It always mildly tickles me when retrocomputer designs use anachronistic processors way more powerful than the CPU in their design - in this case, there’s a ATmega644 as a keyboard controller (64K ROM - although only 4K RAM, up to 20MHz) and presumably something pretty powerful in the display board.
I may well be missing something, but this reads to me as code execution on user action, not lock bypass.
Like, you couldn’t get a locked phone that hadn’t already been compromised to do anything because it would be locked so you’d have no way to run the code that triggers the compromise.
Am I not interpreting things correctly?
[edit: ah, I guess “An attacker with memory write capability” might cover attackers with physical access to the device and external hardware attached to its circuit board that can write to the memory directly?]
Meta-spoiler (you may not want to read this before the article): You really need to read beyond the first third or so to get what it’s really ‘about’. It’s not about an AI singularity, not really. And it’s both serious and satirical at the same time - like all the best satire is.
but no one wrote a blog post about how their identity was usurped by the waterfall model
I don’t know about that.
Waterfall mostly died before the rise of blogs, of course, but around the dawn of Agile I remember lots of posts about how nothing was properly designed any more, nothing was ever finished, and you never knew what the specification was.
They used to be real engineers, but now it was just all chaos! They couldn’t design anything any more!
It seems obvious that this ‘may’ is the ‘may’ used in the sense of granting permission: “you may go to the restroom”, “you may begin eating”, “you may ask questions now”, “you may kiss the bride” etc.
All these are clear. The wedding officiant isn’t saying “You might have permission to kiss the bride! Just try it and we’ll find out! Ha ha!”
To interpret this as saying that you might be licensed is just as nonsensical as that in this context. It’s in a file named “LICENSE.txt” explicitly meant to describe the license terms.
Would ‘are’ be better? I’d say yes, but it’s silly to argue that this isn’t proper English for granting permission.
Licenses are not about what things "seem", their text should be clear enough to hold up to legal scrutiny, not just what some person who speaks some local variant of English thinks is obvious.
Even if you're a lawyer, whether it's obvious to you is irrelevant: it has to be obvious to everyone. And if it's not (and it should be abundantly clear that it's not, given the linked discussion), the license needs fixing.
But it is saying "You may be licensed to use source code..." which is analogous to "You may have permission to kiss the bride" if being licensed means having permission. It could mean that Mattermost may have licensed it to you in one way or the other, or neither, at their discretion. If it was written like a priest, it would have said "You may use the source code..." and this doubt wouldn't exist.
Speaking only for myself here. But I don't have the arrogance to assume that I can interpret legalese the way I interpret English. When shit goes to court, saying here's what I thought "may" means is not going to be a legal defense strategy. There's a reason I hire lawyers for this kind of shit because they are really good at their job and I won't pretend I know their job better than they do.
you'd be surprised how much your command of the english language translates into legalise.
Yes, there's a definite codex of legal terms that have specific legal meaning but sound like "open to interpretation" english, but, those are vanishingly small.
Largely, if you read defensively and try to read what is not said, then you get very very far.
Source: spent about half-a-decade with very expensive swiss lawyers.
> Largely, if you read defensively and try to read what is not said, then you get very very far.
How far is "very, very far"? Is it far enough that, if there were a lawsuit, my liability would truly be capped at €10,000? Because that's how much liability I can afford. If that "very very far" guarantees such a limit, then yes, I agree it is very very far. But my experience tells me that without formal legal training, I cannot be confident that I have interpreted legal language correctly enough to rely on that conclusion.
Open source licenses are often relatively readable, but corporate contracts and other legal texts, including those from companies that market themselves as open source in questionable ways, can contain subtleties and loopholes. As a layperson, it is difficult to know how much exposure I might have if I misunderstand a detail and act in contradiction of the license terms.
Perhaps we are simply on opposite sides of the D-K effect here. Or maybe you simply are good with legalese and I'm being unnecessarily skeptical.
If experience with lawyers matters, I have spent many years working with lawyers across Europe. If that taught me anything, it is to avoid assuming that I can reliably interpret legal language without proper training.
Yes, I can usually grasp perhaps 80 percent of what a contract is saying at a high level. But in every contract we reviewed, lawyers consistently found issues or implications I would not have noticed. They then either refined the contract or advised taking a calculated risk. So I think it is reasonable for me to remain cautious about my own ability to interpret legal language with confidence.
Liability is capped by court (e.g. small claims court) or by specific claim type depending on the legislation of the jurisdiction (e.g. speeding tickets typically have set fines varying by state).
Liability is not capped by your ability to understand the law. If that is your concern, you shouldn't be doing business anywhere, US or otherwise.
> Liability is capped by court (e.g. small claims court) or by specific claim type depending on the legislation of the jurisdiction (e.g. speeding tickets typically have set fines varying by state).
What you are saying is partly true and overly simplified. Are you a lawyer? Do you have legal expertise? If not, I don't understand why you feel compelled to advise on things you understand so little yourself? Are you going to compare my contract with my vendor with speeding ticket? Are you kidding me?
Comparing contractual liability to speeding fines makes me think you have not a clue of what you're talking about. Speeding penalties are statutory and predefined. Commercial liability usually is not. In Europe, most serious business disputes never go near small claims courts. They go to ordinary civil courts or arbitration, where damages depend on the contract, applicable law, and the specific facts. There is often no automatic cap unless the contract explicitly sets one, and even then its enforceability depends on jurisdiction and circumstances.
Small claims limits only restrict which court hears the case, not the total liability. A claimant can often file in a higher court or pursue related claims elsewhere. And in cross-border European business, jurisdiction, governing law, and enforcement become additional risks. Getting this wrong can expose you to far more liability than you expected.
Liability is not limited by your personal understanding of the law. That is why businesses do not rely on guesswork. Contracts are reviewed, liability caps are negotiated, insurance is obtained and lawyers are paid to spot risks that non-lawyers routinely miss.
> If that is your concern, you shouldn't be doing business anywhere, US or otherwise.
Yes, that is my concern. I do business in Europe. By paying actual laywers. And I'll continue to do so. Thank you very much.
I didn't ask for legal advice. I was challenging my parent comment with a rhetorical question. With that rhetorical question, I meant that there is no way for the parent commenter to ensure that liabilities will be bounded, so I was implying that they were incorrect in saying that one can get very ver far. Please read the messages more carefully before jumping to incorrect conclusions.
> saying here's I thought "may" means is not going to be a legal defense strategy
It is - it might not be successful (the court may rule against you) - but if what you thought "may" meant was close to what a "reasonable person" would have thought, you may be ruled against with no or low penalty.
The counterpoint is that three sentences away, there's a clear "You are licensed to use the source code" for the non-server parts. It can certainly be argued that there's an intentional difference. Extended court cases have been fought over mere punctuation. In any case, the FUD that this creates is enough to make anyone think twice about reusing the server code, especially as they have refused to clarify for many years now.
Also, the ambiguity is not only in the "you may be" part, but also in the "to create compiled versions" part. Open source is more than creating compiled versions of source code.
You may be licensed to use source code to create compiled versions not produced by Mattermost, Inc. in one of two ways:
1. Under the Free Software Foundation’s GNU AGPL v3.0, subject to the exceptions outlined in this policy; or
2. Under a commercial license available from Mattermost, Inc. by contacting commercial@mattermost.com
My read:
We provide you with two options, either:
1. Follow Apache License
2. Pay us and you don't need to follow Apache License terms
This really seems like a dual license situation where they are saying "Let's encourage Open Source, but if you want to just use our work to make yourself rich and not even acknowledge you're using us then fuck you, pay us."
I expect this to become more common as companies routinely infringe on OSS licenses while simultaneously many companies are hesitant to use OSS because of licenses. This at least gives an out for the good actors and allow devs to make money (other than being reliant on donations, because... that's worked out...).
But maybe I'm misunderstanding? If so, I don't know what I'm missing
> But maybe I'm misunderstanding? If so, I don't know what I'm missing
You're apparently missing the two points I made in the post you are replying to, or at the very least you're not responding to them. By which I don't mean to say they are necessarily valid points.
My bad, I was confused given the context of the comment you responded to. Maybe I should quote the next line instead?
You are licensed to use the source code in Admin Tools and Configuration Files (server/templates/, server/i18n/, server/public/, webapp/ and all subdirectories thereof) under the Apache License v2.0.
So I read
Apache (OSS):
|- server/
| |- i18n/
| |- public/
| |- templates/
|- webapp/
Not Apache (pay us/not OSS):
|- api/
|- e2e-tests/
|- server/
| |- bin/
| |- build/
| |- cmd/
| |- enterprise/
| |- scripts/
| |- Makefile
| |- path.go
| |- this is not a complete list but you get the point
|- tools/
Part of the code is open source. Part of the code is source available (source visible).
Again, I am open to misunderstanding but that's my read.
It always mildly tickles me when retrocomputer designs use anachronistic processors way more powerful than the CPU in their design - in this case, there’s a ATmega644 as a keyboard controller (64K ROM - although only 4K RAM, up to 20MHz) and presumably something pretty powerful in the display board.
reply