[HN Gopher] TikTok streaming software is an illegal fork of OBS ___________________________________________________________________ TikTok streaming software is an illegal fork of OBS Author : cwaffles Score : 1049 points Date : 2021-12-17 13:54 UTC (9 hours ago) (HTM) web link (twitter.com) (TXT) w3m dump (twitter.com) | greatjack613 wrote: | China, China, China, China | rubyist5eva wrote: | China doesn't give a flying f*ck about your software license LOL | majani wrote: | Something tells me that TikTok has somehow managed to get | people to forget their country of origin | londons_explore wrote: | The commitment[1] appears to say, in summary, "you can violate | the license anytime, and as long as you stop violating soon after | we tell you to, there can be no financial penalties". | | That makes the GPL _substantially_ weaker, since now a company | can use GPL code in any place they think nobody will look. They | will never be on the hook for court ordered damages going back | years for unlicensed use. | | [1]: https://github.com/obsproject/obs- | studio/blob/master/COMMITM... | zinekeller wrote: | > That makes the GPL substantially weaker, since now a company | can use GPL code in any place they think nobody will look. They | will never be on the hook for court ordered damages going back | years for unlicensed use. | | In OBS' case, maybe. But OBS' developers' generosity doesn't | automatically translate to other developers, and even in | proprietary cases, there have been cases of a exact-copy | contract that have gone significantly different ways. | phkahler wrote: | I'm not a fan of the GPLv3 limiting the available response to | copyright violations. Time limits in particular. It's one of | the less clear parts of the license IMHO, and it affects the | primary means of enforcement. | | Fortunately a lot of GPLv3 code is actually 3+ so maybe if a | version 4 ever comes along this nonsensical restriction on | enforcement will be more limited. I do understand the reasons | around accidental misuse, but I haven't really seen anyone | getting into big trouble from accidental misuse. I have seen | these high profile cases of deliberate misuse by big | corporations. | lucasyvas wrote: | I'm not personally a fan of protecting against accidental | misuse. No other law offers significant leniency for | ignorance that I am aware of. | londons_explore wrote: | I am very much in favor of laws that offer leniency for | _procedural_ violations. For example, I believe "You built | this building before you got a permit to build it" | shouldn't be a crime - there should only be a punishment if | I cannot retrospectively get a permit in a reasonable | timeframe. | r_hoods_ghost wrote: | This is a common misconception. I don't know about US law | but in English law (including contract law) there is a well | defined distinction between "wilful" and "non-wilful" | misconduct that rests upon whether a violation is | intentional. Definitionally violating a contract or clause | that you are ignorant of cannot be intentional. I know in | the US the same concept of wilfulness is used in the | context of tax law at the very least. | | tldr; in law ignorance is a defence, or at least a | mitigating circumstance. | literallyWTF wrote: | It's almost like licensing is completely pointless unless you | have the money to sue. | tobltobs wrote: | Enough money to sue the CCP. | o_p wrote: | They could simply make a library with the OBS code, open source | that and dynamically link it into their app. | | Forcing copy-left doesnt really benefit the open source | community, those who already want to contribute will do so | without contract obligations. | dangerface wrote: | It seems like OBS is the opensource software every uses but has | no idea because it gets ripped off and repackaged so much. | endisneigh wrote: | People expecting OBS to get millions from this are naive. Almost | certainly TikTok will change the software to just use OBS | independently to avoid the issue. | | If OBS wants money they should use a dual license. | VWWHFSfQ wrote: | did anybody say OBS wanted millions? | | > Almost certainly TikTok will change the software to just use | OBS independently to avoid the issue. | | this is a perfectly acceptable outcome. | selfhoster11 wrote: | Nobody says they want money. They likely just want the GPL | violation to stop, one way or another. | paulryanrogers wrote: | And yet it could be argued that TikTok saved millions they'd | otherwise have had to pay to produce or license equivalent | software. | Trumpi wrote: | I imagine that OBS merely want others to abide by their | license. | oolonthegreat wrote: | apparently OBS devs don't want to share direct evidence yet and | resolve it privately probably due to their GPL Cooperation | Commitment. while I'm sure we all appreciate that, it would be | nice to see the decompiled binaries and the exact violations, | just so we can explicitly point them out and argue. | | I find it VERY easy to believe that Tiktok are indeed in | violation, but right now all we have are statements and a 302 | redirect to Microsoft Directx download page. | AustinDev wrote: | So people that have ripped off OBS so far and violated GPL | include TikTok, StreamLabs (Logitech), and StreamElements. Any | other people I missed? | kiddico wrote: | I didn't realize streamlabs was logitech. Damn. Going to have | to find a new go to wireless keyboard recommendation for media | pcs instead of the k400. | | Should also stop singing the praises of the Pro Superlight... | remram wrote: | You just recommended both of them... Off to a bad start... | dodgepong wrote: | Streamlabs and Streamelements have not violated the GPL. | the-dude wrote: | How did StreamLabs violate the GPL? | pineconewarrior wrote: | The OBS project has accused StreamLabs of copying their name | and stealing their trademark (By naming their software | StreamLabs OBS). I'm not sure about any source code thievery. | errcorrectcode wrote: | SL rebranded SL OBS to SL Desktop. They seem like another | corporate FOSS mooch IYAM. | r1ch wrote: | Streamlabs violated OBS' trademarks, their fork has always | complied with the GPL. | AustinDev wrote: | There were 6 to 12 months iirc where they did not | distribute their source required by GPL. I have close | friends on the OBS team. | wccrawford wrote: | If nobody asked for the source and was denied, they were | not yet in violation. They aren't required to actually | post it online. They can simply send it to someone when | asked. | jnwatson wrote: | They are required to post the notice about how to get the | source code. | wyldfire wrote: | They did post a notice.... | | "But the plans were on display..." | | "On display? I eventually had to go down to the cellar to | find them." | | "That's the display department." | | "With a flashlight." | | "Ah, well, the lights had probably gone." | | "So had the stairs." | | "But look, you found the notice, didn't you?" | | "Yes," said Arthur, "yes I did. It was on display in the | bottom of a locked filing cabinet stuck in a disused | lavatory with a sign on the door saying 'Beware of the | Leopard." | [deleted] | Liquix wrote: | Hopefully this is high profile enough to incur some | consequences. GPL is ironclad on paper, but the sad reality is | unscrupulous/international companies can and do just copy code | directly off github into their products with no repercussions | tomcooks wrote: | Consider donating to the EFF as a Christmas present to | yourself | oalessandr wrote: | The EFF lost all credibility by jumping into the crypto | bandwagon | remram wrote: | What did they do? | reedciccio wrote: | eff doesn't do license enforcement. Software freedom | conservancy is the organization to support in this case: | https://sfconservancy.org/ | fsflover wrote: | https://fsf.org as well. | wongarsu wrote: | Unless a major contributor of OBS sues, nothing will come of | it. That's unfortunately very rare, the only one doing that | with any frequency seems to be Harald Welte (one of the | iptables developers) [1] | | 1: https://wiki.fsfe.org/Migrated/GPL%20Enforcement%20Cases#W | el... | nsv wrote: | Couldn't the FSF sue on their behalf? | rrix2 wrote: | On what grounds? The FSF has no standing to sue like | that. The software freedom conservancy has lawyers who | will work on copyleft infringement cases like this but a | copyright holder still has to step forward as a | plaintiff. | trickstra wrote: | And now they can also claim it was just autocompleted by | Copilot. | libeclipse wrote: | That's not plausible | wizzwizz4 wrote: | Hey, just because it would get laughed out of court, that | doesn't mean they can't claim it! | randomluck040 wrote: | I'm not so sure about it being laughed out of court | unfortunately. | donkeyd wrote: | Can concur, courts don't know jack about tech and have to | rely on experts that aren't always independent. | wizzwizz4 wrote: | Rebutting the argument doesn't rely on tech knowledge. | | "But, your honour, I didn't copy this person's book! I | used the autocomplete on my phone, and it just so | happened to produce their 500 000 word novel!" | | You need tech knowledge to think that's even _plausible_. | Sure, they wouldn 't dismiss it _out of hand_ (I think | "laughed out of court" is a figure of speech), but I | wouldn 't be surprised if it got a few giggles. | kayodelycaon wrote: | Using a tool to violate copyright isn't a valid legal | defense. | detaro wrote: | StreamLabs afaik kept clear of GPL violations? | pshushereba wrote: | China stealing intellectual property? If only we could have seen | this coming! | BusyLurker3K wrote: | This is a horrible take. A Chinese company stealing IP is very | different from China stealing IP. Google was caught using IP | from Sogou for its pinyin IME, but we don't say America | stealing IP. | NullPrefix wrote: | >Sogou for its pinyin IME | | What does it mean? | criddell wrote: | ByteDance is partially controlled by the government so I | don't think your Google analogy is a good one. | | https://www.bloomberg.com/news/articles/2021-08-17/beijing-t. | .. | | https://qz.com/1788836/targeting-tiktoks-privacy-alone- | misse... | rackjack wrote: | Basically every major Chinese company is partially | controlled by the Chinese government. (Not trying to | detract from your point, just providing context.) | pphysch wrote: | Do you honestly think Washington doesn't exercise similar | influence over Google? That Google can just throw NSLs in | the spam folder? What do you think Jigsaw is? | xvector wrote: | Why are people downvoting you? You are 100% correct about | NSLs and gag orders. This is one of the biggest issues | the EFF focuses on: https://www.eff.org/issues/national- | security-letters/faq | throw10920 wrote: | They are not correct about NSLs - the level of control | exercised by those is not even remotely comparable to the | level of power that the CCP holds (and exercises) over | Chinese companies. Nobody thinks that NSLs don't exist, | it's just that they're not comparable to the issue at | hand. | | And, in particular, the US government does _not_ either | possess or exercise the power over US companies to coerce | them to steal IP from other countries - which is the | issue under discussion. | pphysch wrote: | What can I say, I'm attempting to add nuance and scrutiny | to what is a black-and-white issue for most of HN. | fortuna86 wrote: | Yes. | pphysch wrote: | Well, you've been misled. | | https://transparencyreport.google.com | pdabbadabba wrote: | If they're equally influenced by their national | governments, perhaps you can also direct us to | ByteDance's own transparency report, so we can compare? | pphysch wrote: | That would be moving the goalposts. We're concerned | whether companies are de facto influenced by governments, | not whether those companies produce PR material about | said influences. | fortuna86 wrote: | "You are moving goalposts" | | _proceeds to move goalposts_ | | ByteDance doesn't issue such reports because everyone | knows they cannot refuse a request by their government. | Any report that says otherwise would be, as you say, "PR | material". | trasz wrote: | Same way US-based companies can't refuse gag orders and | other kangaroo "secret courts". | samtheprogram wrote: | Moving goal posts would be more like claiming that, | because we have evidence Google cooperates with the US | Government for some investigations, the US Government has | similar influence and control over Google as China does | over ByteDance, without any scrutiny or review of the | severity of China's influence on ByteDance. | | Also, to the very point you bring up... recipients of an | NSL can file a legal challenge to an NSL which would | trigger a judge to have to review the request. NSL's also | do not allow the government to request all sorts of data, | but mostly direct PII and service metadata. NSLs are | problematic but I seriously doubt any comparative limits | apply to Chinese agencies' requests for data from | ByteDance. | pphysch wrote: | Bottom line: virtually all large (tech) companies are | influenced by governments. They will surveil you on | behalf of your government. Period. | | Any attempts to muddy the waters for ideological point- | scoring are beside the point. If you want to dig deeper, | please bring evidence instead of speculation. | samtheprogram wrote: | In the original comment you responded to, the CCP put a | party member in the ByteDance board of directors. | | The CCP is also known to enforce censoring government | critical speech on their platforms including TikTok. http | s://www.theguardian.com/technology/2019/sep/25/revealed-. | .. | | National Intelligence Law also allows the CCP to request | from businesses any data unlimited in scope without a | warrant or possible recourse. https://en.m.wikipedia.org/ | wiki/National_Intelligence_Law_of... | | It's not ideological; one clearly exerts more control | than the other, by an order of magnitude. To say the | surveillance, censorship, or control on businesses are | similar because Google has complied with some government | requests (the only evidence _you_ have provided) is naive | at best, or disingenuous at worst. Of course the US | performs intelligence gathering on its citizens or | foreigners for national security. The difference is the | scope, oversight, and recourse businesses in the US have. | pphysch wrote: | > The CCP is also known to enforce censoring government | critical speech on their platforms including TikTok. | | Donald Trump? Jan 6? Julian Assange? Chelsea Manning? | There are countless examples of USG censorship. Just | because you don't ideologically agree with the victims | does not absolve the act of censorship. | | > National Intelligence Law also allows the CCP to | request from businesses any data unlimited in scope | without a warrant or possible recourse. | | Do you _really_ believe that Washington doesn 't have | this same power? That they will just go "oh well, guess | we can't investigate this national security crisis | because Google said so". That's clearly ridiculous. | Washington has the power and resources to break into | datacenters if compelled. | | > It's not ideological; one clearly exerts more control | than the other, by an order of magnitude. | | It is clearly ideological (a priori, CCP = bad) and you | have not demonstrated that one is vastly more controlling | than the other. | fortuna86 wrote: | American tech companies _can_ say no to data requests, | they often do. Then they publish the details of those | requests, publicly. | | Chinese companies not only can't say when such requests | were made, they cannot reject them either. Every Chinese | firm must give all their data to the government, at all | times, for any reason (which will remain secret of | course). | | The fact that you are trying to, as you say, "muddy the | waters" (amazing the amount of projection you do) with | conflating the two might work as an augmentation tactic | (maybe fool a person or two), but logically it is | unsound. | throw10920 wrote: | One of the parent comments in the chain that you wrote | said "Do you honestly think Washington doesn't exercise | similar influence over Google?" | | Note the "similar". | | You then amended your point to "virtually all large | (tech) companies _are influenced_ by governments ", which | is completely different than _similar levels of | influence_. | | Nobody cares that governments have _some_ level of | influence over companies - that 's a feature, in fact, | because some regulation is necessary for markets to work | - the issue under hand is _exclusively_ whether the level | of control is excessive. (and, in this specific thread, | whether "A Chinese company stealing IP" is comparable to | "China stealing IP") | | That's moving the goalposts. | | (the answer to that last question is "yes" - the Chinese | government does, in fact, use Chinese companies to steal | IP from other countries (including, but not limited to, | the US, Japan, and parts of the EU), while the US does | not) | pphysch wrote: | If only you (and others) would be as pedantic about | verifying claims made by the Washington | establishment/media about "the evil See See Pee" as you | are about winning internet arguments. | | It is impossible to have a practical discussion on these | issues when one side unironically believes China is a | Mordor-esque land ruled by comic book villains. Totally | misinformed. | | Anyways, the level of influence _is_ similar. If the | Washington wants my private data from Google, they will | get it. No amount of wishful thinking and handwaving | about "well Google could say no, but bytedance will | definitely comply because reasons" will change that. | throw10920 wrote: | You _completely_ ignored the points that I made, and | instead chose to pontificate about things completely | irrelevant as a distraction from the fact that you did, | indeed, move your goalposts, and couldn 't come up with | any counter-arguments to the fact that: | | The Chinese government does, in fact, use Chinese | companies to steal IP from other countries, while the US | does not and cannot. | | Irrelevant chaff that you have attempted to throw up: | "would be as pedantic about verifying claims" "winning | internet arguments" "one side unironically believes China | is a Mordor-esque land ruled by comic book villains" | (yeah no) "If the Washington wants my private data from | Google, they will get it" (also no) | | > If the Washington wants my private data from Google, | they will get it | | > the level of influence is similar | | As someone who works _with the US government_ , I can | verify that both of these statements are _factually_ | false. (and, again, still a diversion from the actual | topic under discussion which is _governments compelling | companies to engage in IP theft_ ) | | It is non-trivial (in the legal sense) for the US | government to get the data of a single US person, and it | certainly cannot do it en-masse, nor force companies to | hand over all of their data unencrypted, both of which | are things that the CCP can (and does) do. Therefore, the | levels of influence are not similar. End of argument. | pphysch wrote: | Are we at that point? | | _Blah blah blah, brainwashed government contractor doing | PR for his paymaster..._ | criddell wrote: | Yes, I honestly think Washington doesn't exercise similar | influence over Google or other American companies. | | CNN likes to pop up a PIP view of what's being broadcast | in China when they talk about things that embarrass the | Chinese government. When they start talking about Peng | Shuai it takes about two seconds before the Chinese | broadcast becomes a test pattern. | | When's the last time you saw a test pattern when watching | a foreign news channel? | pphysch wrote: | If you want to uncritically believe everything US | establishment media says about enemies of the US | establishment, that is your problem. | criddell wrote: | Where did I say that? Keep in mind that I'm not saying | the US government has no influence, but it isn't anywhere | close to what the situation in China is. | [deleted] | fortuna86 wrote: | I think he's changing the subject to what he wants to | discuss, what he thought this conversation was about the | whole time. | | Happens a lot in online discussions. | throw10920 wrote: | The US government does _not_ either possess or exercise | the power over US companies to coerce them to steal IP | from other countries (or companies thereof), which is the | issue under discussion (despite attempts to redirect it). | Neither NSLs nor Jigsaw give them that power. These are | facts. | pphysch wrote: | Characterizing a Ctrl-C Ctrl-V of a publicly available, | open-source codebase as _government-coerced theft_ is | hilariously overdramatic. | Lhiw wrote: | If you think the CCP doesn't have a hand in every major | company or export you're naive. | dang wrote: | " _Eschew flamebait. Avoid unrelated controversies and generic | tangents._ " | | https://news.ycombinator.com/newsguidelines.html | pshushereba wrote: | My comment doesn't meet any of this criteria. The original | article was about a Chinese company's unauthorized fork of | OBS. It's semantics whether or not you consider an | "unauthorized fork" as stealing, but I certainly do. | | So it's neither unrelated or a generic tangent, as it relates | to intellectual property theft. It's beyond question both | that China as a country is known for stealing intellectual | property, and that Chinese companies work closely with the | CCP. | | In the introduction of The Wires Of War by Jacob Helberg, he | cites a statistic that estimates that "Chinese theft of | intellectual property costs Americans anywhere from $225 | billion to $600 Billion every year..." | c0balt wrote: | Not like US companies would be any better. They usually just | take more care of hiding it, cause you know, cause you know | lawsuits. | adventured wrote: | US (and European) companies are typically a lot better about | it, precisely because they fear lawsuits, they fear the | consequences. | | China and its large companies don't fear lawsuits the way US | corporations do. That's how Jack Ma was able to steal Alipay | from Yahoo shareholders and laugh all the way to the bank, | there were no consequences to worry about. It's why Yahoo | capitulated in dealing with Alibaba as a major shareholder, | they knew the end result would have been their ownership | stake could just be zero'd out at any time. That's why China | can arbitrarily point at Didi and tell them to delist, | regardless of what it does to foreign shareholders - there's | nothing to worry about, there will be no meaningful | consequences. | | You can't get at them domestically if they don't want you to, | because they're a nation that operates by the shielded, | arbitrary dictate of the CCP rather than laws, and nearly | everyone is afraid of their retaliation (including the | richest corporations in the world like Apple). | | Nobody much fears the US will retaliate the way China does. | That's why the EU has been pounding US tech companies with | mega fines, and wouldn't dare behave that way toward China. | It's why the green virtue signalers are so very scared to | publicly lambast China, and they'll harangue the US and EU | all day. It's why the NBA will intentionally ignore any and | all atrocities of China (they're intensely terrified to utter | even the slightest of negative words toward China), yet they | have almost zero fear of jabbing the US 24/7 - it's because | for the most part nobody is afraid of the US. | throwaway473825 wrote: | The Swedish bank oligopoly once illegally used Moxie | Marlinespike's GPL code in their closed-source app: | https://mobile.twitter.com/moxie/status/530252445725642752 | | They even refused to get in touch. Why would they when they | have most Swedish political parties in their pocket? And | that's in one of the world's least corrupt countries. | gunapologist99 wrote: | > Why would they when they have most Swedish political | parties in their pocket? And that's in one of the world's | least corrupt countries. | | Political parties in your pocket literally defines | political corruption. | 0xdeadb00f wrote: | I don't think this is unique to China lol. Organisations around | the globe steal IP all the time. | ironmagma wrote: | Until they get caught. | randomluck040 wrote: | It won't change if it's not prosecuted. | dylan604 wrote: | In what court that protects IP and has jurisdiction in | China would one file that lawsuit? | randomluck040 wrote: | Good point and as expected, I have no idea. The question | is if I have to file the lawsuit in China. My knowledge | of law goes towards zero so I can't even ,,armchair | lawyer" it. However, the question would be if it was | possible to file the lawsuit in a country where TikTok | has a headquarter. | [deleted] | symlinkk wrote: | It happens a lot more in China though | [deleted] | KoftaBob wrote: | It's not unique to China, but it's particularly prolific in | China. One of the major reasons for the US tariffs against | China was pressure for them to actually respect IP. | pphysch wrote: | That is the official story. Obviously, though, it's really | about kneecapping PRC's rapidly growing high-tech | industries and "containing China's rise". | jetsetgo wrote: | Like American companies leeching off immigrants is any | different | [deleted] | a2tech wrote: | Well not illegal. It looks like they need to acknowledge and | include the OBS license. | 1_player wrote: | Not only the license, the source code as well. The GPLv2 | license exists for a reason. | | """ | | These restrictions translate to certain responsibilities for | you if you distribute copies of the software, or if you modify | it. | | For example, if you distribute copies of such a program, | whether gratis or for a fee, you must give the recipients all | the rights that you have. You must make sure that they, too, | receive or can get the source code. And you must show them | these terms so they know their rights. | | """ | | https://github.com/obsproject/obs-studio/blob/master/COPYING | NeutronStar wrote: | Illegal until then. | [deleted] | Rygian wrote: | If they are not already acknowledging and including the OBS | license, then it's already in breach of the license (ie. | "illegal" in the informal sense that you used). | [deleted] | h2odragon wrote: | So will all those outlets that had "Trump's social network is | violating the GPL" stories be jumping on this with equal fervor? | Considering they didn't cover the _compliance_ with the GPL that | "truth social" (awful name) did, I think we can safely assume | they won't. | | That said, TikTok using and backing OBS makes perfect sense, the | terms of the license aren't onerous and everybody benefits. "Open | source works like its supposed to" isn't a eyeball grabbing | headline tho. | mrweasel wrote: | Are they technically obligated to provide the source code online, | or could they just say: "Well it's available on request, and no | one has done so"? The just mail out a USB stick or DVD to anyone | who asks? | | I believe that's with in the limits of the GPLv2. | throwhauser wrote: | Sure but then couldn't whoever receives the USB or DVD post the | source code someplace more convenient? I'm not sure what that | "workaround" would accomplish. | tialaramex wrote: | It's much worse for them actually. They're obliged to offer | this for _no more_ than the cost, unlike a typical "cost | plus" basis on which they could profit even minimally - and | yet they're also obliged to fulfill _all_ orders from | _anybody_. The offer isn 't valid only for whoever you gave | binaries to, it's an offer to _any third party_ that 's what | the requirement says. | | In the CD era, it _might_ have made sense to go with written | offer if the source is far larger than the binary you ship | (e.g you ship a 500MB game on CD, but the source would be | 1400MB so that 's like 3 CDs, ugh) and you're happy to | periodically pay the office intern to burn some source CDs | and post them off for the inquisitive customer who asked for | them. | | In the Internet era it definitely doesn't make sense. Just | pop a link to the source next to the binaries and don't sweat | it. | | Unless, of course, you have no intention of complying anyway. | r1ch wrote: | It's designed to discourage people from exercising their GPL | rights. If they push code every day and the only way to get | the most updated code is to pay for a CD to be mailed to you, | it becomes quite tiring to keep an up to date online copy. | dodgepong wrote: | GPLv2 requires you to either distribute the source with the | binaries, or provide the recipient information on how to obtain | the source code. It also states that providing a link to the | source code next to the binary download on your website is | sufficient. See GPLv2 section 3 for more details. | | TikTok have not provided a link to its source code, not are | there instructions on their site or within the download package | indicating where users can obtain the source code. Therefore, | it's a violation. | Karunamon wrote: | Yep. "available on request" is perfectly allowed, there's no | requirement that it be on a publicly available webpage. | teddyh wrote: | No, the offer of source code must be _explicit_ , not just | available if anyone happens to ask. | r1ch wrote: | The binaries must be accompanied with an offer of the source | code. There is no mention of source code anywhere during the | download, install or execution of TikTok Studio, nor any offer | inside the application folder or similar. | mrweasel wrote: | That makes sense, they need to let people know how to obtain | the source code. | paxys wrote: | Not strictly enforcing license terms only deteriorates the | standing of the license. A tweet or blog post is fine, but unless | someone is willing to take TikTok to court over this the takeaway | is clear - violate GPL if you want and nothing will come out of | it. | xwdv wrote: | This is exactly how licenses work. If there isn't some entity | willing to take people to court for instances in which the | license is violated, it will have no teeth and people will | steal and use licensed code with glee. | dvt wrote: | How can you be so inept that you're literally stealing software, | but are too incompetent to properly obfuscate it? | entropie wrote: | Right? They are not even trying. | | Probably there is also a little spike in the logs of | obsproject.org which could lead to some investigation. | 1_player wrote: | Thieves are known not to be smart. If you're smart enough, | you'll know that stealing probably isn't worth it. | EGreg wrote: | Some people on HN make fun of "code is law", but in this the "law | about code" is hardly enforceable internationally. Putting the | snark aside - let's at the broader picture ! | | Web disrupted journalism, cable, tv, radio, magazines, newspapers | and made it permissionless across geographic boundaries | | Smart contracts can do the same for finance, voting, banking, | legal enforcement and more | | The question here is, can we enforce copyright without the threat | of force (like SWAT teams taking down a grandma or Kim DotCom) | | And do we need artificial scarcity at all, as seems to be the | case now with NFTs and metaverse? | | These are major topics andI can't do them justice in a small text | comment. For whoever is interested, explored these topics and | Internet economics in our recent episode of the Intercoin Show: | | https://m.youtube.com/watch?v=72kaDtfuIG4 | | If you don't want to have scarcity for digital content but still | want to get paid at scale, here is another approach that is | completely web based: https://qbix.com/token | | Ignore the token part and look at the iframes part. Would love | feedback: | vmception wrote: | "Right click and save as" jokes not looking so funny anymore? | [deleted] | PragmaticPulp wrote: | The original Tweet (embedded one from HunterAP) says TikTok | installs OBS and uses it in the background with a TikTok front- | end. It doesn't say that they've illegally forked it. | | EDIT: See comments from OBS developer below for a more clear | explanation of the issues than the linked Tweet | platz wrote: | the developer installs obs and copies its dlls into a new app, | not the user. | yorwba wrote: | > The original Tweet (embedded one from HunterAP) says TikTok | installs OBS and uses it in the background with a TikTok front- | end. It doesn't say that they've illegally forked it. | | It does say "illegal fork" below HunterAP's username and above | the screenshot. | r1ch wrote: | OBS developer here. It doesn't "install OBS in the background". | They ship several executables as part of their software that | contain code derived from OBS and there is no offer of source | code. They're currently in violation of the GPL, but per our | GPL Cooperation Commitment we are trying to work this out with | them privately. | PragmaticPulp wrote: | Thanks for the clarification. | | Is there anywhere where this is written up more clearly? Even | on Twitter? Would be good to circulate a more clear | explanation of what's going on. | r1ch wrote: | Not at the moment, we're trying to resolve it in private. | Similar to how the Streamlabs situation unfolded, we don't | want to "go public" until all other options have been | exhausted, though it's looking like this choice may be out | of our hands. | gunapologist99 wrote: | The use of the word "illegal" seems problematic if this is a | contractual dispute over (GPL) license terms. No one _seems_ to | be claiming that TikTok actually committed a criminal act | (although, perhaps they did, if this was intentional as it | appears, and TikTok is engaging in criminal-levels of | distribution. Not a lawyer, so just speculating here.) | | It probably would have been better if the OP had said "violated | the license agreement". | | Still, many other companies have eventually caved under GPL | lawsuits, but apparently none in China; probably because it's | virtually impossible as a foreigner to win a tort case against a | Chinese company. | | https://wiki.fsfe.org/Migrated/GPL%20Enforcement%20Cases | dragonwriter wrote: | > The use of the word "illegal" seems problematic if this is a | contractual dispute over (GPL) license terms | | No, it's not. | | > No one seems to be claiming that TikTok actually committed a | criminal act | | "Criminal" is not the same as "illegal", the latter includes | any violation of law whether or not it is criminal. | gunapologist99 wrote: | This definitely looks like egregious and apparently | intentional infringement, but violating the GPL is not | violating a law in most countries; it's violating a license | agreement. Contracts are not law. Therefore, violating the | GPL by itself probably isn't illegal (but it could probably | become illegal if other statutes, like CFAA or RICO were | brought into play.) | | If I violate deed restrictions on my property by building a | shed, then that wouldn't be _illegal_ per se; it 'd simply be | a breach of contract and the _private_ organization could sue | me for redress. | | But, if I built that same shed in the middle of a public | street, then that might be illegal and the city might have me | arrested and prosecuted. | dragonwriter wrote: | > This is not violating a law; it's violating a license | agreement. Contracts are not law. | | _Following_ legally-valid contracts outside of any | legally-valid excuse is law, which is why breach of | contract is a cognizable legal cause of action. | yjftsjthsd-h wrote: | > This definitely looks like egregious and apparently | intentional infringement, but violating the GPL is not | violating a law in most countries; it's violating a license | agreement. | | If they're not following the license, then aren't they | breaking copyright laws? | nnvvhh wrote: | Not complying with an open source license can be enforced as | copyright infringement rather than a contractual dispute. | gunapologist99 wrote: | Please cite an example. Most countries' copyright law tips | civil license agreement disputes back into the civil courts, | not criminal, with relatively few exceptions. | vineyardmike wrote: | > The court disagreed that Neo4j granted a naked trademark | license, pointing out that the open source licenses granted | to third-parties on the open source software repository | were copyright licenses, not trademark licenses. Users of | the open source version of the software did not have any | right to use the Neo4j trademark without a separate | trademark agreement. Naked licensing does not occur where | there is no trademark license. | | Neo4j used GPL by the way. | | https://www.finnegan.com/en/insights/articles/open-source- | so... | throwawayay02 wrote: | > OBS is free for anyone to use, for any reason. Other developers | can use the OBS code in their own projects as long as they obey | the guidelines set forth in the GPLv2 license. OBS has no | watermarks or other limitations and can be used commercially with | no restrictions. | | So I guess there's nothing wrong with that. | dtech wrote: | It depends on how they integrated. GPLv2 requires that TikTok's | version is either GPL-compatible itself (I doubt it), or they | use OBS as an external program. | | _edit_ This comment [1] claims GPL code is compiled into their | non-GPL program, which is a huge no-no | | [1] https://news.ycombinator.com/item?id=29592556 | jmcs wrote: | It would depend if Tiktok Editor is legally considered a | derivative application or not. If it is, then it's in breach of | GPLv2. | neyme wrote: | I've always wondered if these license are legally enforceable. | What if TikTok ignores the criticism and does nothing. Do the | developers sue the company and will they get any money? | vineyardmike wrote: | They could try to get money but they could also try to get a | cease and desist order to compel them to stop if they don't | even post suit. Not sure if that means violating is criminal or | anything but means you're ignoring a court order which is a big | no-no legally. | [deleted] | nunez wrote: | Damn two big names stealing from OBS in one year! It is great | software, though; I can see why companies would go that route. | Vinnl wrote: | I think it's useful for developers to have a rough mental model | of how open source licensing works, as it's not that complicated | yet affects what you can legally do, both as a user of open | source software as well as as a contributor. | | Coincidentally I recently did a Twitter thread on it, in case | anyone's interested. I know not everyone like the medium, but at | least it's also posted on Mastodon, so there's that: | https://fosstodon.org/@VincentTunru/107382356640669971 | nick__m wrote: | There is less correct but funnier comparison. It's a cartoon | comparing the various licences as if they were a dad: | http://www.wtfpl.net/wp-content/uploads/2012/12/wtfpl-strip.... | | TikTok probably tought that OBS was licensed under the WTFPL ;) | Buttons840 wrote: | Could GPL include a clause such that, when abused like this, the | code of the offending app would become GPL code as well? | | Imagine people start "stealing" TikTok code, TikToc sues, and now | the defendant has their day in court to defend the GPL, at | TikToks expense. | lucasyvas wrote: | In almost all cases, TikTok's offering would be considered a | derived work because you cannot swap out the OBS part for another | and still have it work. So they are likely in full violation | unless they agree to open source all their code. | | Seems like a pretty open and shut case to be honest - that is, if | they intend to pursue legal action and the powers that be rule | appropriately. | _fat_santa wrote: | Like others have said though, any derivative works of OBS must | also contain the same GPL License. It was pointed out in that | thread that Reddit also forked OBS for their live steaming but | they didn't get into hot water because they followed the rules | and open sourced their software like the License required them | to. | dathinab wrote: | Given that it only affects a beta client they could: | | - pay damage for the violation the the client, given that's | only beta that would likely not amount to much | | - and stop the beta program, while replacing their OBS | dependency with something completely different. | thebean11 wrote: | I'm out of my depth here, but what makes you say they can't | swap out the OBS part for something else? Do you mean they | can't swap it without modifying the rest of the code, or can't | swap it at all? | randomNumber7 wrote: | If they swap it out, they have to build code which does | exactly the same/ has the same interface. It can still be | considered a "derived" work. I'm not a lawyer but that was | what op meant. | thebean11 wrote: | I'm not sure, that sounds a lot like the Oracle v Google | argument on whether an API is copyrightable. | onphonenow wrote: | To hell with this open source stuff then, the STUPID idea | that these interfaces are copyrightable is total garbage. | | That said, we should be able so sue open source developers | - a fair bit of open source is reverse engineering | interfaces (drivers, ACAPI, power management and more). If | this violates the copyright of the underlying proprietary | firmware - bring on the lawsuits! | ShrigmaMale wrote: | Chinas whole economy is built on illegal copying, who is | surprised? Not me. | zfxfr wrote: | So concretely what are the risks they encours ? | markus_zhang wrote: | Open source software license should include a clause saying that | it is mandatory for commercial users to pay a certain amount of | contribution annually, let's say 0.01% of gross revenue? | | So if they find it too expensively they can simply turn away and | build their own, which is good for whoever get the chance to do | some lower level programming, and if they find it OK the open | source authors/maintainers can get some good money. It's a win- | win. Of course this might request open source authors/maintainers | to form a more rigid organization (how to share the profit). | ghaff wrote: | Then it's not an open source software license. | 29083011397778 wrote: | I suspect you're conflating Free, Libre, and Open-Source | Software. The first can be free (as in beer), the second free | (as in you can do whatever you please with it), and the last | is that the source is publicly available. | | GP's proposition would be Open-Source, but not FLOSS IIUC | andrewshadura wrote: | You are mistaken. All three terms have the same meaning. | ghaff wrote: | In general people use the open source definition and the | licenses approved by the OSI as what defines open source. | These don't allow you to discriminate based on usage, such | as commercial use. (If you own the copyrights, you can dual | license under both an open source and a non-open source | license of course.) | | "Source available" or "shared source" licenses are not | generally considered open source. | andrewshadura wrote: | Open source software is a name for free software which was | intended to make it sound less ideologically loaded. Libre | software, on the other hand, is a name for free software | intended to make it less ambiguous while preserving | ideology. Anyone who claims otherwise is either: a) trying | to be an ideological purist fighting with those not | following their ideology to the maximum, or b) trying to | mislead you to try and devalue the terms, or has been | misled by (a) or (b). | ghaff wrote: | The impetus for the term was supposedly that people kept | being confused the distinction between free as in beer | and free as in freedom/libre. However, to your point, one | suspects that some prominent people like Tim O'Reilly | latched onto "open source" as a less ideologically- | aligned term. | VWWHFSfQ wrote: | the goal of free software is _freedom_. | | money has nothing to do with any of it. | markus_zhang wrote: | You can have both IMHO. | VWWHFSfQ wrote: | sure but they're not compelled by the license itself. They | are compelled to pay for the software in the form of hiring | developers to work on it, donating to the foundation behind | it, etc. Companies like Red Hat have done this very | successfully for a long time because they prefer to keep | the supply chain feeding the lifeblood of their enterprise | healthy. | markus_zhang wrote: | Maybe a dual license then? | alkonaut wrote: | Is it clear whether it's a "fork" (i.e. the entirety or a | significant portion of the code is used in the derivative work), | or whether they just found some utility snippet in an open source | project and forgot to wash it? | | Also isn't TikTok Chinese? | oliwarner wrote: | It's concerning how many self-labelled software engineers on | Twitter are chipping in with comments like "it's open source so | it's fair game" or "they just need to add attribution". | koonsolo wrote: | Maybe it's a generational thing. In the olden days, Open Source | was basically GPL. But nowadays, Open Source is basically BSD. | | So I get it that all the npm developers don't really consider | that some licenses might be restrictive. | yumraj wrote: | Probably they are employed at companies who are themselves | violating GPL and have seen this being done there. | delusional wrote: | How do you think companies end up violating GPL. Maybe | sometimes it's a heartless executive, but a lot of enterprise | software devs are completely unconcerned with licenses. If | they can get their hands on it, the license doesn't matter. | tombert wrote: | I think a lot of software engineers nowadays write server | software, where they can often be somewhat allowed to be | unconcerned with licenses [1], since the actual binary | produced from the code lives on the server, and is | typically not distributed outside the company. | | As a result of this, I think there's this mass | misunderstanding of how licenses work in the software | engineering field. | | [1] With the exception of AGPL if I understand correctly. | LambdaTrain wrote: | A lot of companies do not hire software engineers to | implement the system; instead, they contract it to third | party (tech service companies such as Cognizant). I think | some sort of auditing is done at the delivery, if they | concern about the license. But in the context of Java web | app, the enterprise software is usually built on | dependencies under APA, so it should be of less concern | jermaustin1 wrote: | I had a senior dev at a past job who did this constantly. | And when it was found out how much he actually stole, our | entire team was laid off and replaced by the company that | did the audit. | | He just refused to believe that software licenses were | real. That and I dont think he could actually code anything | from scratch without stealing large swaths of code from | open source repositories. | midasuni wrote: | He can believe the GPL isn't real all he wants. In that | case how did he justify breaching copyright law? | trulyme wrote: | > I had a "senior" dev... | | Ftfy. | jermaustin1 wrote: | His resume seemed to back up his claim. Not sure if it | was real, though. HR called every one of my past | employers and my references, so I figured they would have | followed up on his, too. | trulyme wrote: | Yes, I know the type - I have met a few of "senior" devs | that were anything but. I can imagine their past employer | didn't even know their true worth, or lack of. Sorry you | had that experience. | vkat wrote: | Copy/paste without attribution to license or permission | is more blatant. | jermaustin1 wrote: | Organizationally he was given free reign to do whatever | he wanted, and that lead to the entire teams downfall. He | canceled code reviews... for himself. Well, he actually | stated, all code reviews go through him, thus he "code | reviewed" his own code. I remember he was once a few | weeks late on delivering a basic landing page, and when | it finally got to QA at 9pm on a Friday, our entire team | was forced to work the weekend and QA gave me a TFS | export of more than 200 defects I had to fix because he | was unreachable. Needless to say, our entire team was | upset we all got laid off, but also relieved because we | all ended up in better jobs. At least everyone I've | talked to, which is everyone but him, as he has never | responded to a single text message or email since he quit | after the layoff (he refused severance, and just walked | out), all his socials went off line, and any record of | his name has disappeared from the internet. I'm fairly | certain he was a conman, but I have no way of finding | out. | voakbasda wrote: | Maybe hired by a competitor to tank the company | intentionally? I would not put it past many big companies | to do something like that. | ihaveajob wrote: | That takes some skill. I was almost duped like that by | someone we nearly hired for a sales position, which is | much easier to fake for a few months, especially working | remote. | vkat wrote: | In all the enterprise companies I worked for we are drilled | with required learning and assessments which often include | training on software licenses. The aim of these training is | devs to keep an eye for license and defer to someone higher | up if in doubt. These processes are manual and catch only | so much. | | In companies with mature software processes there is always | tooling that will block a release if it finds unacceptable | license. To me it looks like TikTok hasn't properly | invested in tooling and this somehow slipped. | 8ytecoder wrote: | Enterprises of even modest size take it very seriously. | They'll be juicy targets to go after. It's everything | between startups to midsize companies where this is not | clearly defined. Just ask the VCs who do due diligence. | Almost everyone of them will audit your licenses before | they invest. One of the things they ask for is the list | of libraries you use and their licenses. | fhfhrhfjfjfhfh wrote: | Helo Eros sacke | rectang wrote: | As a open-source-license expert dev, in the past I've | been able to offer a lot of value to my employer by | assembling that list in such a way that the buyer could | have high confidence in our audit of dependencies. | | This doesn't protect anybody against illegal copy-pasta | by ignorant/irresponsible devs, though. | bahmboo wrote: | We couldn't ship software until we cleared every bit of | code flagged by a tool that scanned our code for open | source. Most of the hits were for projects with a safe | license and there were many false positives but all in all | it was a great step in our static code analysis. I find it | astonishing that a company of any size would skip this | step. | BlueTemplar wrote: | Well, TikTok is a Chinese company, so it seems safe to | assume that it's just part of the culture ? | criddell wrote: | It might not be like this everywhere, but in the US all | software engineers are self-labelled. It's not like medical | doctor (MD) or professional engineer (PE) where the title | actually implies some license to practice. | oliwarner wrote: | But you can be considered a software engineer by your peers, | usually demonstrated through qualification and professional | experience. | | The differentiation I was trying to draw with those two words | is: I don't know if they're actually working software | developers or people who just hack on code in their free | time. If they're professional devs, that's obviously much | worse. | | Honestly, not the part of that I was expecting to have to | discuss. | PragmaticPulp wrote: | Common misconception, but Software Engineer is actually a | licensed profession in many states (with vague industry | exemptions): https://en.wikipedia.org/wiki/Software_engineeri | ng_professio... | | But virtually nobody does it. The NCEES even abandoned their | Software Engineer licensing exam a few years ago because | nobody was taking it. | hhh wrote: | Lightly glancing it seems like there are hard requirements | for a college education for some of these. That's a hard- | stop for many (including myself.) | dnautics wrote: | yeah, that's fine. You should call yourself a software | developer (or, as I call myself, a software plumber). An | software engineer, minimally IMO, is someone who can 1) | produce a software BOM, and 2) can craft an SLA. I can | _maybe_ do 1, and can 't do 2. So, I don't call myself a | software engineer. | tata71 wrote: | Even if you had a degree, working in this field should | teach you it's not a requirement. | voakbasda wrote: | This does not deserve to be downvoted. A degree is | secondary to actual talent. Too many students in my | graduating class were undeserving of their degree, and | plenty of folks can do the job without it. | criddell wrote: | > Software Engineer is actually a licensed profession in | many states | | Last time I looked, I couldn't find any. Some states tried | for a while, but I think they all gave up. | 88j88 wrote: | Looks like they stopped offering exam to license people: | https://www.nspe.org/resources/pe-magazine/may-2018/ncees- | en... | anthk wrote: | In Europe being an engineer has civil accountability on | issues. | | You can be fined really high if you hire a self-called | engineer without a proper degree. Or at least decades of | alleged experience in the field. | k12sosse wrote: | Especially without the accountability. Call yourself a | software engineer? Did your code break? Is it vulnerable | to exploits? What was the damage? Did you ship it knowing | it was not fit for public usage? Congratulations! you're | no longer allowed to program for a living and the state | is suing you and your employer for damages. | saghm wrote: | I think part of the problem is that compared to more | traditional forms of engineering, software engineering is | still really young and not as rigorous. Right now, | _nobody_ can write code without any bugs it in | whatsoever. If we banned people who wrote buggy code, | pretty soon we'd have no software engineers left. | Regardless of whether you think that's a good idea, it | seems pretty clear that at the very least there is a lot | of demand for programmers, so it's unlikely the industry | would get behind limiting that further in such a drastic | way. | pjmlp wrote: | The issue is not banning, rather lack of liability. | | Even the cook at the bistro on the corner is liable if | the food, cleaning or refrigeration isn't as it is | supposed to be | criddell wrote: | > If we banned people who wrote buggy code | | That's not the standard for any kind of engineering. | Professional Engineers make errors all the time. But they | also design systems with fail safes, redundancies, safety | factors, etc... You design systems with the expectation | that failures will happen. Users will do stupid things. | Highly improbably sequences will probably happen. | | Not all code needs to be designed so carefully. Nobody | cares if Hacker News is offline for a few hours. But the | software systems in self driving cars or running an MRI | machine probably should be designed by licensed | professionals who can stand up to their bosses and say | "this can't ship until these improvements are made" | because if it does ship, they can be personally sued for | malpractice and lose their license. | G3rn0ti wrote: | Well, yes, this applies to engineering. But not to | software engineering. | | Personally, I like ,,software engineering" as it is -- | being a free profession where talent counts more than a | degree. | mcguire wrote: | What's talent got to do with it? | winphone1974 wrote: | The degree is part of the training of an engineer, not | the professional designation itself. The challenge with | our current understanding of the title software engineer | is that practitioners are not held to the same standards | and responsibilities as other engineering fields. It | doesn't have anything to do with talent. | mcguire wrote: | * not held to any standards and responsibilites. | | FTFY. | | Cynically, Me. | paxys wrote: | You can only be held to some standards if there exist a | common set of standards that the entire industry can | agree on. This is impossible for software. | pjmlp wrote: | It surely does, e.g. in Portugal you can't even name a | Software Engineering degree without approval from the | Order. | | You are not required to do the exam, provided there is no | civil liability or signing projects as the legally | responsible Software/Informatics Engineering. | anthk wrote: | >Well, yes, this applies to engineering. But not to | software engineering. | | Good luck with that here. | criddell wrote: | > talent counts more than a degree | | Are you saying for MD or PE that talent doesn't matter? | | Anybody can say they are a software engineer. The title | means nothing. | ipaddr wrote: | Yes. A degree matters much more than talent. If you can | get a degree you can practice. The most talented person | in the world with no degree can't. | | Some people go to places where their low talent but high | cash flow allows them to get a license. | mcguire wrote: | Oddly enough, I don't think I'd care to visit a medical | professional whose sole virtue was talent. I'd kinda | prefer some knowledge and skill, too. | criddell wrote: | Okay, so for an MD a degree is necessary that's true. But | an MD with a degree and no talent probably won't be an MD | for long. | | MD at least means something. "Software engineer" means | nothing. | adamsb6 wrote: | There are a lot of incurious paint-by-numbers doctors in | the US. Doing your job by rote won't get you fired. | ipaddr wrote: | Once you are an MD unless you challenge powerful forces | in your association or hospital you are free to practice | bad medicine as long as you can stay within some | reasonable guidelines around billing and when to order | tests. This gets exposed with surgery but is a lot easier | with a GI doctor. | | They both mean something. You have to dive in to get the | real scope regardless. If you just need a title for your | commerical MD would carry more weight around diet | products and a developer around a new software offering. | mmcgaha wrote: | It has been many years since After The Gold Rush was | published and we are no closer today than we were then. At | some point software engineering will be a real profession but | I doubt anyone will take action before some huge catastrophe | pushes the issue. | duped wrote: | I don't like the idea of gatekeeping, it's hard enough to | hire people. | | In the US we don't really have licensing for engineers | (there is PE, but it's not anything close to ubiquitous). I | think it's one of the best parts of our engineering/tech | culture. | | You're an engineer based on the skills you employ to solve | the problems you do, not because some body of people gave | you a slip of paper that says you can employ those skills | to solve those problems. | vineyardmike wrote: | In the US, PE has made it so the word "engineer" is | legally protected, like "doctor". No one enforces it for | software, so I wonder if it's even enforceable anymore. | But the law is there. | simplestats wrote: | In some fields of engineering PE is pretty nonexistent. | Some people come from other degrees (like math, physics) | and call themselves engineer without difficulty. But | engineering fields require a much more narrow and deep | set of skills. generally the key classes to learn those | skills come at the end of three or four years of | prerequisite classes, so it's a pretty high barrier to | starting without doing the degree. | | In programming you can learn your way to advanced skills | while getting paid. Once you know roughly one class worth | of basics there's valuable contributions you can make, at | least if you are decent at figuring things out on a | computer. | voakbasda wrote: | Not enforceable. Or at least entirely winnable in court. | Such a victory happened recently in Oregon: | | https://ij.org/press-release/oregon-engineer-wins- | traffic-li... | | TL;DR: such restrictions violate your freedom of speech. | indymike wrote: | Hate using this preface, but, unpopular opinion follows: | The issue in the US is that the word engineer has been in | common use to describe technical workers for a very long | time. I've had friends who were: | | * Engineers (and operated trains) * Manufacturing | Engineers (who were really equipment techs) * Sanitary | Engineers (who were really trash truck drivers) * UX | Engineers (who were really web designers) * Software | engineers (programmers) * Data Engineers (kind of dba- | ish, maybe) * Culinary Engineer (restaurant kitchen | designer) | | Genericide has occurred. The boat sailed. | | When the real estate industry wanted a word for "licensed | seller of property" they had to make up a new word | "Realtor" and protect that with a certification mark. The | engineering industry really needs to do the same thing | instead of harrassing the garbage truck driver, computer | programmers and the guy who fixes the conveyor belt. | clarge1120 wrote: | Gatekeeping in the software industry is a surefire way to | slow down innovation. Software would stop eating the | world, or only take a bite every couple of decades. | pjmlp wrote: | Sure because there is no innovation across the | engineering fields. | tiborsaas wrote: | > At some point software engineering will be a real | profession | | I'm rooting for the same, finally we will earn like | management /s | criddell wrote: | I think you are right and it's too bad. There are some | fields that should have it. | | For example, the software for self-driving cars should be | signed off by a licensed engineer before it is allowed to | go live. Many mechanical and electrical parts of the car | have been designed by licensed professionals, why not the | software? | dognotdog wrote: | One can verify and sign off on computations that | approximate the physics or chemistry that will occur in a | structure or machine, as a well established chain of | procedures exist to go from crude formulaic | approximations to micro or, if necessary, nano-scale | simulations of electrical, mechanical, and chemical | processes, and we know what to look for. | | I don't think the same is true for software | "engineering," as it seems that all possible forms of | process can be subverted and cargo-culted, from agile | methods down to code checking. Certainly there is room to | remedy some shortcomings, but SWE definitely is the | engineering discipline least based in physical fact. | | The physics behind simulating the buckling of a structure | is always the same, we can just choose more or less crude | approximations of it, but SWE in general seems a lot more | diverse. I can implement that simulation in assembly or | some scripting language, and attach various bits and | pieces to it to manage users and data; deploy it across | the cloud if need be. But, there isn't a singular, time- | invariant optimal path to achieving that, and what is | true today may not be true tomorrow. One can work off | basic principles, like the Agile Manifesto, but how can | you quantify or even certify this shifting landscape? | grandchild wrote: | Having studied both mechanical and software engineering | at uni, I feel that you _can_ make the parallel between | the two. It's just that in mechanical engineering we've | converged a lot more over time. Out of convention and | need for accountability much more than necessity. For | example, for mechanical calculations we have converged on | using mostly the same algebraic notation (never mind | having minor differences here and there, such as in | vector notation). Having an obscene amount of different | notations, some so different that they are for the most | part unintelligible to half the engineers out there, that | would be unthinkable in ME, but is the norm in SE. | | The _physics_ of a buckling structure may be always the | same. But already the modelling techniques are far from | obvious consensus: Do you do it analytically? Do you use | FEM? BEM? Then there are a bunch of simulation | techniques, i.e. for numerical integration, which you | could use, much like you could use functional or | imperative programming or OOP or whatever else. | | So if we were to behave more like the _software_ branch | of the engineering discipline in general, then we'd have | a _much_ tighter space of languages that would be at all | acceptable for any work deemed critical, like medical, | administrative or aeronautical software. | mirker wrote: | I agree you can make software rigorous like in ME. The | part which is hard is that debugging or proving | properties about a program is much more difficult than | writing the program. These costs are currently hard to | amortize over multiple projects. Real-time systems have | some of these facets (e.g., spacecraft). | | For example, a memory allocator can be studied in the | usual algorithmic sense or perhaps how they impact the | stability of the system under randomized load. Can you | prove the system remains stable? Yeah. Is it worth it | when you can reboot machines and add some heuristics? No. | | Currently, the big places which are getting any attention | for verification of functionality are embedded | applications and OS kernels. Even then, the depth of | verification is limited to common bug categories. | zardo wrote: | > Many mechanical and electrical parts of the car have | been designed by licensed professionals, why not the | software? | | Maybe some companies have some internal requirement for | that, but generally speaking that's not true. Legal | requirements for review and approval by a PE only apply | to building drawings. | ipaddr wrote: | Engineer is a legal term in some place where a degree is | required in engineering. | | The term developer doesn't require a license neither does CEO | or board member or president of the US. | [deleted] | 908B64B197 wrote: | I wish "software engineer" meant something. | | There are CMU/MIT grads using the tittle alongside 3 month | bootcamp grads. | | I also have to wonder, with the owners of Tik Tok really being | ByteDance (Zi Jie Tiao Dong ) if the dissrespect for IP really | isn't cultural. | paxys wrote: | The title isn't what's important, it's your skills and what | you can do with them. The MIT grad and 3 month bootcamp grad | both have the same opportunity to complete and prove | themselves, which is unique to the software field. Lack of | artificial barriers and gatekeeping is the very reason why | the industry is able to thrive. | dang wrote: | We detached this subthread from | https://news.ycombinator.com/item?id=29592556. | skeeter2020 wrote: | In many jurisidictions "Engineer" is a licensed and regulated | title, and their professional organizations have tried to | regulate it, but lost the war. We know have actual engineering | programs that focus on software and 6-week bootcamps graduating | people who claim to be "Software Engineers", so add it to the | list of appropriated words right next to "Geek". | lainga wrote: | The attitude on (mostly American) HN is against licensing | bodies, as far as I've seen in the past. | tata71 wrote: | If you saw, or were exposed to, how many thousands of | dollars and hundreds of hours it takes native professionals | to get licensed to do hair braiding or cutting, you'd be | disenfranchised, too. | lainga wrote: | Native professional like native-born American? | | In my case I pay about 300 CAD a year to EGBC and have | not heard from my colleagues that getting a P.Eng in BC | is a significant time-sink. You have to have 4 years of | work experience, get your work certified, and then do a | couple exams. I would believe dozens of hours, but not | hundreds. | emaginniss wrote: | Right, "geek" should go back to the original definition: a | person who bites the head off of a chicken in a carnival | show. | mometsi wrote: | And he is a foole, a sotte, and a geke also, Which | choseth a place vnto the same to go, And where diuers | wayes lead thither directly He choseth the worst and | most of ieopardie | | https://www.otago.ac.nz/english- | linguistics/tudor/BarcEclogu... | mikeryan wrote: | So, I'm unclear on this if, and I don't know if this is true, | TikTok just creates a UI that "execs" commands to an unmodified | OBS executable cli - What is their actual responsibility here? | pavon wrote: | They are distributing the OBS executable, therefore they have | an obligation to also distribute the source to those same | people on request, and to let them know about their rights to | receive the source under the GPL. | | If OBS really is running standalone, then that is the extent | of their responsibilities. If on the other-hand, OBS is being | combined with other software to create a derivative work, | then they must distribute the full source of that derivative | work as well. What constitutes a derivative work is more | complicated. It is ultimately a decision for courts, though | many folks (including FSF) have opinions on what should and | shouldn't be considered a derivative work. | viktorcode wrote: | Most likely that's the reason of OBS' code ending up in | TikTok's product. Some engineer disregarded the license with no | insidious intention to steal. | throwhauser wrote: | It's reminiscent of people adding "no copyright intended" (sic) | when posting other people's music online. It seems like | intuitions about copyright have been shifting, even if the law | hasn't. | JohnWhigham wrote: | No, it's that no one assumes the MIT License is the default | one that every open source project ever uses. | slantyyz wrote: | > It seems like intuitions about copyright have been | shifting, even if the law hasn't. | | I think people actually know it's wrong and legally | questionable. | | I believe they do it because they simply want to do it and in | the back of their minds, hope adding some bogus disclaimer | will let them get away with it... because other people seem | to be getting away with it. | HWR_14 wrote: | I think people think it's legally wrong but not morally | wrong, and so they add a bogus disclaimer hoping that they | can get away with it because other people have. | minimaxir wrote: | At the least, the internet eventually realized that "you must | delete your video game ROMs within 24 hours of obtaining | them" is not a valid legal stance. | ludamad wrote: | Oh that jogs forgotten memories. | codetrotter wrote: | Anyone remember that disclaimer some pirate websites used | to have where they said something starting with something | like "On October 28, 1998, President Clinton signed into | law the Digital Millennium Copyright Act", and the | disclaimer went on to mention some DMCA exceptions like | learning and teaching or something? Always gave me a | chuckle. As if saying that the DMCA does not apply for | you is enough to make it actually so. | SavantIdiot wrote: | There are subtleties not captured by this quick overview which | are not fully understood by (in my experience) the _vast_ | majority of programmers: | | https://choosealicense.com/licenses/ | | If your project is going to be "real" (e.g., not some personal | throwaway), you really need a lawyer if you are including | anything other than MIT. Even Apache can be problematic when it | comes to patenting. | gus_massa wrote: | What about BSD? | [deleted] | krylon wrote: | I am not a lawyer, but the (2-clause) BSD and MIT licenses | look nearly identical to me. The wording is slightly | different, but I think they express the same intent. | znpy wrote: | > self-labelled software engineers | | are you implying there should be requirements to label yourself | as an engineer? like a degree in engineering ? | vineyardmike wrote: | This is already a thing in the US. | [deleted] | [deleted] | citizenpaul wrote: | TikTok is in China. There is no such thing as illegal forks | their. Half their economy is based on stealing IP and mass | producing it cheaply. | | Any laws or legality is just lip service to shut up companies and | governments that complain. | leodriesch wrote: | The American operations of TikTok have to follow American law | and have to follow orders given by an American court. | | They will then have to comply or leave the American market. | sergiotapia wrote: | Hope there is a multi-million dollar pay-off for OBS. | jaywalk wrote: | OBS is willing to work with TikTok to get them into compliance. | That would either mean open-sourcing the software or paying for | a license. | bilbo0s wrote: | At this point, it's not even clear to me that paying would | rectify the legal issue with respect to the GPL. It's an | amalgamation of source contributions over time. Any one | contributor could, in theory, refuse any consideration other | than an open sourcing of the software. | | Of course, now I think about it, that could be an easy | problem to fix. They say every man has a number. | ghusbands wrote: | Almost all relicensing efforts are actually most hindered | by not being able to contact people. If you can't contact | someone who holds the copyright to something, you can't | change the licensing rights over it. | | A lot of projects have copyright assignment, to allow for | relicensing. They typically ask for you to assign copyright | to them or to a company they control, so that they can | still relicense as they see fit, in future. | dodgepong wrote: | It's worth noting that if someone can't be contacted, the | maintainers aren't out of luck yet. If the contribution | is deleted (and then possibly reimplemented later by | someone with whom the project _is_ in contact) then the | issue is resolved. It can be a lot of work, though, | depending on the size and importance of the contribution, | and reimplementing the code in a way that doesn't derive | from the original submission can be difficult or | ambiguous. | SergeAx wrote: | Is there a way to buy oneself out of GPL license? I beleive | there's not. | kaetemi wrote: | Yea. Pay someone to write it from scratch. | | Basically, it's practically (not ethically) fair game to | use GPL in commercial software, until someone catches you. | The only repercussion that the license provides is that | your license is revoked until you resolve the violation | (for the first violation). | | Meanwhile, you got to release your product, and by the time | you got caught you've had enough time to implement it | yourself. | Vinnl wrote: | The authors of the software can create an additional | licence that they could buy. Of course, that gets more | difficult if there are many different, hard-to-contact | authors. | bragr wrote: | It's worth noting that this is why many commercially | minded projects require you assign copyright to them | before they'll accept your contributions. | vlovich123 wrote: | That's not the only repercussion. They can sue for | copyright infringement and there can be large fines. | johnebgd wrote: | Not a lawyer but seems like source projects would have a | hard time showing damages since they don't charge for the | software. | woodruffw wrote: | I don't believe you need to demonstrate specific damages | for a copyright infringement case in the US. You only | need to demonstrate two facts: that you are the | legitimate holder of the copyright, and that the other | party did in fact infringe. | VRay wrote: | It's pretty funny that corporations can levy a multi- | million dollar judgement against a single mother for | pirating a CD, but then when the tables are turned, it's | no big deal | vlovich123 wrote: | As others have said, penalties are not related to how | much you charge for the product itself. For example, when | you start illegally distributing music your penalty won't | be retail cost * number of copies. There's multipliers & | things that get applied. Basically your judge/jury will | figure out the damages amount after you're found guilty | (assuming you don't settle). | | This also makes sense when you factor in that retaining | lawyer services to prosecute the infringement costs time | and money (not to mention the court's time & resources to | handle the case). | drran wrote: | Suppose, I'm an author of GPL software. I think that my | code costs $1M. I expected that if someone uses my | software, according to license, then he will release his | software under same license for me. Now, somebody used my | $1M project in his $100M project in violation of my GPL | license. My losses are $100M. | ashtonkem wrote: | You can legally dual license if you have ownership over all | the code in question. This is common for open source | industrial software; pay for a different license so you can | embed it in a closed source project. The GPL doesn't | restrict you from offering the same code with a different | license _if you own it_. | | Often the issue is that some projects don't require | contributors to sign over copyright ownership as part of | contributing. So you have a project that's licensed | uniformly, but each contributor still owns their individual | contribution. Unwinding this after the fact can be a | nightmare, as it involves either finding every contributor | and asking them to sign over their code, or manually | removing every bit of code you don't own as a project. | | This is why a lot of bigger projects require you sign a | contributors agreement that assigns copyright before you | can contribute to the main repo. Doing this in advance | saves the project a lot of headaches down the road if dual | licensing is deemed useful. This is true even if you want | to license under two different open source licenses, as | only the copyright holder can change the license. | wolrah wrote: | The GPL itself offers no such option, but if the copyright | holder(s) choose to they may offer whatever alternatives | they choose. Many significant open source applications are | offered under this model such as MySQL. | | The catch is that the more copyright holders there are the | more likely it is that someone who has contributed a non- | trivial part of the project will not agree, in which case | their work would have to be removed/replaced to allow for | relicensing. | | Large projects that have not required a CLA from | contributors are effectively impossible to relicense. | throwaway934876 wrote: | The authors can re-license right, even for one (paying) | customer? They could also pay for the promise not to sue? | IANAL. | vlovich123 wrote: | Only if the project owns the copyright or otherwise has | been granted such powers in their contribution agreement. | Otherwise, no. They'd have to get approval from every | autho/rewrite the code they don't have a license for to | provide a copy that isn't GPL. | daptaq wrote: | I remember reading that it should be able for users to | sue instead of the author, if they cannot ccess the | source of GPL'ed software. | vlovich123 wrote: | I'm fact it's only the users who have standing to request | the source. The author's have standing to sue for | copyright infringement. | colejohnson66 wrote: | Not at all true. It's copyright infringement if you're | not following a license contract, of which the GPL is. | vlovich123 wrote: | The GPL contract only says you have to distribute source | to the users you give binaries to. The only people who | can ask for said source are the people receiving those | binaries and the only people who have standing to sue | when that doesn't happen is the copyright owners. | | That's why you can use GPL software in your private CI | system and not need to give anyone the source code. | colejohnson66 wrote: | I see I misread your comment. My apologies. | EamonnMR wrote: | Class action settlement? | fsckboy wrote: | > _That would either mean open-sourcing the software or | paying for a license_ | | no, in general it means TikTok rewriting those portions of | the software themselves | myself248 wrote: | So they can just steal until they get caught, make a | bazillion bucks, and get off scot-free if they write their | own code after getting caught? | dodgepong wrote: | Paying for a license would be nearly impossible, as the OBS | team would need every contributor to sign a CLA to give the | OBS team the rights to relicense/dual-license the OBS code | base. | azeirah wrote: | Would be nice if the contributors could get some money for | it | telesilla wrote: | The result would be hundreds of OBS closed source clones | that do not contribute back to the project. It would be a | disaster. | Xylakant wrote: | As long as they all pay a reasonable license fee, I don't | see a disaster. The OBS project could then pay developers | to build open source features that benefit all. A lot of | the forks would likely contain features that are not if | interest to other users anyways. | dang wrote: | We detached this subthread from | https://news.ycombinator.com/item?id=29592556. | msarrel wrote: | It ends up being close to impossible to enforce these licenses. | Shubhi_29 wrote: | Tiktok is ban in India | soheil wrote: | How do we make sure people invoking China-stealing-intellectual- | property-yet-again don't pile on this thread? If this is a case | of a company wrongfully using IP we need to very much have a | discussion about that topic alone. | [deleted] | sophacles wrote: | Why? What's wrong with pointing out a pattern? | orliesaurus wrote: | I hope they donate to the OBS project at least... | lucasyvas wrote: | Doubt | mthrow_123 wrote: | I worked at a medium size software company in New York and our | team lead would always say "Why make what you can take?" when | referring to finding open source code and running with it, | regardless of licensing or anything. | nneonneo wrote: | The actual Studio app is in beta and is only available to a | select group of testers. If you're on the list, you can grab the | installer from https://tiktok.com/Studio/Download. | | If you're not on the list, like me, you can go to a cached | version of that page, find the JS code that retrieves the | download links (https://lf16-tiktok-web.ttwstatic.com/obj/tiktok- | web-us/tikt...), hit the API that serves up the download links | (https://tron-sg.bytelemon.com/api/sdk/check_update?branch=ma...) | and grab the download links to share with everyone (the files are | identical, these are mirrors): | | https://lf16-live-studio.tiktokcdn.com/obj/tiktok-live-studi... | | https://lf1-ttcdn-tos.pstatp.com/obj/tiktok-live-studio/6974... | andrew_ wrote: | I'd like to see HN shy away from posting twitter threads as news. | There's almost always a hard link to the source material, and | twitter threads are filled with emotional, truncated, nuance- | lacking, trite clips that more often than not do little to | promote healthy discussion of a topic. The goal of quality here | really is noble. | platz wrote: | sometimes thats where the news is | Kinrany wrote: | Including this case. The "original" original is a Discord | message. | jjulius wrote: | >There's almost always a hard link to the source material... | | Do you have a hard link to the source material in this | instance? As far as I can tell[1], there isn't an article about | this yet; the only results at the time of this comment are | about how TikTok will be allowing "OBS-like streaming" soon. | | In lieu of an actual article or blog post about this, what | would you suggest people link to if not a Twitter thread? | Should an issue not be discussed whatsoever if it's only on | Twitter? | | [1]https://www.google.com/search?q=tiktok+obs&source=lnms&tbm=n | ... | [deleted] | dang wrote: | > There's almost always a hard link to the source material | | I don't think that's true. Twitter threads, like it or not, are | the medium for a great deal of original insight, public | conversation, and ongoing developments. | Oddskar wrote: | Why would a newspaper article that regurgitates the Twitter | thread be any better? | | If the source is Twitter then I much prefer a link to Twitter. | jazzyjackson wrote: | But the news isn't that somebody on Twitter found this | license issue, the news is that there's a license issue. A | tweet could be a good tip for a journalist to do journalistic | things like finding out if its true and writing up some | context of how this has happened before and what GPL is, that | way the story can be understood by a wider audience. | | Twitter is popular for people obsessed with hearing the | latest rumor, but if TikTok is an illegal fork of OBS, I'd | rather hear a few days later the well researched details - or | if its a nothingburger overreaction, then I'd rather not hear | about it at all. | galgalesh wrote: | From the HN guidelines: | | > Please don't complain about tangential annoyances--things | like article or website formats, name collisions, or back- | button breakage. They're too common to be interesting. | fathereatsass wrote: | If the rule you followed brought you to this, of what use was | the rule? | jazzyjackson wrote: | I think the complaint is more about twitter being an | unreliable trash news source akin to the daily mirror, rather | than pedestrian complaints of how the format is annoying | ollien wrote: | What makes Twitter any different in reliability than | someone's blog? HN is filled with random blog links | BuildTheRobots wrote: | The obvious difference is that it's impossible to explain | any complex or in depth information using 280 characters | or less. Trying to follow a thread of tweets (without | using a 3rd party site) is painful. Heck, this throwaway | response barely fits. | ipaddr wrote: | Many times there are a series of tweets. It's as easy to | view it is as easy as scrolling down no third party tools | required | btown wrote: | Yea, Twitter has vastly improved its UX here over the | years. Thread unrolling isn't really necessary any more. | | Twitter is actually an incredible feed _if_ you | meticulously scope your feed or lists to industry folks, | people doing advocacy for various marginalized groups, | and individual journalists ( _not_ their news outlets, | whose editors add the clickbait). If you do this, Twitter | becomes a place where people proudly try to summarize | their own intensive research and journalism into 280 | characters, and thus present varied insights at extremely | high density. Every tweet tends to link the long-form | work itself, as well as a thread, by them, that is | essentially an abstract for their long-form work. And | professionals who want to post off-brand content will | often times open up a second account for trivialities, | which you can choose not to follow. | | To put it another way: If you wanted to capture the | zeitgeist of, say, a machine learning conference, and | made a user interface to let people summarize their work, | speak excitedly about it, be able to present _multiple_ | levels of depth (single-sentence, abstract, images, full | paper), and throw in the occasional meme whose comment | section is actually an insightful take on challenges | people are facing... odds are your interface would look | very similar to Twitter as it currently exists. The | difference, as always, is the content. | ufo wrote: | If only it were that easy. Twitter displays a complex mix | of follow up tweets and replies from other people, so the | follow up can be burried and hard to find. It also may | require clicking to load more tweets and there is little | indication when there is important information in the | replies. There is no way to know if scrolling through the | replies will be a worthwhile use of time, or just have | useless twitter noise. | | This very comment thread is evidence of this. Look at all | the people who didn't know that there were infringing | binaries, because that is only mentioned in a reply by an | obs dev in another tweet. | dang wrote: | It's still a tangential annoyance and thus against that | guideline. | zymhan wrote: | If the link is "trash", it won't get many upvotes. That's | the premise of HN. | | Twitter threads can be insightful an informative. | RicoElectrico wrote: | You follow the letter of the law, not the spirit. | | Or maybe you do not: examples given are not similar to what | GP refers to. | bdcravens wrote: | Also in the guidelines | | > Please submit the original source. If a post reports on | something found on another site, submit the latter. | selfhoster11 wrote: | That doesn't solve the problem that Twitter is, in fact, a | popular link destination and a giant pain to load on slow | devices. | fsflover wrote: | https://nitter.net/Naaackers/status/1471494415306788870 | aembleton wrote: | I'd like to see Twitter threads go to Threadreader as its | easier to read. For example, this thread would be | https://threadreaderapp.com/thread/1471494415306788870.html | estaseuropano wrote: | The same critique applies however also to Reddit and any other | site with social comments. | minimaxir wrote: | Hacker News has a "post the original source" rule. In this | case, Twitter is the original source. | | One of my most recent grievances is with HN is the ranking | penalty of Twitter submissions as that has been the primary | source of news lately, for better or for worse. | sp332 wrote: | Twitter is not the original source. The first image in the | tweet is of an earlier post. | tekacs wrote: | The image you're talking about in the tweet is of a Discord | message -- this tweet is presumably the most original | source that's linkable as a normal page on the web. | sp332 wrote: | Thanks, I was trying to figure out what platform that was | from. | jetsetgo wrote: | When Logitech and StreamElements do it; it's fine? | ravel-bar-foo wrote: | At this point, would it even hurt TikTok to open source their | code? The network effect and user profiles are their moat, not | their codebase. | dodgepong wrote: | If the app includes ByteDance's proprietary BVC1 or BVC2 | encoders, it's possible those would have to be open-sourced. | jackTheMan wrote: | if they remove all surveillance stuff.. maybe not | hkalbasi wrote: | Isn't (important part of) surveillance stuff on the server | side? | jrm4 wrote: | Yup. The best thing we can all do is shine a light on it. I'm a | lawyer and one thing that's important to remember in all of this | is the interconnectedness of things, and being strategic about | how to proceed is important. Shine the light everywhere. | | As in, one thing to consider is that some proponents of Free | Software do not actually want certain types of high-profile | public cases on the GPL _even when_ they law appears to be very | much on their side, mostly because it could be really bad if a | judge gets it wrong and sets something stupid as precedent. | bogwog wrote: | > mostly because it could be really bad if a judge gets it | wrong and sets something stupid as precedent. | | At this point, isn't precedent already set? There have been | more than a few GPL lawsuits where the courts ruled in favor of | the GPL. This wiki has a list | (https://wiki.fsfe.org/Migrated/GPL%20Enforcement%20Cases) of | them. | | Some of those are in the US, others in the EU. Not sure if US | judges have to consider precedents set in EU countries? | jrm4 wrote: | I'd say there's not "enough," and in a sense, precedent is | never binary, like "yes or no?" The law having distinctions | and extensions and so on. US will probably find EU law | persuasive but not binding. | | So broadly, I think at least part of the strategy is "don't | wake the beast." You really don't want e.g. "Microsoft v. | Tiny GPL guy" as a big case because the law is far from | perfect and there would be a lot of potential | incentive/influence in MS's favor. (True, you'd get lots of | Amicus action from Mozilla et al, but that would probably not | be enough) | ghusbands wrote: | People are misunderstanding this and claiming it's not | problematic. Ben Torrell (an OBS developer) notes later in the | thread that there is indeed GPL code compiled into TikTok's | executables; since source is not available and they have not got | another license, it is unlicensed and hence illegal. | ignoramous wrote: | I wonder if the GPLv3 violation pulls in TikTok's other | software and infrastructure under it. That'd be one for the | ages (like OpenWrt was [0]) if FSF manages to reign it in! | | [0] https://thenewstack.io/the-open-source-lesson-of-the- | linksys... | borodi wrote: | OBS is GPLv2 so I don't think it would get to that level. Tho | if the other GPL code is v3 then who knows. | dathinab wrote: | No it doesn't that's not how GPL (or any license) works. | | What happens is that it's a breach of contract (licenses are | contracts) which lead to an termination that contract (1) | (license) which grants the usage rights (copyright) for the | software. | | Which leads a company to (roughly) following choices: | | - start complying with the license in time "before" the | license gets invalidated | | - buy a proprietary license from the license holder | | - stop using the software, and pay damages for previous | usage/contract violation/copyright infringement(1) | | This means you are not _ever_ forced by law to release your | software under GPL, but you might be forced by economics to | do so, as you might not be able to afford not doing so (or it | 's just simply cheaper). | | (1): The topic how/when the contract becomes invalid and for | which terms you can sue is tricky, and depends on the country | in question. | | EDIT: Also even if GPL would work like that, there is no | reason why e.g. their non-OBS boundled apps or infrastructure | should be affected. | overeater wrote: | In option 1, when does the license get invalidated? Is it | invalidated in the first place because the offending | software broke the license? Or is it invalidated after | notification from OBS? Or even later, after some amount of | time after notification and non-correction? | | If it's violated before notification, then option 1 is not | possible, and option 2 is at the discretion of OBS, so | option 3 is the only real legal outcome. | | But if it's violated after notification, it seems like the | optimal strategy for any company using GPL software is to | not comply, until they are notified of violation, which | apparently is not that common unless you're already a major | product. | jacobr1 wrote: | https://lwn.net/Articles/61292/ provides a great | explanation | | > There is no provision in the Copyright Act to require | distribution of infringing work on altered terms. What | copyright plaintiffs are entitled to, under the Act, are | damages, injunctions to prevent infringing distribution, | and--where appropriate--attorneys' fees. A defendant | found to have wrongfully included GPL'd code in its own | proprietary work can be mulcted in damages for the | distribution that has already occurred, and prevented | from distributing its product further. That's a | sufficient disincentive to make wrongful use of GPL'd | program code. And it is all that the Copyright Act | permits. | babypuncher wrote: | It is absolutely problematic. Corporations will go to hell and | back to make sure their IP rights are respected. The open | source community should expect nothing less from them. | mynameismon wrote: | Relavant Tweet: | https://twitter.com/dodgepong/status/1471522226520346632 | trynewideas wrote: | See also | https://twitter.com/dodgepong/status/1471528656199692292 and | https://twitter.com/dodgepong/status/1471524716477300737 | | too twitter; didn't read: there's apparently OBS code evident | in the decompiled app, and other GPL code as well, and OBS | found out independently and are working to resolve it | mynameismon wrote: | Also important to note: OBS developers also found incidents | of OBS code outside of that instance, and they are working | with TikTok on the same. | 4684499 wrote: | That's pretty fast for a beta released yesterday. Are the | devs actively monitoring and reverse engineering every | binary released that related to streaming? Also, where can | I get the live studio executable? None of the links I found | works, is that public release? | r1ch wrote: | I'm the one on the OBS team who originally found this. I | saw a tweet yesterday from someone that's in the beta, | and as with any desktop live streaming software (and | especially with "Studio" in the name) I was curious if | they were using any OBS Studio code or if it was | developed all in-house. The download link is available in | their JS, you can find the most recent installer link | here: https://tron- | sg.bytelemon.com/api/sdk/check_update?branch=ma... (note: | you probably won't be able to actually use it without | being in the beta group) | | Without even installing it, opening the setup files | showed some immediate red flags, notably the | "GameDetour64.dll", "Inject64.exe" and | "MediaSDKGetWinDXOffset64.exe" look awfully similar to | the way the OBS Studio game capture hooks work with our | "graphics-hook64.dll", "inject-helper64.exe" and "get- | graphics-offsets64.exe". I don't jump straight in to | disassembling everything I come across, but when it's | this obvious it begs further investigation, and after | some disassembly I was able to confirm that OBS code was | present in their binaries. | throwaway413 wrote: | This is why I HN. Thank you for that clear account of the | discovery, funny what a little curiosity can lead to. | | Not masking the names further makes me wonder if whoever | actually implemented this may not have been aware of the | repercussions. | samspenc wrote: | Wow this is amazing, thanks for digging in and doing this | work. If this were Reddit, I would give you a gold award, | but since this is HN, all I have to give is my 1 upvote. | addingnumbers wrote: | People are misunderstanding this and claiming it's not | problematic because the tweet in the HN link is idiocy. | | They show one URL in one installer script with an | obsproject.com domain and conclude, from the presence of that | URL alone, that the entire project is a whole cloth copy of | OBS. | | That URL is nothing but a 302 redirect to the directx runtime | at https://www.microsoft.com/en- | us/Download/confirmation.aspx?i... | | The linked tweet tells us nothing except that TikTok is | essentially using obsproject.com's web server as a URL | shortener. | stefan_ wrote: | Yes, clearly, the TikTok employee writing that original bog- | boring DirectX dependency installer script felt his best | choice here was to use the OBS URL as a URL shortener. | | Truly this is the strongest possible interpretation of this | circumstantial evidence and does not make you look like an | idiot (re idiocy) at all. You would rather write this comment | than simply navigate to the OBS github and find the copy of | this installer script in there. | mysterydip wrote: | Why would a company the size of tiktok want to depend on some | open source project maintaining a URL? Would they be liable | if it instead redirected to malware? | Sebb767 wrote: | Possibly. But most likely there was a bug "crashing when | DirectX is not installed" and some developer hacked a | silent install for DirectX in without thinking too much. | adolph wrote: | > a company the size of tiktok | | Is made up of smaller teams composed of individuals who may | or may not take shortcuts and make good decisions on behalf | of their company. If the choice is between "executive said | 'hey use this open source in secret'" or "programmer took | shortcut," my bet is on the latter. | [deleted] | dodgepong wrote: | Again, to be clear, we've decompiled the TikTok LIVE Studio | binary and confirmed that it uses code derived from OBS | Studio. | addingnumbers wrote: | If the link took us to evidence of that it would be great. | Instead the link takes us to misinformation from a rage- | monger who clearly has no understanding of what they are | looking at. | dang wrote: | Please make your substantive points without name-calling. | The latter is against the site guidelines | (https://news.ycombinator.com/newsguidelines.html) and | also makes your comments less credible, which is | particularly bad if you're correct on the issues (https:/ | /hn.algolia.com/?dateRange=all&page=0&prefix=true&sor...) | . | humanistbot wrote: | > that the entire project is a whole cloth copy of OBS. | | That is a straw man argument. It doesn't matter what percent | of the infringing product uses GPL-licensed code. | ksm1717 wrote: | What if it's one character? | mixedCase wrote: | I believe the parent poster implicitly meant "as long as | it's copyrightable" as a caveat | dralley wrote: | But it's not one character. | [deleted] | [deleted] | 12ian34 wrote: | Could someone please help explain to me and (others who might not | know) what is the concrete problem caused by this forking that | doesn't comply with the license? | ilaksh wrote: | Read the GPL. You can't fork without releasing the source code. | Unless you buy a commercial license (if they sell that). | kaslai wrote: | The GPL requires that any derivative work of GPL licensed code | must also be licensed under the same (or compatible) license as | the original GPL'd code. This is the "viral" aspect of the | license. It applies even if the only interface between your | code and the GPL code is dynamic linking, and not a single line | of the GPL'd code is in your application. | | There are acceptable ways to bundle GPL code with closed source | software in a single distributable, however it must be made | clear which parts of the distribution are licensed under the | GPL and the GPL license must be clearly present. Even in the | most charitable reading of the situation, TikTok violated this | basic requirement. | JoeCee wrote: | Sorta side question: is it legal/ethical to say, "open source | unless you're a company of more than X people then it's X * $Y to | license" | jmull wrote: | That's fine, except don't call it an "open source" license. | That's a commercial license. | dnissley wrote: | It's perfectly legal/ethical, but it would not be open source | at that point. Same as licenses that prevent companies from | running the licensed product as a cloud service, even if the | source is freely available to view or use in a private | capacity. | s7r wrote: | First thought while reading headline: this is why copyleft is | useful. ___________________________________________________________________ (page generated 2021-12-17 23:00 UTC)