The CEO, _jayy, posted a number of comments, then deleted all but one. The deleted comments were preserved by yegortimoshenko. Links: https://news.ycombinator.com/item?id=17241694
"Code doesn't sell itself" is almost managerial/ceo self-parody -- especially when it's a two-person show (not to mention the score of successful open/open-ish projects that totally and utterly lack a marketer/salesman.)
I think he meant "Code doesn't skim its' own profit."
The engineer recognizes that with a competent manager things would be in a better place - nowhere does he say that the manager as a figure is redundant, quite the opposite in fact.
If anything this is "founder failure" personified, which is why VCs are absolutely obsessed with founder chemistry.
CEO has sent DMCA takedown request on my GitLab repo, which clearly abuses copyright law. To use the mirrored pages, replace "yegortimoshenko.gitlab.io" in URLs with "yegortimoshenko.github.io".
Apparently he's deleted the signing keys.
Reading online posts it seems that the community is trusting the developer, not the company behind him.
If they were generated later, it gets very hairy. Were they created with company resources? On company time? Is there a record of this happening? Etc etc.
Going to court would be a huge waste of money for all parties involved, at this point.
Who's responsibility is it to guard/change/dispose them?
The way I see it (with my limited legal knowledge, IANAL) is that Daniel Micay got paid for his services, and therefore the copyright is assigned to the company behind CopperheadOS. I'm not sure if Daniel can be fired, that'd depend on the legal entity of CopperheadOS (for example, in a general partnership both partners bear responsibility and liability which levels the playing field). I tried looking it up on the homepage, but I've been unable to figure that out. What is the legal entity behind the company "Copperhead Security"?
If he was an employee, but if he was paid as a 1099 and no assignment of IP agreement was signed, it is his.
Additionally, if it was a "derivative work" of code he had written prior to W-2 employment, that would also muddy the waters of IP ownership.
So they weren't contractors or employees, which makes this a giant mess to sort through.
Source: Almost 10 years ago I was in a situation that was shockingly similar to Daniel's.
Either one of us buys the other out, or we dissolve the business. He chose to buy me out and attempt to keep going, but the company folded less than a year after I left.
It wasn't quite a messy as this situation seems to be, but it was rough, as both of us had basically put everything we had into the business.
2-person startups are kind of platonic marriages, and as such splitting up is basically getting a divorce (at least in terms of mental stress).
edit: to answer your "what would I do differently" question, absolutely insist on getting a lawyer up front to draft all the paperwork and employment agreements (we didn't do this because it seemed so expensive).
As a SWE, all of my employment contracts explicitly state that code that I wrote for the company is owned by the company. Just because he was paid for services does not mean that the company owns the copyright of the code he wrote.
What jurisdiction do you work in?
I live and work in Sweden too and I am able to dictate those parts of my contract. Especially as I do a lot of open source work.
The Copyright Office has a circular that they distribute to clarify and help people decide, in general, whether certain types of work qualify as "works for hire" or not. 
 [PDF] https://www.copyright.gov/circs/circ09.pdf
Further complicating it, Micay says the code is licensed non-commercial. So how can the company commercially exploit that code anyway? I'd be suspicious of any after the fact employment agreement attempting to coerce a re-licensing permitting commercial usage.
ps: the archived date confused me, just in case, this is a 3yo thread https://www.reddit.com/r/rust/comments/2u1dme/daniel_micay/ (enjoy the art)
I thought you couldn't edit post titles on reddit, and especially not 3 years ago.
Please please clarify.
From Title ID Date
github.io "[strcat]" 2u1dme Thu Jan 29 02:39:34 2015 UTC
reddit "Daniel Micay" 2u1dme Thu Jan 29 02:39:34 2015 UTC
EDIT: This is now at 0 points. If I have missed something or misunderstand I welcome clarification. Thanks very much!
My point was/is that the threads are identical, and given the different titles points to an supposedly-impossible ability to change thread titles. This is very interesting to me.
In case I'm [still] missing the point you're trying to get at. Further clarification and patience is appreciated.
This belittles his contributions and the situation he's been put in.
Didn't intend to belittle his contributions though; he contributed significantly to rust and (as I understand it) did ~everything technically on CopperheadOS.
No, Graydon really said nothing of the sort. https://slash-r-slash-rust.github.io/archived/2u1dme.html#co...
"[strcat] is an outstanding technical voice, everyone knows that. He is also an uncompromising technical voice who quickly becomes defensive, critical, sarcastic, belittling, insulting and accusatory when his (often correct) views are not acted-upon by others quickly enough or to his satisfaction. He needs to work on his communication style. He's stepped way over the line of the CoC repeatedly, and if I were still in a leadership role, I probably would have had to ask him to leave by now. It pains me to say that."
Somebody having less than perfect communication skills is no reason to be wildly speculating and throwing them under the bus when they're the victims of something much worse.
From 30 minutes reading about this and no prior knowledge about the project or the people involved, this seems to be the probably wrong timeline:
1. Developer starts a project, hacks on it for a while.
2. Developer decides he'd like to get paid for hacking on project.
3. Enter guy. Developer and guy incorporate, with guy as CEO and director, developer as CTO and person who does all the coding. Ownership is 50-50, company assets and personal assets are a mess (domain name & DNS are on the CEO's personal card, copyright for the code CTO writes is not assigned to the company, CTO controls private keys, and some are his personal private keys from before the incorporation).
4. CEO & CTO have a falling out wrt company direction.
5. CTO takes this personally, as a betrayal, seeing the falling out as the destruction of the project he has built basically single-handedly at great personal sacrifice.
6. CTO destroys private keys, plans to sue over copyright. Project is now imploded.
strncat seems to have conceded that despite the 50/50 ownership, "guy" has the ultimate power since he's a "director" and strncat is not. Does that even make sense? I'm no expert in American contract law, but usually the director(s) serve at the pleasure of the majority of stakeholders and if the stakeholders reach an impasse it's up to the bylaws or a court to figure it out. The way I see it, strncat is still 50% owner of Copperhead and could succesfully challenge all of guy's actions.
If you own part of the company AND you intend to draw a salary (not just get dividends) then you need both, otherwise you end up in this mess.
You know, the thing Windows Phone, Ubuntu for Android, CyanogenMod and Firefox OS all attempted unsuccessfully.
Another option would've been to call it earlier, before burn-out, when it turned out there was no market for this. If people don't wanna pay or donate for the product, there's no demand apparently. No need to work for a minimum wage. Get a regular job, and use your leisure time as you see fit (for EXAMPLE on a project like this but without pressure or obligation).
Which is why these projects overwhelmingly flame out. The engineer figures there can't be much harm from a business type trying to design a business around their project, as they assume the project philosophy will remain unaffected. Meanwhile the business type is excited about having a new in-demand raw material to which they can add inefficiency to derive a revenue stream. The engineer figures they own the code, so whatever games the business monkey plays, they can only end up back in the same spot. Meanwhile the business type is busy conjuring and documenting bureaucracy like corporate structure and implicit contracts with which to seize power over the raw resource (the project) if the coder doesn't submit to his "real world" supervision.
It's likely that the engineer could prevail and end up owning the code, but only after an expensive and draining legal battle - it's simply easier to move on to productive non-zero-sum things. Meanwhile the business type is all too willing to fight said battle, as investing real money into paperwork games was basically their entire operation all along.
IMHO the real shame in this case was licensing the code base something other than GPL. GPL would have made continued use unambiguous even in the presence of ambiguous ownership.
> IMHO the real shame in this case was licensing the code base something other than GPL. GPL would have made continued use unambiguous even in the presence of ambiguous ownership.
I don't understand how GPLv2 or GPLv3 or BSDL and many (any, AFAICT) FOSS license would not have done the same. The problem is CC non-commercial. Its actually an anti competitive license. Imagine RedHat using that for all their software. Oracle not allowed to compete?
I had been thinking that with BSD, a gone-hostile company could make an argument that more recent changes were not actually intended to be released under BSD, whereas with GPL we know they would have had to have stuck with the license to build on top. But that latter part isn't true if they're arguing that they're the copyright holder.
edit: Actually what I was thinking is true IF there is an additional contributor who's patch got accepted into the main tree. But in this case, given that the ostensible goal of CC non-commercial was so that the code could be dual licensed, we'd expect any such contributor to have been shuffled into copyright assignment.
I'm currently using it while I wait for the Librem5, after which I hope to say goodbye to the dumster fire that is Android.
(It's not like MS are doing anything in that space anymore, except piling up Win10 stuttering on the remains ... and it might, perhaps, possibly, stub someone's toe ...)
If anyone has grafted a Metro Design scion on a Linux rootstock, that would be worth a look too.
IIRC, Palm webOS tried to fix that by allowing developers use familiar HTML/JS-based tooling (Enyo)  to build apps for that platform, but the die had been cast with iOS and Android.
There's an unofficial LineageOS build for my daily driver, but that, too, is trouble waiting to happen since VoLTE isn't supported, and I visit Michigan often enough to need it; I'm on T-Mobile, and a lot of their rural Michigan coverage is Band 12 LTE-only.
And an alternative for WearOS is AsteroidOS.
Unfortunately their goals seem not to align with their actions:
They claim to focus on privacy, yet the first thing they publish is a new launcher.
Also they plan to offer a lot of cloud replacements. What do they replace it with? Their own cloud offering. I'd rather host this stuff myself.
But maybe I'm just not their target audience...
just to be specific, they licensed the exclusive right to the cyanogen name in india to micromax (while previously licensing the non-exclusive right to oneplus in all regions), who then got an injunction against oneplus selling their devices in india.
That being said, I'm curious what the other side of this story is. The email makes it sound like the guy's being fired.
The person being 'fired' owns 50% of the company and is the CTO and sole developer of the products, with most of it written on their own time. There's no employment / copyright agreement in place with Copperhead.
CopperheadOS is open source. The scripts to build a ROM are open and it's possible to audit them. In fact, if you don't want to pay for COS you are free to build your own image using said scripts. I've done it. It's easy.
I think the whole mistake CopperheadOS did was switching to a Creative Commons license that prevented commercial use by third parties. This has effectively made it tricky for Daniel Micay to continue his great work on CopperheadOS elsewhere once the company imploded.
It's sad, because it's IMHO the very best ROM out there. I don't want to use anything else. I think they should have gone for a more sustainable business model. In his shoes, I'd restart COS by doing a crowdfunding round and aiming at a few other devices (which may not be hard now with device-agnostic ROMs made possible by Treble).
COS has had a reduced target market since Google decided to price Pixel terminals much higher than Nexus. There are rumours that they might release a cheap Pixel to compete with iPhone SE. That might be good for COS.
Technically, it is. But, as you pointed out, the license they chose guarantees that it will essentially die out, specifically the bit prohibiting the non-commercial use of it.
It's also mildly interesting that Daniel aggressively defended the creative commons license they chose, when challenged.
What exactly is licensed under Creative Commons Non-Commercial?
It is either open source, or it isn't. If it is open source (OSI approved), that doesn't prohibit non-commercial work. Because then it wouldn't be OSI approved. Right?
OSI has tried to assemble all the different terms of "open source" that make sense. Creative Commons Non-Commercial isn't one of them:
The OSI approves licenses with various restrictions on them, such as displaying authorship, or reciprocation, or patent grants. I haven't seen any reason to categorize a noncommercial restriction as fundamentally different. The noncommercial clause is a huge issue because of how vague it is, but that's a different topic entirely.
Also, using the OSI list as the ultimate reference isn't appropriate in the first place. They only approve licenses that are designed for software. I think almost everyone would agree that CC-BY and GFDL are open source licenses, despite them not being on that list.
Those are for the greater good. Saying you are not allowed to use the source code for commercial reasons is discrimination and that isn't allowed according to OSI. I'm cool if you don't wanna use OSI as a rule of thumb; but then my alternatives are FSF's free software definition, or DFSG.
We're discussing source code; so whether something is OSS or not refers to open source software; OSS. The last S is usually omitted, but it still refers to open source software.
> I think almost everyone would agree that CC-BY and GFDL are open source licenses, despite them not being on that list.
These have nothing to do with open source. They might be in the spirit of open source at best (in the situation of GDFL and text), but that's it. Documentation cannot be open source, and GDFL can actually be harmful in that context.
Maybe. It depends on what commercial use means in that license. Quite a few products are given away for free supported by other products that are commercial. The Open Core model usually does that with layering but the paid product can be entirely different. Maybe something running on CopperheadOS like backup or messaging software. Something individuals and enterprises might buy.
I can see why you might think opensource.com says that open source "literally means the source is public" if you only read the first sentence in their defining article . Fair enough, this is a common misunderstanding .
 - https://creativecommons.org/licenses/by-nc-sa/4.0/
 - https://opensource.com/law/10/10/license-compliance-not-prob...
 - https://opensource.com/resources/what-open-source
 - https://www.forbes.com/sites/wenjiazhao/2012/07/06/beliefs-a...
 - https://opensource.com/law/13/1/which-open-source-software-l...
> 6. No Discrimination Against Fields of Endeavor
The license must not restrict anyone from making use of the program in a specific field of endeavor. For example, it may not restrict the program from being used in a business, or from being used for genetic research.
If it was invented for that purpose, isn't that a reason why one shouldn't use the term for things that conflict with that goal?
"Free Software" following GNU also can't have a non-commerce clause (Freedom 0). I totally get that people want to restrict commercial use, but I believe "everyone can use the software" is enough of a core value and a NC-license would be incompatible with so much of the ecosystem that it's fair to classify NC-licenses as something else.
And you'll be sticking out like bamboo tree in midwest, with your 'secure os'
The probability of one guy inserting a backdoor is high, but the payoff for compromising his platform is incredibly low.
The probability of compromising one of the big two - android/ios - may be low (keyword: may. It turns out large groups are also made up of lots of "one guy"s) but the payoff is huge.
Whats your point? My point is that it takes nation state to do that.
True, but price of the compromise is low as well. Scratch that. All it takes is to hack this one guy, i can do that :)
It's mostly their commercial clients. Very few regular people can use COS for recent devices (for free) since you need to build it from source.
iOS is years ahead in security and privacy. Read its whitepapers, read forensics blogs - they're all about iOS, mentioning Android in the passing, as too easy to be a blog post - blog.elcomsoft.com
OK so you're suspended, and we will pay you only if you sign this agreement that any ethical company would have had you sign at the start of employment.
This sort of duress after the fact is unethical and possibly illegal. And the demand for control of a personal GPG key predating employment is eyebrow raising and properly should invite ridicule.
Unless you are suggesting that we should just give up on security entirely because it's impossible to have a system that is 100% secure?
My theory is that there is a backdoor into these OSes. It's the path of least resistance and there's precedence of this. Obviously Apple/Google are going to vehemently deny this as this and these backdoors would be able to provide the most precise form of surveillance ever created.
These are barely above trivial attacks that don't require a nation state to pull off, just a talented engineer.
What really matters security wise is who is this security for? If it's for state actors(vault7) then it's useless. It's known that copperheados doesn't do much to defend against them as the phones are exploited on a hardware level. All this extra security is pointless as the people you are most worried about, has access.
If somebody physically attaching to your device isn't doing so in an environment that doesn't also block radio signals, they've already failed... and you can't be wiping your phone every time it loses signal.
The threat model of a personal computer and the threat model of something that literally follows you everywhere and knows everything you do are very different.
Physical access is much easier to obtain exposes you to way, way more. Getting a divorce? Your phone is probably something you want to guard extremely closely. You can get someone to pin your android phone for low-double digit thousands of dollars -- or even free if it's the right kind of person with the wrong kind of morals. IMO, if you have any meaningful assets to protect, whether they're yours or your company's, buying an Android phone with JTAG pins is _insane_ (or simply poor risk analysis).
But what do I know? I've only JTAG'd a phone before, scraped the RAM, obtained the unlock code and all of the user data. Random thought: how many people do you know whose phone unlock code is also their ATM pin number?
I don't think the system is strictly "you're right" or "your're wrong" and providing any supporting explanation is discouraged.
It pretty much always devolves into pointless meta. If someone wanted to tell you how right or wrong you are, they'd reply to your comment. Sometimes, perfectly reasonable comments get downvoted. Sometimes, truly awful comments get upvoted. Sometimes people fatfinger the wrong button on their phones. Every poster and every thread is better off just living with it, not worrying about it too much and sticking to the quality of the conversation itself.
The most telling thing about this is that nobody ever demands explanations for upvotes so it's obviously not because there's some real belief these explanations would make the conversation better. It's just that being downvoted feels bad. But really, at worst, you'd eat -4 points here or there. Best is to just put on your wizard hat and Epictetain stoic robe and move on. And this isn't merely a good idea - it's the law.
If the only feedback is a bundle of downvotes, it makes sense to ask for more detail. The site is better off when contributors understand what comments the community considers valuable. Sometimes the meta-discussion even leads to a good, but downvoted, comment recovering.
Well, you'd have to convince not me but the moderators of the site of that. They're quite explicitly off-topic in the written guidelines. Have been for many years along with 'neither downvotes nor upvotes come with an explanation obligation'.
And more generally, it's social interaction, not a compiler. Like most social interactions and for most people, it's not that hard for a newcomer, with a bit of participation, to sort out the context and written and unwritten norms, without constant and explicit error messages.
> And more generally, it's social interaction, not a compiler.
You've never asked "What did I say wrong?" when someone reacted unexpectedly in a social interaction? No one owes you an explanation, but there are times when it's a reasonable question and shouldn't hurt to ask.
That's really not how they're treated. Neither 'don't be a butthead' nor 'don't whine about votes' are serving suggestions. They're both enforced constantly, directly and indirectly. Without that, the site would be an unreadable cesspool.
You've never asked "What did I say wrong?" when someone reacted unexpectedly in a social interaction?
I don't present every stranger who bumped me on the bus and then gave me the stink eye as if I was the clumsy boor with a questionnaire aimed at establishing a more constructive basis for our ongoing relationship. I just frown and go back to staring at my phone. This is a far more taxing and awkward near-daily social interaction than a seemingly inexplicable downvote.
It really is, in my experience, at least in the rare cases where the reason for a mob downvote isn't clear.
> I don't present every stranger who bumped me on the bus...
But then, you have a single, specific focus for the "downvote": Some single person, who's apparently having a bad day. The cause is obvious, won't be improved by questions, etc. It's a good example of a case where the rule-of-thumb applies. Further, your "questionnaire" could be a raised eyebrow to the person next to you, who might look up, shrug, and turn away.
The whole point is to see if you're being the asshole, or if it's the other guy being unreasonable.
Now, imagine that everyone on the bus is self-selected for a trait besides wanting to travel somewhere. Say, they're tech or business people, congregating for the chance to talk about things that interest "hackers". They're there specifically to talk and discuss. A driveby downvote doesn't aid that goal. An explanation of why the commenter is being unreasonable does, even when it comes as speculation from someone who didn't downvote them.
Cause that's what we're talking about, Willis. Downvotes and how they require none of the emotional or mental energy you seem to be willing to spend on them. It's a complete waste of time, at least, given the purpose of the site and we have rules to remind us what a complete waste of time it is.