Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
GNU is Not Unix Software Linux

Castle Denies GPL Breach 425

Posted by chrisd
from the right-back-at-cha dept.
Anonymous Coward writes "Castle Technology, who were accused of breaching the GPL in RISC OS 5, have made a press release denying the allegations. This story has been covered on The Iconbar RISC OS news and resource site." We've given Castle some loving here on slashdot recently. Looks like this one isn't going away quietly.
This discussion has been archived. No new comments can be posted.

Castle Denies GPL Breach

Comments Filter:
  • by sulli (195030) on Monday February 10, 2003 @02:50PM (#5272870) Journal
    At least not until they change their name to GNU/Castle
  • From what I understand, the GPL (and most software licenses it seems) has never been tested in court. Perhaps this will be that test. I only hope that the GPL holds up in court.

    So it's, one, test the GPL in court, two, pray it holds up???, three, GPL software profits!

    Imagine how happy Microsoft would be if the GPL is ruled invalid...
    • by LMCBoy (185365) on Monday February 10, 2003 @03:00PM (#5272972) Homepage Journal
      From what I understand, the GPL (and most software licenses it seems) has never been tested in court.

      Your parenthetic clause is important here. I can't imagine a situation where the GPL could be ruled invalid without basically saying no software licenses are valid. I don't think Microsoft would be very happy about that. :)
      • There's a bit of a difference between the GPL and the standard Microsoft EULA, though. You don't have to agree to the terms of the GPL in order to use GPL'd software or even source code for that matter, as the GPL only comes into play when you actually redistribute the binaries and/or source. With a Microsoft EULA, you're forced into agreeing with the terms of the license before you can even use the software.

        Don't know what kind of difference that would make. I guess it comes down to whether or not clicking 'next' on an EULA dialong to agree is binding. It's not like you've signed anything.

        J
        • by Shadowlion (18254) on Monday February 10, 2003 @03:21PM (#5273177) Homepage
          Don't know what kind of difference that would make.

          Not a ton. Assuming the GPL is tossed out, that means Castle gets only the standard set of rights that copyright grants, which still denies them the ability to use this code (since they didn't ask permission of the copyright holder).

          So the only way Castle can really win is to prove they didn't use the code in question.

        • this case would be in the UK, where click through licenses are not valid anyway, so the difference with the Microsoft EULA is not important.
          • this case would be in the UK, where click through licenses are not valid anyway [...]

            That's not quite the entire truth. The click-through licence is not invalid because it's a click-through licence. The problem is that the customer is able to buy the software (which closes the deal) without seeing or agreeing to any terms first.

            I read today (albeit about German law, but it might well be the same in the UK) that even a notice on the outside of the box saying you must agree to an EULA is not enough to make the EULA legitimate.

            Furthermore, there are legitimate questions as to whether clicking something may represent contractual agreement. What if someone under 18 (who can't legally be bound by many such contracts) clicked it? There's no proof who clicked something - a signature shows who the signer was; it could be forged but that's what witnesses are for. There's also the problem of pre-installed (ie: pre-clicked) software...

            -- Steve

      • The difficulty in the GPL comes in PROVING that it was violated. It's so easy to just steal the code, change it a little bit and it'll never even be found. The GPL is a lot like the honor system.. Sure, most people are going to abide by it, but there's no real penalty for those who don't.
    • Except that the GPL gives you rights that you would not have, under normal laws dealing with the code, the copywrite laws.
      So if the GPL is ruled invalid the sourcecode would fall under the copywrite and castle or microsoft would have the same rights the that code that you do to microsoft code.
    • by His name cannot be s (16831) on Monday February 10, 2003 @03:08PM (#5273060) Journal
      It's not like the GPL needs to be tested in court. Niether would a court decision "make microsoft happy"

      The GPL is a license to software. Plain and simple.

      Without a license, you cannot use copyrighted material. If you use copyrighted material, without a license, you are in violation of that copyright. The only matters before the court would be "did you use the software" and "are you licensed to do so".

      With the GPL permission is granted to anyone to use the software with those restrictions spelled out in the agreement. If you use the software, and do not follow the terms of the agreement, your license is null and void, and you are in violation of copyright law.

      IANAL, but I did stay in a holiday in last night:

      Copyrights (and patents) do not have to be vigorously protected, only trademarks do. Without vigorously protecting your trademark, it can be ruled invalid. Your copyright on a work can not be ruled invalid, if it truly is your work, and it is not simply the stating of fact (like a phonebook)

      Microsoft would *not* like to see the GPL ruled invalid, because that would be a dent in all copyright law. As a matter of fact, Microsoft could make serious money off of GPL software if they so chose.

      Imagine this:

      Microsoft decides to throw away sourcesafe, because it blows dog chunks. Instead they grab the source for CVS and compile it up, slap a sticker on the CD, and sell it as MS CVS.

      Thousands of developers would start coughing up money for this "new" product. Heck, the package could even put the GPL on the outside, and state that the source code would be included on the CD. I know for a fact a couple of companies who would by enough licenses for all their developers withou batting an eyelash. Heck, MS could even give the same support they give SourceSafe now: NONE.

      Microsoft is not *afraid* of the GPL. They are afraid of people who sell software cheaper than them. If that means free, well, that pisses them off, but no more so if the software is BSD Licensed, GPL Licensedor Python Licensed.

      HNCBS
      • Without a license, you cannot use copyrighted material. If you use copyrighted material, without a license, you are in violation of that copyright. The only matters before the court would be "did you use the software" and "are you licensed to do so".

        This isn't technically true. You are allowed to use copyrighted materials without a license, but you aren't allowed to copy, distribute, modify or derive from copyrighted material without a license. The DMCA has restricted this a little more so that now a company can require you give up some of the rights you would have had without a license in order to use their product (which is one of the huge issues with the DMCA), but the GPL doesn't rely on this.

        The GPL specifically provides that you are not required to accept the license, but without accepting it the author gives you no rights above the standard ones provided by copyright law (pretty much reading the source code and running the software)

      • With the GPL permission is granted to anyone to use the software with those restrictions spelled out in the agreement.

        Freedoms. You mean freedoms, not restrictions. (/sarcasm)

        People sometimes forget that the GPL is a restrictive license. Less restrictive that a proprietary license, but restrictive nonetheless.

        • You do not understand what you are saying.

          If there was no GPL on the code, you would be able to do less with the code than the GPL allows you to do. Applying the GPL to a work removes restrictions. For example, without the GPL, you would have zero rights to copy it.

      • by ChaosDiscord (4913) on Monday February 10, 2003 @03:40PM (#5273341) Homepage Journal

        The GPL is a license to software. Plain and simple.

        Without a license, you cannot use copyrighted material. If you use copyrighted material, without a license, you are in violation of that copyright. The only matters before the court would be "did you use the software" and "are you licensed to do so".

        You are operating on a popular but completely incorrect belief. This incorrect belief grants copyright holders far more power than the law really gives them. Copyright industries want to encourage this erroneous belief but we need to fight back.

        You do not need a license to use material protected by copyright. If I buy a book, a DVD, or a CD I'm free to take it hope and read it, watch it, listen to it, loan it out to a friend, destroy it, give it away, or sell it. No license is needed or granted. The particular item that I purchased is mine, the copyright holder no longer has any claim to it. What the copyright holder does have claim to is the exclusive right to make and distribute copies. (Well, the right to perform publically is also in there, and there are lots of complex exceptions, but that's the gist of it.)

        This is important and many people seem to have missed it: You do not need a license to personally use (read, watch, run, listen to, whatever) a copyrighted work you purchased.

        Given this, the GPL is not a license to use the software. You're free to use software under GPL without ever reading or agreeing to it (but you should probably note the "NO WARRANTEE" clause). You can refuse to agree to the GPL and use the software. The GPL only seriously comes into play if you want to distribute copies. Normally under copyright law you cannot ever distribute copies. The GPL is an open offer to let you distribute copies (granting you more freedom than copyright law normally allows), in exchange for certain behavior on your part.

        Normal software licenses attempt to change your purchase of a particular thing restricted by copyright into license of something you don't own. This is completely alien to the United States copyright system. In a similar case much earlier (around 1900 if I remember correctly) a publisher tried to put a license on an actual book. It was soundly defeated in court. The legal precedent for software End User License Agreements is pretty shaky, primarily resting on a single case at a lower court level (district?) that rather insanely decided that copying a program into memory to run was an infringing copy and as such required a license. It could yet be overturned. If it does get overturned traditional software will revert back to the same rules books, CDs, tapes, and DVDs live with and do fine under. The GPL will continue to work fine because it already assumes you have every right under copyright law but offers you a license to do more than copyright law allows.

        • by jpc (33615) on Monday February 10, 2003 @03:46PM (#5273372) Homepage
          and reading the press release forwarded to lkml I see that they have admitted using functions from Linux, and are prepared to give copies of the source to the authors. But they have ignored the derived works / linking parts og the license. This admission is rather bad for them, as they have admitted using copyright material in their product without permission, as if the GPL gives them this permission if they send developers copies of their own code on floppies...

          It reads:

          For the avoidance of doubt, the hardware abstraction layer (roughly
          analogous to a PC's BIOS) has it's PCI allocation and bridge setup
          based in part on the following functions from the Linux kernel sources:

          pci_alloc_primary_bus
          pbus_size_bridges
          pbus_assign_resources_sorted
          pci_setup_bridge
          pci_bridge_check_ranges
          pbus_size_mem
          pbus_assign_resources
          pci_assign_unassigned_resources
          pci_scan_bus
          pcibios_update_resource
          pci_read_bases
          pci_alloc_bus
          pci_add_new_bus
          pci_do_scan_bus
          pci_scan_bridge
          pci_setup_device
          pci_scan_device
          pci_scan_slot
          pcibios_fixup_bus
          pci_calc_resource_flags
          pci_size
          pdev_fixup_device_resources
          pbus_assign_bus_resources
          pci_do_scan_bus
          pcibios_fixup_pbus_ranges
          pci_assign_resource
          pdev_sort_resources
          pdev_enable_device
          pbus_size_io

          Any company or individual wishing to receive a copy of the source code
          to this component should apply in writing to:
          (blah)
          • by HiThere (15173) <charleshixsnNO@SPAMearthlink.net> on Monday February 10, 2003 @05:10PM (#5274344)
            They're missing the point. It's not the authors who have the right to the source. It's their customers. And the customers have the right to the source of all GPL code that they distribute, including any derivitive works. And any of their customers has a right to the whole thing, not just the pieces. (Now just what is meant by the "whole thing" is where the arguments start. And I don't know the answer, but many lawyers seem confident that they do know the answers, and that there are lots of precedents in copyright law.)

    • The GPL has never been tested in court because it doesn't need to be; it's pretty much air tight. No one has been stupid enough to try and fight it yet because it's almost guaranteed that they'll lose, the only exception being if they aren't actually using GPL code. If there were any holes in it to be exploited, or any chance of it being struck down, it would have happened by now.

      Microsoft would NOT be happy if the GPL were struck down, as doing so would basically invalidate ALL software licenses.

    • On the whole, it would be extremely difficult to convince a court that it's OK to take someone else's source code and to use it in your own product without permission. The GPL is the "permission" to create and distribute derivates of GPLed work. Arguing that the GPL is invalid would in essence be arguing that there is no permission to copy or create derivative works at all, which would be a singularly ineffective argument for most purposes!

      The GPL is in this sense a "fail safe" license, because unlike most software license it extends the rights given by copyright law rather than attempting to restrict those rights. For this reason I strongly doubt that any court case would focus on the validity of the GPL. It's somewhat more plausible that a case might be based around the meanings of terms used in the GPL, such as "derivative work", "source code", or "distribute". But if Castle did in fact use GPL code in a proprietary product, they will have a very uphill battle.

    • No, this will be a plain old copyright test case.

      Over and above the rights you have to the Linux kernel under copyright law, the GPL offers you further rights (such as the right to make a derived work) provided you agree to and follow the GPL license.

      If you do not follow the license, you are not entitled to those further rights, and you may find yourself in breach of copyright law.

      Castle's choices in this case are:
      • Castle can argue that they were complying with the GNU GPL, which allowed them to take kernel source code and use it in RISC OS (i.e. create a derived work from the kernel PCI code). This, however, is clearly not true, as they are not distributing their entire derived work (RISC OS) under the GPL. It would be different if the kernel PCI code was packaged by itself and available under the LGPL, or they had secured permission from the copyright owner of the PCI co de to use this code without following the GPL, but they didn't.

      • Castle can argue that they had made "fair use" of the Linux kernel source code, and therefore they are not breaking copyright law. However, if the PCI code in the RISC OS ROMs "substantially" copies from the Linux PCI code, then this is not true.

      • Castle can argue that they did not make "substantial" copying of the kernel PCI source. Given they have admitted that their PCI code is "based on" the kernel PCI source, that makes them look bad. What is "substantial" has to be decided by the court, but in previous cases I've read about, substantial would be anything more than a few lines of code.


  • by Skyshadow (508) on Monday February 10, 2003 @02:54PM (#5272903) Homepage
    ...they seem to be saying that they are using GPL code, and that anyone wanting it needs to send 3.5" floppies to them with return postage.

    So is it a breach of the GPL to use GPL'ed code in your product, not advertise it or tell anyone, and then when/if caught to say it was always available to anyone willing to do something as arcane as snailmail floppies? How about I just print the code out and thumb-tack it up in the employee breakroom?

    Sounds dirty to me.

    • by zcat_NZ (267672) <zcat@wired.net.nz> on Monday February 10, 2003 @03:03PM (#5272995) Homepage
      Doesn't sound much worse to me than selling copies of EMACS source code on magnetic tape (for around $100 a tape. iirc) Once it's out there, anyone else is welcome to host it on an FTP server at their own cost.

      • It's not a breach of the GPL to require reasonable costs for distributing the source code. If you're distributing binaries, you're required to distribute the source as well for no more than the cost of transfering the data. I think that it's debatable whether asking people to send a SASE and a floppy to get their copy of the source is a reasonable distribution strategy, but it's not so bad that it's clearly run afoul of the GPL. If you're just distributing the source, though, the GPL doesn't put any limit on what you can charge.

        What is against the GPL is including GPLed code and not telling anyone about it. You're absolutely required to include information about which code is covered under the GPL, an offer to provide the source to anyone who gets the binaries, and a copy of the GPL itself. If, as sounds likely, they've included some GPLed code but failed to notify users of the fact, they're already in breach whether they provide the source on floppy or an FTP site.

    • Yes, it is a breach of at least two sections of the license:
      1. The GPL requires that any work derived from GPLed code be released under the GPL.
      2. The GPL requires that any copy of GPLed code must be distributed either with the source code, or with written notice of a system good for three years from the date of distribution of distributing said source code at no cost greater than the distribution cost. (I presume, of course, that they did not in fact distribute such a notice)
      I'll readily admit I know nothing about this case, but most people who knowingly choose to release GPL code do so specifically because they intend code release to be the cost of deriving from their work. To the people who will inevitably whine about how the GPL restricts author's rights: The GPL contains a provision that you aren't even required to accept the GPL, but the author only agrees to let you modify, redistribute or derive from his code if you do.
    • by jd678 (577145) on Monday February 10, 2003 @03:15PM (#5273127)
      Did you actually /read/ the press release?

      They are currently not saying they are using GPL code, and are offering the source code for anyone to do any further analysis - this is actually more than they have to do at this stage. I'm pretty sure Justin Fletcher (who first discovered the possibility of the ROS5 sharing linux code in Nov 2002), and Russell King (who made the posting to the lkml) will be doing this.

      The PCI allocation and bus setup, derived from the linux headers, could have just as easily (technically) been obtained from PCI datasheets, but for a small company as Castle is, practically it is easier to get this information from another source. Castle are not admitting to ripping the linux kernel for the actual underlying code - besides there are probably only a few ways of going about this, and the code in assembler (which is how Justin did his analysis), would be similar in this case.

      Wait till the relevant people, with an understanding of the ARM hardware involved get a chance to check over the code before jumping on this bandwagon again.

      • by platypus (18156) on Monday February 10, 2003 @04:10PM (#5273671) Homepage
        Still, it sounds fishy. One one hand, they write

        The RISC OS 5.0[012] kernel did not contain work taken from or derived from
        the ARM-Linux or Linux kernel.

        OTOH
        For the avoidance of doubt, the hardware abstraction layer (roughly
        analogous to a PC's BIOS) has it's PCI allocation and bridge setup
        based in part on the following functions from the Linux kernel sources:
        [lot of function names]


        So, what does "based in part" mean? What is the relation between their "hardware abstraction layer" and their "kernel"?

        The answers to this questions are very relevant to the GPL.

        It sounds to me like they seem to have a reason for avoiding being more concrete, like they know damn well that something _might_ (benfit of doubt for them) be wrong, and they just wanted to get something out for damage control.

  • Confusion (Score:3, Insightful)

    by ucblockhead (63650) on Monday February 10, 2003 @02:54PM (#5272906) Homepage Journal
    It sounds like they don't understand the GPL, and think that they can comply by offering the affected routines on floppies, by mail.

    They need a new lawyer.

    • Even if they are found to be in compliance with the GPL on their stolen code in court, wouldn't there *still* be an issue of copyright? AFAIK, publishing your code under the GPL doesn't give up your copyright on that code does it? From the GNU website: [gnu.org]
      Who has the power to enforce the GPL?

      Since the GPL is a copyright license, the copyright holders of the software are the ones who have the power to enforce the GPL. If you see a violation of the GPL, you should inform the developers of the GPL-covered software involved. They either are the copyright holders, or are connected with the copyright holders.
      An overturning of the GPL is not going to announce free reign of software pirates claiming GPL'd code as their own and making a buttload of money on it. Personally, I don't see it ever coming down to this detail though.
      • Re:Confusion (Score:3, Insightful)

        by ucblockhead (63650)
        GPLing code does not give up copyright...unless you intentionally do so by assigning it to the FSF or something.


        You can GPL code and then turn around and sell the same code under another, proprietary license, for instance.

    • by zcat_NZ (267672) <zcat@wired.net.nz> on Monday February 10, 2003 @03:07PM (#5273038) Homepage
      The guy who originally wrote EMACS clearly didn't understand the GPL either. No FTP server; mailing out the source on Magnetic Tape for $100 a copy? Someone ought to be hassling him a bit more too!!

      Oh wait.. that was Richard Stallman.
      • Re:Confusion (Score:3, Informative)

        by ucblockhead (63650)
        It's the second part that's important...from their press release, they seem to think that they can just give you the source for the routines they copied. You can't even link to GPL'd code without GPLing your code. (The LGPL is a different story, though the Linux kernel isn't LGPLed, so that's moot.)
      • Confusion Confused (Score:5, Insightful)

        by XaXXon (202882) <xaxxon@@@gmail...com> on Monday February 10, 2003 @03:37PM (#5273320) Homepage
        Short response: D.U.M.B. A.S.S.

        Long response: You're still dumb, but here's why. First, making the source available for download does NOT cover the source redistribution part of the GPL, so the whole "not having an FTP server" doesn't matter. You have no responsibility to make copies of GPL software available to others for free or for cost. See the first question on the GPL quiz [gnu.org] for more details on this.

        Second, he can charge whatever he wants for sending you a copy of the program. $0, $1, $100, or $1,000. As long as he makes the source available with it, or at the cost of redistribution, everything is fine.

        I really really REALLY wish people wouldn't randomly throw RMS bashes into other good articles. "Oooh, it's a GPL-related article, let's bash RMS." I'm not a huge fan of RMS, and I still call it "Linux", but I hate it when people just go off on the guy. I hate it even more that I have to go and write a response to something this stupid and waste my time. How this got modded up to 4 (oh.. it's 5 now), I don't know..

        Bah!

      • Damn, that got to +5 funny real fast!!

        Seriously; they do need to make it clear what code is GPL'd and how to get the source (traditionally, a file called COPYING somewhere). I don't know if they've done that.

        And the GPL'd code would need to be quite separate from the rest of the non-GPL'd kernel. It doesn't sound like they've done that, but if the GPL'd code was compiled into it's own separate binary called from the rest of the kernel they'd probably be OK. Richard hates the idea, but plenty of non-GPL's linux drivers work that way (nvidia, lucent, etc)

        I don't think offering the source on floppies rather than a convenient FTP server is the real issue here.
    • Re:Confusion (Score:3, Informative)

      by Anonymous Coward
      Actually, that is perfectly alright and compliant with section


      b) Accompany it with a written offer, valid for at least three
      years, to give any third party, for a charge no more than your
      cost of physically performing source distribution, a complete
      machine-readable copy of the corresponding source code, to be
      distributed under the terms of Sections 1 and 2 above on a medium
      customarily used for software interchange; or,


      The problem is not that they would use floppy disks (which are pretty much the most frequent medium for software interchange, still), but that they apparently conveniently forgot to include that written offer!

      In addition, it would seem that we have forgotten another few phrases:

      a) You must cause the modified files to carry prominent notices
      stating that you changed the files and the date of any change.

      b) You must cause any work that you distribute or publish, that in
      whole or in part contains or is derived from the Program or any
      part thereof, to be licensed as a whole at no charge to all third
      parties under the terms of this License.

      c) If the modified program normally reads commands interactively
      when run, you must cause it, when started running for such
      interactive use in the most ordinary way, to print or display an
      announcement including an appropriate copyright notice and a
      notice that there is no warranty (or else, saying that you provide
      a warranty) and that users may redistribute the program under
      these conditions, and telling the user how to view a copy of this
      License. (Exception: if the Program itself is interactive but
      does not normally print such an announcement, your work based on
      the Program is not required to print an announcement.)
    • Re: Confusion (Score:4, Informative)

      by markov_chain (202465) on Monday February 10, 2003 @03:11PM (#5273073) Homepage
      Read the press release more closely: "based in part on the following functions" could mean that they just looked at Linux code and then wrote their own from scratch.
    • Re:Confusion (Score:4, Informative)

      by Target Drone (546651) on Monday February 10, 2003 @03:13PM (#5273101)
      No, they are saying that they did not use any GPL code.

      The RISC OS ... kernel did not contain work taken from or derived from the ARM-Linux or Linux kernel."

      If you mail them a floppy you get a copy of components source code that allegedly violates the GPL so that you can see for yourself that it's all-legit. We'll just have to wait and see if anybody gets a copy of the code mailed back to them and if it violates the GPL or not. Personally I find it fishy that they just don't post it on the web right now to clear their name. I suspect the mail in a floppy is a stall tactic.

      • The press release is a bit muddled. It also says: ...has it's PCI allocation and bridge setup based in part on the following functions from the Linux kernel sources
    • If you want their code, read the ROM. It'll be there. So technically, they aren't hiding anything.
    • Re:Confusion (Score:3, Insightful)

      by rela (531062)
      They're just offering the routines as proof that they DIDN'T use GPL'd source. They're not claiming both ways here, they're saying 'No, we didn't, and this is proof.'

      I'm sure the mailing floppies bit it to avoid having every person on Slashdot try to download a copy and cost them more in bandwidth in a day than they could pay for in a year.

  • by j_kenpo (571930) on Monday February 10, 2003 @02:57PM (#5272927)
    Its been a few days since I read the original article, but I don't seem to remember where the original allegation that they'd ripped off the Linux kernel came from, other than "the guy". Who is "the guy"? Is he an employee for Castle, possibly disgruntled, or is he just "the guy" sleeping on the couch? If there is a legitimate breach, than whoever holds the license should by all means fight. But I've always been under the impression that borrowing code from a GPL based package was acceptable, as long as credit is given where credit is due. If that's the case, and there was indeed a breach of the GPL, couldn't Castle just put the creators names in the credits, no harm, no foul? Any takes on this?
    • by Anonymous Coward on Monday February 10, 2003 @03:02PM (#5272986)
      It was originally posted on the Linux Kernel Mailing List (lkml) by Russel King, here [theaimsgroup.com].
    • I've always been under the impression that borrowing code from a GPL based package was acceptable, as long as credit is given where credit is due.


      Uh, no. You need to go read your license agreement, usually called "COPYING" in the source tree. It's quite readable, and very clear about what you must do to "borrow code". It's more than just giving credit.

      After all, that GPL code you're borrowing.. I'll bet you find it handy that you have the entire source code, and not just a useless footnote giving credit to some author. You are expected to pass on the same freedom with your software, not a 'credit'.
    • But I've always been under the impression that borrowing code from a GPL based package was acceptable, as long as credit is given where credit is due

      Your thinking about another license altogether. With the GPL, you can't "borrow code" and keep it locked up inside of your code base.

      GPL "opens" code. It does not allow people to "close up" the code. In a nutshell, if you use GPL code, you must make your source code freely available to whoever receives your binary. (There are a number of subtle points beyond this, but this is the GPL in a nutshell).

      If you aren't going to make your source code available, then don't include GPL code with your code. It's simply a matter of choice.

  • by teamhasnoi (554944) <teamhasnoi AT yahoo DOT com> on Monday February 10, 2003 @02:57PM (#5272938) Homepage Journal
    why not release the source online, rather than using snail mail and floppies?

    Unless there is skullduggery afoot... hmmmm.

    /rubs chin, cues "Scooby Doo" intro music

    • why not release the source online, rather than using snail mail and floppies?

      Obviously, they're trying to create a high level of hassle to get the code. They assume people won't want to go through the PITA that mailing a floppy represents.

      I propose we kick their ass at this game. Here's the procedure:

      Everyone reading this, go grab a 3.5" floppy from your old disk box or the supply room or whatever. Mail it to the address below along with a note requesting a copy of their GPL'ed source code:

      The Managing Director
      Castle Technology Ltd
      Ore Trading Estate
      Woodbridge Road
      Framlingham
      Suffolk
      IP13 9LL

      Let's see how they like making 50,000 copies onto floppies...

      • Let's see how they like making 50,000 copies onto floppies...And only old 800k Single sided AOL floppies with errors on the last track... ;)
      • This does strike me like they are getting PR information from the person who told Intel not to offer replacements CPUs when they had that math problem.
        The first person who gets thier disk back is going to post it to the internet however people are still going to send them floppies just because the company is acting stupid. They could of just posted the code, taken a hit on thier server from the few who would actually download it, and be done. I would guess the actual reason for the disc request is that they don't have the code ready and are using the mail and processing time as a delay tactic.
      • > I propose we kick their ass at this game.
        I have another idea: STORM THE CASTLE!!!
      • I knew there was a reason I kept all of those AOL floppies...
      • Don't be a bozo, that's a spiteful and stupid thing to do. Why not do what you should be doing, shut the fuck up and leave this to the people who's Copyright is alleged to have been infringed. Spamming the crap out of some poor little company is pathetic.
        If they have infringed, they can either fix it or hope the copyright owners don't sue them.
  • Seems reasonable (Score:5, Interesting)

    by Alan Cox (27532) on Monday February 10, 2003 @02:57PM (#5272947) Homepage
    They say its not used GPL code in some old editions, and they wont be doing so in future. Its not clear if there is some release they did. They don't say they havem't done it with current code. Since they are making a floppy of the relevant code available that is a good step and means someone can check nicely and settle the question for good.

    • No, the press release says there's no "Linux" code and "Linux-ARM" code in older releases. They have yet to indicate whether there's any GPL'ed code in older releases.
  • Derived work (Score:5, Insightful)

    by YoJ (20860) on Monday February 10, 2003 @03:00PM (#5272967) Journal
    If they used GPL code in some of the files of their project, then their project is a derived work. As a derived work, they must obtain permission from the copyright holder to release it. The GPL grants them permission to do so, IF THEY RELEASE THEIR DERIVED WORK UNDER THE GPL. They have not done this, since they only offer to release source code to the GPL files which they used.

    They only way they are not violating the GPL is if they did not use GPL code, but used "ideas" from the GPL code. In this case their work might not be a derived work.

  • by Big Toe (112240) on Monday February 10, 2003 @03:00PM (#5272969) Journal
    When he could have easily of said that GPL code has never and will never be used in RISC OS. Clever choice of words.

    So maybe they used to use GPL code, and then they "sufficiently" changed it to not be the GPL code. Like appending "// this is sufficiently changed to be our code now" to each line of offending code.
    • by Anonymous Coward on Monday February 10, 2003 @03:26PM (#5273214)
      Just to clear something up. RISC OS has been around since 1988 (long before Linux). It runs on ARM/StrongARM and (now) xScale hardware.

      There was no version 1 (the original OS was called Arthur - but was not anywhere near as polished as RISC OS, Arthur came out in 1987)

      Version 2.X, 3.X and 4.X do not use ANY GPL code at all. The part in dispute in RISC OS 5.XX is because up until version 5 all previous versions used hardware considerably different from PC's (they used a Podule Bus (expansion with Plug & Play - about 8 years before the PC !), their OWN video controller and memory system).

      With version 5 a new machine was introduced and with it a Hardware abstraction layer (HAL) and it's in the PCI part that is "suspect".

      In their press release Castle seem to suggest that the HAL was also needed to allow the porting of Linux to the platform.

      RISC OS is largely ARM assembly code, some C and some BASIC. The bulk of it predates Linux, so you could argue that RISC OS 5.XX (even if GPL code HAD been used in the HAL) predates Linux and therefore can't have been "derived" from GPL code.

      The only code that ANY reasonable person could describe as being in dispute about is the HAL, and that's going to be available on DISC so what's the problem ????

      It should also be borne in mind that Castle only License RISC OS, and that other companies have licensed it too (but use earlier versions about which there IS NO DISPUTE).

      Hope that makes some sense !
  • Linux? (Score:2, Insightful)

    How could you use GPL products without even knowing the GPL!?

    This isn't some weekend hobby hacker project, this is a *business*?!
  • GPL (Score:2, Interesting)

    by AlgUSF (238240)
    Why don't they just encrypt it, and print out the encrypted source in hex. Then anyone who wants it can send a SASE to get it. :-) Does the GPL have any provision against encrypting the source before distributing it?

    • Re:GPL (Score:5, Insightful)

      by Second_Derivative (257815) on Monday February 10, 2003 @03:04PM (#5273015)
      GPL defines the source code as "the preferred form for making modifications to the work". So unless their engineers are way way way way better at doing hex arithmetic and mental cryptography than most of us are, yes the GPL does have a provision against it.
    • If I remember correctly, the GPL stipulates that
      the source must be distributed in the form that
      is was developed in.

      Can anybody back this up with more specific information?
  • Confusing release (Score:5, Insightful)

    by binaryDigit (557647) on Monday February 10, 2003 @03:03PM (#5273005)
    At one point they say:

    "The RISC OS 5.00 kernel did not contain work taken from or derived from the ARM-Linux or Linux kernel

    then they say:

    has it's PCI allocation and bridge setup based in part on the following functions from the Linux kernel sources:

    So they say "based in part on the following functions", so are they saying that they have literally taken no CODE but were BASING their code on some Linux kernel code? So are they then saying that perhaps they just took the api from the LK but the code itself is new? If this is the case, then I could see how there would be a lot of confusion and that they have done nothing wrong. If not, then I'm not sure what they're trying to say?
    • Re:Confusing release (Score:5, Interesting)

      by Eric Seppanen (79060) on Monday February 10, 2003 @03:37PM (#5273310)
      They're saying that their kernel does not include GPLed code, but another program of theirs (called the HAL), a separate piece of software, DOES include GPLed code and source will be available for this program. I'm not sure I believe them; hiding the function names after a complaint sure does seem like they know they're doing something wrong. But that's what they're saying. Remember, too, that just offering source isn't the only requirement of the GPL. You're also required to notify users that the code is GPLed and tell them source is available. If they haven't done this part then they're also in violation.
  • by digitalsushi (137809) <slashdot@digitalsushi.com> on Monday February 10, 2003 @03:12PM (#5273092) Journal
    Some day when opensource is big enough, we'll be able to take down companies just by accusing them that they stole open source code. "We won't shut ya down if you tell us where the other Cappie bastards are! Admit it, they're all stealing source!"
    • Some day when opensource is big enough, we'll be able to take down companies just by accusing them that they stole open source code. "We won't shut ya down if you tell us where the other Cappie bastards are! Admit it, they're all stealing source!"

      Makes sense, it's the natural evolution of the BSA.
  • by robbo (4388) <slashdot@simr a . net> on Monday February 10, 2003 @03:12PM (#5273099)
    later issues of the supporting software have had to have function names removed (along with a strategy of tokenising textual messages and compressing binaries)

    In other words, that's the last time we're stupid enough to ship unstripped binaries!

    The PR also explicitly denies using Linux source, rather than GPL'ed source. Reading between the lines, these guys know full well that they're in breach and they're trying to finesse the situation.
  • by Anonymous Coward on Monday February 10, 2003 @03:20PM (#5273161)
    The Google cache of the (now removed) page http://www.iyonix.com/32bit/PCI_API.shtml
    is at http://216.239.53.100/search?q=cache:mf1nlduliL4C: www.iyonix.com/32bit/PCI_API.shtml+&hl=no&ie=UTF-8


    Note that the source code for many of the Linux PCI device drivers is publicly available on the Internet and may be useful in developing the corresponding RISC OS device driver.


    So, if they had clean conscious, why would they remove that page?

    I don't buy into this.
  • by dan g (30777) on Monday February 10, 2003 @03:29PM (#5273234) Homepage
    Clearly this is just the endgame of a clever get rich scheme. They anticipate that a butt load of /.ers will contact them looking for the source code. In a few weeks they'll stop answering their phones, their website will go defunct, and Castle will for all purposes seem to have disappeared. Coincidentally, in a few days after that the number of ebay auctions for blank floppies will go through the roof.
  • Calm down... (Score:5, Informative)

    by zjbs14 (549864) on Monday February 10, 2003 @03:29PM (#5273239) Homepage
    They're not releasing that piece of source as part of some GPL requirements, they're releasing to show that it's not covered by the GPL. From the press release (empahsis mine):

    For the avoidance of doubt, the hardware abstraction layer (roughly analogous to a PC's BIOS) has it's PCI allocation and bridge setup based in part on the following functions from the Linux kernel sources

    I admit that it could probably be worded better, but it sounds like they could have took the function names/possibly signatures and wrote their own code. Get the source and find out. However, if the experts in this matter can still show that the object form is too close to the GPL output, then there may be something to worry about.

    • Re:Calm down... (Score:4, Interesting)

      by stratjakt (596332) on Monday February 10, 2003 @03:37PM (#5273312) Journal
      Thing is, if you consider that both implementations are done "correctly", the object form will be very close, if not identical.

      Hence is the inherent flaw in software liscensing/patenting. Often in programming, there's one "right way" to do things.

      Assume for the sake of argument, that both linux and riscos did this the same 'right way' in completely different voids unaware of each other. Or even say that the RisOS design team studies linux and implemented their own take on the routines in question (which is what I gather they are saying)

      Computers know 1's and 0's, and HAL implementations are as low-level as it gets.

      Just because company/group A manages to publish their implementation of the "right way" first, all subsequent efforts must do things the "wrong way"?

      If this is true, it behooves everyone interested in programming as a profession to never, ever come within 100 miles of a piece of GPL'd code. Because if you learn something, everything you write from that point on could be corrupted.
      • I have, as part of my work, been required to disassemble binaries and re-implement in C. It always used to make me smile when a chunk of asm revealed itself as a simple plane intersection routine, linked list management, matrix transform, hardware init sequence, or whatever. Recompiling the C implementation often produced *exactly* the same asm.

        My point echos the parent post: if you are writing code with the same functionality, it shouldn't come as a shock when the binaries match, especially - as was mentioned - if some massaging is done to one version to make them match.

        Of course, no one can say one way or the other until they've seen the source code that Castle has agreed to show. I suspect they merely used the GPL'd code as reference, and wrote a similar version that matched their hardware, which isn't your bog-standard PC. How stupid would they look if they say it isn't the GPL'd code when it is, then show it to people? I mean, really..?

        I'm biased, I'll admit that. I've been an Acorn/RISC OS user for many, many years. But I'm disgusted at the pitchfork and torch reaction this issue has received here. Linux/OSS users should be all-to-familiar with a platform struggling against a much larger organisation. Never before have I seen such two-faced, knee-jerk ranting on this site, and that's saying something.
  • by vandel405 (609163)
    I know this is a complete what if, but here it goes.

    What if i was the owner of a company like Castle. A small shop of 30 or so people writing a commercial OS. Now say it was the task of three of the programmers to write some part of some IOKit. Now say they were under deadline and feared being fired, and couldn't keep up and stole a couple of pages of source from a GPL OS of your choice. Now say no one realizes this for 18 months and then the door is suddenly blow open and the execs of the small company are totally against this violation, and fire the employees in question and remove the code in question from the OS. Should the rest of the OS have to be GPLed? I would hope not!

    Jon Hess
    • by Xtifr (1323)
      No, acceptance of the GPL is completely voluntary. If they don't want to publish their code, then it's a simple copyright violation case, no different than if they'd stolen the code from someone's copyrighted book, or used someone's copyrighted image in their work without permission.
    • In short, no (Score:3, Informative)

      by Kjella (173770)
      The people trying to enforce the GPL are in fact very kind. They usually leave you two choices

      1) Release it under GPL
      2) Admit to breaching it (by accident or intentional), settle for a full press release and removal of the infringing source code

      If they really wanted to be assholes, they could simply file charges for copyright infringement, Usually, if they not only copied the code, but presented it as their own work they could be sued with fraud too. And (if found guilty) the company would have to pay damages. Complying with the licence after the crime would not free them from any liability.

      So you see, releasing it under GPL is a settlement offer from the copyright holders. They don't have to make the offer, and the company doesn't have to accept.

      Kjella
  • Nothing will happen (Score:5, Interesting)

    by Anonymous Coward on Monday February 10, 2003 @03:33PM (#5273275)
    Look at what little happened over the Virgin Webplayer.

    It used a Linux kernel, some libc parts and shipped with this clause in the EULA
    Section 2.2 of the member agreements reads as follows:

    2.2 Webplayer Software License. Subject to the
    provisions of this Agreement, we grant to you a
    limited, non-exclusive, personal, non-transferable license to use and display the Webplayer Software in object code form only, solely as part of and as necessary to use the Webplayer and the Virginconnect Services. Except for the license granted to you above, we (or our licensors) retain all right, title and
    interest, including all intellectual property rights, in and to the Webplayer Software. You may not attempt (or authorize any attempt) to defeat, obstruct or
    block any or all of the Webplayer Software functionality, or to decompile, reverse engineer or disassemble the Webplayer or the Webplayer Software.

    Nothing happened to them, and unless the people who actually OWN the copyright grow a backbone and take it to court, nothing else will happen.
  • by Eric Damron (553630) on Monday February 10, 2003 @03:46PM (#5273370)
    This may not be a breach of the GPL. What Castle has said is that the hardware abstraction layer was based on the Linux kernel sources. They have made that code available.

    What will determine if the remaining code is also under the GPL is how closely it integrates with the abstraction layer. Castle maintains that this abstraction layer is "roughly" analogous to a PC's BIOS.

    For those of you who don't know what the BIOS is, it is the initial code which resides on a microchip that runs when you first boot your computer. It has, among other things, the very low level I/O routines that allow your computer to read enough of your hard drive to allow your operating system to boot.

    It would be possible to write a BIOS and then put the code under the GPL. Would that mean that any OS that gets booted by these BIOS would suddenly be in violation of GPL? I don't think so.

    The two questions that need to be answered are:

    1. How analogous to a PC's BIOS is this abstraction layer? (This may be a subjective assessment and therefore open to litigation.)
    2. Is there any more GPL'd code contained in the Castle product?

  • Hold On. (Score:5, Insightful)

    by bwt (68845) on Monday February 10, 2003 @03:53PM (#5273437) Homepage
    It seems that people have already judged them guilty of violating the GPL. I think people need to take a deep breath and answer: What exactly is the evidence that they have incorporated GPL code into their product?

    A few functions named the same as their linux counter-parts seems like rather weak evidence of a breach. Copyright does not protect ideas, so if they examined the GPL code, understood how it worked, and then re-implemented it with their own code, then this is a garden variety reverse engineering.

    On the other hand, if they actually did lift code, then it should be pretty easy to verify with or without their source code. So before anybody continues on with blabbering about how terrible Castle is, can somebody just say what the evidence is?
  • by Anonymous Coward on Monday February 10, 2003 @04:47PM (#5274094)

    Here's what they say

    The press release goes on to state that "For the avoidance of doubt, the hardware abstraction layer (roughly analogous to a PC's BIOS) has it's PCI allocation and bridge setup based in part on the following functions from the Linux kernel sources:"[snip functions]

    Castle state that "any company or individual wishing to recieve a copy of the source code to this component should apply in writing to:" [snip address]You will also need to enclose a formatted 3.5" floppy diskette and return postage stamps (or international reply coupons if you are outside the UK)

    So, the title "Castle deny GPL breach" is wrong. Castle have (somewhat grudginly) admitted using GPLed source and announced their intention to comply with the terms of the GPL. They emphasised that the Linux code they used is in their HAL and not the RISC OS kernel to explain why they will not provide the source to RISC OS.

    So, IconBar titled their article "Castle Technology deny GPL breach" because they had not fully understood the press release they were quoting. The submitter submitted it with a similar title because he hadn't understood it either or because he hadn't read as far as the third paragraph. Chris DiBona posts it and says "Looks like this one isn't going away quietly" presumably because he hadn't read the third paragraph. There are as I write this 207 posts on this topic, most of them overexcited and almost all of them from people who didn't read as far as the third paragraph. I find this all hilarious.

  • mere aggregation? (Score:3, Insightful)

    by morgue-ann (453365) on Monday February 10, 2003 @08:37PM (#5276005)
    Considering the original allegation and the press release, they are not inconsistent, but bring up an important question for the GPL. If we accept that the GPL'd code only went into the HAL, not the kernel and Castle is willing to distribute source for the whole HAL (actually, it seems like they're distributing part which is not OK), why don't they have to distribute source to their kernel?

    From term #2 of the GPL [gnu.org] (emphasis added):

    In addition, mere aggregation of another work not based on the Program with the Program (or with a work based on the Program) on a volume of a storage or distribution medium does not bring the other work under the scope of this License.

    I've asked it before [google.com] and here I go again: "What the hell is a volume of a storage or distribution medium and what's aggregation?"

    When the (first) GPL was written a "volume of distribution medium" was a tape snail-mailed from the FSF in Boston, or for work-derivers, a tape or maybe as Castle is doing, a floppy.

    I understand that this exception is how binary kernel modules (NVidia) can be distributed in a CD-ROM with the GPL'd Linux kernel, gcc, emacs, etc.

    However, Castle is putting the HAL and kernel into a Flash ROM. Even if they aren't statically linked together (not hard to imagine: HAL boots & uncompresses kernel image into RAM, then jumps), is this mere aggregation? One can extract a single file from a tape or CD-ROM, but can you un-aggregate a ROM?

    Consider TiVo: is the closed-source application "merely aggregated" with the GPL'd kernel? You can put the hard drive in a PC & un-aggregate, but this violates your warranty and is not as trivial as grabbing a file from a CD-ROM.

    When does "aggregation" end as "volume of storage medium" becomes more deeply embedded? If the ROM is soldered down instead of socketed? If it's inside a microcontroller with the security fuse thrown so it can't be read out?
  • The knotty question (Score:3, Interesting)

    by stevelinton (4044) <sal@dcs.st-and.ac.uk> on Tuesday February 11, 2003 @03:57AM (#5277836) Homepage
    Assuming that Castle aren't lying then this goes straight to the hard question of the GPL (and of Copyright law enforcement in general) -- what is a derived work?

    They admit that they have a GPL component and offer source. Fine. Then the question: is the product as a whole, a derived work of this component, or are they separate works, distributed together? If the former then Castle are in breach and would need to offer their entire OS under the GPL, the latter they are fine.

    This question comes up in other places. For instance is Linux kernel + binary only module a derived work, or are they separate works? This ha snever been tested, but Linus has expressed some opinions.

    It seems agreed that Linux kernel + proprietary user mode software (eg a Linux PDA with some proprietary app on it) are separate works, but in the embedded software world, even this becomes murky.

    There is a real question here which can only ever be finally resolved by precedent.

You're already carrying the sphere!

Working...