German Court Says CEO Of Open Source Company Liable For 'Illegal' Functions Submitted By Community

from the unclear-on-the-concept dept

We just had an article mentioning that Germany has a ridiculous (and dangerously anti-innovation) view towards secondary liability, in which the country's courts often default to making third parties liable for actions they did not do. We noted that a court in Stuttgart had decided that the Wikimedia Foundation could be held liable for content submitted by a community member on the site, though only after the organization was alerted to the content (which still has significant problems for what are hopefully obvious reasons).

And now it appears that a court in Hamburg has gone even further, saying that the CEO of Appwork, a company that offers the open source JDownloader software can be held personally liable for "illegal" code that was submitted by an anonymous programmer, and which automatically showed up in the nightly build of the JDownloader 2 beta (not the officially released product). The code in question allowed JDownloader to record certain copy-protect streams, violating an anti-circumvention law. Appwork made it clear that it had no idea the functionality had been added, that anyone can contribute to the source and that it goes out automatically in the nightly build of the beta. Furthermore, the company carefully reviews the code and features of any official releases, and would have blocked such functionality from appearing in that code. All of this would lead most people to realize that it's crazy to blame Appwork (and even crazier to blame the CEO).

But not the court, apparently. The court relied on the bizarre argument that since Appwork offers the product commercially, that makes it automatically liable for anything that appears in the open source beta. Basically, such a ruling will make it exceptionally difficult to have a commercial open source product in Germany, since you could face liability if someone contributes code that somehow is considered illegal. If these kinds of secondary liability rulings keep cropping up in Germany, the hot startup scene in Berlin may realize that the country's outdated laws make it quite difficult to do anything all that innovative, especially if it involves any contributions from outside the company. Given how important community contributions are these days, that cuts off a huge amount of internet innovation from the German market.


Reader Comments (rss)

 
So the programmers that release the software should not be liable to not auditing their code.

As pointed out by silverscarcat, they do audit the code. They do not, however, audit the nightly builds - which (if it's like most open-source build tools) is automatically generated nightly from the working code base.

If you have user submitted code, it is your duty to audit it before releasing it.

If it's an open source project, "you" is often "the users." More specifically, the community of programmers that is actually writing and using the code. The beauty of open source is that if someone submits code that is questionable, it is almost immediately spotted and fixed - since otherwise, it wouldn't be useful to that community.

Moreover, "you" won't be the only one releasing it. Open source means that any user can branch the code, and release their version of it themselves. (Provided, of course, that they also release the source code, and allow others to do the same.)

What else is there in the code? Trojans? Malware? Who knows, we just get the binary, and they don't audit until they get sued...

If it's open source, then by definition, you also get the source code. If there are trojans, malware, or whatever, then either you or one of the thousands of programmers who look at the code will be able to tell.

It's the primary reason that open source code is generally more secure than closed source code.

As someone who has used, and contributed to, open source software, I can tell you flat out that your concerns are a fantasy. Your scenarios have never, once, happened with any open source software that I'm aware of.
—Karl

(Flattened / Threaded)

  •  
    icon
    Ninja (profile), Dec 5th, 2013 @ 5:57am

    Cue the German RIAA suing Appwork for enabling infringing downloads via JDownload.

    Welcome to the age where people want to make money without doing any actual work. Let's blame phone carriers and auto makers for what's being done with the tools they provide.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      silverscarcat (profile), Dec 5th, 2013 @ 6:22am

      Re:

      I think we should shut down all the Walmarts, Targets and K-Marts across the country, they sell knives! Sharp, pointy knives! They're used for stabbing people!

      Obviously, them selling knives is the reason that people are getting stabbed! Let's shut them down so that people don't get stabbed any more!

       

      reply to this | link to this | view in chronology ]

    •  
      icon
      That One Guy (profile), Dec 5th, 2013 @ 7:16am

      Re:

      Isn't there a saying that goes something like 'the best way to repeal a bad law is to enforce it completely'?

      So yeah, I'd love to see a whole range of lawsuits aimed at gun, car, and knife and alcohol manufacturers, phone companies, mail services... all claiming they are responsible for what their customers use their products/services for, maybe after a few lawsuits like that the insanity of rulings like this would be exposed for the crazy that they are.

      Well, that or they'd dial the crazy up to 11 and start ruling that those services/manufacturers were also suddenly liable as well, though given whereas a smaller tech company might not have much political clout and lawyers, the same would not be true of the others listed, I'd find that unlikely.

       

      reply to this | link to this | view in chronology ]

      •  
        icon
        Ninja (profile), Dec 5th, 2013 @ 7:25am

        Re: Re:

        Agreed 100%. I'm in favor of a lot of chaos. It tends to make people actually work to fix things. I wonder if the German courts would maintain their verdict in these cases or they just flip the secondary liability switch when there is the "on the internet" tag in the case.

         

        reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Dec 5th, 2013 @ 8:25am

        Re: Re:

        Then why is Monsanto still able to get away with what it does by abusing bad laws?

         

        reply to this | link to this | view in chronology ]

      •  
        icon
        McGreed (profile), Dec 5th, 2013 @ 8:33am

        Re: Re:

        As usual, we need to ban cars, seriously! They are used for any kind of criminal activity, from the common person killing other people, to drugs and weapon transport to pedophilia to smuggling ect.

        Cars actually kill lot more people then cars, but there is no bans for them. If they are going to go mad with laws against things like these, they might as well go all the way.

         

        reply to this | link to this | view in chronology ]

        •  
          icon
          Mcgreed (profile), Dec 5th, 2013 @ 8:34am

          Re: Re: Re: Whoops

          "kill lot more people then GUNS" ... sorry.

           

          reply to this | link to this | view in chronology ]

        •  
          identicon
          Anonymous Coward, Dec 5th, 2013 @ 8:57am

          Re: Re: Re:

          Hell, if you're rich enough, you don't even have to go to jail when your reckless driving causes someone to lose their life. Just read about the owner of Mars Candy getting off with a fine and suspended license.

           

          reply to this | link to this | view in chronology ]

      •  
        identicon
        The Real Michael, Dec 5th, 2013 @ 8:37am

        Re: Re:

        I believe that this is but one step in what is to become a series of attacks on open source software. The animosity harbored towards open-source software by large corporations is no secret. They want everything to be locked and controlled behind walled gardens, after all. This case suggests to me that the German courts are engaging in a witch hunt on behalf of corporate interests, i.e. fascism. They'll create or interpret any law, no matter how devoid of logic, to satisfy that purpose.

         

        reply to this | link to this | view in chronology ]

        •  
          icon
          That One Guy (profile), Dec 5th, 2013 @ 8:42am

          Re: Re: Re:

          Well german courts have already shown a willingness to kick common sense and sanity to the curb when it comes to 'protecting' the recording industry in their country, certainly wouldn't be surprising to see them take similar actions against competition to large tech companies.

           

          reply to this | link to this | view in chronology ]

          •  
            identicon
            Anonymous Coward, Dec 5th, 2013 @ 10:57am

            Re: Re: Re: Re:

            Common sense dictates you know what code you are releasing. Not fight to defend yourself after you released unknown code to the public.

             

            reply to this | link to this | view in chronology ]

            •  
              identicon
              Brazenly Anonymous, Dec 5th, 2013 @ 12:03pm

              Re: Re: Re: Re: Re:

              Such "beta" releases have all sorts of "unstable" warnings all over them for a reason. It really should be just potential developers using them.

               

              reply to this | link to this | view in chronology ]

            •  
              icon
              PaulT (profile), Dec 6th, 2013 @ 2:54am

              Re: Re: Re: Re: Re:

              "Common sense dictates you know what code you are releasing."

              Common sense also dictates that there's a massive difference between an automatic nightly beta build and a released product. Why would a non-developer be on such a build, and what's the difference between this and Microsoft's development process other than you don't have to be an employee to contribute to JDownloader? That's what open source is, and it makes perfect sense.

              But that's inconvenient to your arguments, isn't it? Let me guess, just another anonymous moron defending a legacy corporate business model.

               

              reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Dec 5th, 2013 @ 8:12am

      Re:

      But but but, I didn't code Zeus spyware into the software, some random people pushed it in! And I just released it without knowing and distributed it as much as I could. I'm innocent I tell you! ......

      People don't understand that when you use other people's code, and allow others to submit in your code, it needs to be very carefully analyzed and tested. Claiming ignorance after failing such a blatant disregard for code security is hilarious at best.

       

      reply to this | link to this | view in chronology ]

      •  
        icon
        John Fenderson (profile), Dec 5th, 2013 @ 8:33am

        Re: Re:

        You do understand that it wasn't released, and wouldn't have been released, right?

         

        reply to this | link to this | view in chronology ]

        •  
          identicon
          Anonymous Coward, Dec 5th, 2013 @ 9:17am

          Re: Re: Re:

          It was made available publically for download. I actually do not think that this ruling is very ridiculous at all.

          The larger issue - declaring CODE that COULD be used for infringing to be illegal through *criminal* law and holding the publisher liable - very much is (as is the even larger issue of making copyright infringement a subject of criminal law at all).

           

          reply to this | link to this | view in chronology ]

          •  
            icon
            That One Guy (profile), Dec 5th, 2013 @ 9:24am

            Re: Re: Re: Re:

            It was made available publically for download.

            As opposed to... what? It's an open source program, people kinda need to be able to download it to use and modify it, locking it down so it wasn't publicly available would rather defeat the whole purpose behind going open source.

             

            reply to this | link to this | view in chronology ]

            •  
              identicon
              Anonymous Coward, Dec 5th, 2013 @ 10:20am

              Re: Re: Re: Re: Re:

              I was merely clarifying in case somebody misunderstood "not released" as "at some point there were a bunch of lines checked in a source code repository somewhere and that was it". It was available as a binary, wrapped in an installer, on the website owned by the company, with a copyright notice *in* the software for the company name, while the (without question silly, ridiculous, terrible) law that got them into trouble was on the books and in effect. Sure, not for long, it was a nightly build after all. The plaintiff obviously timed the pressing of charges pretty well and perhaps had just been waiting for the opportunity to do it.

              Still, under these circumstances, I do not think anybody should be surprised that the court ruled like it did. Publishing software in Germany as a German company (or a German citizen for that matter) comes with increased risks thanks to the dismal legal situation there.

              There is an interesting aspect to this story which was not explored in the trial of this particular case: What if the stream-ripping code in question was not in fact contributed by a random anonymous coder, but somebody associated with the plaintiff for the exact purpose of enabling legal action?

               

              reply to this | link to this | view in chronology ]

              •  
                icon
                JackOfShadows (profile), Dec 5th, 2013 @ 10:44am

                Re: Re: Re: Re: Re: Re:

                Since the code was as checked anonymously, how much do you want to bet as to the source of the submission?

                 

                reply to this | link to this | view in chronology ]

                •  
                  identicon
                  Anonymous Coward, Dec 5th, 2013 @ 10:49am

                  Re: Re: Re: Re: Re: Re: Re:

                  Yeah. The fact that it was caught in something as transient as a nightly build is rather suspicious. Smells a bit like how all those Prenda-enforced movies got released.

                   

                  reply to this | link to this | view in chronology ]

                  •  
                    icon
                    JackOfShadows (profile), Dec 5th, 2013 @ 10:52am

                    Luck?

                    That was why I thought of it in the first place. It reminds me of a certain Joe Isuzu advertisement where the potential other guys customers say "Lucky we ran into you" to which he replies, "I wouldn't call it luuuck." (tortured grammar there, sorry.)

                     

                    reply to this | link to this | view in chronology ]

          •  
            identicon
            Anonymous Coward, Dec 5th, 2013 @ 9:28am

            Re: Re: Re: Re:

            "It was made available publically for download"...

            Just like your dumb comment. Mike should be held liable for what your written stupidity right?

             

            reply to this | link to this | view in chronology ]

          •  
            icon
            John Fenderson (profile), Dec 5th, 2013 @ 10:56am

            Re: Re: Re: Re:

            It was made available publically for download. I actually do not think that this ruling is very ridiculous at all


            The ruling is absolutely ridiculous, as it makes it impossible to do open source development. The developers have to be able to download the code that is currently in development.

            Being made available to developers is not the same thing as releasing it. Releasing it is giving it a stamp of approval, declaring that it has been vetted, and offering it to the public for use. Nightly builds are none of those things.

             

            reply to this | link to this | view in chronology ]

        •  
          identicon
          Anonymous Coward, Dec 5th, 2013 @ 10:58am

          Re: Re: Re:

          It was released. As a compiled binary. It can still be downloaded. Google is your friend.

           

          reply to this | link to this | view in chronology ]

          •  
            identicon
            Brazenly Anonymous, Dec 5th, 2013 @ 12:08pm

            Re: Re: Re: Re:

            You are engaging in equivocation over the word release. There is some difference between the meaning of a software release and the root word from which the phrase was derived.

             

            reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Dec 5th, 2013 @ 1:11pm

        Re: Re:

        "Dear Everyone:

        I have no fucking clue what 'beta' means and just wanted everyone to know.

        Regards,
        AC"

         

        reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Dec 5th, 2013 @ 7:50am

    the MPAA and RIAA have hands in many pockets it seems .. I wonder if the German political parties have to show who their contributors are and how much they receive

     

    reply to this | link to this | view in chronology ]

  • This comment has been flagged by the community. Click here to show it
     
    identicon
    out_of_the_blue, Dec 5th, 2013 @ 7:56am

    "making third parties liable for [harmful] actions they did not do" but are in position to police.

    This isn't exactly "third party", it's the code base they control. And now everyone knows to police it rigorously.

    Mike believes any and all "innovation" must be allowed in his libertarian fantasy land, that no corporation should be responsible, that alleged ignorance instead of due diligence is an excuse, and above all, that copyright must be done away with entirely: "record certain copy-protect streams, violating an anti-circumvention law".

    Listen, kids: "innovation" is EASY when it's to steal and disrupt the good; building is the difficult part. Any silly holding that all "innovation" must be allowed and that all responsiblity can be dodged is anti-civilization.

    Even if Mike is absolutely right about problems, he has no solutions to even suggest.

    03:55:56[d-026-2] [ This suppresses the kids from fraud of using my screen name. ]

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      silverscarcat (profile), Dec 5th, 2013 @ 8:02am

      Re: "making third parties liable for [harmful] actions they did not do" but are in position to police.

      Hey, blue, ever go to a store that sells knives or guns?

      Do people buy those guns or knives?

      Some of those people who buy guns and knives do bad things with them.

      Should we shut down the stores for selling those guns and knives?

      Should we outlaw guns and knives?

      Or should we go after the ones who breaks the law?

      Same thing here.

       

      reply to this | link to this | view in chronology ]

    •  
      icon
      Ninja (profile), Dec 5th, 2013 @ 8:06am

      Re: "making third parties liable for [harmful] actions they did not do" but are in position to police.

      Being in position to police doesn't mean you should or that you have the resources to do so.

      Still, you seem to find quite easy to do so. Why don't you volunteer to watch all 48 hours that are posted to youtube every minute to "police" the content eh mr cop? Maybe then you'll have enough to occupy your day and we'll be rid of your idiocy. See? It's a win-win scenario.

       

      reply to this | link to this | view in chronology ]

      • This comment has been flagged by the community. Click here to show it
         
        identicon
        Anonymous Coward, Dec 5th, 2013 @ 8:18am

        Re: Re: "making third parties liable for [harmful] actions they did not do" but are in position to police.

        FreeBSD security officers volunteers audit the entire distribution before a release. Why can't a (probably paid) team of developers audit their own few thousand lines of code?

        This is the worst sort of "open source" development out there, the one where the people releasing code have no clue what's in it. They just release it, and fix if/when someone discovers something bad.

        I'm not saying they're still leaving code unaudited, and hoping they learned what releasing software actually means, but if this taught us anything is that they are not serious developers, nor a serious company that cares about their code security.

         

        reply to this | link to this | view in chronology ]

        •  
          icon
          John Fenderson (profile), Dec 5th, 2013 @ 8:35am

          Re: Re: Re: "making third parties liable for [harmful] actions they did not do" but are in position to police.

          The always have, and continue to, audit their released code. This was not released code.

           

          reply to this | link to this | view in chronology ]

          • This comment has been flagged by the community. Click here to show it
             
            identicon
            Anonymous Coward, Dec 5th, 2013 @ 11:01am

            Re: Re: Re: Re: "making third parties liable for [harmful] actions they did not do" but are in position to police.

            Do you have anything substantial to back up your claim that they do?

             

            reply to this | link to this | view in chronology ]

            •  
              icon
              John Fenderson (profile), Dec 5th, 2013 @ 12:51pm

              Re: Re: Re: Re: Re: "making third parties liable for [harmful] actions they did not do" but are in position to police.

              It depends on what you mean by "substantial", I suppose. I am going by what the team itself says in their documents -- which is pretty much the same process as is followed by all major open source projects.

               

              reply to this | link to this | view in chronology ]

        •  
          identicon
          Brazenly Anonymous, Dec 5th, 2013 @ 12:11pm

          Re: Re: Re: "making third parties liable for [harmful] actions they did not do" but are in position to police.

          FreeBSD security officers volunteers audit the entire distribution before a release. Why can't a (probably paid) team of developers audit their own few thousand lines of code?


          And how do you imagine those volunteers get access to the code to audit it? Could it be that they download the source and the binary and play around with the nightly build?

          Hmm....

           

          reply to this | link to this | view in chronology ]

          •  
            identicon
            Anonymous Coward, Dec 5th, 2013 @ 1:15pm

            Re: Re: Re: Re: "making third parties liable for [harmful] actions they did not do" but are in position to police.

            They imagine it. It's the only way to prevent copyright violations.

             

            reply to this | link to this | view in chronology ]

        •  
          identicon
          Anonymous Coward, Dec 5th, 2013 @ 4:13pm

          Re: Re: Re: "making third parties liable for [harmful] actions they did not do" but are in position to police.

          So, how mch do you get paid at Microsoft?

          Are the benefits any good, do they take care of your health and dental funds?

          Honestly, I do want to know. I think that I can do a much better job of shilling than you.

          Open source software is the work of the Devil, it is evil incarnate. Terrorists and Paedefiles use Open source software.

          see, makes about as much sense as what you have written, but I at least appeal to emotion, rather than just blatantly false statements.

           

          reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Dec 5th, 2013 @ 8:08am

      Re: "making third parties liable for [harmful] actions they did not do" but are in position to police.

      " it's the code base they control"

      Wipe the foam from your mouth, read the article, then read up on how open source development works and rethink your comment (I know you wont do that, and probably wont read this either).

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Dec 5th, 2013 @ 8:21am

        Re: Re: "making third parties liable for [harmful] actions they did not do" but are in position to police.

        So, explain how it works then?

        They released the code, not a third party. They control the code base, in which one of their main developers added "something illegal". They released a compiled beta with the illegal code in it. They did not audit the code inserted, just released it, assuming all was ok.

        They need to learn how to release software.

         

        reply to this | link to this | view in chronology ]

        •  
          identicon
          Anonymous Coward, Dec 5th, 2013 @ 9:41am

          Re: Re: Re: "making third parties liable for [harmful] actions they did not do" but are in position to police.

          You do understand that coders are not lawyers right?

          They can find malware but they cannot and probably will never find "illegal" code unless someone points out that it breaks the law and which law in which country.

           

          reply to this | link to this | view in chronology ]

        •  
          icon
          John Fenderson (profile), Dec 5th, 2013 @ 12:55pm

          Re: Re: Re: "making third parties liable for [harmful] actions they did not do" but are in position to police.

          They did not audit the code inserted, just released it, assuming all was ok.


          Really, you should look at what the development process is for these types of projects. You do not audit the checkins that go into the nightly development build, because that would make the development process impossible. It doesn't matter anyway, because everyone using these builds know that they contain potentially dangerous code.

          You audit & review the code before it goes into a build that is going to be released for general use. The build you are talking about is not this. It was a nightly build for developer use, not a release build for use by the general public.

          It was not "released code".

           

          reply to this | link to this | view in chronology ]

        •  
          identicon
          Anonymous Coward, Dec 5th, 2013 @ 4:00pm

          Re: Re: Re: "making third parties liable for [harmful] actions they did not do" but are in position to police.

          You keep using this word "They"... I do not think it means what you think it does.

          The automated nightly build process released the code, not a third party. They do control the beta code base, in which one of the opponents of open source software (aka anonymous developer)added "something illegal in certain countries in order to get a bad legal ruling". The nightly process released a compiled beta with the illegal code in it. The next day during an audit of the code by the open source community into which the code was inserted, identified it as a potential issue which would never have been released in the commercial version.

          "They" (aka anonymous commenter) need to learn how to read the article.

          FTFY (Bold omitted for the shade impaired...)

           

          reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Dec 5th, 2013 @ 8:15am

      Re: "making third parties liable for [harmful] actions they did not do" but are in position to police.

      Mike isn't the messiah .. he simply puts it out there for others to discuss as well as himself. .. there is no anti civilization never has been never will be it's made up to make the masses run to a belief system to adhere to others words .. the self appointed hierarchy

       

      reply to this | link to this | view in chronology ]

    •  
      icon
      Gwiz (profile), Dec 5th, 2013 @ 8:22am

      Re: "making third parties liable for [harmful] actions they did not do" but are in position to police.

      This isn't exactly "third party", it's the code base they control.

      Did you even read the article? We are talking about a nightly beta (is in test) release. The company stated that it does carefuly review the code for the actual releases.


      And now everyone knows to police it rigorously.

      Or move out of Germany.


      Listen, kids: "innovation" is EASY when it's to steal and disrupt the good; building is the difficult part.

      Ummm. They are "building". What do you think they are trying to produce, chopped liver?


      Any silly holding that all "innovation" must be allowed and that all responsiblity can be dodged is anti-civilization.

      Who, beside you, has ever stated that? Nice strawman.


      Even if Mike is absolutely right about problems, he has no solutions to even suggest.

      Well except for Mike suggesting, all the time, that we hold those actually responsible for the problems accountable, not the makers of the tools or the providers of the platform that are used.

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        JEDIDIAH, Dec 5th, 2013 @ 9:37am

        Re: "making third parties liable for [harmful] actions they did not do" but are in position to police.

        Moving out of Germany won't help. These kind of anti-circumvention laws are all over the place.

        This isn't some random project on GitHub. This is something that a particular company was putting it's name on.

        Also, while they were calling it a beta that's not what it really is. It sounds more like a raw unaudited dump of their source repository. Calling that a "release" of any kind is disturbing on a number of levels.

        Plenty of open source developers have been paranoid about this kind of thing for quite some time already and actively discourage even talking about anti-circumvention stuff. It's not even a new issue really.

        This company was just being sloppy.

        Although criminal penalties for the CEO seem a hit harsh and overly fascist.

         

        reply to this | link to this | view in chronology ]

  • This comment has been flagged by the community. Click here to show it
     
    identicon
    Anonymous Coward, Dec 5th, 2013 @ 8:09am

    So the programmers that release the software should not be liable to not auditing their code.

    Great logic.

    If you have user submitted code, it is your duty to audit it before releasing it. What else is there in the code? Trojans? Malware? Who knows, we just get the binary, and they don't audit until they get sued...

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      silverscarcat (profile), Dec 5th, 2013 @ 8:13am

      Re:

      the company carefully reviews the code and features of any official releases, and would have blocked such functionality from appearing in that code

      learn to read.

       

      reply to this | link to this | view in chronology ]

      • This comment has been flagged by the community. Click here to show it
         
        identicon
        Anonymous Coward, Dec 5th, 2013 @ 8:22am

        Re: Re:

        Learn to troll better.



        Oh also, learn to read too.

         

        reply to this | link to this | view in chronology ]

        •  
          identicon
          Anonymous Coward, Dec 5th, 2013 @ 8:27am

          Re: Re: Re:

          This is why there are warnings like "BETA RELEASE MAY NOT BE STABLE" and other such things whenever you do download beta versions of software.

          YOu want stable, clean version? You wait for the official release.

           

          reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Dec 5th, 2013 @ 8:26am

        Re: Re:

        So let's just push public betas with unknown code.

        Gotcha.

        Someone needs to learn how a release cycle works.

         

        reply to this | link to this | view in chronology ]

        •  
          identicon
          Anonymous Coward, Dec 5th, 2013 @ 8:28am

          Re: Re: Re:

          ... That's what beta's are. To test things.

           

          reply to this | link to this | view in chronology ]

          •  
            identicon
            Anonymous Coward, Dec 5th, 2013 @ 8:30am

            Re: Re: Re: Re:

            To test code you're sure about, yes. Not to test unknown unaudited code.... seriously. That's pre-alpha release.

            Also that sentence seems to have been made up by Mike. The original articles makes no mention of auditing or code reviewing of any kind.

            Please link to the source if you have it.

             

            reply to this | link to this | view in chronology ]

            •  
              icon
              Gwiz (profile), Dec 5th, 2013 @ 8:38am

              Re: Re: Re: Re: Re:

              Please link to the source if you have it.


              Run the linked article through Google Translate and you get this:
              AppWork had by his own admission no knowledge of the existence of the functionality, since a comprehensive control is apparently carried out before the official release.

               

              reply to this | link to this | view in chronology ]

            •  
              icon
              Ninja (profile), Dec 5th, 2013 @ 9:03am

              Re: Re: Re: Re: Re:

              That's pre-alpha release.

              Nightly builds, anyone? That's EXACTLY the type of release where the code was found. And yet you are ignoring the fact that it's a goddamn open source project where anyone can butt in and give contributions and a retarded German judge is trying to blame entirely different parties for something that COULD be used for infringing activities (God forbid if cars were used for transporting drugs, eh?).

              Also, fail at checking for facts. The company site itself has all the info you claim Mike made up.

               

              reply to this | link to this | view in chronology ]

              •  
                identicon
                Anonymous Coward, Dec 5th, 2013 @ 11:05am

                Re: Re: Re: Re: Re: Re:

                Wow, lol. Seriously, you made me laugh so much with your mightiness fact failing.

                Nightly builds don't allow write access to random people, so an official developer added this code. This is EXACTLY why nightlies are controlled. Security fail.

                Open source does NOT mean EVERYONE can add code to the main repo/git/whatever. Learn what it means instead of defending your erroneous definition.

                The judge is blaming an OFFICIAL developer (or the company for lacking basic security skills) for adding code into the main branch. Code which is still available to use today, because you know, revisions and interwebz.

                Also, fail at fact check fail. Never said Mike made it up, said appears. Reading fail.

                 

                reply to this | link to this | view in chronology ]

                •  
                  icon
                  Karl (profile), Dec 5th, 2013 @ 11:58am

                  Re: Re: Re: Re: Re: Re: Re:

                  Open source does NOT mean EVERYONE can add code to the main repo/git/whatever.

                  Yeah, actually, that usually is what it means. In the case of JDownloader, you just need SVN access. Like almost all open source projects, they grant SVN write access to anyone that agrees to the license terms.

                  It's like you've never worked on an open source project before. I have (and am). Granting access to anyone who wants to upload code is SOP.

                   

                  reply to this | link to this | view in chronology ]

                •  
                  icon
                  PaulT (profile), Dec 6th, 2013 @ 3:13am

                  Re: Re: Re: Re: Re: Re: Re:

                  It's no wonder you people post anonymously. You have no clue what you're talking about. The fact that you try to act like others don't, when it's clear to anyone with passing familiarity with FOSS processes that you're full of shit, it's astounding. At the very least, you don't understand the descriptions of where the code was found.

                  Either you're really this stupid,or you *really* need to find a new hobby.

                   

                  reply to this | link to this | view in chronology ]

              • This comment has been flagged by the community. Click here to show it
                 
                identicon
                Anonymous Coward, Dec 5th, 2013 @ 11:09am

                Re: Re: Re: Re: Re: Re:

                And of course not a single company ever in the history of humanity after being exposed for bad code, said "we don't audit our code"!

                *yawn*.

                 

                reply to this | link to this | view in chronology ]

            •  
              identicon
              Anonymous Coward, Dec 5th, 2013 @ 9:08am

              Re: Re: Re: Re: Re:

              "nightly build" as mentioned in the article refers to a script that normally runs daily and compiles a testing development version on a daily basis. Then when a promising level of functionality appears, the code is given a once over, bug fixing changes etc, and an "Alpha" version is born. After some testing and again another once over, bug fixing changes etc, and an "Beta" version is born. After some testing and again another once over, bug fixing changes etc, and an "Release Candidate" version is born. If it passes testing it may be released at that point as "Stable" else the process is reverted to Beta and carried out through again. Only after a "Release Candidate" has passed testing will there be a "Stable" release.

              A nightly build is the opposite of a stable release.

              As indicated by the naming conventions:

              "Nightly Build" is current code in flux containing code written on the same day.
              "Stable" Release is after code has been (vetted, modified, debugged, tested) multiple times then frozen and retested.

               

              reply to this | link to this | view in chronology ]

            •  
              identicon
              Brazenly Anonymous, Dec 5th, 2013 @ 12:14pm

              Re: Re: Re: Re: Re:

              To test code you're sure about, yes.


              Or to distribute unfinished code to developers for testing and comment so you can become sure about it.

               

              reply to this | link to this | view in chronology ]

        •  
          icon
          Karl (profile), Dec 5th, 2013 @ 9:08am

          Re: Re: Re:

          So let's just push public betas with unknown code.

          You pretty much have to do that with open source software. Otherwise, how is the community going to know what is in the code that they're helping to write?

           

          reply to this | link to this | view in chronology ]

        •  
          icon
          silverscarcat (profile), Dec 5th, 2013 @ 9:51am

          Re: Re: Re:

          You have no idea how betas work, do you?

           

          reply to this | link to this | view in chronology ]

    •  
      icon
      Gwiz (profile), Dec 5th, 2013 @ 8:31am

      Re:

      If you have user submitted code, it is your duty to audit it before releasing it. What else is there in the code? Trojans? Malware? Who knows, we just get the binary, and they don't audit until they get sued...


      Look up the definition of "beta release" first:

      https://en.wikipedia.org/wiki/Software_release_life_cycle#Beta

      Then look at what is on Jdownloader's beta testing download page:
      JDownloader 2 is not in a stable final state. The current JDownloader 2 version is ment to be used for testing purposes only. This means that there will be unfinished features, bugs, many updates and even untested modules, code & plugins.

      These installers require a internet connection for installation, because they download the latest version directly from our update servers.

      Don't say you haven't been warned! Source


      Beta testing is ALWAYS at your own risk.

       

      reply to this | link to this | view in chronology ]

    •  
      icon
      Karl (profile), Dec 5th, 2013 @ 9:06am

      Re:

      So the programmers that release the software should not be liable to not auditing their code.

      As pointed out by silverscarcat, they do audit the code. They do not, however, audit the nightly builds - which (if it's like most open-source build tools) is automatically generated nightly from the working code base.

      If you have user submitted code, it is your duty to audit it before releasing it.

      If it's an open source project, "you" is often "the users." More specifically, the community of programmers that is actually writing and using the code. The beauty of open source is that if someone submits code that is questionable, it is almost immediately spotted and fixed - since otherwise, it wouldn't be useful to that community.

      Moreover, "you" won't be the only one releasing it. Open source means that any user can branch the code, and release their version of it themselves. (Provided, of course, that they also release the source code, and allow others to do the same.)

      What else is there in the code? Trojans? Malware? Who knows, we just get the binary, and they don't audit until they get sued...

      If it's open source, then by definition, you also get the source code. If there are trojans, malware, or whatever, then either you or one of the thousands of programmers who look at the code will be able to tell.

      It's the primary reason that open source code is generally more secure than closed source code.

      As someone who has used, and contributed to, open source software, I can tell you flat out that your concerns are a fantasy. Your scenarios have never, once, happened with any open source software that I'm aware of.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Dec 5th, 2013 @ 8:39am

    A country with some foresight should take advantage of fear created by the privacy violations of the US' Federal agencies and the legal liability fears of Germany etc and promote a friendliness toward innovators and their customers. The seat of the worlds tech giant nations seem to be up for grabs right now.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    techflaws (profile), Dec 5th, 2013 @ 8:51am

    You're welcome, Mike. BTW, golem.de had this news earlier than gulli (as usual) and they've come up with the next crazy story, this time from regional court Cologne: some user is getting a cease and desist order for streaming a pr0n movie from redtube.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    streetlight (profile), Dec 5th, 2013 @ 9:07am

    A better analogy

    Many folks have posted an analogy involving stores selling knives and guns. I'd suggest as an analogy of a home owner whose house is broken into for a burglary or home invasion. Under the idea that the web hosting company should be responsible for what others post, the home owner should be held responsible for the break in. The home was not fortified enough to prevent the break in. Windows that can't be forced or broken and doors with locks that are 100% impervious to forcing open regardless of the kind of method used should be required. Should a break in occur, the home owner will pay fines, restitution and go to jail for allowing the break in. If the residents are injured or killed, too bad. They deserve what they got because the house was not 100% fortified against the bad guys.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Dec 5th, 2013 @ 9:13am

    Maybe I'll sue...

    ...I believe the RIAA has made disparaging comments about *me*, calling me a pirate and a thief, when clearly that can be shown an inaccurate description. Maybe I should sue them ... in Germany.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      That One Guy (profile), Dec 5th, 2013 @ 9:21am

      Re: Maybe I'll sue...

      Uhh, maybe pick a different country for something like that, as GEMA has made abundantly clear, german politicians and judges tend to fall all over themselves 'helping' the legacy music industries over there, at times to the point where they might as well be officially employed by them.

       

      reply to this | link to this | view in chronology ]

    •  
      icon
      Votre (profile), Dec 5th, 2013 @ 9:43am

      Re: Maybe I'll sue...

      File in the UK. Their defamation laws are more insane and tilted towards the plaintiff than anywhere else in the world hands down.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Dec 5th, 2013 @ 10:17am

    Just ban opensource because it causes damages to proprietary.

    /sarscam

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Dec 5th, 2013 @ 11:42am

    Notice to German Chancellor Angela Merkel

    M'Lady, I would suggest to you, in the strongest possible terms, that you get a firm grip on your Judicial staff. If you don't, Germany will shortly be on the outside looking in at the entire software development community, not to mention being a laughing stock for the totally ridiculous rulings being handed down.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Henrie Schnee, Dec 6th, 2013 @ 10:26am

    Hamburg

    A bit of context for the non-german readers: The noteworthy part of this news is not the what, but the where: Hamburg is in-famous for this sort of rulings.
    Basically, in germany you have what is called the "fliegender Gerichtsstand", (literarlly "the flying location of the court"), meaning that if you want to sue somebody over a civic issue, you can choose where in Germany you want to do it.

    Hamburg proved to be… shall we say "friendly" towards every whim of the content-industrie, so over the last two decades, said court became the go-to adress for all things copyright, infringement and new media. It's like the Wizard of Oz for copyright owners. They're dashing out scandalous, contra-productive rulings left and right, but there's nothing we, the people, can do… in the end, it just sits with the german mentality: If you want your rights to be taken seriously, you should have become rich yourself.

    On a broader note, though: The reason for this restrictive, backwards handling of copyright law is a deep rooted fear of the german industry: There's virtually nothing we've got left to make business with (no ressources, few relevant companies left in the consumer-marked, plus the big brain drain of talented people virtually fleeing the country), safe for the "german know how", that enormous pile of patents, inventions and trade secrets we came up with in the 20th century.
    And once this iceberg has melted under the sun of todays realities, there won't be any poker chips left for our country. Streaming services, filesharer and transparency-advocates are just unfortunate victims of a much broader, deeper rooted fear of losing our intellectual "property".

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    sheukel, Dec 7th, 2013 @ 1:57am

    German "legal system" is a joke. It still has the same attitude as in Nazi-Germany. Complete ignoring reality, and creating their own uber-mensch legal rules.
    What a bunch of suckers!!

     

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This