Comment by jrmg
1 day ago
Techies like us get caught up in mechanism all the time in discussions like this.
But, though there are some explicit laws where that’s how it works, that’s not generally how the legal system works. If I have a private server, and I don’t give you permission to access it - or, even better, tell you not to, it doesn’t really matter how I secure it. If you access it, you’re in the wrong.
To give a physical analogy, it doesn’t matter how I’ve secured my house. Even if the door is open, you’re not allowed to just waltz in (or, to take it a bit further, come in and start using my stuff).
That is how I (a non-lawyer) understand it as well, but I wonder if it's so simple when you combine it with the GPLness of it all. Like, releasing something under the (A)GPL is a license to use and modify the code how you see fit, and that goes "virally" through the forks. This fork is just using their own GPL-licensed code, and it seems unreasonable (for some definition of "unreasonable") to limit forks in this way. I think it's plausible you can make an argument that if you make this kind of restriction in your GPL codebase, you're violating the GPL license of the original ("upstream") authors.
In general, I agree with you. However, to extend your analogy a bit further, so that it applies to _this_ situation: suppose you buy said house. When the former owner hands over the keys, you copy them. Then, one day, you enter the house using the copied key. The former owner can't really be all that upset, can they?
1. You bought the house. 2. They gave you a key, which implies that you have permission to use it. 3. Is the problem really the _copy_ of the key?
With no authentication it's a "gates down" scenario and it's assumed that if you put your server on the open internet you intend people to connect to it.
With authentication it's "gates up" and then "without authorization" from CFAA kicks in. I think it's unlikely that a user agent string creates a "gates up" situation, especially not if it's from code granted under a permissive license.
The law isn't some autistic computer system, "authentication" is a very broad and amorphous term.
If I build their slicer, not modifying any line of code, then accessed using that binary, would that be acceptable? If not, why not, considering it is identical to what is on their website?
If I made any changes prior to building, would it still be acceptable? And if not, where is the line? What is the legal basis, any precedent? How much of the code may I modify before I cross an invisible threshold and somehow "bypass" an "authentication" (neither fit UA anyways, either for law or other purposes unless one can provide any evidence that it ever has).
Even if that’s correct, Bambu has a right to then press charges on the users, but can’t really complain about the guy simply copying AGPL software to make it work. He’s not the one doing the illegal part.
Bambu clearly didn’t want to press charges on their users, though, so they weaponized the law to try and prevent this, and it’s causing them issues.
In any case, we’re not in some “only the laws matter” reality, we’re also have ethics and morals to consider, in which case Bambu is clearly in the wrong. If they want to secure their servers, they should do it properly rather than using legal threats.
1 reply →
I have a mailbox in a multi family home. The keys are numbered and standardized. There are identical mailboxes out there that have the same key as me. In fact, I had to buy a replacement key since the original key broke and I just had to tell the manufacturer which number my mailbox had.
My neighbor could in theory buy the key to my mailbox, but it would be illegal for him to actually open my mailbox and read my mail.