Cnet Apologizes For Nmap Adware Mess 231
Trailrunner7 writes "Officials at Cnet's Download.com site have issued a statement apologizing for bundling the popular open source Nmap security audit application with adware that installed a toolbar and changed users' search engine to Microsoft properties. Fyodor, the author of Nmap, raised the issue earlier this week, saying that his app was being wrapped in malware on Download.com. It's not unusual for download sites to bundle free applications with some kind of adware or toolbar, but the creators of open-source applications take a dim view of this practice, given the nature and ethic of open source projects. Nmap is a venerable and widely used tool for mapping networks and performing security audits and Fyodor wrote in a message to an Nmap mailing list earlier this week that Download.com, which is part of Cnet, a subsidiary of CBS Interactive, was bundling the application with its installer, which, if a user agreed, would install a search toolbar and change the user's search engine to Bing."
Perfect american corporate business practice (Score:5, Insightful)
This cycle is what is driving the society down under. What BP did, what Lockheed did, what intel did. im sure you know about what bp did last year - killed an entire ecosystem. you may also know about intel's bribery case with pc manufacturers. but you probably dont know what lockheed did - they have bribed nato country defense ministers to buy f104s over more capable aircraft. as a result numerous things happened, including, approx 600 nato pilots dying due to design deficiencies (it had a tendency to maul its tail on landing and take off - hence nicknamed flying coffin) over the years, british and other european aerospace industries died.
what happened ? lockheed was sued, then admitted to bribery, apologized, paid pathetic sums.
unless people running corporations AND their shareholders start being held responsible for their doings, these will continue.
Re:Perfect american corporate business practice (Score:4, Interesting)
Re:Perfect american corporate business practice (Score:5, Insightful)
They distributed nmap in a manner inconsistent with its licensing, running afoul of copyright law. They should be forced to pay applicable statutory damages.
DMCA Takedown anyone? (Score:5, Interesting)
Or if PIPA or SPA were law, he could have tried to seize the domain "download.com"
Re:DMCA Takedown anyone? (Score:4, Insightful)
Or if PIPA or SPA were law, he could have tried to seize the domain "download.com"
The notion that the same laws apply to both the lords and the serfs is quaint but misguided.
Re:Perfect american corporate business practice (Score:5, Interesting)
Nmap is distributed with clarifications to the GPL that explicitly define bundling the software as a "derivative work". Since the bundled software was not also GPL licensed, this was in fact contrary to the license.
Re: (Score:2)
Re: (Score:2)
So yes, that means that CNET should either have refrained from bundling, or should have distributed source of the bundled spyware as well in order to be GPL compliant.
Now, if the author of the software added additional clauses on top of the GPL to his software, these are binding too (although, then, technically the license would no longer be the GPL, but a more restrictive license based o
Re: (Score:2)
But they didn't do anything illegal. They're basically just using their own download application that comes with extra stuff. In fact, Google does exactly the same with Chrome, so you should blame them too.
No, they didn't. So what?
There are plenty of things that are perfectly legal that people don't like.
In this case, the author of the open source security software should just make his own software blacklist the download.com site for malware/shadyware, which is also completely legal to do. And then hopefully, download.com would retaliate by blacklisting his software, so then everybody is happy. The author is happy. The consumer is happy. And download.com is relieved not to have to his software listed on their
Re: (Score:2)
Re:Perfect american corporate business practice (Score:5, Insightful)
But they didn't do anything illegal. They're basically just using their own download application that comes with extra stuff.
Yes, but Download.com still assures users that they will never bundle that "extra stuff". Their Adware & Spyware Notice [cnet.com] says:
In your letters, user reviews, and polls, you told us bundled adware was unacceptable--no matter how harmless it might be. We want you to know what you're getting when you download from CNET Download.com, and no other download site can promise that.
Also, they make it look like a download link for the real installer (which it used to be), and then the user gets this CNET crap. But they still used our name liberally in the trojan installer as if we were somehow responsible for or involved in this abomination. I've got screen shots on my Download.com fiasco page [insecure.org].
Also, this "apology" rings hollow because they aren't fixing the problem along with it. In particular:
1) He claims that bundling malware with Nmap was a “mistake on our part” and “we reviewed all open source files in our catalog to ensure none are being bundled.” Either that is a lie, or they are totally incompetent, because tons of open source software is still being bundled. You can read the comments below his post for many examples.
2) Even if they had removed the malware bundling from open source software, what about all of the other free (but not open source) Windows software out there? They shouldn't infect any 3rd party software with sketchy toolbars, search engine redirectors, etc.
3) At the same time that Sean sent the “apology” to users, he sent this very different note to developers [com.com]. He says they are working on a new expanded version of the rogue installer and “initial feedback from developers on our new model has been very positive and we are excited to bring this to the broader community as soon as possible”. He tries to mollify developers by promising to give them a cut (“revenue share”) of the proceeds from infecting their users.
4) You no longer need to register and log in to get the small (non-trojan) “direct download” link, but the giant green download button still exposes users to malware.
5) The Download.Com Adware & Spyware Notice [cnet.com] still says “every time you download software from Download.com, you can trust that we've tested it and found it to be adware-free.” How can they say that while they are still adding their own adware? At least they removed the statement from their trojan installer that it is “SAFE, TRUSTED, AND SPYWARE FREE”.
Re: (Score:2)
Re: (Score:3)
Re: (Score:2)
Because you can hold a single company accountable, something that is very difficult to do to thousands upon thousands of individuals? (just ask the MPAA/RIAA and friends how 'easy' it is)
Re: (Score:2)
Seems like Microsoft is casting around for some way to top Sony's rootkit.
Re: (Score:3)
"Flying Coffin." Interesting nickname. In my home country it was called the Widow Maker. Erich Hartmann, the highest-scoring fighter ace in the history of air warfare, called it fundamentally flawed and unfit for service. Lockheed's money caused his superiors to force him into early retirement. 115 German pilots were killed in non-combat missions while piloting the F104.
Re: (Score:2)
Re:Perfect american corporate business practice (Score:5, Insightful)
Re:Perfect american corporate business practice (Score:5, Insightful)
Still, I'm thinking that in cases of gross negligence, stripping away corporate personhood and limited liability and making shareholders pay directly would certainly increase shareholder vigilance over the going's on of companies they're investing in. Imagine if BP's shareholders were directly sent a bill in proportion to the size of the Gulf cleanup. I'm thinking BP shareholders would probably be a bit more proactive in assuring the company management behaved themselves.
Re:Perfect american corporate business practice (Score:5, Insightful)
You can't go after shareholders in a public company. Not all of them. It would kill day trading for one, not that I mind that one bit.
It would make investments nearly impossible. All that would end up happening is they would bypass it with strategic revenue sharing agreements and legal clauses preventing the company from funneling assets and revenue out to other companies.
Making a farmer or teacher responsible for their share in a company they invested partly in for retirement is going too far. They lack the sophistication and access to resources to truly assess risk. Most of that is just long term investment in a big well known company.
Going after mutual funds and pension managers probably won't work well either. How could you ever really know what is going on in a company if it is fraud?
I think it would be more reasonable to strip corporate person hood and limited liability for the executives and any shareholder that is an accredited investor. The accredited investor part is really really iffy for me.
Unless you can really define just how shareholder vigilance is supposed to work without an absolute *ton* of micromanaging and audits on a constant basis. Most companies don't want that. So unless the investor is actively involved on the board of directors I just don't see how it is reasonable for you to assume, "they should have known". All they know is what is in the offering and disclosed. They know their risk, not ongoing operations.
Nail the executives and leave it at that.
Re: (Score:2)
Nail the executives and the Board members.
Re: (Score:3, Insightful)
Where does this psychopathic idea that corporate efficiency must be maintained at all cost come from?
work without an absolute *ton* of micromanaging and audits on a constant basis. Most companies don't want that.
Companies don't want that? OH NOES we can't have that!
Of course these same companies want to monitor all of our forms of communication and behaviour to (enhance their marketing and) make sure we don't touch their oh so precious IP.But we can't have companies watching what they are doing, that would be inefficient.
Re:Perfect american corporate business practice (Score:5, Insightful)
Where does this psychopathic idea that corporate efficiency must be maintained at all cost come from?
You're being shortsighted and practicing reductio ad absurdum.
I never promoted the idea that corporate efficiency must be maintained at all costs. Only that efficiency at some level must be maintained otherwise the cost of the products and services would have to rise commensurately. There has to be a balance, otherwise we are just hurting ourselves.
Companies don't want that? OH NOES we can't have that!
Now you are just adding hyperbole. Companies can't have every single investor visiting the offices, or their lawyers offices, and hiring their own counsel and experts to inspect the financials and conduct audits attempting to find fraud or illegal activity.
They must hire experts. Accredited investors would not be excluded either. Just because you are an MD with a net worth of a couple million dollars meeting the current requirements for exemption under the Securities Act of 1933, does not mean you can walk into a mining company and understand what is wrong and what is right, and what is illegal .
Your hyperbole and reductio ad absurdum aside, corporations are already being monitored under current laws. Obviously, that needs to beefed up a bit, but requiring all investors (think how many that would mean for Exxon) to watch the company is just plain ludicrous. It can't work in the real world without making business so inefficient, it can't operate.
What if you own part of a mutual fund? Is it sufficient to investigate the mutual fund managers? Or must you then perform investigations and audits on the possible hundreds or thousands of investments they have? What if a mutual fund owns part of a different financial instrument?
WHAT IF... WHAT IF... (I get to do hyperbole) somebody that owned part of a mortgage backed security? Would they be required to make sure no lending laws were broken on each loan origination? Would they need to physically inspect each security to verify the possession of the note?
Of course these same companies want to monitor all of our forms of communication and behaviour to (enhance their marketing and) make sure we don't touch their oh so precious IP
More hyperbole. Of course things are not balanced. Not even close. However, this has nothing to do with the specific question at hand......
But we can't have companies watching what they are doing, that would be inefficient.
No. We can have increased regulations, penalties, and monitoring of corporate activities. What we can't have is thousands upon thousands of independent parties doing it at the same time. That would be grossly inefficient to the point that it is no longer possible to operate a viable business.
That's why you can't go after the small investor. What I did say was put the executives (and I implied the board of directors) in prison for long sentences. I have a hard time seeing how proposing that, and sparing the small investor makes me a corporate apologist, which is what your raving character assassination seems to be trying to accomplish.
Is this just for public companies or private?
I got some news for you... every company (with few exceptions) needed an IPO to go public. Before that, they had to raise capital. The proposal to make investors liable would raise the bar so high, that new businesses and small business would have a significant and oft insurmountable barrier to entry.
You have a +5 insightful. That means that your hyperbole has sentiments that many can get behind (including myself) but you need to take a couple of deep breaths and realize that you have to be smart, clear headed, and forward thinking when you come up with better ways to regulate corporations and curtail their sociopathic behaviors that we all hate so much.
Re:Perfect american corporate business practice (Score:4, Insightful)
That's not the only way business can operate. Check out the Mondragon Corporation.
In addition liability would be managed the same way to manage it in the same way as a sole proprietorship. You buy liability insurance, the cost of which is roughly proportional to the perceived risks that current management policies are taking. Any company that represents more than a token amount of stockholders could analyze the records (any insurer below that would have to cooperate with other insurers to get info), which would reduce the inspections to a manageable level.
You've set up a false dichotomy between everyone regulating a corporation for themselves and government regulating corporations for everybody. There is a middle ground and room for market mechanisms to solve the problem. Of course you want a reasonable bottom level the government assures, but complex industry-specific regulation often fails due to regulatory capture, and the fact regulators lack the implicit knowledge necessary to manage the risk.
Externalizing the costs of failed corporations onto the public at large is destructive, unfair, rife with moral hazard, and favors the established players over everyone else. The original point of the corporation was to promote public works such as roads, schools, dams and canals, and not to protect the profiteering of a relative few.
precisely that (Score:2, Insightful)
Making a farmer or teacher responsible for their share in a company they invested partly in for retirement is going too far. They lack the sophistication and access to resources to truly assess risk.
we are allowing people to reap benefits from things they cannot understand, fathom or use. and naturally, we are not holding them responsible from what they can not comprehend.
waiver of responsibility. no different from having to slap warnings against putting your cat in the oven on appliances. people dumber than the minimum requirement of systems and technologies we have in our modern day are using them.
long story short - whomever invests in something should be responsible with their investment. this
Re:precisely that (Score:5, Insightful)
Your position is not reasonable.
It's like holding the landlord responsible if the tenant murders somebody on the property. Is it reasonable to assume that the landlord would have known about the murder to take place, assuming it is premeditated? Is it reasonable to assume responsibility for crimes of passion?
No small unaccredited investor purchases stock in a company expecting it to perform fraud, and you cannot reasonably hold them accountable for actions that are essentially unknowable.
Your solution raises the barrier to entry for stock ownership so high that only accredited investors and investment gateways (Wall Street investment firms) could meet them.
It will kill capitalism, which is your intent.
Either provide a reasonable solution, like holding the executives and board members personally and criminally liable for fraud, or just admit you want to replace capitalism and the stock market entirely.
Sorry, your position is just not reasonable in any way, shape, or form. Your analogies are false. There is a difference between personal responsibility with a hot coffee cup and indirect fraudulent actions that you have no way of knowing. If the average person did, then so would the authorities, and it would be stopped.
Re: (Score:3)
It's like holding the landlord responsible if the tenant murders somebody on the property. Is it reasonable to assume that the landlord would have known about the murder to take place, assuming it is premeditated? Is it reasonable to assume responsibility for crimes of passion?
landlord is responsible with whom he leases the land to. definition of being a landlord includes performing landlord duties and shouldering its responsibilities. this includes assessing, getting to know, and following up with tenants.
otherwise, there would be nothing barring landlords from continually leasing their land to murderers who would pay higher. just like how shareholders do with corporations.
Re: (Score:2)
What are you smoking?
The landlord is not criminally or civilly liable for anything you said. Since when is it the landlord's duty to make sure the husband does not shoot his wife? How would that be accomplished anyways?
Continually leasing their land to murderers? How the heck would they know?!
LOL
Dude... seriously.... put the pipe down.
Re: (Score:2)
The landlord is not
yes they are not. i didnt say they WERE. i say, they SHOULD BE.
else, landlords just keeping renting their land to the highest bidder, regardless of what they do. just like bp, lockheed, haliburton, intel et al.
Re: (Score:3)
yes they are not. i didnt say they WERE. i say, they SHOULD BE.
Well you said...
landlord is responsible
You need to get together with President Clinton and have a lively discussion about the definition of the word "is".
In any case, your just nuts. Not trying to flame you, but you are just nuts. You're holding people responsible for actions they should not logically be held responsible for. Your analogies, which you strongly assert as reasonable, don't have anything to do with corporate responsibility.
Try saying those crazy things over a loud speaker in the park. I don't think I am the only
Re: (Score:3)
To be fair, there's actually multiple levels of responsibilities the law can impose on a person.
From the strictest:
- Strict liability: whenever something goes wrong, you're liable, no matter your actions or intentions.
- Negligence: liable if you've failed to do enough to prevent it from happening
- Gross negligence: liable if you've fucked up badly and caused/allowed it to happen.
- Knowledge required: you're liable only if you knew it will happen
- Intentional: liable only if you intentionally did something t
Re:precisely that (Score:4, Informative)
Aptly put.
I never argued that there should be more liability and less protections for executives in corporations. Quit the contrary actually. The landlord analogy is insane because you are holding them strictly liable for all actions of the tenant. For a landlord to be truly negligent they would need to know. Murder is ridiculous, but crack house or meth lab.... might not be so much. Bimonthly inspections that just involve a cursory look through the property would not be unreasonable and are permissible in every rental/lease contract I have seen.
As for the executives and board members I absolutely agree that corporate person hood should not shield executives that meet your standards for negligence, gross negligence, knowledge required, and intentional. Treat them like everybody else. They still performed the act, only used the corporation as a vehicle for their actions. Ironically enough, we have laws for vehicular homicide and negligence for literal vehicles too.
My objection is providing strict liability to the investors. That is unreasonable period. Intentional and knowledge required indicates a conspiracy or aiding & abetting. No excuse for that. Gross negligence does not sound possible in an investor/stock holder context.
Negligence and Knowledge required are where it gets unreasonable to the investors because then it requires investors, even accredited investors, to perform ongoing audits that would be too resource intensive and impractical. It might not even be possible if the executives are actively attempting to hide their activities and falsifying records.
Especially so for somebody that owns a minuscule amount of stock in Exxon. Somebody needs to explain to me how Ma & Pa Johnson on a farm in Kansas could really know that the Valdez incident was about to happen or could have prevented it. Billing them for cleanup and reparations does not sound like a logical and reasoned position to take.
Re:precisely that (Score:4, Insightful)
The purpose of the markets is to match people who have surplus capital with those (allowing for the dubious state of companies as people) who have need of it. The lower the barrier to market entry the more readily available capital becomes, allowing companies to access it and use it, hopefully productively. Now, the majority of investors are already likely to carry out some form of oversight before directly investing in a company, through the purchase of shares or what have you, and while most of this oversight is likely to be financially directed - is this a good investment, am I likely to financially profit from this exchange - many people also already include an ethical element to their investment decisions - are the company's business practices reputed to harm the environment, do they manufacture 'bad' (tm) things. Holding individual investors to a higher level of oversight and responsibilty than this is not only not practical it would directly damage the main advantage of a free market, namely the free flows of capital.
As a side note, there is a huge difference between the idea of the (free) market and capitalism per se. Conflating the two does not help in clarifying specific objections to one or the other.
One 'direct' example of the market in action is your bank. You put your savings in the bank, (originally) on the assumption that you will see a small return on that capital, in the form of interest, and the bank, acting as a middle man / broker, lends that money to someone that needs it. This is both a purer form of matching lender to borrower and a more remote one in the fact that you as the lender have no direct say as to the destination of your 'loan'. You are of course free to chose your bank, but, in this day and age the only sure way of ensuring your bank is ethical would be, amongst many other things, if they do not engage in any counter party trades, do not sell stocks and shares isa's, and own no share portfolio of their own. I'm not sure if that would make for a financially viable business as a bank, or merely make them a credit union with a severely restricted remit. Anyway, I get away from the point I was trying to make...
long story short - whomever invests in something should be responsible with their investment.
I'm going to assume you have a bank account. Are you claiming (partial) responsibility for the millions of people who lost their homes / livelihoods / sanity in the recent debacle with the selling, mis-selling, and reselling of sub-prime mortgages? After all, it was your money that was lent to these people that allowed them to buy their homes in the first place, even if they were mis-sold. If so, what penalty should be exacted on you for this crime (and as far as 'evil' acts go this was as large a crime against humanity as any other I can think of in western so called democracies in recent times)? And if not, why not...why are you not being held resposible and accountable for the evils done with your money?
Re: (Score:2)
Re:Perfect american corporate business practice (Score:5, Interesting)
I would ban day trading, and I will tell you why.
It's that mentality for short gains that has lead to our economic collapse. If it was illegal from the start to securitize mortgages, or that it would require very very well documented and physical transfers of the mortgage note from one owner to the other, we would not be in this situation.
It was the intense building greed of Wall Street that made the packaging and reselling of mortgage backed securities go faster and faster and faster, and eventually, the demand was so great that loans were originated that anybody with a brain new could not be repaid and would default within 4 years.
Subprime? Subprime my ass. Guaranteed 99.99% Loss Financial Loans is what I would have called them at the end.
The need to trade faster and faster only encourages this bullshit, and I don't buy for one second, that it is beneficial to the stock market by blah blah blah economist reasoning inserted here.
It also introduces arbitrage . Do you think they are building a multi-billion dollar fiber optical trans-Atlantic cable to reduce latency for shits and giggles? No. It is so they can link the stock exchanges and game the system even more. It won't be Call of Duty packets going across that pipe, but it will be warfare.
Why is it that in a certain building in New York that colocation of a server costs 50-100x that of the going rate?
Why is that some people are trying to make microsecond trading and "stock exchange on a chip"?
It's called unfair advantages far worse than insider trading and it is bullshit. So yes, screw day trading.
I want to see a federal tax on all trades based on the time the stock was held. 1 microsecond? 99.99% tax rate. 1 year? .01% tax rate.
That would start people thinking again about what the company will look like in two years instead of two minutes. That's a culture we need to get back to in this country desperately.
Even the executives that didn't know anything ? If bribery and corruption are the problem, then the solution would be to punish the people responsible, which is not necessarily, all of the executives.
Never said that or implied it. Only the executives directly responsible, or had knowledge, would be prosecuted and sent away. At some level, a board member claiming they had no knowledge is unreasonable. BP had a long history of disregarding safety for profit and even if the board member did not specifically know about the decisions around the blow out presenter, he damn well knew everyone had a corporate culture of having such disregard.
In any case, all executives would be innocent until proven guilty. Let the investigators determine who was really at fault and who knew what.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:3)
No they can't commit murder, they can however commit acts which amount to, were they living/breathing individuals, criminally negligent homicide/gross negligence manslaughter/culpable homicide/etc. (depending which country you live in) and as they are afforded all of the rights of individuals, without all of the responsibilities of living/breathing individuals, they can (for all intents and purposes) get away with it. Clearly this is not an acceptable situation.
Re: (Score:2)
Until I see a Corporation executed by the state of Texas, I refuse to acknowledge that Corporations are truly liable for their actions.
Does that mean that corporations are not people?
Re: (Score:2)
You DO realize that "American" corporate practices are pretty much identical to Australian, Canadian, European, etc. corporate practices, as they all come from English practices? That there is just as much (if not more) corruption in other nations... government, business, individual... as America? That you and your nation are in no way superior to America?
Don't like it? Defend yourself without American help or American military equipment. Hope you like being Indonesian, because they're crowded, resource-h
Re: (Score:2)
Sadly, based on everything that I've read about Australia recently, it would be the first country to see such practices be adopted.
Re: (Score:2)
Indeed. However, human psychopaths can learn, if only to survive in a society that does not understand them.
Can corporations?
It's Legal (Score:5, Informative)
It is entirely within the license terms of any OSI-approved Open Source license to aggregate any software, regardless of its nature, on the same medium as Open Source software and to install it with the same installer that installs the Open Source. Even software that is harmful. Only if the software is a derivative work of the Open Source will the license apply to it.
Sure, CNet shouldn't do this, and if they keep doing it we'll eventually start using new licenses that make them copyright infringers. But right now it's legal.
Re:It's Legal (Score:5, Informative)
Re:It's Legal (Score:4, Interesting)
Re:It's Legal (Score:5, Informative)
Re:It's Legal (Score:5, Informative)
Sorry, but when Fyodor crosses out some of the GPL terms and writes in new ones in crayon (meaning without the assistance of a lawyer or in a manner contrary to existing law), it doesn't really have the effect he desires.
The GPL explicitly does not define terms such as "derivative work" because these terms are defined in copyright law or case law. Case law is most important here, and in general case law is strongly against Fyodor's interpretation. Go read Judge Walker's finding in CAI v. Altai and tell me that just installing the software makes it a derivative work.
I am also dubious that anything in 18 U.S.C. 1030 (the Computer Fraud and Abuse Act) can really be used to prosecute this particular incident. Can you show me the words that you think would?
Re: (Score:2)
Sorry, but when Fyodor crosses out some of the GPL terms and writes in new ones in crayon (meaning without the assistance of a lawyer or in a manner contrary to existing law), it doesn't really have the effect he desires.
You're not an IP lawyer either.
Go read Judge Walker's finding in CAI v. Altai and tell me that just installing the software makes it a derivative work.
I'm not exactly an expert in US Copyright law, but after reading (time is limited mate) the Wikipedia article on the case, I see nothing related to the issue of whether such "aggregation" is a derivative work. My gut feeling is that whether it infringes depends on how it is "aggregated", and I really can't see how one can declare it is "non-infringing" without even looking at the installer itself.
The tricky parts of law are always in the devilry details. The "aggregation does
Re: (Score:2)
No, I am not admitted to the bar, but a good deal of my income comes from working on Open Source issues with attorneys, and I teach attorneys, with CLE credit awarded in some states, about Open Source legal issues. I am an expert witness on just the sort of issue that is being discussed.
"Aggregation" is the word we use for the combination of software items on a medium that are not derivative works of the other software. It doesn't really make sense to say "that aggregation is a derivative work", if it were
Re: (Score:2)
It's not a contract. No proper consent, etc. It's a license. It unilaterally conveys rights without removing any rights you already have. This is what RMS intended with GPL2 and he'd testify to that effect. It wouldn't look so good to a jury as you think.
Re: (Score:2)
I have NMap on my Debian system, and I never had to click "I Agree" to get it or anything else in Debian.
Yes, it's a repulsive act that CNet did, no argument with that. But why are people getting software from Download.com? What mistakes does our community make that lead to that?
Re: (Score:2)
What mistakes does our community make that lead to that?
I blame this one [microsoft.com]
;-)
Re:It's Legal (Score:4, Interesting)
This is why I referred to those terms as being written "in crayon". The author doesn't seem to have understood what would happen when a judge attempted to parse the information. It doesn't seem to be the work of a legal professional. And it has the effect of deceiving programmers on the project that it is a valid license term, while legal professionals would immediately know that it isn't.
Poorly-written licenses always have this effect of deceiving the programmers who work on the project. This has cost some people real money, Bob Jacobsen (JMRI) being one. His case ended up being terribly more complicated than it should have been, costing years of hardship and some money.
Re: (Score:2)
Re: (Score:3)
"Do we have screen shots, etc., that make a case that it was intentionally deceptive?"
Every bit of advertising all over CNet about "ad-ware and spyware free" installers would seem to constitute every bit of evidence you need, since you seem to lack the mental faculties to find such embarrassingly simple things for yourself.
Re: (Score:2)
I've not a windows system to try the nmap installer. Didn't figure that out, did you?
Re: (Score:2)
The fact you don't test across all systems (let alone have test systems or environments for the four or five major operating systems) is more than proof of having less-than-stellar competence.
Re:It's Legal (Score:4, Informative)
I see what you mean, the line that says "Integrates/includes/aggregates Nmap into a proprietary executable installer, such as those produced by InstallShield."
It's nice to know what they consider a derivative work, but it has no legal effect. That would not be a derivative work under copyright law no matter what they think.
Re:It's Legal (Score:4)
It's not a "derivative work" for purposes of the GPL, and thus doesn't require disclosure of source code as per the GPL terms...
On the other hand, nmap is not distributed under the pure GPL, it is distributed under the GPL with added stipulations, kind of like how the linux kernel include explicit exceptions to GPL2...
The copyright holder is free to decide if, when and how their work will be distributed, and Fyodor has decided that in addition to the GPL requirements, he also doesn't want his code distributed as part of third party binary installers.
These installers are not a derivative work, they are just a violation of the distribution terms, and if you don't agree to the terms offered by the copyright holder then you are not allowed to distribute a copyrighted work.
A similar example would be a movie publisher or a tv station that is forced to implement DRM by a movie studio if they want to distribute that studio's movies. If the copyright holder doesn't agree with your terms then you can't redistribute his work.
Re:It's Legal (Score:4)
Now, ethically, people should do what you want. But the letter of the law would not require them to do so.
Re: (Score:2)
I think CNet learned their lesson.
Be wary of blocking legitimate sites that you don't approve of. I have not heard of ECPA being used against spam blockers and site blockers, but I think it could be used that way.
Re: (Score:3)
The stub installer conflates "CNET" with the name of the software package, both in its file name and in its installation wizard. For projects and products that that are registered trademarks, wouldn't that constitute some sort of violation?
Re: (Score:2)
Re: (Score:3)
Who? What? (Score:5, Insightful)
Who would download a tool like nmap from download.com? What sort of person does this? How is this a thing that happens?
Re:Who? What? (Score:5, Interesting)
I work in security for my company, so we keep an eye on unauthorized software in our enterprise. We had a guy just today download PuTTY from a download site, that came bundled with all kinds of shitty toolbars and adware. This guy is a Sr. Software Manager and Developer at the company and should know better.
I wish I could clue these supposedly 'smart' users in, but they'll download and install anything without any critical thinking at all.
Re:Who? What? (Score:5, Insightful)
I work in security for my company, so we keep an eye on unauthorized software in our enterprise. We had a guy just today download PuTTY from a download site,
PuTTY is a very bad example, almost ANY URL sounds more authoritative than the real one.
Working in security, you should expect people to screw this one up and have your sysadmin team deploy/maintain it.
www.chiark.greenend.org.uk/~sgtatham/putty/
*blech*
Re: (Score:2)
Unless of course you search for it on Google, Bing, or Yahoo, or probably any other search engine, in which case it's the first result. And, unless you actually read the page you're downloading from, which states "The official PuTTY web page is still where it has always been: http://www.chiark.greenend.org.uk/~sgtatham/putty/ [greenend.org.uk]"
Unless you don't know what PuTTY is, you'd almost have to try to download it from the wrong place.
Re: (Score:3)
Re: (Score:2)
Yea, the userdir really makes you feel warm and safe about the URL.
Re: (Score:2)
How about putty.be
Easy to remember and afaik always authentic
Re: (Score:2)
Re: (Score:2)
Re: (Score:3)
What sort of person does this?
The same persons who complain because the "desktop experience" features are disabled by default on Windows Server.
There is no explanation, it is a personality type. I suggest you read "Zen and the art of motorcycle maintenance", it offers a lot of insight about this kind of thing.
Re: (Score:2)
If you mean (and I know you dont, but it can, and does, easily fall into that category in an enterprise) "being able to enter a path into Explorer and it allow you to go there" as opposed to navigating to it from "My Computer" or "Network" directly, then sure. If you mean being able to right click on an application in the taskbar so I can close it, then sure. I complain like hell at these restrictions; it makes my life a right PITA.
Sacrificing basic usability because of some BOFH is under the impression tha
Re: (Score:3)
So, why would I read a book about motorcycle maintenance when I have little interest in motorcycles or the maintenance of internal combustion engines (and associated machinery)?
Re: (Score:3)
So, why would I read a book about motorcycle maintenance when I have little interest in motorcycles or the maintenance of internal combustion engines (and associated machinery)?
If you read the book you will actually be able to answer this question...
trust (Score:5, Insightful)
It takes years to earn trust. It takes only one event like this to destroy said trust for good. Up to a year ago, I used download.com where they always proclaimed "Spyware free" etc... That trust has been erased and I will never go back to that site. But really, after they began doing the indirect download using their own downloader, that turned me off right then and there and I stopped about a year ago.
Agreed - Where else should we go for downloads? (Score:2)
Cnet and download.com used to be the site I trusted for downloading software, given their consistently good business practices and the number of other sites that included malware, spyware, and/or bloatware along with their downloads. Obviously I still trust Sourceforge, Ubuntu apt-get, and the download sites that various other projects provide for their own code, but for Windows software, download.com used to be the place to go.
So are there other sites that have good collections of Windows software and ar
Re: (Score:2)
Shame you started that with Sarah Palin. Nobody with a brain ever trusted that monster - at least on this side of the pond (we were actually quite scared of her in fact).
Re:trust (Score:4, Funny)
Scared of Sarah Palin? But she has to be elected to be any kind of a threat. What do you think we are, idio...
Yeah. Okay.
Too little. (Score:3, Insightful)
They should not have done it in the first place, and I will be looking elsewhere for my downloads.
Re:Too little. (Score:4, Insightful)
Re: (Score:2)
Shear lazyness I admit.
I will from now on taking the extra few moments to fine the original authors site and download from there.
PS: I apologize to geeks everywhere for my lazyness.
Re: (Score:2)
bleah, even autors' sites can be traps. Take imgburn for example. Might not be the case right now, but the last time I was downloading, there were no less than 3 download links in various banners to unrelated crapware, some of it going through doubleclick. Windows software has become a complete cesspool.
Safe, Trusted, and Spyware-Free... (Score:3)
Since it is mentioned prior to installing it (Score:5, Insightful)
Should you be using Nmap if you can't pay enough attention to opt out of installing a toolbar?
Re: (Score:2)
Or you still have a slight amount of reverence for a CNet site and might click through the prompts, trusting the source. Not cool to have such a trick played on you.
Half-assed apology (Score:2, Flamebait)
Optional (Score:2)
If it's optional, what's the problem?
Re: (Score:2)
Time for litigation (Score:3)
This is where he should sue CNet for slander of trademark, and tortious interference with business relations.
Typical corporate mindset... (Score:5, Insightful)
They're not sorry about the bundled *extras*, they're sorry they *got caught*...
Re: (Score:2)
Lately it's been acceptable to apologize for being caught.
For reference see the NFL: http://msn.foxsports.com/nfl/story/ndamukong-suh-ejected-detroit-lions-green-bay-packers-112411 [foxsports.com]
''I want to apologize to my teammates, my coaches and my true fans for allowing the refs to have an opportunity to take me out of this game,'' Suh said
nmap on Microsoft Windows? (Score:2)
nmap on Windows?
remember that scene in Scanners?
.
.
.
Removed (Score:2)
Glad I removed all my downloads from cnet a few years back. I was really getting pissed at them for hosting my files, after explicitly telling them they were not authorized to, and could only link to the download on my website. Yet they kept changing the links back and distributing my software with no rights to do so.
They're largely irrelevant now thanks to Google, so I didn't miss much. They like to think they're important and matter, but they're really no different than any other PAD-file-generated spam s
CNet is lying... (Score:3)
Re: (Score:2)
download.com started their crapware bundling a few months ago. Yesterday when I wanted to look up DVR access software, I almost pulled up their side, but then I didn't. Cool story, I know. But here's hoping that more people become aware and start avoiding the site like the plague.