct 23rd, 2013 @ 3:08pm

      Re: Big RED heiring

      "You might be able to pull the wool over on some of you less educated, but he knows, and I know he's talking shit."

      Wow, spot the Battelle shill...

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Oct 23rd, 2013 @ 8:36am

    I have no idea if the S/W truly creates any problems, but given what Battelle manages on behalf of the DOE, i.e., the Idaho National Laboratory, I believe it is prudent to have this matter reviewed in far greater detail than is typically the case on blogs.

    BTW, I do agree that this matter was handled by attorneys and management in a ham fisted way. There are ways to do this without coming off like jack booted thugs.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Oct 23rd, 2013 @ 8:38am

      Re:

      There are ways to do this without coming off like jack booted thugs.

      Here's a free clue:    They are jack-booted thugs.

       

      reply to this | link to this | view in chronology ]

  •  
    icon
    BentFranklin (profile), Oct 23rd, 2013 @ 8:53am

    "An example for illustration: as part of my work on Sophia, I created a scrollbar from scratch, which means I had to implement the click and drag behavior (along with buttons) that causes a scrollbar to do what the average user expects a scrollbar to do."

    That says it all. Every time I see some organization has written its own scrollbar code I know to RUN AWAY FAST! Do you think Batelle got paid to write scrollbar code that already exists? And it is certain that the scrollbars suck compared to professional bars.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      John Fenderson (profile), Oct 23rd, 2013 @ 9:09am

      Re:

      That struck me, too. Unless they're developing for some incredibly exotic system (in which case, you have to ask why), there are numerous solid utility libraries available for whatever platform you're using. And if that platform is one of the major OS's (Windows, Linux, OS/X, iOS, Android) then the GUI elements are supplied by the OS itself and it is actively counter to good development principles to avoid using them.

      Put that red flag together with the other red flag of going nuclear over this guy's project and Sophia sounds like a really badly run software house. I pity the developers working there, not to mention their customers.

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Oct 23rd, 2013 @ 9:14am

        Re: Re:

        I pity the developers working there

        Why? Why pity them?

        Each of developers freely chose to work for a company that will happily take their wife prisoner on her own front lawn.

        They knew what they were getting into when they took the job. If they didn't want their wives taken prisoner, they should've gone to work somewhere else.

         

        reply to this | link to this | view in chronology ]

        •  
          icon
          John Fenderson (profile), Oct 23rd, 2013 @ 9:42am

          Re: Re: Re:

          It can be hard to tell that a company is terrible until you actually work there.

           

          reply to this | link to this | view in chronology ]

          •  
            identicon
            Anonymous Coward, Oct 23rd, 2013 @ 9:46am

            Re: Re: Re: Re:

            It can be hard to tell that a company is terrible until you actually work there.

            It can be hard to tell that Idaho is full of Ku-Klukkers and Neo-Nazis until you actually live there.

             

             

            But if you live in Washington state, you might hear a rumor or two.

             

            reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Oct 23rd, 2013 @ 3:01pm

        Re: Re:

        It's very possible that they had to make a 'clean room' implementation for the purposes of code audit and licensing elimination.

         

        reply to this | link to this | view in chronology ]

        •  
          icon
          JMT (profile), Oct 23rd, 2013 @ 3:11pm

          Re: Re: Re:

          It's also very possible that they had to make a 'clean room' implementation for the purposes of getting as much government cash as possible. Which is formerly taxpayer's cash...

           

          reply to this | link to this | view in chronology ]

      •  
        icon
        Bergman (profile), Oct 24th, 2013 @ 2:52am

        Re: Re:

        Seizing the guy's computer in the name of national security because he might compete with you in business goes well beyond merely nuclear.

        Supernova, maybe?

         

        reply to this | link to this | view in chronology ]

    •  
      icon
      TheOldFart (profile), Oct 23rd, 2013 @ 11:34am

      Re:

      Writing a scroll bar (or any other standard component of pretty much every windowing toolkit ever written in the last 20 years) is a pretty clear sign of insanity.

      Writing code in C in the 21st century is approaching insanity. As an expert in C who has written tens of thousands of lines of code for embedded systems and PC applications, the only legit reasons I can think of for still writing in C is a) target system has less than 2MB of RAM or b) it fits in with other archaic corporate practices of carving office memos in clay tablets, offering sacrifices to the gods before business meetings and providing official company water jugs so that employees can wash their hand off after they take a shit in the field out back.

      If it has a scroll bar it seems unlikely to be a payload or actual gaffe code... so WTF were they thinking?

      Sounds to me like they've still has at least one foot the 1970's, like many large corporations.

      Anyone thinking about engaging a security consultant should definitely consider the former employee over the company he used to work for! At least he used modern tools!

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Oct 23rd, 2013 @ 12:56pm

        Re: Re:

        Ever consider that the decision to develop it entirely from scratch may have been made from the higher ups and not the developers themselves possibly because they believed that if they did it that way it would be entirely theirs to control?

         

        reply to this | link to this | view in chronology ]

      •  
        icon
        Karl (profile), Oct 23rd, 2013 @ 5:47pm

        Re: Re:

        the only legit reasons I can think of for still writing in C is a) target system has less than 2MB of RAM or b) it fits in with other archaic corporate practices

        That's not true. There are other reasons, such as more direct access to the hardware layer (drivers, embedded systems). Or when garbage collection causes problems, and you want to manage memory yourself (audio, games).

        But, yeah, writing a slider in C is just asking for trouble.

         

        reply to this | link to this | view in chronology ]

        •  
          icon
          TheOldFart (profile), Oct 23rd, 2013 @ 7:43pm

          Re: Re: Re:

          Meh. Garbage collection problems are mostly a thing of the past. Most modern JVMs configurable have configurable GC. Have a look at JRockit for example. If you still have GC issues with something like that then it's a design problem, not a language problem.

          Heck, these days just dedicate a core to nothing but memory management, you'll probably still have plenty left to run the app.

          It's really hard for me to imagine a valid reason for using C on anything other than a micro-controller. Glue a USB connector to it and write the rest of whatever it is in a real language, throw a few more cores at it, add a few more nodes to the cluster... spend an extra $10,000 on the hardware and save a $1,000,000 in wasted development effort, missed business opportunities and maintenance nightmares.

          In any case, Batelle sounds exceptionally backwards to me, in technology as well as in their morals and ethics. Certainly changes my opinion when I hear the company name.

           

          reply to this | link to this | view in chronology ]

  •  
    identicon
    DCX2, Oct 23rd, 2013 @ 9:04am

    All code is open

    Even closed source applications must distribute the binary. Binaries can be disassembled and sometimes even decompiled.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Oct 23rd, 2013 @ 9:42am

      Re: All code is open

      So what? Have you ever tried to analyze a million line, complex system by looking solely at the assembly code? It's not easy.

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        DCX2, Oct 23rd, 2013 @ 1:02pm

        Re: Re: All code is open

        Yes, I have. I regularly hack at the game Left 4 Dead 2. Not sure it's a million lines, but it's based on the Source engine, so it's not some small, trivial application.

        Yes, it is hard.

        No, it is not impossible. People do it all the time. Sure, it requires a certain set of skills that most people don't have, and a certain amount of dedication. So does flying an airplane.

        It's a lot like the Matrix. Once you know what it all means, you don't see numbers and letters anymore. You see a global variable holding the private key for the KeyBLOB being passed into the CryptImportKey Win32 API.

         

        reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Oct 23rd, 2013 @ 9:59am

      Re: All code is open

      Disassembly and decompilation is only useful for small programs, or small sections of programs. Gaining several thousand lines of code with routine names like 'r1', and variable names like 'i23' does not make the code understandable. This is why JavaScript obfuscators are so popular, they render the source code unreadable.

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        DCX2, Oct 23rd, 2013 @ 1:11pm

        Re: Re: All code is open

        Incorrect. I have disassembled many commercial games, in fact I have a particular fancy for Wii games because the PowerPC assembly code is very easy on the eyes (x86 makes my eyes bleed, lol). That was pure disassembly, didn't involve any decompiling at all. I had a lot of fun hacking games to do all kinds of stuff - I made a code for Super Mario Galaxy 2 that stores your current location and allows you to teleport to the stored location; it also allows you to levitate, including through walls. Search here http://www.geckocodes.org/index.php?c=SB4E01 for "Multi-Teleporter with Levitation"

        While names like r1 and i23 don't necessarily mean a whole lot...that's why you look at the code, figure out what it's doing, what variable is being passed to what function as what argument of the call, look at the function to see what that variable is. That's why you set read and write breakpoints. That's why you get a disassembler that can fill in the names of function calls like __imp_EnterCriticalSection.

        Saying that obfuscation or assembly renders code unreadable is like saying RSA cannot be broken. It shows a lack of understanding. RSA *can* be broken, and in fact Team Twiizers broke RSA on the Wii (thanks to Nintendo's failed implementation - good job guys, checking binary values with a strcmp...)

         

        reply to this | link to this | view in chronology ]

        •  
          identicon
          Anonymous Coward, Oct 23rd, 2013 @ 3:04pm

          Re: Re: Re: All code is open

          Of course _optimized_ powerpc code is as bad as x86 code.

          Nothing a good eieio can't fix :)

           

          reply to this | link to this | view in chronology ]

          •  
            identicon
            DCX2, Oct 24th, 2013 @ 1:13pm

            Re: Re: Re: Re: All code is open

            No way is optimized PPC as bad as x86.

            For one, PPC has a TON of registers, x86 only has a few. PPC almost always passes arguments and return values via the same registers, x86 can sometimes use registers and sometimes the stack. PPC has three operand op codes, so destination can be a separate register, x86 has two operand op codes, so destination is one of the source registers. PPC is RISC, x86 is CISC. PPC uses "normal" registers for floating point operations, x86 uses a stack.

            I would rather read optimized PPC than unoptimized x86 any day of the week.

             

            reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Oct 23rd, 2013 @ 1:28pm

        Re: Re: All code is open

        Most JavaScript "obfuscators" aren't really used to obfuscate for security anyway. They are compactors that reduce file size and increase performance. Many libraries are available in long and compacted form. Compacted for people that just want to use it as is. Long form for people who want to customize it to make it work a little differently for their own specific purposes.

         

        reply to this | link to this | view in chronology ]

    •  
      icon
      TheOldFart (profile), Oct 23rd, 2013 @ 11:23am

      Re: All code is open

      Huh?

      Welcome to the cloud and SaaS, where none of the code is ever distributed. If it were, we wouldn't be able to upgrade it as you're using it without you ever noticing it.

       

      reply to this | link to this | view in chronology ]

      •  
        icon
        John Fenderson (profile), Oct 23rd, 2013 @ 12:25pm

        Re: Re: All code is open

        These are a couple of the many reasons why I do not, and will not, use third-party clouds or SaaS for anything that I actually care about.

         

        reply to this | link to this | view in chronology ]

      •  
        identicon
        DCX2, Oct 23rd, 2013 @ 1:14pm

        Re: Re: All code is open

        Indeed, you got me there. Cloud computing is the only true "closed source". If the code isn't running on your machine, you don't have access to the binary.

         

        reply to this | link to this | view in chronology ]

  •  
    identicon
    The Baker, Oct 23rd, 2013 @ 9:40am

    Happens more often than you think

    Big company "K" gets wind that little guy "V" is developing something that will compete with "K" and wants to shutdown little guy "V". "K" finds a Judge in a backwoods area far away from V's place of business, claims that "V" stole their IP and it is a "emergency" and gets a ex parte judgement to immediately seize the code (prototypes, design docs, etc.). Little guy "V" finds out about it when the clueless local sheriff dept show up with the "experts" and attorneys from "K" to to seize said prototypes, design docs, etc. "K" now has all of "V's" IP and the proof that "V" developed it and .... hungry lawyers on "K's" staff to drag it out for years. "V" cant afford to try to out lawyer "K" and after spending far too much money has to give up and work at the local bakery.

    Yea, I was "V" on the west coast and "K" was on the east coast and a subsidiary of the biggest "G" out there; the Judge was in South Carolina. Not bitter ... much ... anymore.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Oct 23rd, 2013 @ 9:45am

    We are going to see so many examples of old ass technically inept judges in the near future. Its already become and really big problem that you would have someone who cant even work their computer deciding cases about code.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      Khaim (profile), Oct 23rd, 2013 @ 10:45am

      Re: Judges

      It's not really a judge's job to be an expert in everything. I mean, do you also insist that a judge must be a doctor before hearing health-related cases? They have to take the evidence that's presented to them.

      Andreas Schou (who is incidentally a lawyer in Idaho) said that he has a good opinion of this judge, overall. It's just that the lawyers from Battelle misled him about technical details, and also presented "facts" that were not actually true.

      Lawyers being misleading is not exactly news. This is supposed to be solved by having two sides to the case, so if one side tries to go full bullshit the other can call them out. Of course this was an ex parte order, which means there was only one side, which means it's open season.

      The other issue is factual misrepresentations. Judges do not like being lied to. The lawyers here might get a little slack by claiming "we had no way to know it was already on GitHub", but they also might run afoul of willful blindness or some other bad-faith charge. For example, did they even try to contact Southfork/Thuen before petitioning the court? If so, why wasn't that communication submitted with the complaint?

       

      reply to this | link to this | view in chronology ]

      •  
        icon
        John Fenderson (profile), Oct 23rd, 2013 @ 11:13am

        Re: Re: Judges

        It's not really a judge's job to be an expert in everything


        True, but a judge should have at least the modicum of knowledge required to understand what "hacker" does and does not mean.

         

        reply to this | link to this | view in chronology ]

  •  
    icon
    Malibu Cusser (profile), Oct 23rd, 2013 @ 10:06am

    Maybe I'm missing something here, but what exactly is the point of seizing his computers and issuing a restraining order against him? Since the project is hosted on Github, everything he's done with the project can reasonably be expected to be found there, and there's nothing stopping someone else from forking it and releasing a version.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      John Fenderson (profile), Oct 23rd, 2013 @ 10:25am

      Re:

      The point is to, as far as possible, ruin the guy.

       

      reply to this | link to this | view in chronology ]

    •  
      icon
      Khaim (profile), Oct 23rd, 2013 @ 10:28am

      Re: The Point

      Battelle didn't bother to actually look for the code, and didn't realize that it was already on GitHub.

      I suspect the judge is going to be less than happy that they convinced him to issue an invasive ex parte restraining order to stop something that had already happened.

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Oct 23rd, 2013 @ 10:41am

        Re: Re: The Point

        I suspect the judge is going to be less than happy

        Do you really think the judge is going to give two snaps about taking the guy's wife prisoner on her own front lawn?

         

        reply to this | link to this | view in chronology ]

        •  
          icon
          Khaim (profile), Oct 23rd, 2013 @ 10:53am

          Re: Re: Re: The Point

          Do you really think the judge is going to give two snaps about taking the guy's wife prisoner on her own front lawn?


          Yes.

          It is bad form to assume the judge is evil because he issued a bad order. Judges follow specific rules about the facts presented to them. In this case, the judge's order was not completely out of line, if you accept the "national security" arguments. And again, we know that those are bullshit, but he did not and cannot assume bad faith.

          However, lawyers have an ethical obligation to be truthful (for a certain value of truthful). That's what allows the whole system to work. If a lawyer starts lying to a judge, the judge has incredible powers to make him pay for it.

           

          reply to this | link to this | view in chronology ]

          •  
            identicon
            Anonymous Coward, Oct 23rd, 2013 @ 11:02am

            Re: Re: Re: Re: The Point

            the judge's order was not completely out of line

            When a judge authorizes taking prisoners and breaking doors to seize items, there's no textual exception for “national security.”

            The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation…

             

            reply to this | link to this | view in chronology ]

            •  
              icon
              Khaim (profile), Oct 23rd, 2013 @ 11:54am

              Re: 4th Amendment

              You realize there are already tons of exceptions to the 4th Amendment? I mean, try crossing a border some time. (Note that being within 100 miles of a border counts.)

              Also, the judge did not authorize taking prisoners. It's unclear exactly what "held" means in this context, but if you bother to read the order there is no mention of imprisoning anyone. Nor was Thuen's property permanently seized; the order was for them to take his computer, copy it, and then immediately give it back. And despite Andreas' language, I don't think they actually broke down his door. (I could be wrong about that, I should ask him.)

              The order was bad, and both the judge and lawyers are (hopefully) going to be held responsible. But don't try to make up evils; if you start lying about what happened, you're no better than the idiot lawyers who started this whole mess.

               

              reply to this | link to this | view in chronology ]

              •  
                identicon
                Anonymous Coward, Oct 23rd, 2013 @ 12:03pm

                Re: Re: 4th Amendment

                I mean, try crossing a border some time.

                You're claiming the guy's house was on an international border?

                Right.

                 

                It's unclear exactly what "held" means in this context

                See? You don't think “being detained” is anything serious.

                The judge doesn't give two snaps about taking the guy's wife prisoner on her own front law. He's going to downplay it —just like you are now— and chuckle it off.

                 

                reply to this | link to this | view in chronology ]

                •  
                  icon
                  John Fenderson (profile), Oct 23rd, 2013 @ 12:29pm

                  Re: Re: Re: 4th Amendment

                  You don't think “being detained” is anything serious.


                  Be fair. I didn't see anything in the news reports that indicated that she was detained. What I saw was that she was intimidated by some asshole lawyers. She could have left at any time she wanted to. She also could have told them to leave her property and call the cops when they didn't.

                   

                  reply to this | link to this | view in chronology ]

                  •  
                    identicon
                    Anonymous Coward, Oct 23rd, 2013 @ 12:37pm

                    Re: Re: Re: Re: 4th Amendment

                    I didn't see anything in the news reports that indicated that she was detained.

                    From the story above:
                    his wife was held out on the lawn by private attorneys


                    According to dictionaries, the word “held” often means a physical grasp, such as that contemplated by Idaho statute 18-903 (Battery).

                    In any case, the word “held” indicates that the woman was not free to leave, or to re-enter her house. When someone is not free to leave, they are being detained. That's pretty basic.

                     

                    reply to this | link to this | view in chronology ]

                    •  
                      icon
                      John Fenderson (profile), Oct 23rd, 2013 @ 12:56pm

                      Re: Re: Re: Re: Re: 4th Amendment

                      Yes, I know it said that. I was talking about being legally detained, not just being barked orders by random assholes.

                      Nothing in the story indicates that she was physically restrained. It is more likely that she was simply told not to leave or enter the house. That is not being detained, that is being intimidated. She should have ignored them totally. If they laid a finger on her, she could then charge them with one or more of the laws meant to handle this kind of thing: battery, illegal detention, etc.

                       

                      reply to this | link to this | view in chronology ]

                •  
                  icon
                  Khaim (profile), Oct 23rd, 2013 @ 1:19pm

                  Re: Re: Re: 4th Amendment

                  You're claiming the guy's house was on an international border?

                  No, I was giving a well-known example of an exception to the 4th Amendment. I apologize for not being clear about that.

                  You don't think “being detained” is anything serious.

                  I'm sorry if I gave that impression, because that is not at all true. I think being detained is a very serious thing. I just don't think illegal detention plays a part in this story.

                  Full disclosure: I am one of the people who submitted this story. (I suspect someone else did a better write-up, since I sent in the link with this account.) I know Andreas Schou, and I have access to other information from his perspective. (beyond what is publicly posted).

                  So with that said, no one involved in the story is claiming that the judge acted unconstitutionally, or that the order was in any way illegal. It was wrong, it was based on misleading and/or false information, and I very much hope that Corey Thuen is justly compensated for his trouble. But it was not illegal.

                  As for how the judge is going to play it, I'll defer to the original G+ thread:
                  Andreas Schou Oct 17, 2013

                  I've known Judge Winmill since I was a kid; his daughter was in the class right below mine. And I've never heard anyone in the Idaho bar say a negative word about him.

                  I think he may have just got rolled here on a technical issue (and a term of art, 'hacker,' which has negative implications to laypeople) which was not adequately explained to him.

                   

                  reply to this | link to this | view in chronology ]

                  •  
                    identicon
                    Anonymous Coward, Oct 23rd, 2013 @ 1:46pm

                    Re: Re: Re: Re: 4th Amendment

                    Don't you find it odd though that the lawyers went to the court and argued that a rare ex parte injunction was necessary, got the order and then chose to try to enforce the injunction themselves instead of taking the court order to law enforcement and requesting their assistance in retrieving the copy that it said they were entitled to? Even if she wasn't physically restrained. Threatening her on the premises of her own domicile and attempting to prohibit her from entering her own home is not something they should be allowed to do without the assistance of law enforcement. You honestly don't think the fact that they handled it in the manner that they did is an important aspect to the case?

                     

                    reply to this | link to this | view in chronology ]

          •  
            icon
            John Fenderson (profile), Oct 23rd, 2013 @ 11:16am

            Re: Re: Re: Re: The Point

            if you accept the "national security" arguments. And again, we know that those are bullshit, but he did not and cannot assume bad faith.


            But given the long history of the cynical use of "national security" as a way to get around the Constitution, any judge worth a damn must view such claims with extra skepticism, in my opinion.

             

            reply to this | link to this | view in chronology ]

            •  
              identicon
              Anonymous Coward, Oct 23rd, 2013 @ 11:32am

              Re: Re: Re: Re: Re: The Point

              any judge worth a damn must view such claims with extra skepticism

              In a bone fide national security investigation, the probable cause to believe that a crime has been committed, or is being committed, is usually averred by an officer of the United States.

              Additionally, bone fide warrants in national security case are usually executed by officers of the United States. You know, the FBI wearing their raid jackets, with the yellow letters saying “FBI” on them—those guys.

               

              I don't believe for an instant that the judge thought he was authorizing the breaking of doors and the taking of prisoners in any kind of bone fide national security case.

              Only a bone-headed fool would believe that.

               

              reply to this | link to this | view in chronology ]

  •  
    icon
    ECA (profile), Oct 23rd, 2013 @ 11:23am

    I need your INPUT..

    WHO here knows/understands BASIC SECURITY in programming??
    STUFF learned over the last 30+ years?

    WHO here has enough programming knowledge, to be able to Tell these people What is going on?

    IF' you had the money, what would you BASICALLY DO??

    (Im an old programmer from the BASIC1, Fortran1, RPG days)
    (been dealing with computers from the C64 and teletypes)

    Give me the BASIC. SIMPLE things you would do?
    (I dont want to feel alone here, in thinking most of this is BLATANTLY STUPID)

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      John Fenderson (profile), Oct 23rd, 2013 @ 12:35pm

      Re: I need your INPUT..

      WHO here knows/understands BASIC SECURITY in programming??
      STUFF learned over the last 30+ years?


      Since I do this professionally, with nearly 30 years of experience, I suppose I qualify. However, for the life of me, I don't know know what you're asking.

      If you just want to understand the essentials for writing secure software, you're in luck. There are tons of tutorials and basic information all over the net, and it all essentially boils down to one basic piece of advice: do not trust any data that has been exposed to the outside world.

       

      reply to this | link to this | view in chronology ]

  •  
    icon
    John Pettitt (profile), Oct 23rd, 2013 @ 11:25am

    At what point do blatantly incorrect filings become perjury?

    When a company files, presumably swearing it's accurate, something that is blatantly and demonstrably untrue when does that rise to the level where there are actual penalties?

    It would seem to me that with a good lawyer he stands to make BEA pay our a fairly large settlement for their behavior on this. Or am I missing something?

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Oct 23rd, 2013 @ 12:13pm

      Re: At what point do blatantly incorrect filings become perjury?

      It would seem to me that with a good lawyer he stands to make BEA pay our a fairly large settlement for their behavior on this. Or am I missing something?

      Yes, appeals of every decision that goes against the big company, and every tactic available to the lawyers to extend the the time the case takes. In other words the corporations will make the case too expensive for an individual to win, unless they can get a pro-bono lawyer to act for them.

       

      reply to this | link to this | view in chronology ]

    •  
      icon
      Khaim (profile), Oct 23rd, 2013 @ 12:17pm

      Re: Blatantly incorrect filings

      My understanding is that you usually have to show subjective bad faith to get someone for perjury in cases like this. That's basically impossible unless you can find documents that show the lawyers discussing how they're going to lie to the court. I'm sure there's also a possibility to show complete gross incompetence, but that's probably even harder to stick.

      IANAL, but I suspect that the "information and belief" line sets a low bar for how accurate the claims have to be. That is, if the lawyers can keep a straight face while claiming that they didn't realize the source code was on GitHub, they might be able to avoid misconduct charges. (It's entirely possible that they really didn't realize this; I'm more inclined to believe incompetence on their part than pointless malice.)

      That said, Battelle probably isn't getting their bond money back and may end up owing Southfork/Thuen attorney's fees, if not actual damages.

       

      reply to this | link to this | view in chronology ]

      •  
        icon
        John Fenderson (profile), Oct 23rd, 2013 @ 12:59pm

        Re: Re: Blatantly incorrect filings

        I'm more inclined to believe incompetence on their part than pointless malice.


        Why are you more inclined to believe this? BTW, the malice is hardly pointless.

         

        reply to this | link to this | view in chronology ]

        •  
          icon
          Khaim (profile), Oct 23rd, 2013 @ 1:25pm

          Re: Re: Re: Blatantly incorrect filings

          It's pointless if they end up causing a big PR mess, losing the case, and having to pay fees and damages to Mr. Thuen. If the lawyers knew the code was already on GitHub, they would not have filed for the restraining order; they'd have gone straight to the jury trial. That's where the real pain is anyway.

           

          reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Oct 23rd, 2013 @ 2:15pm

        Re: Re: Blatantly incorrect filings

        I'm inclined to agree with you about the perjury thing. I suspect that Battelle saw the withdraw of the bid, found that it was because of a competing product made by the former employee filled in the rest with assumptions and took that narrative to lawyers that ran with it without digging any further. That isn't lying. That is taking a limited set of facts and presenting them the way you interpreted them. However, the fact that they didn't request law enforcement assistance in executing the court order and instead chose to execute it themselves in a ham fisted manner, that is a little more troublesome and I think will probably be something the judge will not be happy about.

         

        reply to this | link to this | view in chronology ]

    •  
      icon
      That One Guy (profile), Oct 23rd, 2013 @ 3:54pm

      Re: At what point do blatantly incorrect filings become perjury?

      This may be a bit cynical but...

      When a company does it, never.

      When your average person does it, as soon as the judge realizes they were lied to.

       

      reply to this | link to this | view in chronology ]

  •  
    icon
    ECA (profile), Oct 23rd, 2013 @ 11:33am

    HACKING.

    2 definitions I would like..
    HACK.
    Pirate.

    Ever want something to change on your VCR? make it easier to do something? HACK
    Ever wonder why your remote control sucks, and if it could be better? HACK

    Ever wonder if you could record a football show? PIRATE

    Want to record that OLD show thats HARDLY ever on TV? PIRATE

    Give access to a recording of a show, that hasnt seen the LIGHT of day for 20 years...and have an Advert on the side. PIRATE..(gong show would do)

    Want to play a recording to more then 2-3 people in your HOME of Martin luther king...PIRATE

    Want your Cellphone to last longer, and use STANDARD BATTERIES??? HACK

    Forgot your PASSWORD and want to use a program to find it on your computer INSTED of re-install? HACK

    Want to RESET your BIOS PASSWORD?? HACK

    ...
    ...
    ...

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      Khaim (profile), Oct 23rd, 2013 @ 12:09pm

      Re: ECA

      To the Honorable Mr. ECA,

      I am pleased to see that you share a common viewpoint with myself, and indeed with the editors of this site and the majority of its readers. It is always pleasant to have another voice in the fight against overreaching copyright law and innovation-stifling legal threats.

      That said, you appear to be BATSHIT CRAZY and need to CHILL OUT.

      Among the signs of your complete mental breakdown:
      - Uncontrollable use of EMPHASIS by CAPSLOCK.
      - Unusual and (inconsistent) punctuation..
      - Forming complete sentences or paragraphs. FAILURE.
      - Inability to express a coherent idea.
      - Repeated top-level posts within 10 minutes.
      - Rampant mispelings.

      Please seek help. If a licensed therapist or English teacher is not available, there are many online resources that may also be of assistance.

      I look forward to reading (and understanding) your posts at a later date.
      - Khaim

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Oct 23rd, 2013 @ 11:55am

    Strizaneded

    to spite Battelle Energy Alliance i have made use of the nice little button in on the github page labelled "fork"

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonomizer, Oct 23rd, 2013 @ 12:13pm

    Quick, get Visdom at Git

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    Matthew Cline (profile), Oct 23rd, 2013 @ 4:23pm

    Deja vu...

    - Thuen worked on Sophia and had access to the code.
    - Visdom's name is remarkably similar to Sophia. (The short version: Sophia is the goddess of wisdom. Wisdom/VISDOM.)
    - There's no way Thuen could have come up with his own program in such a short period of time without copying substantial amounts of Sophia's code.
    It's like SCO in miniature.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Oct 23rd, 2013 @ 5:07pm

    If I read that story correctly, Batelle is in a whole lot more trouble than at first glance. Serving a warrant or subpoena by private individuals in this manner amounts to burglary, grand theft, and kidnapping (restraining his wife). I hope the victims file charges against the idiots that pulled this crap.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Oct 23rd, 2013 @ 5:12pm

    Time to call the FBI in on this mess.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    Bergman (profile), Oct 24th, 2013 @ 3:01am

    Bets?

    I wonder how long it will take for Battelle to apply for patents on how Visdom works?

    They have the code now, after all.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Oct 24th, 2013 @ 10:54am

    I don't think they can. The source code had already been published on Github long before this fiasco got started, so priority should be easy to establish.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Joseph C Jackson, Oct 24th, 2013 @ 9:14pm

    Countersue Countersue Countersue

    Battelle appears to have illegally and fraudelently misused the courts to suppress one citizens free speech, all seemingly at felony levels. We have the free speech right to write and publish software at will, barring actual illegal acts. Battelle clearly failed in due dilligence in compiling their complaint, made numerous fraudulent claims, and even Falsely Imprisioned wife while calling sheriff. Countersue for billions on each count, and refuse NDA so to maximize Battelle embarassment through full public disclosure. LOL.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    davnel, Oct 25th, 2013 @ 7:54pm

    Another thing to consider is the fact that copyright only applies to one given realization of the code, which was written in C, and used hand written library functions unique to the program. Southfork may have, in fact, used the Batelle's specification for the program, but rewrote it in another language, using open-source libraries, in an essentially "clean room" operation. None of the resulting bits or source could be compared in any way to the Batelle original

     

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This