John Deere bricking someone’s tractor because they put in an unrecognized spare part has nothing to do with supporting some poor hard working software developer who would otherwise starve.
It’s using software for evil. (And if I had to bet I would bet a software engineer was nowhere near that decision. They just implemented it!)
> that doesn't erase the fact that open software has completely reshaped the modern stack
What stack?
You give a bunch of web stack examples, great. The vast majority of people will never run a server nor benefit from the licenses of the code running on the server. They overwhelming give their money to the companies benefiting from those licenses and get typical crummy consumer EULAs in return.
Meanwhile phones tablets iot tvs appliances cars tractors pacemakers videogame consoles security cameras coffee makers printers juicers friggin Christmas lights routers, all that stuff, is overwhelmingly closed source.
Wait… Koskivuori? Well of course they took his Linux patch right away, this is blatant Finnish favoritism! Imagine if some poor Estonian tried similar…
;-)
Just kidding, very cool to see a blow by blow of landing a Linux patch. I felt similar excitement landing a mere emacs patch.
The sentence says you can fall under more onerous terms if the project is “organized,” whatever that means, and even under the loosest terms you are required to report security issues to an outside organization. So there is liability if you don’t. And virtually any project has arguable security issues.
CYA & report all issues to said outside organization? Any bug where a feature doesn't work is a denial of service on that feature, and therefore a security issue. Lack of accessibility features is a DoS against people who need those features and thus a security issue, and so adding screenreader support is a security fix. Etc, etc.
If people knew about all the vulns in their software the vulns wouldn’t exist. You can’t disclose if you don’t know. And establishing when you “should” know or what counts as an actionable report will require basically a lawyer to untangle. CYA = hire a lawyer for your open source code. No thanks I think I’ll keep it on my drive and off GitHub.
The obvious move is to take cues from the 787 program in terms of composites, to cut fuel burn. Adds some creature comforts like larger windows as a side bonus.
And you’re suggesting that if the US does it it is ipso facto a good idea? Strange reasoning.
This is also apples and oranges. Running credit cards involves knowing exactly where people are located. You do in a real sense “decide” to do business with people in a given country.
Not every website does that. Some just serve posts to all comers. Some allow people to upload an image. Deducing where those people are from is non trivial. When I blog something I’m not “deciding” in any meaningful sense to “serve” people in country X.
I’m guessing that Imgur happily accepted the ad revenue from UK users while it served them images. If you genuinely were “not providing services” to UK users, you wouldn’t do that.
I’m not happy with extraterritorial assertions over internet services either, but you can’t wish them away with sophistry about “we’re not providing services to them!” if you’re happy to take their money and serve them a page in exchange. That’s the definition of a business providing a service to a customer.
Do they run their own ad network, or do the ad networks take the money from advertisers and cut Imgur a check? Maybe instead of trying to enforce your standards on every little site on the internet, you should just focus on the people who actually have a direct point of contact with money coming from UK businesses. (Yes, the ad networks.)
It’s completely absurd to say that some hobbyist would have nexus in the UK because they run a Google Adwords campaign to get some occasional pocket change from their project. Pre-Internet, it would be like going after a US magazine because someone brought home a copy from the US. Websites are not global entities by default, somehow responsible for obeying laws across nearly 200 national jurisdictions and many more state/provincial/local jurisdictions, across different languages and legal customs. Completely absurd! Who do you think you are to demand such a thing?
On the other hand, I think it would be perfectly fine to say that UK domiciled ad networks cannot put their ads on sites that violate some arbitrary standard. (An anti-freedom law to be sure, but at least it’s consistent with common international conventions.) This puts the onus on the ad network, rather than the site owner, who may not know or care who is visiting or from which country.
The standard you are proposing here ultimately boils down to "you can do business in a country without being subject to its laws, as long as your commercial transactions with the customers in that country are laundered through a sufficiently convoluted network of international companies like payment processors and ad exchanges". I don't think it should be terribly surprising that states don't subscribe to this view of sovereignty and jurisdiction.
> I don't think it should be terribly surprising that states don't subscribe to this view of sovereignty and jurisdiction.
Well they will have to put up with it, as they have done over the past few decades. Or, alternatively, they can engage in aggressive China-style site blocking. Only the US has significant extraterritorial legal reach.
IMHO, this policy is a transparent effort to forcefully alter the content policy of US companies. It’s more about political influence than it is about “content safety” at home. (Unilateral site blocking, perhaps with an appeals process, would be a much more effective approach for this.) The UK will regret the consequences if they push too forcefully on this.
> IMHO, this policy is a transparent effort to forcefully alter the content policy of US companies.
I don’t see it that way. US companies have an atrocious record wrt user privacy and security. The Europeans don’t want their citizens data being bought and sold by online providers. And that’s a reasonable demand! Either clean up your act or leave Europe & the UK. If US companies don’t want to obey UK laws, they can’t do business in the UK. It’s just like farmers can’t sell produce in the UK if they don’t meet British health standards.
Consider the inverse: imagine if another country ran a porn site which blatantly hosted underage content (CSAM). Under your view of the world, would the us govt be ethically entitled to tell the site to clean up its act or it’ll get blocked from the US? That sounds fine to me. I’d be shocked if they were even given a warning about that. But how do you square that circle? Wouldn’t that be a “transparent effort to forcefully alter the content policy of another country”?
> tell the site to clean up its act or it’ll get blocked from the US
Yes, that would be fine, as it would be here.
What I have a problem with is nations saying that a site built and hosted in a totally different country with a different set of laws and norms is “illegal” globally. Yes, I don’t like it when the US goes after people like The Pirate Bay abroad either, but that’s a result of the US being able to bully other countries for whatever reason it wants to. (That also needs to change.)
If Europe or the UK wants to protect its citizens, it should either block websites that it sees as a threat (as most of the EU does with RT) or it should come up with a scheme where ad networks with nexus in the EU must stop doing business with them. Attempting to reach across borders into the US to change US domestic norms is going to get them a well-deserved slap in the face.
> IMHO, this policy is a transparent effort to forcefully alter the content policy of US companies.
To be clear, you think the UKs data regulator, going after Imgur for not properly handling data collected from minors, which is a pretty big GDPR violation (a 7 year old law) is secretly about influencing US content policies?
I mean, maybe, but that one very convoluted approach. I’m not sure why the UK would be trying to use fines for the mishandling of data collected from minors, notably, nothing related to content on Imgur, to get Imgur to change its content policies.
The standard you’re proposing would allow Afghanistan to shut down Hacker News on the basis that it provided services to at least one Afghan and the content here violates sharia law.
As Afghanistan has recently disconnected their Internet they seem to have done exactly that within their sphere of influence (which is limited to their borders).
So you are entirely right any country can do that at any time. Most countries don't have a way to enforce it on you or your users.
Afghanistan can do that. You’re protected by Afghanistan’s lack of any realistic ability to enforce laws far outside its borders, not by some general principle of international law saying that countries can’t make laws about websites.
The great-grandparent of my comment was arguing that it’s absurd to suppose that the UK has grounds to go after a company on the basis that the company did business with its citizens on servers located outside of the UK. The UK is effectively making a claim of international jurisdiction on all transactions made by its citizens. The EU does this too with GDPR, the difference (as you noted) is that the EU has enforcement capabilities whereas the UK (like Afghanistan) doesn’t.
The UK is an intermediate case. It’s got more pull than Afghanistan and less than the EU. If Imgur still has assets in the UK (e.g. bank accounts) then the UK government can potentially take at least some action.
If Britain or Europe want a censored, state-controlled internet, they’re just going to have to block overseas traffic like Iran and China do. That is completely within their power.
It’s using software for evil. (And if I had to bet I would bet a software engineer was nowhere near that decision. They just implemented it!)