There's even more context about how this CEO managed the business in a reddit thread in response to those tweets as well, which includes some detailed and revealing comments from the developer:
"Code doesn't sell itself" is almost managerial/ceo self-parody -- especially when it's a two-person show (not to mention the score of successful open/open-ish projects that totally and utterly lack a marketer/salesman.)
I think he meant "Code doesn't skim its' own profit."
CEO also blocks everyone who supports Daniel on their IRC channel. I've been repeatedly asked to take down these links and documents, and CEO even told me "they would come after me" if not for the fact that I live in Russia. See IRC logs: https://view.matrix.org/room/!VxEwjfmZAypdXzZfUp:matrix.org/
"I already prevented any possible compromise of the OS. I am not capable of compromising it anymore so no form of coercion can make me do that. It's very unfortunate that things ended this way and now I guess the little money I earned from this will go to legal fees, etc." - Daniel Micay
I'm wondering if destroying the signing keys will have legal consequences. Are signing keys considered company IP when their identity is "fused" with the main developer?
Reading online posts it seems that the community is trusting the developer, not the company behind him.
Ultimately, who cares who's morally right or wrong? Lets skip the drama and try to see the legal angle, with the goal of figuring out a way to "save" the source code (of possible).
The way I see it (with my limited legal knowledge, IANAL) is that Daniel Micay got paid for his services, and therefore the copyright is assigned to the company behind CopperheadOS. I'm not sure if Daniel can be fired, that'd depend on the legal entity of CopperheadOS (for example, in a general partnership both partners bear responsibility and liability which levels the playing field). I tried looking it up on the homepage, but I've been unable to figure that out. What is the legal entity behind the company "Copperhead Security"?
As a SWE, all of my employment contracts explicitly state that code that I wrote for the company is owned by the company. Just because he was paid for services does not mean that the company owns the copyright of the code he wrote.
Also not a lawyer, but I remember reading on /r/gamedev of a geme developer who got screwed over by his artist saying that he could no longer use the assets, or something like that; I believe the same principle applies here. Copyright belongs to the creator of the work unless explicitly stated otherwise.
Debatable without an employment agreement. For all we know the company hired the primary developer as an independent contractor. The tweet references an email demanding the signing of an employment agreement after the fact. That itself is shady and can only enhance distrust. What they need is a dissolution agreement, not an employment agreement.
Further complicating it, Micay says the code is licensed non-commercial. So how can the company commercially exploit that code anyway? I'd be suspicious of any after the fact employment agreement attempting to coerce a re-licensing permitting commercial usage.
What a shame. I used to hang out on Rust IRC when Daniel was still engaged with the project. He always seemed so knowledgeable and he fought for what he thought was best for the language.
They were the two co-founders of the company, and both still own 50% of the shares of the company, with Daniel having been the CTO and sole developer of its products.
I figured it was only a matter of time. It's absurd to think you can run a company with a product like this, with only one full-time developer. RIP folks who bought devices from them, who will not longer be receiving updates.
That's an option, but not necessarily the sole one. This problem isn't new. I'd say its one of the primary reasons why a general partnership is a legal entity, or a good choice in this case [1]. It'd level the playing field between both partners, creating a mutual interest from an authority higher than themselves (ultimately, the government). I'm not saying it is without problems though (imagine one of the partners becomes terminally ill).
Another option would've been to call it earlier, before burn-out, when it turned out there was no market for this. If people don't wanna pay or donate for the product, there's no demand apparently. No need to work for a minimum wage. Get a regular job, and use your leisure time as you see fit (for EXAMPLE on a project like this but without pressure or obligation).
It seems a little silly to me that someone would trust a "secure OS" from a situation where one guy could "seize control" of the company and infrastructure. This is largely why I've never seen third party ROMs as a significant solution to the security situation with mobile phones.
That being said, I'm curious what the other side of this story is. The email makes it sound like the guy's being fired.
> The email makes it sound like the guy's being fired.
The person being 'fired' owns 50% of the company and is the CTO and sole developer of the products, with most of it written on their own time. There's no employment / copyright agreement in place with Copperhead.
CopperheadOS is open source. The scripts to build a ROM are open and it's possible to audit them. In fact, if you don't want to pay for COS you are free to build your own image using said scripts. I've done it. It's easy.
I think the whole mistake CopperheadOS did was switching to a Creative Commons license that prevented commercial use by third parties. This has effectively made it tricky for Daniel Micay to continue his great work on CopperheadOS elsewhere once the company imploded.
It's sad, because it's IMHO the very best ROM out there. I don't want to use anything else. I think they should have gone for a more sustainable business model. In his shoes, I'd restart COS by doing a crowdfunding round and aiming at a few other devices (which may not be hard now with device-agnostic ROMs made possible by Treble).
COS has had a reduced target market since Google decided to price Pixel terminals much higher than Nexus. There are rumours that they might release a cheap Pixel to compete with iPhone SE. That might be good for COS.
> "secure OS" from a situation where one guy ...
Best comment. Security is a probability theory. You rate probabilities of factors and multiply them. Probability of one guy inserting backdoor is much higher than probability of inserted backdoor in iOS or Android, hence, you'd be better off with stock SW.
And you'll be sticking out like bamboo tree in midwest, with your 'secure os'
Does anyone have any idea how many devices run CopperheadOS? The market has to be extremely tiny.
How many people are capable of manually flashing an image onto a Nexus/Pixel, and then what subset of that group is interested in a "more secure" ROM?
>How many people are capable of manually flashing an image onto a Nexus/Pixel, and then what subset of that group is interested in a "more secure" ROM?
It's mostly their commercial clients. Very few regular people can use COS for recent devices (for free) since you need to build it from source.
Is it possible for them to fork under a new name? I ask because it depends on how they have structured the copyright of their code and open source licensing. I don't see any other simple solution besides forking and creating a new entity he owns 100% of.
I asked strncat, he said it's not possible even if provided a substantial amount of funding. (Something about having to rewrite tools or something like that.)
The code is available under non-commercial licensing. It sounds like ownership beyond that is going to be sketchy enough that no other licensing is likely safe to assume under any condition short of a definitive resolution in court or another company buying out both partners.
I was a techie, thinking Android is open source and I get SD slot. Busted big time. Android is Google's child, tied to its services, like Chrome, phoning home on every step.
iOS is years ahead in security and privacy. Read its whitepapers, read forensics blogs - they're all about iOS, mentioning Android in the passing, as too easy to be a blog post - blog.elcomsoft.com
His employment is suspended with pay, stipulating signing an employee agreement?
OK so you're suspended, and we will pay you only if you sign this agreement that any ethical company would have had you sign at the start of employment.
This sort of duress after the fact is unethical and possibly illegal. And the demand for control of a personal GPG key predating employment is eyebrow raising and properly should invite ridicule.
[+] [-] FreakLegion|7 years ago|reply
The CEO, _jayy, posted a number of comments, then deleted all but one. The deleted comments were preserved by yegortimoshenko. Links: https://news.ycombinator.com/item?id=17241694
[+] [-] axlprose|7 years ago|reply
https://www.reddit.com/r/CopperheadOS/comments/8oq1l3/cos_fu...
https://www.reddit.com/r/CopperheadOS/comments/8oq1l3/cos_fu...
[+] [-] serf|7 years ago|reply
"Code doesn't sell itself" is almost managerial/ceo self-parody -- especially when it's a two-person show (not to mention the score of successful open/open-ish projects that totally and utterly lack a marketer/salesman.)
I think he meant "Code doesn't skim its' own profit."
[+] [-] yegortimoshenko|7 years ago|reply
[+] [-] unknown|7 years ago|reply
[deleted]
[+] [-] nitrohorse|7 years ago|reply
https://twitter.com/DanielMicay/status/1006331205682384896
Apparently he's deleted the signing keys.
https://twitter.com/DanielMicay/status/1006334186725224448
[+] [-] erhardm|7 years ago|reply
Reading online posts it seems that the community is trusting the developer, not the company behind him.
[+] [-] Fnoord|7 years ago|reply
The way I see it (with my limited legal knowledge, IANAL) is that Daniel Micay got paid for his services, and therefore the copyright is assigned to the company behind CopperheadOS. I'm not sure if Daniel can be fired, that'd depend on the legal entity of CopperheadOS (for example, in a general partnership both partners bear responsibility and liability which levels the playing field). I tried looking it up on the homepage, but I've been unable to figure that out. What is the legal entity behind the company "Copperhead Security"?
[1] https://en.wikipedia.org/wiki/General_partnership
[+] [-] gm-conspiracy|7 years ago|reply
If he was an employee, but if he was paid as a 1099 and no assignment of IP agreement was signed, it is his.
Additionally, if it was a "derivative work" of code he had written prior to W-2 employment, that would also muddy the waters of IP ownership.
[+] [-] itake|7 years ago|reply
As a SWE, all of my employment contracts explicitly state that code that I wrote for the company is owned by the company. Just because he was paid for services does not mean that the company owns the copyright of the code he wrote.
[+] [-] earenndil|7 years ago|reply
[+] [-] cmurf|7 years ago|reply
Further complicating it, Micay says the code is licensed non-commercial. So how can the company commercially exploit that code anyway? I'd be suspicious of any after the fact employment agreement attempting to coerce a re-licensing permitting commercial usage.
[+] [-] surrealize|7 years ago|reply
http://slash-r-slash-rust.github.io/archived/2u1dme.html
[+] [-] agumonkey|7 years ago|reply
ps: the archived date confused me, just in case, this is a 3yo thread https://www.reddit.com/r/rust/comments/2u1dme/daniel_micay/ (enjoy the art)
[+] [-] Sean1708|7 years ago|reply
[+] [-] staticassertion|7 years ago|reply
[+] [-] cbHXBY1D|7 years ago|reply
[+] [-] tdb7893|7 years ago|reply
[+] [-] gsnedders|7 years ago|reply
[+] [-] pas|7 years ago|reply
https://twitter.com/DanielMicay/status/1006326315551789056
[+] [-] craftyguy|7 years ago|reply
[+] [-] nitrohorse|7 years ago|reply
https://www.reddit.com/r/CopperheadOS/comments/8qdnn3/goodby...
[+] [-] bitL|7 years ago|reply
[+] [-] Fnoord|7 years ago|reply
Another option would've been to call it earlier, before burn-out, when it turned out there was no market for this. If people don't wanna pay or donate for the product, there's no demand apparently. No need to work for a minimum wage. Get a regular job, and use your leisure time as you see fit (for EXAMPLE on a project like this but without pressure or obligation).
[1] https://en.wikipedia.org/wiki/General_partnership
[+] [-] bcaa7f3a8bbc|7 years ago|reply
[+] [-] mindslight|7 years ago|reply
[+] [-] arcturus17|7 years ago|reply
[+] [-] vectorEQ|7 years ago|reply
[+] [-] Apocryphon|7 years ago|reply
[+] [-] craftyguy|7 years ago|reply
I'm currently using it while I wait for the Librem5, after which I hope to say goodbye to the dumster fire that is Android.
[+] [-] ocdtrekkie|7 years ago|reply
That being said, I'm curious what the other side of this story is. The email makes it sound like the guy's being fired.
[+] [-] strcat|7 years ago|reply
The person being 'fired' owns 50% of the company and is the CTO and sole developer of the products, with most of it written on their own time. There's no employment / copyright agreement in place with Copperhead.
[+] [-] nextos|7 years ago|reply
CopperheadOS is open source. The scripts to build a ROM are open and it's possible to audit them. In fact, if you don't want to pay for COS you are free to build your own image using said scripts. I've done it. It's easy.
I think the whole mistake CopperheadOS did was switching to a Creative Commons license that prevented commercial use by third parties. This has effectively made it tricky for Daniel Micay to continue his great work on CopperheadOS elsewhere once the company imploded.
It's sad, because it's IMHO the very best ROM out there. I don't want to use anything else. I think they should have gone for a more sustainable business model. In his shoes, I'd restart COS by doing a crowdfunding round and aiming at a few other devices (which may not be hard now with device-agnostic ROMs made possible by Treble).
COS has had a reduced target market since Google decided to price Pixel terminals much higher than Nexus. There are rumours that they might release a cheap Pixel to compete with iPhone SE. That might be good for COS.
[+] [-] auslander|7 years ago|reply
And you'll be sticking out like bamboo tree in midwest, with your 'secure os'
[+] [-] staticassertion|7 years ago|reply
[+] [-] signa11|7 years ago|reply
[+] [-] mar77i|7 years ago|reply
[+] [-] beenBoutIT|7 years ago|reply
[+] [-] bubblethink|7 years ago|reply
It's mostly their commercial clients. Very few regular people can use COS for recent devices (for free) since you need to build it from source.
[+] [-] eleitl|7 years ago|reply
[+] [-] ddtaylor|7 years ago|reply
[+] [-] ReverseCold|7 years ago|reply
[+] [-] esrauch|7 years ago|reply
[+] [-] yolo1897|7 years ago|reply
[+] [-] auslander|7 years ago|reply
[deleted]
[+] [-] auslander|7 years ago|reply
[+] [-] auslander|7 years ago|reply
iOS is years ahead in security and privacy. Read its whitepapers, read forensics blogs - they're all about iOS, mentioning Android in the passing, as too easy to be a blog post - blog.elcomsoft.com
[+] [-] johnnyOnTheSpot|7 years ago|reply
[+] [-] auslander|7 years ago|reply
[+] [-] cmurf|7 years ago|reply
OK so you're suspended, and we will pay you only if you sign this agreement that any ethical company would have had you sign at the start of employment.
This sort of duress after the fact is unethical and possibly illegal. And the demand for control of a personal GPG key predating employment is eyebrow raising and properly should invite ridicule.