[Liverpool] Software freedom (problems at the University)

oscillik oscillik at gmail.com
Wed Dec 16 18:09:01 UTC 2009 

*slow clap of appreciation*

as much as i hate Apple and their self-riteous certification that they 
don't require AntiVirus (yet!), i am in TOTAL agreement with you 
regarding forcing people to install software just to gain access to the 
wireless network.

i can see that you have spent a good deal of time disecting the EULA, 
and while i cannot read through it at work due to my break only being 15 
mins, i know i shall have great enjoyment reading through and seeing 
your comments on Sophos' EULA.

yes Vlad, i am agreeing with you :D

you'll have to keep us all posted on what happens, hopefully they will 
see some sense and at least put measures to stop this silly requirement.

Vladimir wrote:
> Hello, everyone!
>
> Once again I am shocked by the University's practices regarding the 
> software and standards. So will forward 
> my email that I just sent to them, looking for any comments and 
> suggestions (as I expect, this is going to go
> far this time). The email is pretty much self-explanatory:
>
>
>
>
>
>
> ----------------------------------
> To whom it may concern:
>
> I am writing to report a problem which is preventing me from 
> connecting to a University wireless encrypted network, 
> so called "SuperRoamNet".
>
> I do not use Microsoft software neither do I run their OS on any of my 
> machines.
> I have a macbook, running either latest OS X v 10.5.8 or Linux (kernel 
> 2.6.x) 
> which I was trying to connect to SuperRoamNet. 
>
> The University computing services require students to download Sophos 
> anti-virus software
> to be able to pass the "security check" of some sort, to "prove" that 
> their machine is not infected
> by malicious software that could be potentially detected by Sophos 
> anti-virus application (or should I say
> /could not be detected/ - will come back to this later). 
> Without coming back to the discussion I had at the computer helpdesk 
> with the people working there,
> about the mathematical possibility for a Mac OS X or indeed any other 
> BSD based or *nix system, there are
> reasons that prevent me from installing your proprietary Sophos 
> anti-virus application.
> The reasons are hidden in EULA of Sophos. While 90+% or the general 
> public are not concerned with
> what is being inside those licence agreements, I am one of those 
> people, who is very careful with software 
> licences. 
> I want you to read this letter carefully, as I have put a substantial 
> amount of my personal time to compose it.
> So I can not agree to the following parts of the Sophos EULA:
>
>
> *12.1.1 You expressly give Sophos permission to include and publish 
> Your name and logo on lists of Sophos’s customers for the Licensed 
> Products*
>
> No, I do not wish that my name/logo was published on the lists of 
> Sophos's customers, as I do not wish to be a customer of this company.
>
>
> *13.4 You shall permit Sophos or an independent certified accountant 
> appointed by Sophos access on written notice to Your premises and Your 
> books of account and records at any time during normal business hours 
> for the purpose of inspecting, auditing, verifying or monitoring the 
> manner and performance of Your obligations under this End-User Licence 
> Agreement *
>
> This is ridiculous. No comments.
>
> *13.5 Sophos may at its sole discretion subcontract any of its rights 
> or obligations hereunder to any of its subsidiaries, resellers, 
> distributors or dealers, as applicable.*
> *
> *
> Meaning that at "its sole discretion" they can drop their 
> responsibilities any time. What kind of a contract is this?
>
> *3.1** **Evaluation. You may use the Software for evaluation purposes 
> only in a test environment without payment of a fee for a maximum of 
> 30 days or such other duration as is specified by Sophos at its sole 
> discretion.  *
>
> Although I was assured by the staff at the support desk that the 
> application is 'free' (as in free beer), this seems not to be the 
> case. It seems that all the students at the University
> are using the software illegaly [after 30 days of evaluation period].
>
> *3.4 Restrictions. You are not permitted to:*
> *[...]*
> *3.4.7 use the Licensed Products in or in association with safety 
> critical applications such as, without limitation, medical systems, 
> transport management systems, vehicle and power generation 
> applications including but not limited to nuclear power applications;*
> *
> *
> I do run critical applications on my computer. That is ssh logins to 
> remote servers for example. Or transferring valuable and sensitive 
> personal data across the backup servers. And yes,
> I am a performing musician and a sound-engineer. I do run critical 
> applications at the concerts and festivals. Sometimes it is a 
> EQ/limiter/compressor application through which the 
> main signal to the FOH is routed. These are critical applications, 
> which to my view fall under the definition of  "not limited to..." in 
> chapter 3.4.7
> But even if I wasn't running these applications (rendering my portable 
> computer useless), agreeing to the EULA, I would still not be able to 
> install it, as the licence agreement
> simply doesn't allow me to sign it on the basis of the following 
> paragraph:
>
> *3.4.8 use the Licensed Products for the purposes of competing with 
> Sophos, including without limitation competitive intelligence.*
> *
> *
> You see: GNU/Linux operating systems are bullet-proof from the viruses 
> that might be invented in the future, by design. At the moment such 
> malicious 
> software, that would require a GNU/Linux system to add an extra layer 
> of security (i.e. anti-virus application), simply doesn't exist. So 
> GNU/Linux system may
> be considered a product that is competing with Sophos, by the means of 
> developing a different kind of environment that doesn't need the type 
> of commercial
> products of proprietary nature that Sophos provides. Being an active 
> Open Source society member, I do contribute to the developing 
> community on a regular
> basis, and my constant efforts include improving the environment of 
> GNU/Linux operating systems. Therefore by using the Sophos software I 
> would gain 
> the /competitive intelligence, /which is forbidden by the chapter above.
>
> *5.4 You shall at Your own expense hold harmless, defend and fully and 
> effectively indemnify Sophos against any claims, proceedings, damages, 
> costs, expenses or other liability whatsoever arising out of, 
> resulting from or relating to Your use of the Licensed Products 
> (including without limitation breach of Your warranty in Clause 5.3) 
> and/or any Suggestions.*
>
> I don't know any person in a clear state of mind who could sign this 
> after reading this paragraph.
>
>
> ------------------------------------------------------------
>
>
> I think there's enough of the evidence, that I can't sign this EULA. 
> But that wouldn't be the whole picture if we didn't look at the 
> paragraph 6.1
> which says:
>
> *6.1 [...] SOPHOS DOES NOT WARRANT THAT THE LICENSED PRODUCTS WILL 
> DETECT AND/OR CORRECTLY IDENTIFY AND/OR DISINFECT ALL THREATS, 
> APPLICATIONS (WHETHER MALICIOUS OR OTHERWISE) OR OTHER COMPONENTS.*
> *
> *
> Yes, in BIG CAPITAL LETTERS, they say, that even after you agree to 
> "defend and fully and effectively indemnify" them against any damages, 
> claims, costs, proceedings "whatsoever" and allow them to publish your 
> name and logo somewhere publicly, and even after you allow them into 
> your home as described in paragraph 13.4, even after all that they do 
> not guarantee
> that their software will do what it is intended to do. 
>
> So coming back to the first lines of this email; it seems that the 
> model that the University computer services employ to "check" the 
> machines running Unix family operating systems (and in fact MS Windows 
> machines too) is useless. What is the point of requiring the 
> protection for a very very very theoretical threat (virtually 
> non-existent) by the means of the tool that 
> "doesn't warrant" any protection whatsoever? 
>
>
> I do ask you to register the hardware mac address of the my machine to 
> my MWS services username bypassing your normal procedures which are 
> useless, as I just showed you in this email.
> Requiring the signing of this draconian licence agreement can be 
> considered as a discrimination on the grounds of my operating system 
> choice, my personal beliefs and political
> views. 
>  
>
> Looking forward to hear back from you as soon as possible,
>
>
>
>
>
>
> Sincerely,
>
>
> Vladimir J.
> -------------------------------------
> ------------------------------------------------------------------------
>
> _______________________________________________
> Liverpool mailing list
> Liverpool at mailman.lug.org.uk
> https://mailman.lug.org.uk/mailman/listinfo/liverpool

More information about the Liverpool mailing list