Codeberg/Community
54
327
Fork
You've already forked Community
12

[Somehuman/Simpla-keygen-ugly] Unknown legal status (copyrighted source leak?) #172

Closed
opened 2020年04月26日 17:01:53 +02:00 by ReportingTest · 4 comments

Somehuman/Simpla-keygen-ugly appears to be key generator stolen from Simpla CMS (http://simplacommerce.com, http://simplacms.ru). This keygen is available on http://license.simplacommerce.com. It also has corrupted encoding.

Simpla CMS copyright status is unknown. It was clearly non-free software, but few days ago blog posts appeared both on Simpla website and on its author blog, saying it is dedicated in public domain or CC0 if impossible.

These posts are now gone. CMS author did not say anything on it but he closed an issue about DRM removal due to public domain dedication on GitHub. Other people say someone attacked the website and Simpla remains non-free.

I'm not sure about legal status of this keygen and Simpla CMS, but its encoding is corrupted. I have non-corrupted copy if required. There is also keygen which most likely doesn't contain original code, but keys are useless without Simpla CMS.

Should we remove this repository from Codeberg?

Somehuman/Simpla-keygen-ugly appears to be key generator stolen from Simpla CMS (http://simplacommerce.com, http://simplacms.ru). This keygen is available on http://license.simplacommerce.com. It also has corrupted encoding. Simpla CMS copyright status is unknown. It was clearly non-free software, but few days ago blog posts appeared both on Simpla website and on its author blog, saying it is dedicated in public domain or CC0 if impossible. These posts are now gone. CMS author did not say anything on it but he closed an issue about DRM removal due to public domain dedication on GitHub. Other people say someone attacked the website and Simpla remains non-free. I'm not sure about legal status of this keygen and Simpla CMS, but its encoding is corrupted. I have non-corrupted copy if required. There is also keygen which most likely doesn't contain original code, but keys are useless without Simpla CMS. Should we remove this repository from Codeberg?
ReportingTest changed title from (削除) [Somehuman/Simpla-keygen-ugly] Unknown legal status (削除ここまで) to [Somehuman/Simpla-keygen-ugly] Unknown legal status (copyrighted source leak?) 2020年04月26日 17:04:58 +02:00
Member
Copy link

user+repo deactivated for the time being.

Thank you for reporting.

user+repo deactivated for the time being. Thank you for reporting.

Looks like Simpla is WTFPL Version 2 at the moment (note version number was not changed). It is archived in Wayback Machine but link is currently broken (may work in future).

Old EULA is still present on website, but you can bypass it by using this link.

Not sure whether it is actually available under this license or website is attacked once again, but license checks are removed from this code.

English version (2.3.7) is not [yet] available under WTFPL but IIUC it is outdated version with Russian strings replaced with English ones (something is still in Russian).

It looks like both their website and author's blog are still vulnerable to attacks.

Is Simpla free or no? Will it become free in license replacement attack case?

Looks like Simpla is WTFPL Version 2 at the moment (note version number was not changed). It is archived in Wayback Machine but link is currently broken (may work in future). Old EULA is still present on website, but you can bypass it by using [this](http://simplacms.ru/downloads/simpla.zip) link. Not sure whether it is actually available under this license or website is attacked once again, but license checks are removed from this code. English version (2.3.7) is not [yet] available under WTFPL but IIUC it is outdated version with Russian strings replaced with English ones (something is still in Russian). It looks like both their website and author's blog are still vulnerable to attacks. Is Simpla free or no? Will it become free in license replacement attack case?
Member
Copy link

If the author intends to publish it we are happy to reactivate account+repo.

If the author intends to publish it we are happy to reactivate account+repo.

Looks like another attack on them. Old EULA is present again.

Most likely, this software is dead and author does not intend to publish it. There is also active plagiarized CMS with similar key generation algorithm (minor changes made).

Author's email address is pikusov@gmail.com if you wish to contact him.

Fortunately, software like OpenCart is much better than Simpla CMS.

Looks like another attack on them. Old EULA is present again. Most likely, this software is dead and author does not intend to publish it. There is also active plagiarized CMS with similar key generation algorithm (minor changes made). Author's email address is [pikusov@gmail.com](mailto:pikusov@gmail.com) if you wish to contact him. Fortunately, software like OpenCart is much better than Simpla CMS.
Sign in to join this conversation.
No Branch/Tag specified
main
No results found.
Labels
Clear labels
accessibility

Reduces accessibility and is thus a "bug" for certain user groups on Codeberg.
bug

Something is not working the way it should. Does not concern outages.
bug
infrastructure
Errors evidently caused by infrastructure malfunctions or outages
Codeberg

This issue involves Codeberg's downstream modifications and settings and/or Codeberg's structures.
contributions welcome

Please join the discussion and consider contributing a PR!
docs

No bug, but an improvement to the docs or UI description will help
duplicate

This issue or pull request already exists
enhancement

New feature
infrastructure

Involves changes to the server setups, use `bug/infrastructure` for infrastructure-related user errors.
legal

An issue directly involving legal compliance
licence / ToS

involving questions about the ToS, especially licencing compliance
please chill
we are volunteers
Please consider editing your posts and remember that there is a human on the other side. We get that you are frustrated, but it's harder for us to help you this way.
public relations

Things related to Codeberg's external communication
question

More information is needed
question
user support
This issue contains a clearly stated problem. However, it is not clear whether we have to fix anything on Codeberg's end, but we're helping them fix it and/or find the cause.
s/Forgejo

Related to Forgejo. Please also check Forgejo's issue tracker.
s/Forgejo/migration

Migration related issues in Forgejo
s/Pages

Issues related to the Codeberg Pages feature
s/Weblate

Issue is related to the Weblate instance at https://translate.codeberg.org
s/Woodpecker

Woodpecker CI related issue
security

involves improvements to the sites security
service

Add a new service to the Codeberg ecosystem (instead of implementing into Gitea)
upstream

An open issue or pull request to an upstream repository to fix this issue (partially or completely) exists (i.e. Gitea, Forgejo, etc.)
wontfix

Codeberg's current set of contributors are not planning to spend time on delegating this issue.
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
Codeberg/Community#172
Reference in a new issue
Codeberg/Community
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?