Russian media group Rambler is trying to keep Nginx hostage

Enlarge / This image of the list is somewhat hyperbolic – co-founders of Nginx Sosoev and Konovalov did not spend time in prison, they were “simply” detained and interrogated at gunpoint in their homes at 7 am local time.

Maxim Konovalov and Igor Sysoev – founders and makers of the popular web server software Nginx – were arrested, detained and questioned last Thursday. Sysoev’s former employer, Rambler – Russia’s third-largest internet company, which at the height of the English-speaking world occupies a position similar to Yahoo or AOL at the height of the English-speaking world – claimed to be entitled to Nginx source code owned by Sysoev who originally developed it while working at Rambler.

In an interview with Meduza.io – a news site focused on the Russian and former Soviet Union reporting – founder Konovalov explained Rambler’s movement as “a typical racket, so simple”, and further stated that no attempt had been made to negotiate with or even inform him or Sysoev before the raid took place. Their first indication of a problem came with police raids that held the two, seized IT equipment from them and interrogated them early that morning. Konovalov described the raid as “professional and polite, if you exclude the fact that agents of special forces with automatic weapons were nearby . then there were interrogations. In general, the questions were not particularly interesting or pleasant.”

Konovalov characterized the move as a money-saving shakedown from current leadership at Rambler, inspired by Nginx’s acquisition of $ 670 million by US tech giant F5 Networks about six months earlier.

He said to Meduza:

Nginx was officially registered in 2011, and it is now 2019, and in all this time Rambler has never raised any problems . there was a deal with F5, the big money became palpable, and then we see the desire to have a piece to tackle for themselves. It is a typical racket. Simple as that.

Konovalov and Sysoev did not even know for certain which charges were being brought against them. But earlier today, Rambler asked the Russian courts to withdraw the criminal prosecution and instead went to civil proceedings. This follows Konovalov’s earlier prediction that the charges were only used as an excuse to go on an expedition for leverage in a civil case. Rambler further claimed that it broke ties with the “Lynwood” law firm that had initiated criminal prosecution; but this probably only seems like a move for the show, because Lynwood Investments is tied to Alexander Mamut – a Russian billionaire who is co-owner of Rambler himself.

A simple cash withdrawal?

Although Nginx co-founder Konovalov characterizes the Rambler movement as a simple cash grip inspired by the $ 670 million acquisition of Nginx, the potential impact is much broader than ~ 42 billion rubles in cold hard cash. A successful retroactive takeover of the rights to Nginx would not only give Rambler access to that money – it would also offer the possibility to invalidate the full open source license of the Nginx platform.

This, in turn, would effectively open up the entire developed world technology industry to shakedowns for licensing costs – both for continuous operation and in theory with retroactive effect for more than a decade of “unlicensed” use.

Because the Nginx license was a weak, tolerant license – largely related to the BSD license, which requires nothing but the recognition of the original copyright notice in source code and documentation – Nginx is not only directly distributed as a web server used on computers for general purposes, but also as an important embedded part of many other solutions. For example, the Blue Coat devices from Symantec, the email apps from Sophos and the Open Connect devices from Netflix all depend on Nginx.

Returning to “simple” software implementations, the British internet company Netcraft lists Nginx as the most common internet-oriented web server in the world in its Q3 2019 web server survey, with more than 31 percent of all sites surveyed detected as Nginx. . Filtering on only “active” sites seems to reduce Nginx to the second most common server, with Apache at 30 percent and Nginx at 20 percent. But this conveniently ignores no less than 37 percent of the “other” results, which means that web servers are too tight in production to be easily classified. Many of those “other” servers will also be Nginx or Nginx derivatives.

Enlarge / From December 2019, Nginx is even more popular than Apache. Netcraft confirms it.

If Russian courts were to give Rambler a civilian victory and grant her ownership of the rights to Nginx, the far-reaching impact on the entire global technical industry is even difficult to estimate. A simple, self-hosted blog could potentially exchange Nginx for Apache within a few hours. A more complex and highly optimized site, designed to handle a lot of traffic, can get up again almost as quickly, but can work for a week with reduced capacity.

Meanwhile, the industrial giants that depend on Nginx are Facebook, Netflix and WordPress. Add to Cloudflare’s Content Distribution Network and DDoS security service, and it becomes easier to discuss which part of the internet would not stop working without Nginx than which.

It seems hard to believe that this fact was lost among the Rambler executives who initiated this grab. But it also seems hard to believe that the rest of the world would tolerate it and respect a decision of the Russian court with such far-reaching consequences. To add to the obvious clarity of the grab – more than a decade after Nginx as both a service company and a significant part of the global internet infrastructure – Igor Ashmanov, a Rambler chief from the time Sysoev worked at the company, stated on Facebook that “software development was not at all part of [Sysoev’s] job description”, and “Rambler can [probably not] come up with a piece of paper, let alone a non-existent job to develop a web server. “

This author believes that it would be difficult to find a court outside the direct control of Russia that would issue orders based on such a decision that would necessarily bind the fully visible internet of the operation. No matter how dark politics has become, I believe that corruption is immediately and clearly visible and harmful to both giants in the technical industry and ordinary citizens – no cat knife today. No pictures of each other’s lunches? Sacrilege! – would represent immediate political suicide, no elected official would likely believe he could ignore.

Similar Posts

Leave a Reply