>This one seems a matter of opinion. A lot of the world's most popular apps and sites seem like junk to us. But the users are choosing to install these things.
It's also worth mentioning that one reason for Chrome's market share is this exact practice. When you let Java automatically update itself and download the new version on Windows, if you don't uncheck a box, surprise... you get Google Chrome installed asking to be default browser. When you want to download Flash plugin for Opera or Mozilla and go to Adobe's site, if you don't uncheck a box, surprise... you get Google Chrome installed asking to be default browser. When you let the free version of Avast update itself on Windows, if you don't uncheck two boxes, surprise... you get Google Chrome installed asking to be default browser AND Google toolbar installed into IE.
Are they choosing? I've accidentally installed this crap on a number of occasions, and I'm typically very vigilant about it. But it's impossible to be perfect. That is where the adware market has gone: banking on the small-but-not-0 probability of someone forgetting to read installer wizards very closely, 100% of the time.
What systems are in place to prevent this from happening with package manager systems like apt-get, yum, or even npm? How often do we just blindly "sudo apt-get install blah-blah blah"? I know I don't read the dependencies.
> What systems are in place to prevent this from happening with package manager systems like apt-get, yum, or even npm? How often do we just blindly "sudo apt-get install blah-blah blah"? I know I don't read the dependencies.
Distributions don't typically package and distribute malware. And everything packaged in a distribution should be removable via the same package manager that installed it. So, while you might get a package you don't want, that package won't start showing you ads or harming your system, and you can always trivially remove it.
So the answer is "trust"? We're supposed to just trust Canonical, the company that put Amazon ads in our desktop search, to not figure out they could put adware in their package repository?
I didn't know about that. Too bad, and the way PG was defending a crapware installing product was really unconvincing. Any application which installs other ones by relying on accidental clicks by users is without a doubt doing wrong.
Only when the ads aren't coming from Microsoft themselves. Like how they pushed KB3035583, the advertisement to upgrade to Windows 10, as a "recommended" update that would be installed without user interaction if you had WU configured to download automatically.
The next OS update isn't really "adware", or an ad, especially when it's a free update that will most likely be updateable to the RTM build (based on how smooth build-to-build upgrades have gotten). If you're going to apply this standard, OSX does the same thing now, it'll prompt you to update to the latest 10.X. Ubuntu does it too, it lists it at the top of the software upgrade.
YC funding should not be taken as any kind of ethical seal of approval. It's not their job, and they are demonstrably bad at it. pg described AirBnB as "among the nicest of all the people we've funded" and their CTO was already a huge spammer and now a repeat offender.
I typically use the Ninite installer on a clean, freshly installed Windows machine because the installer can be ran again in the future to update those same apps. Chrome/Firefox/etc. will auto-update themselves but for those apps that don't, they will be updated to the latest version if/when you re-run the same installer that you originally downloaded.
If you already have them installed, you do not have to select them, but Ninite will update them to their latest versions if you do. You can also keep the installer it gives you and re-run it later to update the programs.
It had been over a year since I installed FileZilla, but I re-imaged one of my machines and needed it. Hopped out to SourceForge not thinking too much of it (not a fan of the UI and ads within, but I know my way around to avoid them at least). Started the install and it wants to install MacKeeper. Can't begin to describe how disgusted I was. I wasn't sure if that was caused by SF or FZ, though.
4) The reason why they did it is actually completely irrelevant. "I killed him because he slept with my wife" doesn't change the fact that you committed murder.
Doesn't GPL have to say something about this? Wouldn't this mean that the adware would need to be open sourced?
Edit: The difference between murder and manslaughter has now been explained, multiple, multiple times. Manslaughter is still a crime and in that way it is still the same. The comparison was used as a device to elaborate why the reasoning was unimportant, the difference between murder and manslaughter isn't important within that context. Suffice to say, now that I have been corrected repeatedly over this nonsense, this would have been a better anecdote:
> "I killed him because he slept with my wife" doesn't change the fact that you killed someone.
There's no need to assume. I searched the US trademark database. There was a registration for GIMP in 2001, number 78084356 ("computer programs for creating and manipulating graphic images on a computer. FIRST USE: 19990600. FIRST USE IN COMMERCE: 19990600"), but it's abandoned since June 7, 2002. There are no other relevant registrations that I can find.
As far as I can tell, there's no formal "GIMP organization".
True, although http://www.gimp.org/donating/ states that "The GNOME Foundation has graciously agreed to act as fiscal agents for us." Maybe they could hold the GIMP trademark?
By the way, the trademark you mention was Caughron, Mathew K. INDIVIDUAL UNITED STATES, who seems to have been responsible for the old WinGIMP and MacGIMP distributions that cost money.
The main way I know of would be through trademark infringement. That's why there's GNU IceCat/IceWeasel - Firefox contains trademarked material. I believe Mozilla uses trademark precisely to prevent third-parties from including user-unfriendly components in "Firefox".
"By sending or transmitting to us Content, or by posting such Content to any area of the Sites, you grant us and our designees a worldwide, non-exclusive, sub-licensable (through multiple tiers), assignable, royalty-free, perpetual, irrevocable right to link to, reproduce, distribute (through multiple tiers), adapt, create derivative works of, publicly perform, publicly display, digitally perform or otherwise use such Content in any media now known or hereafter developed. You hereby grant the Company permission to display your logo, trademarks and company name on the Sites and in press and other public releases or filings. Further, by submitting Content to the Company, you acknowledge that you have the authority to grant such rights to the Company. PLEASE NOTE THAT YOU RETAIN OWNERSHIP OF ANY COPYRIGHTS, TRADEMARKS AND SERVICE MARKS IN ANY CONTENT YOU SUBMIT."
And this is relevant because ... why? There's no trademark or service mark, and as we've already discussed, the GIMP copyright allows this sort of use.
The permission clause is "You hereby grant the Company permission to display your logo, trademarks and company name on the Sites and in press and other public releases or filings."
This does not appear to include the right to use the trademark in installers, as an installer is neither a site nor press release, etc.
>4) The reason why they did it is actually completely irrelevant. "I killed him because he slept with my wife" doesn't change the fact that you committed murder.
Hate, well, love to be pedantic, but it actually it does matter.
Courts and society alike take the reason for a murder (e.g. self-defense, revenge because of having been abused, being crazy or intoxicated etc.) into consideration for less harsh sentences or even acquital.
Self defense maybe, though good luck, but the rest won't help you any of you get into that much trouble. especially intoxication, you certainly can't use that as your defense for murder.
(not totally relevant but) technically that would be a crime of passion murder, and in some cases would result in a charge of "Voluntary Manslaughter" rather than "First Degree Murder". [1] Reason does matter, sometimes. Although in this case, Sourceforge just needs to stop.
Self defense, manslaughter, second degree, first degree...
Intent and reason is quite important. It is the difference between receiving no punishment and receiving the death penalty (in places that still have it).
Notwithstanding that the intricate technicalities of killing someone was what I was going for at all, how did you miss the two other comments that repeated this information nearly an hour before yours?
I get it. The anecdote had technical issues. Not-with-standing that being technically correct is not what anecdotes are about in the first place.
>how did you miss the two other comments that repeated this information nearly an hour before yours?
Honestly. I respond as I read. I tend not to keep reading and then go back to respond.
>Not-with-standing that being technically correct is not what anecdotes are about in the first place.
This is more than a mere technicality. The whole issue of mens rea is that one's state of mind is a factor is how someone is judged for their actions.
Your point, even without the analogy issue, is that the reason is irrelevant. That is simply not the case. Putting a security flaw in place to give the FBI a backdoor is vastly different than putting a security flaw in place due to poor coding. You may say they are both the same in that they both compromised security, but only one of these is backdooring and the damage to one's reputation is going to be different.
Now, in this particular case, the reason isn't sufficient to warrant a different judgment. But that is because of the details of this case.
I'm not sure the GPL allows you to fork something under the same name though, right? Copyright law still lets you own the name of your project?
That's why the typical workflow is to say in the header of your GPL license "Foo is copyright John Doe... Permission to modify is provided ..."
Sourceforge may be allowed to redistribute software with malware but as far as I can tell, copyright law should stop them from calling the software by the same name, right?
Does the author have a copyright on the gimp-win name? Maybe I don't understand the law correctly though, IANAL, etc.
> Copyright law still lets you own the name of your project?
Copyright doesn't apply to names. That's trademark laws. Contrary to copyright, trademarks have to be registered and cost money. There is no registered trademark for Gimp or gimp-win in the US or Europe.
You can't copyright a name. You can trademark it, but unlike copyrights, trademarks have to be applied for and registered, and have to be actively defended.
>I'm not sure the GPL allows you to fork something under the same name though, right? Copyright law still lets you own the name of your project?
Trademarking the name of your project is considered incompatible with Free Software by a number of people. It's one of the issues that lead to the creation of Iceweasel, after Mozilla Corporation told Debian to stop distributing their builds of Firefox[1]. The issue also resulted in RMS telling people not to use Firefox.
An open source license, such as the GPL, does not neccesarily give you the right to use the name, it's true. If the name is trademarked, the trademark holder can try to prevent you from using it, and that has happened.
But if we go back to the _point_ of open source, especially the GPL: It's to let users keep using and modifying and distributing modifications to the software, without needing the permission of the original authors. That's the whole point, for users to have that freedom, that the authors can not take away from you. That sourceforge can keep distributing the software without the permission of the original authors is the entire point.
To the extent that trying to prevent third parties from using the name makes it harder to distribute the software (for instance, would it require changing the source to take the name out? Would it make it harder for users to find software that the authors are _trying_ to suppress?), I think we could argue that it would be against the spirit of the GPL, regardless of what trademark law says.
They use the term abandoned when really, it sounds like the more correct description is that the client decided to go with a different service. In that case, it would be akin to G+ reviving your profile page after you moved to Facebook, and populating it with your Facebook posts without your permission. That doesn't seem ok
More like G+ reviving your profile page after you moved to Facebook, and populating it with your Facebook posts with injected product placement without your permission.
It could (and should) be clearer, of course, but doesn't basically every open source license allow doing what they're doing? Isn't this one of the FSF's four freedoms?
> 1) There is nothing clear and open about the project being abandoned by the author
Then you say:
> 2) The author left SourceForge...
Pretty sure if you left SF with the project still up on SF, any reasonable person could consider that abandoning the project. A more responsible thing would have been to remove the project entirely and shut it down.
> 3) Is SourceForge just going to maintain any project that leaves them and makes a mirror?
I assume you mean the only obvious option is to remove the project entirely (or disable from view) for those that leave. Leaving up old code at the scale of GIMP has the potential for leaving up unpatched code that is still downloaded and used. If your opinion is that nothing should have been done at all, I think that's far worse than what anything SF did.
What's interesting is that SF.net seems to not care if you have removed the project. Or, even if the project never existed at SourceForge, at all. In the previous thread about this issue, someone linked to the sf-editor1 account, which has projects for a huge swath of software, including software that has never been hosted at SourceForge.
It is part of their "mirror directory" project, which seems designed merely to get traffic from popular Open Source software, and occasionally inject malware into downloads that they can dupe people into getting from SF.net rather than the authoritative source.
And, of course, in this case, the author of Gimp-Win has plainly stated they did not abandon the SF project. They were locked out by SourceForge staff.
I'm all for caution before reaching for the pitchforks and the torches, but there's an awful lot of very large, very credible, projects saying, "Yes, SourceForge did this to our project."
I sent them an email yesterday asking for clarification, but have not received a reply.
Because using your power to do a hostile takeover of an open source project is just bad taste. They'd be free to make a fork of the project and host it on their site, but taking over someone's account / project without their permission is a case of power abuse.
1) There is nothing clear and open about the project being abandoned by the author
2) The author left SourceForge due to their business practices and this allows SourceForge to take over the repos and continue making money?
3) Is SourceForge just going to maintain any project that leaves them and makes a mirror?
The sad state of Download.com and SourceForge keeps getting grimmer and grimmer.