That being said, I'm curious what the other side of this story is. The email makes it sound like the guy's being fired.
The person being 'fired' owns 50% of the company and is the CTO and sole developer of the products, with most of it written on their own time. There's no employment / copyright agreement in place with Copperhead.
CopperheadOS is open source. The scripts to build a ROM are open and it's possible to audit them. In fact, if you don't want to pay for COS you are free to build your own image using said scripts. I've done it. It's easy.
I think the whole mistake CopperheadOS did was switching to a Creative Commons license that prevented commercial use by third parties. This has effectively made it tricky for Daniel Micay to continue his great work on CopperheadOS elsewhere once the company imploded.
It's sad, because it's IMHO the very best ROM out there. I don't want to use anything else. I think they should have gone for a more sustainable business model. In his shoes, I'd restart COS by doing a crowdfunding round and aiming at a few other devices (which may not be hard now with device-agnostic ROMs made possible by Treble).
COS has had a reduced target market since Google decided to price Pixel terminals much higher than Nexus. There are rumours that they might release a cheap Pixel to compete with iPhone SE. That might be good for COS.
Technically, it is. But, as you pointed out, the license they chose guarantees that it will essentially die out, specifically the bit prohibiting the non-commercial use of it.
It's also mildly interesting that Daniel aggressively defended the creative commons license they chose, when challenged.
Maybe. It depends on what commercial use means in that license. Quite a few products are given away for free supported by other products that are commercial. The Open Core model usually does that with layering but the paid product can be entirely different. Maybe something running on CopperheadOS like backup or messaging software. Something individuals and enterprises might buy.
And you'll be sticking out like bamboo tree in midwest, with your 'secure os'
The probability of one guy inserting a backdoor is high, but the payoff for compromising his platform is incredibly low.
The probability of compromising one of the big two - android/ios - may be low (keyword: may. It turns out large groups are also made up of lots of "one guy"s) but the payoff is huge.
I'm currently using it while I wait for the Librem5, after which I hope to say goodbye to the dumster fire that is Android.
There's an unofficial LineageOS build for my daily driver, but that, too, is trouble waiting to happen since VoLTE isn't supported, and I visit Michigan often enough to need it; I'm on T-Mobile, and a lot of their rural Michigan coverage is Band 12 LTE-only.
And an alternative for WearOS is AsteroidOS.
Unfortunately their goals seem not to align with their actions:
They claim to focus on privacy, yet the first thing they publish is a new launcher.
Also they plan to offer a lot of cloud replacements. What do they replace it with? Their own cloud offering. I'd rather host this stuff myself.
But maybe I'm just not their target audience...
The way I see it (with my limited legal knowledge, IANAL) is that Daniel Micay got paid for his services, and therefore the copyright is assigned to the company behind CopperheadOS. I'm not sure if Daniel can be fired, that'd depend on the legal entity of CopperheadOS (for example, in a general partnership both partners bear responsibility and liability which levels the playing field). I tried looking it up on the homepage, but I've been unable to figure that out. What is the legal entity behind the company "Copperhead Security"?
If he was an employee, but if he was paid as a 1099 and no assignment of IP agreement was signed, it is his.
Additionally, if it was a "derivative work" of code he had written prior to W-2 employment, that would also muddy the waters of IP ownership.
As a SWE, all of my employment contracts explicitly state that code that I wrote for the company is owned by the company. Just because he was paid for services does not mean that the company owns the copyright of the code he wrote.
I live and work in Sweden too and I am able to dictate those parts of my contract. Especially as I do a lot of open source work.
The Copyright Office has a circular that they distribute to clarify and help people decide, in general, whether certain types of work qualify as "works for hire" or not. [0]
Further complicating it, Micay says the code is licensed non-commercial. So how can the company commercially exploit that code anyway? I'd be suspicious of any after the fact employment agreement attempting to coerce a re-licensing permitting commercial usage.
The CEO, _jayy, posted a number of comments, then deleted all but one. The deleted comments were preserved by yegortimoshenko. Links: https://news.ycombinator.com/item?id=17241694
https://www.reddit.com/r/CopperheadOS/comments/8oq1l3/cos_fu...
https://www.reddit.com/r/CopperheadOS/comments/8oq1l3/cos_fu...
"Code doesn't sell itself" is almost managerial/ceo self-parody -- especially when it's a two-person show (not to mention the score of successful open/open-ish projects that totally and utterly lack a marketer/salesman.)
I think he meant "Code doesn't skim its' own profit."
The engineer recognizes that with a competent manager things would be in a better place - nowhere does he say that the manager as a figure is redundant, quite the opposite in fact.
If anything this is "founder failure" personified, which is why VCs are absolutely obsessed with founder chemistry.
CEO has sent DMCA takedown request on my GitLab repo, which clearly abuses copyright law. To use the mirrored pages, replace "yegortimoshenko.gitlab.io" in URLs with "yegortimoshenko.github.io".
ps: the archived date confused me, just in case, this is a 3yo thread https://www.reddit.com/r/rust/comments/2u1dme/daniel_micay/ (enjoy the art)
Another option would've been to call it earlier, before burn-out, when it turned out there was no market for this. If people don't wanna pay or donate for the product, there's no demand apparently. No need to work for a minimum wage. Get a regular job, and use your leisure time as you see fit (for EXAMPLE on a project like this but without pressure or obligation).
Which is why these projects overwhelmingly flame out. The engineer figures there can't be much harm from a business type trying to design a business around their project, as they assume the project philosophy will remain unaffected. Meanwhile the business type is excited about having a new in-demand raw material to which they can add inefficiency to derive a revenue stream. The engineer figures they own the code, so whatever games the business monkey plays, they can only end up back in the same spot. Meanwhile the business type is busy conjuring and documenting bureaucracy like corporate structure and implicit contracts with which to seize power over the raw resource (the project) if the coder doesn't submit to his "real world" supervision.
It's likely that the engineer could prevail and end up owning the code, but only after an expensive and draining legal battle - it's simply easier to move on to productive non-zero-sum things. Meanwhile the business type is all too willing to fight said battle, as investing real money into paperwork games was basically their entire operation all along.
IMHO the real shame in this case was licensing the code base something other than GPL. GPL would have made continued use unambiguous even in the presence of ambiguous ownership.
Unless you are suggesting that we should just give up on security entirely because it's impossible to have a system that is 100% secure?
My theory is that there is a backdoor into these OSes. It's the path of least resistance and there's precedence of this. Obviously Apple/Google are going to vehemently deny this as this and these backdoors would be able to provide the most precise form of surveillance ever created.
I don't think the system is strictly "you're right" or "your're wrong" and providing any supporting explanation is discouraged.
https://twitter.com/DanielMicay/status/1006331205682384896
Apparently he's deleted the signing keys.
Reading online posts it seems that the community is trusting the developer, not the company behind him.
If they were generated later, it gets very hairy. Were they created with company resources? On company time? Is there a record of this happening? Etc etc.
Going to court would be a huge waste of money for all parties involved, at this point.
It's mostly their commercial clients. Very few regular people can use COS for recent devices (for free) since you need to build it from source.
iOS is years ahead in security and privacy. Read its whitepapers, read forensics blogs - they're all about iOS, mentioning Android in the passing, as too easy to be a blog post - blog.elcomsoft.com
https://www.reddit.com/r/CopperheadOS/comments/8qdnn3/goodby...
OK so you're suspended, and we will pay you only if you sign this agreement that any ethical company would have had you sign at the start of employment.
This sort of duress after the fact is unethical and possibly illegal. And the demand for control of a personal GPG key predating employment is eyebrow raising and properly should invite ridicule.
