[HN Gopher] Copyright infringement by German contact tracing app
___________________________________________________________________
Copyright infringement by German contact tracing app
Author : Tomte
Score : 309 points
Date : 2021-03-31 06:15 UTC (16 hours ago)
(HTM) web link (github.com)
(TXT) w3m dump (github.com)
| EdwardDiego wrote:
| Germany has got to be the worst place to try this crap, given how
| many GPL violations are prosecuted through their courts.
| cygx wrote:
| The code is permissively licensed (2-clause BSD according to
| the LICENSE file, 3-clause BSD according to the comment in the
| source file).
| zaarn wrote:
| They took code from the official Tracing app without
| attribution or retaining the copyright notice, which even
| 2-clause BSD would frown upon. And the original code is
| APL2.0, not BSD, you can't just sublicense like that.
| moooo99 wrote:
| This is not the official contract tracing app (that one can be
| found here https://github.com/corona-warn-app), its a commercial
| product that's only been "open sourced" under pressure of the
| public. Their service was financed be the same public figures
| that are now heavily pushing for its use.
|
| And as one comment in the linked GitHub issue states, calling
| their license "open source" is really more of a marketing joke.
| Although the seem to have changed their restrictive license [1]
| to the GPL License [2]
|
| Edit: Although its not the official apps, its heavily used by
| some official instances such as the health departments of some
| cities/states. The Luca app is financed by those departments
| purchasing a license. According to news, some licenses cost
| around 440kEUR of taxpayer money [3]
|
| [1]
| https://gitlab.com/lucaapp/android/-/commit/a30432ec4a01c2ca...
|
| [2]
| https://gitlab.com/lucaapp/android/-/commit/4433884f00462bae...
|
| [3] (German)
| https://www.faz.net/aktuell/politik/inland/mecklenburg-vorpo...
| NicoJuicy wrote:
| I'd like to mention that while Belgium did not everything
| right.
|
| Having a rather small company "devside" to build the app ( it
| had references and a credible portfolio of > 100 apps) was a
| good thing for a good price.
|
| They won from those that build the app in Germany and wanted
| big belgian telecom to join for the infrastructure for a much
| higher cost. While they only needed to change some parameters
| and localize it.
|
| Result: 1 week of delay ( 8 weeks was budgeted) and everything
| opensource from the start, is what I consider a good result.
|
| Respect where it's due! Hat off
|
| https://github.com/covid-be-app
| _pmf_ wrote:
| > And as one comment in the linked GitHub issue states, calling
| their license "open source" is really more of a marketing joke.
|
| Like Android.
| dorgo wrote:
| >This is not the official contract tracing app (that one can be
| found here https://github.com/corona-warn-app)
|
| This sounds like they do the same thing. But the luca app is
| for check-ins ( which are mostly still done with pen in paper
| in germany ). Check-ins are not supported by the official
| corona-warn-app (yet).
|
| Also 2 states already purchased the app and 8 other announced
| to purchase it [1]. So if you live in one of these 10 states
| (out of 16) then you can consider the luca app to be official.
|
| [1] (German) https://www.heise.de/hintergrund/Corona-Apps-Die-
| wichtigsten...
| zwog wrote:
| > Check-ins are not supported by the official corona-warn-app
| (yet).
|
| According to [1] version 2.0 will be released in two weeks
| and will support check-ins.
|
| [1] (German) https://www.tagesschau.de/inland/corona-warn-
| app-check-in-10...
| cygx wrote:
| A copyright disclaimer just got added:
| https://gitlab.com/lucaapp/android/-/commit/7c378ac21fefe0ad...
| stefan_ wrote:
| Do you think they understand just adding the copyright notice
| to the source code is not sufficient to comply with the
| license?
| DoingIsLearning wrote:
| They should have contacted Mykola before commiting,
| bubelich.com seems to be a dead url.
| Tabular-Iceberg wrote:
| I get the impression that copyright infringement on permissively
| licensed works is more the norm than the exception these days. It
| seems like most popular JavaScript libraries are MIT licensed,
| but it seems lost on the users that the MIT license requires
| attribution, something I rarely see on a lot of highly
| interactive websites that are almost certainly redistributing
| attribution-required code.
|
| It would be interesting to see if one could make a bot that could
| detect minified versions of popular libraries and see what the
| compliance rate is.
| [deleted]
| [deleted]
| raverbashing wrote:
| Expect to hear nothing from the usual copyright big players
|
| Infringement is only frowned upon when it's your independent
| musician playing Bach on a YT video and of course he's "stealing"
| from the big players.
| choeger wrote:
| Exactly right. The copyright, as it exists today, is a tool to
| protect money-making schemes (industry vs. "customers"). It
| once was meant as a tool to protect market access (industry vs.
| industry). If we can reform it back to that origin, I'd think
| we'd be in a much better place.
| heckerhut wrote:
| Oh the irony. The LUCA app has been co-initiated and financed by
| Smudo [0], a famous German rapper. He was a supporter of
| Metallica suing Napster back in 2000 for copyright violation [1].
|
| [0] https://www.chip.de/news/Kontaktverfolgung-mit-Luca-App-
| von-...
|
| [1] https://www.heise.de/newsticker/meldung/Smudo-vs-Napster-
| Da-...
| read_if_gay_ wrote:
| It has been 21 _years_. Can we let the past go?
| fsflover wrote:
| Yes, if you show that his opinions have changed.
| Dirlewanger wrote:
| Lars has admitted multiple times he was wrong to lash out
| when they did. Go look up interviews yourself. Metallica
| have fully embraced digital platforms.
| kingofpandora wrote:
| How many years does he want copyright to last?
|
| I'll let things go after that much time has passed.
| nix23 wrote:
| No, why should we? US Troops still sit in Afghanistan and
| Iraq, that's also ~21y.
| vinay427 wrote:
| I would suppose that more appropriate examples abound.
| Remaining in those countries today indicates that the
| action is not just in the past.
| nix23 wrote:
| >Remaining in those countries today indicates that the
| action is not just in the past.
|
| Depends who is responsible for the actual "action",
| specially looking at Iraq.
| 2pEXgD0fZ5cF wrote:
| In this case I do not see a reason to do that
| spacemanmatt wrote:
| The same laws are still being abused by the recording
| industry, so maybe...no?
| xbar wrote:
| Right. We're going with "no."
| iso1631 wrote:
| Actions, especially those by public figures, can have
| consequences that last far longer than 21 years
| scotty79 wrote:
| I don't think so. They were not children back then and there
| were no signs since then that they understood their mistake
| and now know better.
| SiempreViernes wrote:
| > a famous German rapper
|
| I can understand in the abstract that of course you could rap
| in German, but it's quite another to encounter evidence of this
| _in the wild_ so to speak.
|
| Having investigated further, I must say it's probably unfair
| against Gemany to not include the adjective _old_ in the above
| statement, as Smudo (or at least the group he 's in) is of
| early 90's vintage.
| loevborg wrote:
| I'm surprised at your surprise. What languages do you feel
| it's appropriate to rap in?
| levosmetalo wrote:
| > I can understand in the abstract that of course you could
| rap in German, but it's quite another to encounter evidence
| of this in the wild so to speak.
|
| Depending on what you consider "in the wild" but German rap
| is very popular in Germany and other German-speaking
| countries. People from Germany usually don't rap in English
| or French. Smudo is an old school, but are quite a bit of
| rapper that are popular right now, like Capital Bra, Apache
| 207, Samra, Lea, Mero, Loredana, Bushido, Sido, Olexesh,
| Kollegah, Farid Bang, RAF Camora, ... just on top of my head.
| fnomnom wrote:
| some of the biggest (tickets sold, streams etc) german
| speaking music acts are rappers
| wolframhempel wrote:
| A member of the "Fantastic Four"...talking about copyright
| infringement :-)
| raverbashing wrote:
| Irony? It's only "copyright infringement" if you don't have
| enough money for lawyers
|
| That being said, Bubelich should definitely sue
| zeepzeep wrote:
| > it's only "copyright infringement" if you don't have enough
| money for lawyers
|
| "If the penalty for a crime is a fine, then that law only
| exists for the lower class."
| surfsvammel wrote:
| Not of the fine is set to be a ratio or proportion of your
| wealth or income.
| [deleted]
| hellotomyrars wrote:
| You might be getting closer but someone who is just
| barely making ends meet could be ruined by that, where
| someone with obscene wealth can lose even 10% and still
| buy a yacht minutes later.
| luckylion wrote:
| Yeah, but he can only do that a few times. It's a much,
| much better system than what we have today for most
| things.
|
| Of course, it hinges on being able to tell how much
| income they have, which is (at least in Germany) the hard
| part, as the defendant is not required to help.
| tpxl wrote:
| The tax authority generally has that data.
| luckylion wrote:
| And that generally does not matter, as the DA/judge will
| estimate the income based on available information. They
| will usually _not_ involve the tax authority, won't check
| your bank account etc. If their estimate is too high, you
| can provide information showing your actual income. If
| it's too low (which it usually is, because they're
| conservative in those estimates), you smile and walk out,
| having saved (a lot of) money.
| alpaca128 wrote:
| In my homecountry someone gets hundreds of speeding
| tickets per year, always on the same road. Doesn't care.
| With a properly scaling fine they'll stop doing that
| quickly or lose out on more than just a little yacht.
|
| I'd say it's a pretty decent step, especially when
| combined with confiscation of the vehicle if it's a
| repeat offender or a severe case. As you said it may not
| be perfect...but I'd rather see that than some careless
| people risking lives of others just because a speeding
| ticket is small change for them.
| rebuilder wrote:
| Hows this: get three speeding tickets, get your license
| suspended.
| alpaca128 wrote:
| Well so what, then they'll drive without a license. As
| long as the punishment isn't sufficient to make the
| person care enough you will only nudge the threshold a
| bit under which people actually feel it.
|
| Edit: Same with using the phone while driving. It's one
| of the biggest contributing factors to road accidents,
| yet here the fine for doing it is barely above the price
| for a decent headset. So most just don't care and trust
| the fact that well under 1% will ever be caught because
| the police either doesn't care either or just doesn't
| have the manpower to effectively enforce it.
| surfsvammel wrote:
| In Sweden the fine is in proportion to your income. If
| you go too fast they take your drivers license. Repeat
| speeding too many times and they might also take your
| license.
| throwawayfire wrote:
| This is just saying that rich people are rich.
|
| Someone with obscene wealth can be imprisoned and still
| buy a yacht - even incarceration has a much greater
| impact on a poor person.
|
| As such, I'd rather fine them in proportion to their
| wealth.
| Larrikin wrote:
| Why not both?
| Mordisquitos wrote:
| One could always establish a minimum-living income that
| was immune to fines based on ratio of income, or consider
| specific expenditures to be protected from the
| calculation (e.g. rent or cost of travel to work).
| However, I can see how that could eventually lead to the
| truism becoming _" If the penalty for a crime is an
| income-ratio fine, then that law only exists for the
| middle class, and not for the lower or upper class"_
| which would be... interesting.
| ambentzen wrote:
| Here in Denmark fines for drunk driving, driving while
| influenced by drugs, and driving while your license is
| suspended is income dependent. The exact fine is also
| dependent on your blood toxicity levels. And if you are
| under 18 or have a low income you can get half off the
| fine.
| jkaplowitz wrote:
| I've often wondered whether penalties should target
| reputation more than they do, which would affect all
| classes of criminal including upper class. For example,
| as part of the sentence for violent crimes, the
| government could mail official press releases about the
| crime to all households in the area periodically for a
| certain amount of time after the conviction, or put up
| signs, at the criminal's expense (with a government cost-
| sharing for poorer criminals beyond whatever cost society
| would view appropriate to fine them - but mail and
| signage aren't that expensive). And companies convicted
| of a crime might have to fund government notifications of
| their crime to their customers and store/office visitors.
|
| Details might need tweaking, but a version of this could
| really work.
| surfsvammel wrote:
| I see what you are getting at. Do you think it could go a
| bit overboard though? That it makes people kind of take
| the law into their own hands?
| jkaplowitz wrote:
| There's a risk of that, yes. As I said, the details need
| tweaking. It would be especially helpful for wealthy,
| powerful, and/or corporate criminals who are probably
| paying for good private security regardless of their
| criminal record/sentence or lack thereof.
| luckylion wrote:
| I do believe that the shame-feeling part of society is
| generally less likely to commit crimes. That is, it would
| work on them, but it wouldn't work on someone who does
| not care what their neighbors think of them.
| jkaplowitz wrote:
| A lot of companies and businesspeople care what their
| customers and the general public think, at least.
| LeanderK wrote:
| or teenagers/young adults in a rebellious state of mind.
| If you like to provoke and your circle of friends feels
| the same then you're not shamed.
| ryandrake wrote:
| When it comes to civil litigation, the poor and insolvent
| are already often considered judgment-proof [1]. So you
| could say we already have a little of that "laws exist
| only for the middle class" scenario.
|
| 1: https://en.wikipedia.org/wiki/Judgment_proof
| dmingod666 wrote:
| Devils advocate: Someone with a yatch can have someone
| 'who barely makes ends meet' to do the dirty work, pay
| the now lowered fine. Payoff the poor guy and be done
| with it.
| Chris2048 wrote:
| Sure, but if you have nothing you can't make amends for
| damages either.
| dthul wrote:
| I haven't heard that name in quite some time! I remember
| receiving a relatively pissed off email from him in response to
| an interview request quite a few years ago. I guess the lasting
| negative impression I got of him from that exchange is not
| totally unfounded.
| wirrbel wrote:
| A friend worked backstage and he has not-so-fond memories of
| Smudo. Large ego and a tendency to let people feel that he
| thinks he is a star.
| durnygbur wrote:
| Gimme fuel, gimme fire, gimme monay I desire!
| ganafagol wrote:
| Well, it's a pandemic. Gotta break some rules to save the
| world. /s
| ganafagol wrote:
| I recommend all the downvoters to look up "/s".
| andybak wrote:
| Maybe it's the sarcastic inverted interpretation that is
| being downvoted?
| richrichardsson wrote:
| Or perhaps that the comment adds nothing to the
| conversation?
| hutzlibu wrote:
| I would disagree. I remember for example how the
| discussion was about how the various pharma companies
| make lots of private money with the vaccines, but did
| receive generous government funding - and how the
| comment, also here on HN was: whatever, as long as the
| pandemie stops. And we are talking about a Corona app
| here.
|
| So I think the sarcarsm was valid ... but probably not
| the whole discussion about
| zeepzeep wrote:
| I downvoted because I hate the use of /s
| ganafagol wrote:
| How would you recommend to indicate sarcasm in the
| absence of nonverbal cues which a written medium
| necessarily entails?
| 1000mA wrote:
| I just downvoted your life because I don't like it.
| akamhy wrote:
| de : https://de.wikipedia.org/wiki/Luca_(App)
|
| en :
| https://translate.google.com/translate?hl=en&sl=de&u=https:/...
| skocznymroczny wrote:
| Interesting that people willingly install and there is a demand
| for a tracking application on their phones.
| berkes wrote:
| I don't know LUCA app, but the CoronaWarnApp[1] is not a
| "tracking application".
|
| > The architecture follows a decentralized approach - based on
| the DP-3T and TCN protocols, as well as the Privacy-Preserving
| Contact Tracing specifications by Apple and Google.
|
| Many, if not most, Corona "tracers" (note, the missing K) at
| least in Europe, work similar, if only because both Apple's iOS
| and Googles Android require such an architecture in order for
| those tracing apps to stay online and stay tracing.
|
| [1] https://www.coronawarn.app/en/
| Schampu wrote:
| Regarding Germany's official Corona tracing app (not the of this
| post), by the end of last year there was a discussion about
| collecting movement data of the app users [0]. The discussion was
| part of the "German Infection Protection Act", resulted in public
| protests and in the end got declined. I wonder what the state of
| this is in other countries?
|
| [0] https://www.sciencemediacenter.de/alle-angebote/rapid-
| reacti...
| eurasiantiger wrote:
| The author now has a moral obligation to set up a charity for
| open source development.
| atVelocet wrote:
| So when does this app get banned from the Google Play Store and
| Apple App Store? They clearly violate some terms of service... if
| legit apps get banned then why not this behaviour?
| rkachowski wrote:
| I think even Google and Apple would have to think twice about
| banning a state sponsored COVID-19 tracking app.
| RamblingCTO wrote:
| It's not the official German contact tracing app. It's a
| private app. See replies to the top comment for more details.
| nvoid wrote:
| I have never used a contact tracing app before. I never leave the
| house with my phone, and when I arrive at the pub, I get funny
| looks when I say I can't scan their barcode because I don't have
| a phone. This pandemic is just further enforcing the idea that
| you need a phone to operate in this world...
| idownvoted wrote:
| Here's a quick way to sweep this story under the rug:
|
| Both CEOs of the company "Culture4Life GmbH" are politically well
| connected in Berlin. One is a clubowner, frequently in talks with
| government for tax-exemptions (eg. you pay less tax if you've
| employ a DJ...). The other one is a member of the Green party.
|
| And we all know: Anyone who critcizes the left-wing sphere of
| Berlin is nothing but a racist. So there comes the rug.
|
| EDIT: Also, the former CEO of said company is a lawyer with a
| reputation [1] whose main business partner is the ex-ceo of
| "Service und Dienstleistungen der ver.di GmbH", a temp-staffing
| agency run by Germany's biggest Union. Man... nothing to see
| here!
|
| [1]
| https://www.agrarzeitung.de/nachrichten/agrarspitzen/Maerche...
| solarkraft wrote:
| It's unfortunate the comment is inflammatory, the information
| contained is valuable.
| idownvoted wrote:
| So I'm being inflammatory because I mention it's the Green
| Party and other Berlin leftists that are being involved?
|
| It's not my fault that under the guise of being _the_ force
| of good, of being _the_ moral highground itself, of being
| pampered by decades of softball questions from nearly the
| whole of German Journalism, curruption can flourish.
|
| It can do so even better if adherends of Berlin progressivism
| are being nurtured in the belief that, and opponents of
| Berlin progressivism are being threatened with that, every
| criticism of the left is guilty by association: Tin-Foil-Hat
| > Right-Wing > Nazi.
|
| Just look at the FB profile of one their CEOs... full of
| "Nazis everwhere". It's the modern day.
| solarkraft wrote:
| No, it's because of this:
|
| > And we all know: Anyone who critcizes the left-wing
| sphere of Berlin is nothing but a racist. So there comes
| the rug.
|
| which distracts from the valuable rest of your comment.
|
| I do this myself sometimes and have noticed that it usually
| steers the discussion away from the subject matter.
| kleiba wrote:
| Is it copyright infringement or breach of license agreement?
| berkes wrote:
| IANAL, but since most software licences work because of
| Copyrights, I suspect "both": as in: it is a copyright
| infringement, which is how you can enforce the licence
| agreement to be followed.
| turblety wrote:
| Maybe I don't know the full story, but from reading this post and
| the comments it's a shame how peoples attitudes are towards this.
|
| When people violate the GPL, it's most likely due to ignorance.
|
| I really think we should encourage and act positively when
| commercial/corporate/enterprise crap opens up their source code.
|
| When we find a GPL (or any license violation), why can't we
| approach it politely (in the first case), educate on the license
| terms and ask them to comply.
|
| In this case, it's seems that's what happened. We notified,
| educated and they complied. Shouldn't this be rewarded and hailed
| as a success?
|
| But now my worry is, with the amount of hate these guys received,
| other companies that are already worried about opening up their
| codebase and contributing back to OSS, have had their fears
| confirmed.
| JCWasmx86 wrote:
| >I really think we should encourage and act positively when
| commercial/corporate/enterprise crap opens up their source
| code.
|
| This is true.
|
| >When we find a GPL (or any license violation), why can't we
| approach it politely (in the first case), educate on the
| license terms and ask them to comply.
|
| I partially agree, but those companies often have an army of
| lawyers. It shouldn't be the responsibility of the internet to
| find GPL/license-violations in their code.
|
| >But now my worry is, with the amount of hate these guys
| received, other companies that are already worried about
| opening up their codebase and contributing back to OSS, have
| had their fears confirmed.
|
| Hate is too strong. It's more criticism.
| luckylion wrote:
| > When people violate the GPL, it's most likely due to
| ignorance.
|
| "OH, hey, a licence file. Let me delete that, I don't want to
| be bound bit it".
|
| > When we find a GPL (or any license violation), why can't we
| approach it politely (in the first case), educate on the
| license terms and ask them to comply.
|
| That was done, wasn't it? It was pointed out to the
| rightsholder that this commercial company was selling a product
| that included his code and were not complying with the licence.
|
| > But now my worry is, with the amount of hate these guys
| received, other companies that are already worried about
| opening up their codebase and contributing back to OSS, have
| had their fears confirmed.
|
| They can sometimes pay for separate licensing, or they can
| spend the money and write the software themselves. They want to
| keep it closed source and earn money by selling licenses (oh,
| the irony!) but shouldn't be called out when they violate
| other's rights because it might deter other violators? meh, I'm
| not buying it.
| hnbad wrote:
| That is true, but I feel like we should apply different levels
| of scrutiny to some small project and an app developed by
| people with close ties to government officials who received
| literally millions of Euros in public funding to develop and
| license this app.
|
| This isn't even a GPL violation as the code in question was
| licensed under a BSD license. They simply removed the original
| copyright notice, which may have been a genuine accident caused
| by misconfigured tooling (especially since someone mentioned
| they changed the formatting).
|
| The reason people are outraged is entirely that this is a
| publicly funded multi-million Euro project that is already
| facing accusations of corruption/nepotism and tried to open-
| source wash a proprietary product (as the app wasn't even
| published under an open-source license at the time). You can't
| really point at this incident and derive a general point about
| "people's attitudes towards violating the GPL".
| berkes wrote:
| I am not familiar enough with BSD, but would it not be a
| licence breach, when you alter libraries with a BSD licence
| and redistribute those in a closed-source app?
|
| At least with GPL that would most likely be the case.
|
| If so, regardless of their "accidental tooling removing the
| copyright notice", they would be violating that copyright.
|
| Also, IANAL.
| hnbad wrote:
| Oh, I'm not saying what they did wasn't illegal (tho IANAL,
| so I can't say whether this would indeed be considered
| copyright infringement and warrant damages in Germany). I'm
| just saying that forgetting that your autoformatter strips
| license comments when you copy permissively licensed third-
| party code into your codebase is a different level of
| impolite than using copyleft licensed third-party code with
| no intention to adhere to the copyleft restriction.
| andor wrote:
| Completely agree, they were hit by an angry mob of unthankful
| people.
|
| I think most in the mob are aware that their reaction is
| overblown. The list of OSS licenses is usually buried deep
| inside the docs and few ever read it. Luca made themselves
| vulnerable by opening up their code and the mob is using this
| weakness to attack them.
|
| It's really about not wanting this app to succeed, because they
| are making good money and because there are valid privacy
| concerns. Maybe Luca should not be widely used, but then the
| politicians who bought it are at fault, not the developers.
| Also nobody is forced to install it.
|
| Then there's the complaint about Luca's license. They open up
| their codebase and people complain that the license is _not
| free enough_? Mind blown, try that with any large company and
| see how far you get. Microsoft, give me your Office source
| code, or... I 'll write an angry tweet!
| thinkingemote wrote:
| it was BSD not GPL
| durnygbur wrote:
| German lawyers are ecstatic over copyright issues. Soon they will
| form human centipede and demand 1000 EUR from everyone whose
| address they'll put their hands on.
| atoav wrote:
| I highly doubt it as this is about a commercial app infringing
| on the copyright of a small open source developer.
|
| They will only send letters to people who cannot defend
| themselves.
| dx034 wrote:
| No, they also like to do that with large companies. A few
| hundred EUR damage is too low for most companies to care much
| about it.
|
| If the open source developer hires a lawyer I'm sure they'd
| be happy to make them some money. I wouldn't be surprised if
| they already got contacted. There are a lot of German lawyers
| out there looking for "victims" to sue on their behalf.
| corty wrote:
| Yes, but even with companies, preferrably small ones. The
| ones who don't have a lawyer on payroll who handles such
| threats between second coffee and first lunch. Such that
| paying the demands is cheaper than hiring a lawyer.
| heckerhut wrote:
| ROFL
| ramboldio wrote:
| For context:
|
| - We are talking about a file of 200 lines of code.
|
| - It's replaceable functionality that isn't exactly rocket
| science.
|
| - The issue was fixed within a few hours.
|
| [Edit: replaced "error" with "issue" to avoid implicit judgement
| and establish a common baseline]
| da_big_ghey wrote:
| When I was taking schooling at university a person was busted
| for 5 lines of code.
| atVelocet wrote:
| For context: This doesn't matter.
|
| Also it's a shame that there is no code to the rest (like
| backend) of this System.
|
| I am totally fine judging something even for minor things when
| it was paid by tax money and it holds sensible data.
| nevi-me wrote:
| Is taking someone's code, be it small, and deliberately
| removing the attribution; an error?
| reader_mode wrote:
| Likely. Why is everyone acting like this is some high
| conspiracy or even blaming the entire project - this was
| probably some lazy dev that didn't want to deal with the
| hassle of including the licence and just copy pasted the
| class. I used to do this when I was learning to code, I often
| reimplemented stuff already available for learning and would
| just copy paste large chunks. I didn't publish any work back
| then and I realised it was a bad habit because I didn't know
| what the code does - but I get where it comes from.
|
| It was fixed and nobody was harmed.
|
| The outrage in GH issues is ridiculous.
| ramboldio wrote:
| I also don't get where the outrage is coming from. Some
| mailinglist?
| tastroder wrote:
| Mostly general distrust in the project by the German tech
| scene on Twitter.
|
| Their marketing comes with weird "trust us" vibe and the
| German tech scene went through these conversations
| already with the concept of the official app.
|
| Add to that their attempts at transparency which are
| often a little too late and vague, and you have internet
| outrage. (With this release for example people were
| expecting to see server-side code, not that of the
| Android app everybody could already find in the apk).
| junon wrote:
| Germans hate "trust us" mentalities anyway. That's why
| Google Street View is exceedingly rare here.
| rostigerpudel wrote:
| People see this as an act of either carelessness or
| malevolence which both is unacceptable in an application
| that collects and stores very personal data on a large
| scale.
| drstewart wrote:
| I see. Can you talk a bit more about the review process
| where you work to ensure no unlicensed code is committed?
| I assume there's either an automatic or manual, rigorous
| process that's followed.
| reader_mode wrote:
| I think you have unrealistic expectations of applications
| developed for public sector - I'm usually surprised if
| they do core of intended functionality correctly.
| BubuIIC wrote:
| This isn't a project developed for the public sector
| really. Afaik it's a privately funded, for profit,
| product that has been licensed by several states in
| Germany by now.
|
| Apart from that the official (indeed publicly funded)
| Corona-Warn-App did a _much_ better job at this. (They
| actually did follow all the recent best practices in
| software-develoment + it 's (mostly) run as a free
| software project, taking community contributions
| seriously, reacting to feedback and issues, etc.)
| reader_mode wrote:
| Sounds like a contractor developing something that gets
| paid with public money.
| vangelis wrote:
| I've had pleasant experiences with applications developed
| by the public sector. It's the consulting companies that
| are no good. Look at 18F.
| kmeisthax wrote:
| You as a learner copypasting code isn't itself the problem.
| The problem is that this is a published, copyrighted work
| that has been included into another published, copyrighted
| work without adherence to license terms.
|
| If I had copied Culture4Life's code and used it in my own
| project, they would be suing for tens of thousands of
| dollars in damages; and the law would agree that I should
| have to pay tens of thousands of dollars in damages for
| that infringement. Asking for attribution and a proper
| license declaration is the _polite_ way to handle a license
| violation.
| yarcob wrote:
| > Why is everyone acting like this is some high conspiracy
|
| Because everyone here is a coder and puts a lot of effort
| into their work, and doesn't want it get stolen.
|
| We put a lot of effort into the Open Source projects we
| publish. Some of us are very generous and publish things to
| the public domain, but most of us at least want attribution
| for our work.
|
| If you copy & paste code, strip the license, claim it's
| your code, and sell it for money, we consider you the scum
| of the earth. That's just not something that decent people
| do.
|
| It could be an error; a junior dev may not know that just
| copy/pasting code from google search results is generally
| not allowed. But it's really something that everyone in our
| profession should know.
|
| Just like a musician is expected to know that they need
| clearance for samples, or journalists know they need
| permission for publishing a photo, a programmer is expected
| to know that they need a license for reusing other people's
| code.
| reader_mode wrote:
| >If you copy & paste code, strip the license, claim it's
| your code, and sell it for money, we consider you the
| scum of the earth. That's just not something that decent
| people do.
|
| Meh - I'd speculate it's a result of an underpaid coder
| with too much work - I've seen these kinds of projects
| before - people with connections in the public sector get
| the contract and then basically hire the lowest cost
| developers available.
|
| > Just like a musician is expected to know that they need
| clearance for samples, or journalists know they need
| permission for publishing a photo, a programmer is
| expected to know that they need a license for reusing
| other people's code.
|
| And yet those get violated all the time, even in big time
| publications and by big time artists.
|
| I'm not defending the guy who did it - he did something
| wrong, but they corrected it and malice attributed to
| project seems misplaced.
|
| On the flip side I think this could be handled better
| industry wide - like we already have security
| vulnerability scanning tools bundled with major code
| hosting platforms, they should probably figure out a way
| to do copyright infringement warnings .
| xbar wrote:
| No excuses to fail to meet the rules of OSS. None.
| TrueTom wrote:
| Clarification: This isn't the official German contact tracing
| app.
| Tomte wrote:
| This is an official tracing app in several states in Germany,
| and probably soon in all of Germany.
|
| You're talking about the older Corona Warn App which does
| similar things (and is generally considered too limited), but
| without direct data transfer to public health authorities.
| That's what the Luca app does.
|
| Warn App is more for chance encounters tracking a person
| meeting other people.
|
| Luca is more for checking in and out of stores and other
| locations.
|
| [Edit: I stand by every single word, in case people doubt it.]
| makepanic wrote:
| The cwa app will support event registration in the next
| version too.
|
| See https://github.com/corona-warn-app/cwa-
| documentation/blob/ma... for details on how they do it.
| zeepzeep wrote:
| They always said they could have easily integrated Luca
| like features but no, ofc we need to pick the option with
| millions of marketing money behind it instead of waiting
| for a privacy focused version.
| dorgo wrote:
| Afaik, privacy focused version is not possible without
| changing legislation. All apps would do check-ins
| anonymous if not for legislation.
| onli wrote:
| Luca is a cash grab, and maybe more sinister. Since the CWA -
| the official contact tracing app - switched to not collecting
| a central database that could be misused we have conservative
| politicians firing against it. "We give too much importance
| to data privacy", of course without being able to mention a
| single feature that the privacy protecting app is missing.
| Now Luca arrived, with some semi-prominent advocates, and you
| see conservative politicians shoving millions into that
| abomination of proprietary, data collecting and now evidently
| copyright infringing garbage.
|
| It is as if a certain political class had this dream scenario
| of a new location registry of every move of the population.
| That they did not get via the CWA app, and since then they
| attack it. But Luca could create it.
|
| Don't forget: This is Germany. Very low corruption at the
| lower level of society (you will never see a bribe in
| everyday life) and the basic organisation of the country
| seems competent. Incredible high amount of corruption and
| incompetence in the higher spheres - Wirecard, Cum Ex, Kohls
| schwarze Kassen, the governing party (CDU) currently has a
| scandal about members gaining millions via corruption when
| organising FFP2 masks, the country completely failed to
| contain Covid after the first more or less successful
| lockdown. Luca fits right in.
| durnygbur wrote:
| > dream scenario of a new location registry of every move
| of the population
|
| Not only politicians, I assume entities like
| Rundfunkbeitrag, Schufa, conuntless Inkasso will pay
| fortune to access such data.
|
| > Very low corruption at the lower level of society [...]
| Incredible high amount of corruption and incompetence in
| the higher spheres
|
| This is incredibly shocking for an newcomer to Germany. One
| swiftly hits the ceiling of 3-4k EUR net monthly and
| mortgage of 400-600k EUR with nowhere else to go, while
| watching enormous amounts of money being shuffled, fortunes
| hidden in idyllic villages, faceless dynasties owning
| chunks of industries, >1mln EUR apartments being purchased.
| dgellow wrote:
| > Rundfunkbeitrag
|
| They already get your location (edit: I mean address
| here) when you register to the local administration
| (Anmeldebescheinigung).
| rkachowski wrote:
| They somehow get this before Anmeldung, I lived in my
| apartment for 2 years before officially registering and
| received Rundfunkbeitrag letters + frivoulous copyright
| infringement notices (from a previous apartment).
| durnygbur wrote:
| > 2 years before officially registering and received
| Rundfunkbeitrag letters + frivoulous copyright
| infringement notices
|
| This plus Jehovah Witnesses who stalk intercom labels and
| decide that you are a perfect (victim) fit for their
| "community", and you have the full German experience.
| Copyright bullies, debt collection predators, religious
| lunatics.
| zeepzeep wrote:
| Address != location.
|
| My address is no secret, where I was last friday night
| (and tuesday morning) is.
| dgellow wrote:
| Sure, but the Rundfunkbeitrag has no need for your
| current location, they just need to know which apartment
| you're registered at.
| durnygbur wrote:
| If they decide that you don't pay the license fee
| (doesn't matter if you really do), your live location
| will be beyond useful. They absolutely have the budget to
| implement the most invasive and abusive debt collection
| solution.
| avh02 wrote:
| if they wanted to do that they'd probably have found
| another solution already through google's data at the
| very least. Probably apple/FB as well. Plus cell phone
| service providers.
|
| I don't know why this new thing is your choice of how
| they'd get the data other than it being probably run as
| effectively as parler (edit: no data - gut feeling).
| dgellow wrote:
| > (you will never see a bribe in everyday life)
|
| That's not true, you can see lot of small bribes in normal
| day-to-day transactions. Almost every single technician I
| met (for internet installation, electricity, washing
| machine installation, etc. Even insurance brokers) offered
| me to pay them cash directly to get some benefits or
| falsify some recorded data.
| Tomte wrote:
| You run in strange circles. I have never ever experienced
| such a thing. What benefits do they offer? A faster
| appointment?
|
| Cash in order to avoid taxes, sure, that happens, but
| again: it's not common. Almost always I simply get a
| paper bill, without any attempt to skirt that.
| dgellow wrote:
| > You run in strange circles.
|
| It's not about me, I live a perfectly normal, boring
| life. I'm not the one asking for bribes, and I always
| rejected them (I'm way too paranoid regarding regulations
| to accept that kind of stuff).
| [deleted]
| chefkoch wrote:
| I'm born here and lived here all my life and this has
| never happened to me.
| luckylion wrote:
| Same for the first two, but not the last. It's somewhat
| common for craftsmen to work "off the books" on smaller
| private contracts. It's a trade-off because obviously
| it's hard to claim liability when you have no proof they
| even worked on it and no contract specifying the work to
| be done. It's even more common in larger construction
| projects.
|
| Unreported work/income is estimated at about 10% of GDP:
| https://de.statista.com/statistik/daten/studie/20063/umfr
| age...
| dgellow wrote:
| That's not too surprising IMHO, I would expect this to be
| more visible to foreigners. I myself have never seen any
| type of low-level corruption in my home country but I
| learnt that also happens quite often, it's just not too
| visible if you don't know where to look at.
|
| I'm not from Germany, and do have a foreign name, I guess
| that may play a role.
| Tomte wrote:
| > I would expect this to be more visible to foreigners.
|
| That's a good point I hadn't considered.
| tormeh wrote:
| Some handymen tried to double charge me, in cash of
| course, but that's the only thing I've experienced. The
| stats say 20% of Germans report having been asked for a
| bribe at some point in their lives. That's not great, but
| not terrible either.
| nyir wrote:
| Source for the 20%? Anecdotally I've never heard anyone
| being asked for one, other corrupt behaviour though for
| sure, things regarding land ownership, or zoning
| violations.
| chefkoch wrote:
| I wouldn't call this corruption, this sounds more like
| some one tried to fuck you over.
| dgellow wrote:
| I mean, accepting a bribe or offering one is a way to
| fuck someone over.
|
| But it's not "you have to pay more". More like "just so
| you know, I have access to this internal tool, you pay me
| now and this thing that isn't supposed to be possible due
| to your situation is now done".
| iso1631 wrote:
| Most common bribes I see is when I go to some countries
| and I am expected to pay an undisclosed fee to get better
| service. My anti-bribery training mentioned how these are
| often quite normal, and dressed up in terms like
| "facilitation fee", or "tip", but that if I were to pay
| such a fee I'd be breaking UK law.
| galangalalgol wrote:
| Interesting! So you can't tip restaurant servers legally?
| Most point of sale machines for restaurants ask you to
| select a tip from a list of several standard optiins that
| usually puts 20% in the middle to make it seem normal,
| and like 15% is reserved as a mild complaint. So its not
| exactly undiaclosed, you can guess pretty well what it
| will be.
| iso1631 wrote:
| The UK act says I (P) committe an offence if
|
| (a)P offers, promises or gives a financial or other
| advantage to another person, and (b)P intends the
| advantage-- (i)to induce a person to perform improperly a
| relevant function or activity, or (ii)to reward a person
| for the improper performance of such a function or
| activity.
|
| The definition of improper broadly boils down to
|
| > the test of what is expected is a test of what a
| reasonable person in the United Kingdom would expect in
| relation to the performance of the type of function or
| activity concerned.
|
| Tipping at starbucks, or tipping a barman, or tipping a
| hotel member holding open a door, is certainly not what a
| reasonable person in the United Kingdom would expect.
|
| "Tipping" is quite normal in the US. "Tipping" is quite
| normal in many African countries too. If you don't tip,
| you'll struggle to get any service (when you're running a
| project or whatever). It's a whole can of worms when
| normal activities in a country require a small payment.
|
| Note also that if I tell my local project manager to make
| it happen, I'm on the hook for it if he "bribes" someone
| just as much as if I did it myself.
|
| I'm sure the intent of the law is to prevent UK citizens
| from paying money to bypass bureaucracy (I had a very
| painful process importing some equipment at an airport
| once, they did not want to give me a receipt for the
| $1500 I wanted (and was supposed to) pay, they just
| wanted $50 to waive me through, or to stop me from paying
| an official $200k to let me build a pipe through a
| village, or whatever.
|
| However it also means it's harder to make their project
| run smoothly in Guatemala ("Oh yes you can unload your
| lorry of course, this paperwork seems fine, but
| unfortunatly I need to check with my manager and he's
| currently out of town for 3 days. _cough_. "), and means
| that you'll be subjected to a lengthy search at an
| airport (just long enough to miss your flight) for no
| reason unless you donate to their orphan fund or
| whatever.
|
| I struggle to see the difference between that (which
| wouldn't be the case in the UK) and tipping a postman
| (which again I've never seen in the UK). The former I
| assume is illegal, the latter not, but it's not clear.
|
| By enshrining English exceptionalism in UK law does seems
| rather off to me -- basically "treat all countries as if
| they were Britain, salute the Queen, and up the East
| India Company"
| galangalalgol wrote:
| Does it matter that the tip is given after the service
| insteaf of before? My kids yoga teacher has a "pay what
| you can or what it is worth to you" scale so
| disadvantaged kids can come. I think of tips kind of like
| that.
| iso1631 wrote:
| No, it's both again induce (i.e before) and reward (i.e.
| after)
|
| It comes down to the definition of "improper".
| rob74 wrote:
| Er... do you mean offering to work "off the record"
| without paying taxes for it ("Schwarzarbeit")? That't tax
| evasion, not corruption, but yeah, that's pretty common,
| even in Germany.
| dgellow wrote:
| No, I mean someone offering you to give them some cash to
| ignore some rules (or not report what they should), or to
| actually change recorded data in a way that benefits you.
| A clear case: insurance brokers who offer you to change
| some records so that you can get a private insurance in
| cases where you shouldn't.
| notagoodidea wrote:
| That's interesting that in German, Dutch and French we
| will talk about "black work" (schwarzarbeit (DE), travail
| au noir (FR), zwart werk (NL)) meaning
| undeclared/unreported work.
|
| I see multiple probable origins on the net : - Coming for
| the german "schwarzarbeit" during end of 1st, in-between
| or during the occupation during 2nd WW and translated in
| French/Dutch from there. - Patron making employees works
| during the evening/night during the Middle albeit work
| was restricted only during day time.
|
| I did not really find authoritative sources for the
| origin of the expression so take that whole bag of salt.
| consp wrote:
| AFAIK you are correct. Before the first world war
| taxation was different in most of those countries and
| work was not taxed directly at all otherwise only in war
| years (i.e. the first world war) so the meaning is new.
| There was no need for a word for something which did not
| exist.
| locallost wrote:
| I don't know why you're getting downvoted. Where I live, they
| recently said they will open shops for a couple of days, and
| you can get in if either 1) you received a vaccine 2) you use
| the "Luca" app
|
| so it doesn't matter who developed it, it's being used as an
| official app (at least in some places).
| estaseuropano wrote:
| Matters in that its not the government but a private
| company violating copyright.
| Tomte wrote:
| The other "official app" ("Corona Warn App") is also not
| developed by the government or any government-employed
| developers. That distinction is no distinction.
|
| "Official" means that the government has adopted it and
| given it a special status.
|
| The federal government and state governments have
| endorsed the Corona Warn App. No special privileges in
| lockdown are connected to it. No special use by public
| health authorities is made of it.
|
| Several state governments and municipal government have
| endorsed (and bought licenses to!) the Luca app. Special
| privileges in lockdown are connected with it, not
| everywhere, but in many places. Public health authorities
| are directly connected to Luca's servers.
|
| If anything, the Luca app is more official than Corona
| Warn App where it's in use (several German states), and
| poised to become more important as more states introduce
| it.
| realityking wrote:
| There is a big difference between commissioning a product
| (work for hire) and buying a product that has been
| already developed.
|
| The federal government actually owns the IP of the Corona
| Warn App. Luca is merely licensed by various state and
| local governments. You can't expect the buyer of a
| software to assume responsibility for copyright
| violations. It's like blaming someone for a
| (hypothetical) copyright violation in Windows because
| they sell a server that has Windows pre-installed.
| IG_Semmelweiss wrote:
| >>> You can't expect the buyer of a software to assume
| responsibility for copyright violations
|
| Yes you can. Certainly true in the US. Liability depends
| on state law and in how the contract is written. If the
| buyer did not specifically make that carve out, a judge
| may end up deciding.
|
| If the seller specifically carved that in, the buyer can
| be liable too (along with the seller).
|
| This is why most government entities are difficult to
| contract with. They have buyers that insist in specific
| contract language. Govt entities have templates
| preapproved by lawyers to prevent this sort of thing
| coming back to haunt them. So if you want to do business
| with the govt, that's the hoops you will need to jump
| over.
| fabian2k wrote:
| The app (Luca) that allegedly copied code from the linked one
| is used officially in some places in Germany (or at least some
| states/cities bought it, not sure how much actual use there is
| yet). It is not the main app for contact tracing (CWA).
| FabHK wrote:
| The security white paper of that luca app is available in
| English, if someone wants to have a look:
|
| https://luca-app.de/securityconcept/intro/intro.html
___________________________________________________________________
(page generated 2021-03-31 23:02 UTC)