Russian Police Raid NGINX Moscow Office (zdnet.com) 138
Russian police have raided today the Moscow offices of NGINX, Inc., a subsidiary of F5 Networks and the company behind the internet's most popular web server technology. From a report: Equipment was seized and employees were detained for questioning. Moscow police executed the raid after last week the Rambler Group filed a copyright violation against NGINX Inc., claiming full ownership of the NGINX web server code. The Rambler Group is the parent company of rambler.ru, one of Russia's biggest search engines and internet portals. According to copies of the search warrant posted on Twitter today, Rambler claims that Igor Sysoev developed NGINX while he was working as a system administrator for the company, hence they are the rightful owner of the project. Sysoev created NGINX in the early 2000s and open-sourced the NGINX code in 2004. In 2009, he founded NGINX, Inc., a US company, to provide adjacent tools and support services for NGINX deployments. The company is based in San Francisco, but has offices all over the world, including Moscow. The NGINX server's source code is still free and managed through an open-source model, although a large chunk of the project's primary contributors are NGINX, Inc. employees, who have a firm grip on the project's stewardship.
Could get interesting... (Score:3)
...Rambler claims that Igor Sysoev developed NGINX while he was working as a system administrator for the company, hence they are the rightful owner of the project.
Many (most? all?) companies have a clause in their employment agreement that states the company owns everything you develop while an employee. Some companies limit it to "on company time" or "using company resources," etc. So I think the outcome of this is going to rest upn the precise wording of that employment agreement. imo, and IANAL.
Re:Could get interesting... (Score:5, Insightful)
You presume that "rule of law" has any real meaning in Russia. Rest assured that if Rambler is supported by Putin or some other Kremlin oligarch, then Sysoev is already guilty, and the Russia-based assets of NGINX are already forfeit. The trial will just be a formality.
Re: (Score:2)
Of many arguments proposed, the best one is: statute of limitations-- the claim is >15 years old. That, and FOSS is FOSS. IP assertions will have to fight the problem that the source is all over the planet, licensed that way, and only the copyright portion s in question. At worst, they sack the assets of its creator who would wisely skip to their US offices.
I have no knowledge of the exact circumstances, but it smells very very fishy.
Re: (Score:2)
If the employment contract did give them the rights to his work while an employee, then he never had the right to release it as FOSS in the first place, and thus nobody else has the right to use or distribute nginx. Rambler would then be able to sue anybody using or distributing nginx for copyright infringement.
If anything, it spreading so widely because it was believed to be FOSS just increases the potential targets for Rambler to sue.
Re: (Score:2)
Rambler had to be paying him for this development, to have interest. If talent was offloading during his own free hours, and restrictive clause was not part of employment - they aren't owed anything. I was in similar situation, developing product in my free time, while in charge of and being paid for other responsibilities. I had product, and left company clean to proceed on my own from there, on product copyright terms, I have applied in my own deciding.
Re: (Score:2)
Then it's up to the courts. Could be a long time to get an answer.
People will move on, they'll figure out how to effectively fork NGNIX, and be on their way. Without prior knowledge that it was copyrighted, and not FOSS (if found to be so), then it's just a sad day for coders and FOSS.
Re: Could get interesting... (Score:2)
Re: (Score:2)
There are many defenders of the GPL, with money in the bank for litigation. A corporate shield isn't quite necessary when you used product you believed had established provenance that was clean.
Fifteen years later, someone comes along and challenges that provenance. The court in Russia are not what they are in the US and EU and other jurisdictions.
Novell and SCO demonstrated how evil doers will drive litigation until it simply burns out. IBM won. That era is largely over.
What happens now is that NGNIX sites
Re: (Score:2)
Of many arguments proposed, the best one is: statute of limitations-- the claim is >15 years old. That, and FOSS is FOSS.
My understanding is that is the argument was not over who owns the FOSS source code. The argument was who had commit control of the project. So it sounds like the right thing to do is fork the project.
Re: (Score:2)
Forking without a copyright holder's permission, should it still use the same code, might be a problem. If the copyright holder asserts IP, could be litigated, see curl.
Re: (Score:2)
...You presume that "rule of law" has any real meaning in Russia. ...
True, I did make that assumption. My error. Thanks for catching it.
Re: (Score:2)
This is the key point. Russia is a kleptocracy, and using the courts to steal businesses is standard practice there. All Rambler has to do is offer a big enough cut of the pie to someone important, and the court will decided in its favor.
Re: (Score:2, Informative)
This is the key point. Russia is a kleptocracy, and using the courts to steal businesses is standard practice there. All Rambler has to do is offer a big enough cut of the pie to someone important, and the court will decided in its favor.
This is the key point. America is a plutocracy, and using the courts to steal businesses is standard practice there.
Yeah, I'm trying to think of when that actually happens, and come up empty. Your morally relative "Everyone sucks equally" doesn't work.
Re: (Score:3)
You presume that "rule of law" has any real meaning in Russia. Rest assured that if Rambler is supported by Putin or some other Kremlin oligarch, then Sysoev is already guilty, and the Russia-based assets of NGINX are already forfeit. The trial will just be a formality.
How about knowing what's going on before posting?
1. Rambler and other key Russian infrastructure companies were forced to accept a change in ownership structure recently with a public interest foundation financed by the state getting a poison pill + veto minority shareholder status
2. What you see is what I expected when I saw it - they will now defend NATIONAL interest, not just corporate interest. Natural result of their new structure.
3. National interest calls for a response to some of our Red under our Beds activities. It is a Slavic thing - you think that they are OK with being beaten, punched, harassed and they will stand and do nothing for a while. Then they go nuclear. I believe we are near that line with the Russians (they are not like the Polish or Serbians to blow a gasket immediately and it takes a while for them to do so).
4. Whatever is done with NGNIX is enforcible everywhere in the world. Thanks to Disney, Copyright law knows no borders and no mercy.
5. Russian software companies own the IPR of various Symbian descendants, ICQ and a whole raft of other software in other areas. They have generally not bothered to enforce it before. Looks like the recent change in the ownership structure has changed it and Disney have provided them with the tools to open up with the "Katusha Missile Launcher" up and down the Silicon Valley. Time to order a Belaz full of popcorn, relax and watch both startups and major players in the valley go in flames one after another. Compared to this the Google vs Oracle spat will be two toddlers quarrelling over a rattle.
Could get lawyerly. (Score:2)
"4. Whatever is done with NGNIX is enforcible everywhere in the world. Thanks to Disney, Copyright law knows no borders and no mercy. "
And yet we just had a reading about French copyright law earlier. Apparently Disney failed in giving copyright uniform language across national boundaries.
Re: (Score:2)
So what is the goal here? They decide it belongs to this Russian company, but it's open source and the parent company is in the US do they probably can't get much cash.
Go after Russian companies for licence fees
Re: (Score:2)
I'm pretty sure this is the case - you don't go from copyright complaint on the 5th to raiding a competitors offices on the 11th in most countries.
Re:Could get interesting... (Score:5, Insightful)
So I think the outcome of this is going to rest upon the precise wording of that employment agreement.
It will rest upon however Putin wants it to rest.
At least in Russia, anyway.
Re: (Score:2)
In Russia, employee owns company!
Huh, that sounded funnier in my head...
Re: Could get interesting... (Score:2)
Re: (Score:2, Interesting)
In Russia, employee owns company!
Huh, that sounded funnier in my head...
Actually, this might be the first case of a reversal reversal joke that works.
In Russia, employees own company.
In United States of America, company owns employee!
Yay oppressive capitalistic slavery.
Re: Could get interesting... (Score:2)
Employees owned business is actually are very well functioning system. Should definitely be done more often.
Re: Could get interesting... (Score:2)
Re:Could get interesting... (Score:4, Informative)
Igor Ashmanov, who was the CEO of Rambler in 2000, when Igor Sysoev was hired, went on record saying [roem.ru] that Sysoev's personal project (which would eventually become nginx) was specifically accounted for in the employee agreement, and remained personal. He further stated that he'd be happy to testify to this effect in court.
Re: Nothing to see here (Score:2)
You definitely aren't a US-American.
Re: (Score:2)
...ou definitely aren't a US-American....
I am a US-American, how does that affect it?
Re: Nothing to see here (Score:2)
Re: (Score:2)
What he will be surprised to find out is: they do! >:D
Yes, they do believe so!
Re: Nothing to see here (Score:2)
Re: (Score:3)
...Why would you think american law applies to russia? You definitely aren't a lawyer....
I didn't say that American law applies to Russia, that was an erroneous assumption on your part. What I opined about was Russian law and how employment agreements might be treated in Russia. Nothing to do with American law.
Re: (Score:3)
In France, this is a tacit law. Unless written otherwise by contract, every software you create as employee belongs to the company.
IANAL & IANF(rench). French law is rooted in Napoleonic Code, so obligations are spelled out explicitly and there is no "tacit law".
In fact, it is indeed explicitly stated in French copyright law:
French law considers authors as independent individuals irrespective of their employment status; and per French copyright law, the creation and the intellectual property rights attached to it belong to the author, even if the creation was made at work with the means made available to the employee by the employer. Software is one of the rare exceptions for which the French IP code clearly states that the company owns ab initio any and all rights created by employees in the course of their employment. The creation of software does not legally entitle the employee to any compensation in addition to regular salary.
Re: (Score:2)
Re: Nothing to see here (Score:3)
Re: (Score:2)
What if I have 2 jobs?
The key phrase is in the course of their employment:
created by employees in the course of their employment.
The only rights they get are to the things developed in the employee's performance of their job.
This is a lot easier to work out if you have an employee who is being paid hourly --- If they're not on the clock, then it was probably not in the course of their employment.
If the employee is a salaried administrator -- then its difficult.... If their job involves the mental wo
Re: (Score:2)
Re: (Score:3)
Well my job required signing a form that said that anything I created whether in-house or on my own time on my own equipment belongs to the company. (US-American here)
In California at least, that's not enforceable and unless that contract has a severance clause, its worthless. Happy days. California has a 3 prong test for IP ownership. It must: 1) be done on company time, 2) using company resources (e.g. computer hardware), and 3) for the purposes of the company's existing business. Anything less than meeting all 3 prongs of the test means the employee owns the IP. Or did you think all the world's developers lived in one place for the weather? (hint the bay area's
Re: (Score:2)
in the course of their employment
Meaning: an action performed as part of the job.
NOT meaning: while an employee.
Re:Nothing to see here (Score:4, Insightful)
Berne convention.
Re: (Score:2)
Re: (Score:2)
Re: Could get interesting... (Score:2)
Re: (Score:2)
Even in a situation where you live in a society where this course of action is permissible and considered reasonable, I suspect it would be regarded as a last resort after courts have issued rulings, any appeals process has been exhausted, and polite invitations to comply with
Re: (Score:3, Interesting)
Libertarians have an odd love affair with lawsuits. No need for heavy handed government if people can handle things in a mediated court setting on their own.
Of course that's bullshit and while corporate entities and rich people sue each other because it's tuesday. But when I have my attorney send people letters to comply with the law or get sued. People seem to get very uptight and think it's super unfair.
It's a libertarian meme meant to tip the scales of society toward those who can pay for lawyers. Y
Re: (Score:2)
It has another problem, one that's even more fundamental: The lawsuit is worthless if it can't be enforced. At some point you need to have the armed agents of the government with big guns and battering rams. If all goes well the you'll very rarely need to see them deployed, because the mere threat is enough to get people to respect any court rulings - but take them away, and the courts lose all meaning.
Re: (Score:2)
Libertarians have an answer to that, too. They say you can hire men with guns and battering rams to enforce judgements. Because they think that private police forces will be just great, and never ever abused.
Re: (Score:2)
However we're talking about software not a pharma lab with physical assets to seize. Grabbing the hardware at an office that is part of a world-wide software distribution network is about as effective as trying to put a hand-sized patch on a 30-foot hole in a ship... It's not even going to slow down the free transfer of information, and there's nothing to seize that could likely have an effect on that. Also who uses a SWAT-ish team to kick down doors for an office environment, not a meth lab?? Usually l
Re: (Score:2)
What part of a free enterprise system involves the government kicking down your doors and confiscating your means of production?
That's not "Free Enterprise". That's "American Capitalism."
Re: (Score:2)
this is "not anarchy" at work...
Re: Could get interesting... (Score:2)
Re: Could get interesting... (Score:2)
Those practices should be (made) illegal, why would anyone be allowed to claim what you did in your free time ?
Re: (Score:3)
Some people work on salary not on fixed hours so deciding what is "free time" gets murky. The corporation can always make the argument in such cases that the employee could have performed better if not distracted by a side-project. Is an employee who is developing while he is on-call for emergencies using his "free time"? Personally I'd argue yes, but I'm sure you could find lawyers that would argue otherwise. Then there is the argument that skills learned on the job were applied to the side-project whi
Re: (Score:2)
Nah those arguments are nearly always bogus. Not to get into the legal weeds but for the ethical perspective. As an employer with exempt-salaried employees you have an agree with them to deliver some level of performance however much time that may take them. Its on you to keep them informed as to if that level of performance is being met; otherwise you have a contract dispute of the employment contract.
They were either doing their job in fashion you found to be satisfying your agreement or you should have
Re: (Score:2)
Because you are thinking about it, and designing it, during your work time.
Re: (Score:2)
There is nothing to be proven. It is the logic of those people who write those contracts.
And as many of my jobs, e.g. operations or devops, include many hours were I have nothing to do, obviously I think about my pet projects.
Re: (Score:2)
Re: (Score:2)
You are paid salary. Salary means you don't have "working hours", you just complete your work whenever. What that can mean -- depending upon how the contract is written -- is that whenever you do work, you are working for the company. When you have one of those contracts, you don't do any coding that isn't for work, period. They're really abusive contracts. It's been a over a decade since I've seen one that bad, but they do exist, and it wouldn't surprise me if someone were using one.
That's probably factually incorrect in the US (it is definitely incorrect in California). And since that's where the coding was first done, that would be the jurisdiction that counts. Not sure what standing the Russian courts even have here. No matter the Russian judgement, it will likely be ignored elsewhere in the world.
Re: Could get interesting... (Score:2)
Well in the UK (and the rest of the EU for that matter) if that was correct (it is not) there is another problem for the employer, basically they would likely be paying me less than minimum wage. If everying I do belongs to my employer, I am working 24x365.25 so they had better be paying me minum wage for that. Thats just under 72k GBP in the UK, which is about three time median income, and more than most developers earn. At this juncture I would note that in the UK even if you are salaried a valid legal
That Contract (Score:2)
Re:That Contract (Score:5, Funny)
You should go to Russia and argue for just that. I'm sure it'll work.
Darl? Is that you??? (Score:5, Funny)
I'd been wondering where Darl McBride went... apparently he sought and was granted asylum in Russia...
Open-Source barn doors. (Score:2)
About nineteen years too late. Suspect there's more to this story than illicit benefits.
What criminal came up with those contract terms?? (Score:3)
And what collabortor signed them?
No, what I do in my free time is NEVER yours.
Such contracts should be illegal and in fact criminal!
Re: (Score:3)
Most jurisdictions limit the enforcement of these contracts. In general, they limit it to work that directly relates to your employer's business. For example if I'm a software developer for a financial services company and I work on an emulator in my spare time, the my employer can't claim it. However if I build a market data distribution system in my spare time, they can claim it. This is to protect against conflicts of interest where employees start a competing company before they quit (you're suppose
most widely deployed? (Score:5, Informative)
In February 2019, NGINX finally dethroned Apache HTTPD and became the most widely deployed server on the internet. According to the Netcraft December 2019 Web Server Survey [netcraft.com], NGINX has market share of 38%.
Funny, when I go to that report I see that, yes nginx has the highest number of reported sites:
Market share of all sites
- nginx 479,072,656 (37.77%)
- Apache 308,978,570 (24.36%)
- Microsoft 185,084,122 (14.59%)
But if you look at the number of computers and domains, which I assume correlate to installs, you see a different metric:
Market share of computers
- Apache: 3,326,508 (35.27%)
- nginx: 3,010,730 (31.92%)
- Microsoft: 1,633,117 (17.32%)
Market share of domains
- Apache 72,324,357 (29.67%)
- nginx 61,858,384 (25.38%)
- Microsoft 46,066,151 (18.90%)
It looks to me like King Apache hasn't been dethroned yet.
Re: (Score:3)
Regardless, I had no idea nginx was quite that popular. I tend to think of it as a little hobby server for people who aren't trying to do anything complicated.
Load balancers (Score:2)
Re: (Score:3)
...Regardless, I had no idea nginx was quite that popular. I tend to think of it as a little hobby server...
I switched to nginx because of the things it does, and does better than Apache. nginx is far, far from a little hobby server.
Re: (Score:2, Interesting)
...Regardless, I had no idea nginx was quite that popular. I tend to think of it as a little hobby server...
I switched to nginx because of the things it does, and does better than Apache. nginx is far, far from a little hobby server.
Like? Everything that I've done has required apache2 because nginx has no similar functionality or modules.
Re: (Score:2)
...Like?...
Rational configuration file syntax, a syntax that does look like one pile heaped upon another pile.
Re:most widely deployed? (Score:4, Interesting)
...Regardless, I had no idea nginx was quite that popular. I tend to think of it as a little hobby server...
I switched to nginx because of the things it does, and does better than Apache. nginx is far, far from a little hobby server.
Like? Everything that I've done has required apache2 because nginx has no similar functionality or modules.
Like?
Load Balancing with down detection. NGINX can have a pool of backend servers and send the request to a backend server based on different metrics (least connections, time of response, manual weights etc) and remove one if it stops working. Good luck trying to do that with APACHE.
Re: (Score:2)
It's easy with Apache. You just put an F5 Big-IP in front.
Re: (Score:2)
Re: (Score:2)
Apache httpd 2.4 has dynamic health checks: https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html
So it has load balancing, down detection, as well as dynamic reconfiguration. Plus, is just as performant as nginx is. Most of the FUD around the "nginx vs apache" arguments are based on old data, long since no longer relevant.
Re: (Score:2)
It is a huge improvement to be sure, but the down detection doesn't look as good as NGINX has it. Where I work, NGINX is the load balancer for APACHE. I would love to streamline the setup.
Re: (Score:2)
That one is much more limited. It looks like with some scripts, you could make this close, but not enough to match. NGINX is the more complete product in this space.
Re: (Score:2)
No, it is not "some scripts". Did you even LOOK at the link? Likely not.
Re: (Score:2)
You really need to work on your reading comprehension. I meant that PLUS some scripts would bring it close to NGINX.
Re: (Score:3, Informative)
A very common pattern is emerging of breaking complex monolithic web experiences into lots of little independently deployable experiences, each as its own Docker container. Each node is individually responsible for a very narrow set of functionality. In this model, you want something super lightweight and fast for a webserver because you don't need a complicated web server capabilities. Ngnix shines in this space.
Comment removed (Score:5, Informative)
Re: (Score:3)
It looks to me like King Apache hasn't been dethroned yet.
You're wrong and Netcraft confirms it. ;-)
Re: (Score:2)
I was hoping someone would catch the "Netcraft confirms it" trope.
Re: (Score:2)
What's interesting is that ONLY Netcraft confirms it. Check out the numerous other web server surveys. They show Apache either neck-and-neck or with almost 58%.
Re: (Score:2)
I would assume the most widely deployed web servers are tomcats and jetty's.
This is how they steal everything (Score:5, Insightful)
The police move in and seize everything. Another company or group claims through the courts that they are the proper owners. All rights are quickly transferred by court order to the complainant. The creator hires a lawyer to defend his creation. The lawyer is arrested on some bogus trumped up charge, and he troublesome he dies in jail due some " terribly unfortunate incident" . The original creator gets the message that his work has all been stolen and given to another crony of Vladimir Putin.
The courts are rigged, the police are rigged, because Russia is actually run by the worlds largest criminal cartel. Hopefully as many staff as possible are in San Francisco and cant be squeezed.
NGINX was invented... (Score:3)
...because the impact on US productivity from the Tetris virus had tailed off, so they needed something else to screw us over.
Why do you think this is capitalism? (Score:4, Informative)
When feudalism is a closer fit to our current employer-employee relationship in the tech world? Patents and copyright are this era's equivalent to land tenure. [britannica.com]
Re: (Score:2)
Capitalism is capital controlling the means of production. IP is one of the means of production. Patents, copyrights, and trademarks are all controlled by capital. QED, that's capitalism, baby.
I like Apache better anyways (Score:2)
Not quite as fast, but while writing Apache modules gives you a nasty headache, trying the same in NGINX is likely to result in cerebral hemorrhage.
Re: (Score:2)
Re: (Score:2)
Maybe you should find out what I am talking about before commenting...
how will this effect nginx oss? (Score:2)
how can they even win this case, except maybe for damages or something?
it's an oss project, the code is out there and easy to get, they can never ever retract it.
even if they manage a worldwide ban, we can rewrite all the stuff written before 2004. with everything we know & learned since then, it might even be better, more efficient code.
Damn commies! (Score:2)
Re: Compromised (Score:2)
LOL, why ?
Re: (Score:3)
You do realize that even the summary indicates that it was open-sourced fifteen years ago, and that its development has been independent of Rambler Group since at least the time, if not for its whole existence, right?
To me this echoes the rise of Bolshevism, when private interests were seized by the state. In this particular case I'm not sure what the goal besides driving F5 out of doing business with Russian firms would be, but this seems to be a 'take our ball and go home' move.
Re: (Score:2)
Maybe the Russian government wants more control of the company so they can call dibs on any future exploits, and delay patching until they are done exploiting it?
Re: (Score:2)
Its open source, they dont have to close down the company to look for security holes.
Re: (Score:2)
Anyone can fork it, however there could be problem if copyright is transferred via russian court, new owner could start issuing DMCA takedowns
Re: (Score:2)
You think a Russian company is going to issue DMCA takedowns?
Tetris v. XIo (Score:2)
You think a Russian company is going to issue DMCA takedowns?
Yes. Think back seven years to a well-known company co-founded by Russian-born video game programmer Alexey Pajitnov, which not only issued notices of claimed infringement pursuant to OCILLA but successfully sued another company that had reimplemented the game design [slashdot.org]. The ruling in Tetris v. Xio was among several events of the first half of the 2010s that ruined the legitimacy of esports for me.
Re: (Score:2)
Since this is Russia, it really feels more like Stalinism than McCarthyism.