Embedded Device Manufacturers Ignoring GPL

swillden writes "Iain Barker and some other Linux Kernel Mailing List readers have discovered that several manufacturers of DVD players based on the Sigma Designs EM8500 chipset are distributing Linux, both in the devices and as binary-only firmware upgrades, but not providing source. Apparently, Sigma Designs provides its customers with a copy of the kernel as part of a chipset SDK, and those customers are making and selling devices without complying with the terms of the GPL. It's not clear if this is because Sigma didn't tell its customers about the GPL and their obligations, or if they're all ignoring it on their own. Maybe they've all bought licenses from SCO and therefore don't have to comply with the GPL? The LKML post contains a list of some of the infringers."

Keep this within reason, please.

[Masque]

If I have to pay an extra USD$25 in shipping when I replace my DVD player because it comes with the kernel source printed out, I'm going to be seriously pissed.

Re:Keep this within reason, please.

[justsomebody]

I guess you don't understand or you're joking.

I don't know now, but there were the times when I wanted to use my Sigma DVD card under Linux. And they provide shit. The least to comply with GPL would be releasing the drivers for their cards for Linux.

Re:Keep this within reason, please.

[Masque]

Absolutely joking. I thought it was an amusing image.

I mean, clearly, if the vendor had to provide printed source...well, that'd make downloading Fedora somewhat impractical. I don't think IP over fax is fast enough for most people.

Re:Keep this within reason, please.

[kasperd]

kernel source printed out

The GPL says machine-readable source code. That could for example be a CD. But certainly not printed on paper.

Re:Keep this within reason, please.

[Pius II.]

Nope, the GPL says "offer [...] to give any third party [...] a complete machine-readable copy of the corresponding source code". That could for example be a little slip of paper, saying "You can download the Linux kernel source at $company_url".
There's normally already lots of little slips inside a generic DVD player package, saying things like "If you can read this, your warranty is void" and other stuff, so one more shouldn't bring the cost up by too much.

Re:Keep this within reason, please.

[thynk]

One of the things that really got me excited about having a TiVo (direct tv tivo) was when I was reading the manual (3 days before the installer was due, of course) and ran across the GPL in the back of the book. Oddly enough, that was just about the only thing I found of substance in the manual.

Nice to see that some companies are able to adhead to the rules AND make some money at the same time.

Re:Keep this within reason, please.

[shepd]

>... Then wouldn't a scanner with OCR software be considered a machine??

0n, ye5 l an 5une 1L w0u1d oe c0n51dened o na(n1me!

Re:Keep this within reason, please.

[Bruce Perens]

If your product is from perens.com, perens.com must provide you with a download site. It would not be kernel.org unless we had contracted with the site operator to provide that service for us. You can't just point to a third party as your fulfillment of the source code obligation.

Bruce

Re:Keep this within reason, please.

[BrianWCarver]

Sigma cannot satisfy Section 3 of the GPL by simply providing the source on the internet. They must be prepared to provide it by mail as well, if requested by someone who received the binary. See: GPL FAQ [fsf.org].

Re:Keep this within reason, please.

[Bruce Perens]

Actually, it doesn't even permit printouts as fulfillment of the source-code obligation. It requires machine-readable media. Even with today's OCR technology, I think I could make a case that listings aren't machine-readable. Some things, like which characters are in the white space, don't come across.

Bruce

Re:Keep this within reason, please.

[Dwonis]

Would you even need to go so far? The GPL states, "The source code for a work means the preferred form of the work for making modifications to it." I really doubt a print-out would qualify, even if it was machine-readable to some extent.

Re:Keep this within reason, please.

[Nucleon500]

Methinks authors use word processors, so the book itself isn't its source.

It is very harmful for you to pretend to be someone who would know about these issues, and then spread misinformation about them, when in fact you are not who you claim to be.

which driver does it use???

[justsomebody]

One driver for Sigma chips was made long ago. I wonder if they use that one too. Since Sigma provides shit for Linux

Its the other way around now

[t_allardyce]

Great now we can get some DVD code and keys, hopefully if they have integrated it enough, sweet. Kiss my ass MPAA, not so hot now are we?

Re:Its the other way around now

[spydir31]

I think it's safe to assume nobody is decodeing CSS in the kernel, and that if they are, they'd seperate the keys from the code, right?

Re:Its the other way around now

[swillden]

Great now we can get some DVD code and keys

Who cares? CSS is so thoroughly cracked that today's open source decryption code doesn't even need any keys. It just looks at the encrypted stream and does a ciphertext-only attack to recover the keys, which it then uses to decrypt the data. CSS sucks.

Re:Its the other way around now

[Dave2 Wickham]

I'd recommend mencoder [mplayerhq.hu] if you don't mind the command line. A quick mencoder -ovc [insert codec here] -oac [insert audio codec here] -o somename.avi dvd://[number] and you're set. My current setup supports a straight copy, XViD, QuickTime, and several others which I'm not sure what they are...

Probably Sigma's Fault

[Jah-Wren Ryel]

Considering that they mostly got away with stealing the xvid group's work with thier x-card, Sigma's got a history of ignoring licensing requirements on Free software. I wouldn't be surprised to learn that they had been telling their customers that it was all their own proprietary code, no linux about it.

No doubt the OEMs have not been told

[Bruce Perens]

There have been a lot of cases of far-east engineering firms including GPL code in products, and selling those products to other companies that are not made aware of the licenses they have to comply with.

Cisco got trapped this way, too. And they can turn around and sue those far-east folks, if it's worth their time.

I am an expert witness in one such case.

Bruce

Re:No doubt the OEMs have not been told

[Rex Code]

There have been a lot of cases of far-east engineering firms including GPL code in products, and selling those products to other companies that are not made aware of the licenses they have to comply with.

The really unfortunate thing is that the GPL FUDsters may find this to be great fodder. I've often heard the "you never know if one of your employees will download something off the net, add it to your proprietary codebase, and inadvertantly cause all of your IP to fall under the GPL" argument. Now this

Re:No doubt the OEMs have not been told

[Bruce Perens]

I think it would be much more dangerous if the product you purchased contained an unlicensed copy of Windows CE. MS sues for real money.

Bruce

Re:No doubt the OEMs have not been told

[swillden]

the possibility of accidental use of GPLed code causing them to have to open their entire codebase under the GPL.

The accidental (or even intentional) use of GPLed code does not automatically make the entire codebase GPL. The only way code becomes GPLd is when its owner explicitly distributes under the GPL.

If a company includes GPL code in their proprietary codebase and distributes the result as proprietary, then they have committed a copyright violation and can be sued by the GPLed code owner(s) for infringement. In this case the company has three options:

• Release their code under GPL;
• Obtain a license to distribute the GPL code as proprietary (i.e. contact the owners and offer them some money -- this may be difficult for projects with lots of contributors); or
• Remove the GPL code and pay damages. The actual damages would probably be $0. IANAL and don't know if punitive damages would apply.

Distributing GPL code mixed with proprietary code does not automatically place the proprietary code under the GPL.

Re:No doubt the OEMs have not been told

[Nucleon500]

Furthermore, even if they do end up GPL-ing the infringing code, we're not talking about their "entire codebase." They use a modified Linux kernel, but the interesting things happen in userspace. Linus's note at the top of linux/COPYING says non-GPL userspace programs are OK. To comply, they'd only have to open drivers they've written for the special hardware.

All this guy is asking for are the kernel mods that let Linux run on that chip, so he can make his own PC-cards work.

Re:No doubt the OEMs have not been told

[Alsee]

I've often heard the "you never know if one of your employees will download something off the net, add it to your proprietary codebase, and inadvertantly cause all of your IP to fall under the GPL" argument.

That arguent is pure FUD. You cannot "inadvertantly" cause anything to fall under the GPL.

If you incorporate someone else's code you are BETTER OFF if that code happens to be GPL. If it is not GPL then you have only one option - pay damages for infringment. If it is GPL code then you have two options, pay the exact same damages for infringment *or* release your code as GPL.

Thus far all companies have chosen to settle out of court and release their code under the GPL becuase they like that option BETTER than paying damages for infringment.

-

Re:No doubt the OEMs have not been told

[tealover]

In order to serve the court as an expert witness, you have to be demonstrably free of bias or personal agenda.

More bullshit produced by the slashdot kiddie corps.

All expert witnesses are hired by either the plaintiffs or defendants to give their opinion. They are obviously biased towards one position more than the other.

They receive compenstation for their expert testimony. Is their recompense an example of them pursuing their own agenda (financial)? Of course not. Only an idiot would suggest otherw

Re:No doubt the OEMs have not been told

[Bruce Perens]

Actually, my personal agenda comes into these cases less than you might think. Before I get to talk, the witnesses are all deposed. Then I read the depositions. Then I get to sum up to the judge what went wrong, who was responsible, and what it should cost. The other expert does the same, and the judge decides who is more convincing.

I can't lie under oath. And I have to deal with discovery - the fact that the court can force me to give my opinion whether it is to the customer's advantage or not.

So, when I think my testimony would damage them, I have once or twice told a customer - you don't want me to work on this any longer, and you don't want to know why. And they know not to probe farther.

Thanks

Bruce

Define distribution

[fireteller2]

[snip from GPL]

2. You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions:
a) You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change.

b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License.

c) If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the most ordinary way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this License. (Exception: if the Program itself is interactive but does not normally print such an announcement, your work based on the Program is not required to print an announcement.)

[end snip]

So does this then mean that if I install Linux on my computer, and then sell or give my computer away I must provide extensive notification of the Linux installation? Including documentation at each place I may have edited the code, and some form of the Linux kernel source in cases were I do not have the kernel source installed?

I can see how distributing firmware upgrades constitutes distributing software, and is thus firmly within the preview of the GPL. However, I'm having a harder time understanding how imbedded hardware applications constitutes a software distribution. If the hardware running the GPLd software can not under normal operation be accessed by an end user does it still constitute software distribution? The manufacturer does seem to be getting some benefit from the use of the GPLd software. However, if I use an online service that uses a modified Linux on internal hardware are they required also to provide me with their source? Where is the line? That the hardware is physically in my possession? What if I rent or lease equipment? This seems like a very slippery slope for the proliferation of GPLd software.

I'm not proposing an opinion I'm just curious what the /. opinion is on this.

Re:Define distribution

[Bruce Perens]

Well, what happens when you sell or give away a computer with Windows? At the very least, you should give the person those pages with the holograms and activation passwords, and the licenses. Oh, but some of those licenses don't permit resale! So you have to remove the software before you sell the computer.

In the case of a computer with Linux, if you give it away you fall under 3(c) of the GPL, and only have to pass on the source-code offers that were given you. If you sell it, you fall under 3(a) and 3(b), so you either distribute the source code with the computer or make an offer to do so valid for 3 years.

Me, I'd wipe the disk, put on a fresh install, and give the buyer the CD set.

Bruce

Re:Define distribution

[Bruce Perens]

Unfortunately, no. And why could take up an hour's lecture.

Bruce

Re:Define distribution

[seanadams.com]

P.S. - I'm not a big GPL supporter, The BSD License is more commercially acceptable.

You can be a fan of whatever you want, of course, but that's not a reasonable justification.

What's commercially acceptable about software that doesn't exist? The reason so much GPL software exists is because developers like the license. Not being a fan of the GPL because it doesn't allow businesses to get free code without so much as having to share their changes is pretty weak stance IMHO.

Re:Define distribution

[Bruce Perens]

I'm not a big GPL supporter, The BSD License is more commercially acceptable.

People don't seem to realize that there are two sides to this equation. The GPL is commercially very useful, because it provides the copyright holder with a means to restrain his competition and potential customers. With the BSD license, a competitor or potential customer can run away with your product, with no obligation to fulfill any sort of quid-pro-quo. With the GPL, the competition and customers either have to follow the rules and release the derivative works that they distribute with your code, or they have to come to you to buy a commercial license that lets them out of the GPL obligations.

Thus, I often wonder if most people who find BSD licensing more acceptable just don't release much free software of their own.

But then, I have gotten a number of emails of the form so-and-so stole my code in their product, but I guess it's my own damn fault because I used BSD licensing. Some people don't seem to think this through until it's too late.

Bruce

Re:Define distribution

[merdark]

With the GPL, the competition and customers either have to follow the rules and release the derivative works that they distribute with your code, or they have to come to you to buy a commercial license that lets them out of the GPL obligations.

Right, and this is why many people don't consider GPL code to be at all free, in any sense of the word. If I'm looking for some code to help me develop something faster and I see GPL code, I right away think, "Oh, this is GPL" rather than "Oh, this is free".

Persona

Re:Define distribution

[Bruce Perens]

Linus has contradicted himself a few times on this. In a later comment, he tried to say that proprietary modules were OK only if you were sure that copyright law made them OK.

And of late there has been an effort among the kernel developers to hide some kernel symbols from proprietary drivers. There's a macro you can use to control what symbols are exported, and what they are exported to.

Modules don't directly make system calls, so what Linus says about them is probably moot. I can not conclusively tell you today that proprietary run-time loadable device drivers for Linux are legal. I've studied the problem a lot, looked at the relevant cases, and talked with lots of lawyers about it. And the result is that I can find no legislation, no case law, and nothing in the license that would make them legal. Thus, I tell my customers not to engage in making them.

Bruce

RPL more viral than GPL- handles these loopholes

[randall_burns]

The GPL allows organizations that don't distribute software outside their organization to incur no obligation to distribute source. The GPL also allows people to create a usable system using GPL tools and incur no obligation to distribute source. The RPL [opensource.org] is much more viral and was designed specifically to be used in situations where dual licensing would be available(I doubt it would be wise to distribute software under the RPL unless you also have a commercial license also available at modest cost).

I didn't write the RPL(it was written by Scott Shattuck at Technical Pursuit [technicalpursuit.com]--but I helped with some of the legal research and also helped walk the license through the OSI approval process.

Not quite

[iamdrscience]

The fact that they're distributing it just as a binary is not in itself a GPL violation. The GPL doesn't require that you actually include the source code, but rather that you make the source code accessible without much hassle. So who knows, maybe if you called one of these companies asking for the source code they would send you a file or a CD or something with the source code on it! In that case they would be totally in-line with the GPL.

However, I would bet that that's not really the case and they don't make the source code available as easily as that. In that case there probably should be some complaining about it as they would be in violation of the GPL. Even if that were the case though, I doubt they would be opposed to changing their practices to make that code available, especially since (from what people have been saying) they don't seem to have modified the code very much.

Re:Not quite

[EJB]

Just the fact that they didn't include the GPL license, copyright statements, and a written offer to provide the source code, makes them violate the GPL. ... It doesn't matter if they provide the source after you discovered by accident that the binaries are GPLed.

- Erwin

At Lest Kiss Technology...

[cacepi]

Is in compliance, or at least appear to be. [kiss-technology.com]

Re:At Lest Kiss Technology...

[swillden]

Is in compliance, or at least appear to be.

Maybe. That zip file contains a kernel and busybox, but it doesn't look like it contains any drivers for the EM8500 DVD Decoder, which means that if you built the source and loaded it into your KISS player, it would no longer play DVDs. It also includes a binary, "linux.bin", which appears to be the actual kernel binary, but it's not clear if that contains the EM8500 driver binaries.

Whether or not they can exclude that driver (and potentially other parts of the software as well) without violating the GPL is hard to say. If it's a purely userspace driver, they're fine. If it's a kernel module... thing get much stickier. Linux has a history of tolerating binary-only kernel modules, but that only holds under certain assumptions, which may not be met here.

Sigma is not to blame here.

[DarkDust]

If someone works with Linux he has to know about the GPL, simple as that. A former employer of mine worked with the EM8400 and I wrote an application that used it. And we knew about the GPL and planned to release the sources when the product was to be released.

Unfortunately our company went insolvent so it's quite easy to say that we would have released the offending sources ;-) But the point is we worked with Linux and thus knew we had to deal with the GPL. I think anyone who professionally works with Linux has to know the GPL.

But many companies seem to ignore the GPL and just hope they won't get caught. It can be very hard to convince your managers that you are forced to republish any modified GPL'ed programs. In my experience the engineers/programmers know the GPL very well and tell their managers about it but those just don't want to hear. They are not comfortable with giving anything out to the public, even when it's about non-critical stuff or like in this case work of others with a license that forces you to release that particular code. They seem to ignore the fact that only the stuff that your employees wrote is the only thing you really have a right to and that you don't need to release that.

On the other hand Sigma could be telling their customers more about the GPL and what their customers have to publish and what they can keep. But I don't think it's Sigma's fault when their customers don't comply with the GPL.

Re:Sigma is not to blame here.

[Bruce Perens]

In my experience, the most likely reason for this happening is the engineering firms desire to do everythig cheaply, and they have their managers interpret the license rather than hiring an attorney to do it. The manager says something like "this is an embedded device, so this source-code requirement must not apply". Obviously, the pay lawyers and expert witnesses much more later in exchange for what they saved by not hiring a lawyer to advise them about the license.

Bruce

Hold the phone.

[FreeLinux]

While I am sure that there are numerous manufacturers out there that are blatantly violating the GPL in their use and distribution of Linux, that may not be the case with these manufacturers.

The GPL states that those that distribute GPLed software must provide the source to the recipients of the distributions upon request. That does NOT mean that they have to make the source available on their website. It means that people you receive the ditribution, in the form of the DVD player, must receive the source upon request. No one else is entitled to the source, only those that have received the distribution. It is even legal for them to refuse requests for the source from those who have not been distributed to, as in people who do not own the DVD players. This strict interpretation breaks down when these manufacturers make the software freely downloadable from their website in the form of firmware upgrades but, even in this case, the GPL does not require the distributor to make the source available on the website. They can still require formal requests before providiing the source.

Now, what the LKML does not say is, if the people concerned have made a formal request or not. It states that they examined the web site but there is no requirement for the DVD manucaturer to post the source on their website.

Like I said in the begining, they may be in violation of the GPL but there is insufficient evidence in the LKML posting to prove that. Remember that it is only a courtesy when distibutors make the sources available to all on their website. The GPL does not require them to do so at any time.

Re:Hold the phone.

[RML]

The GPL states that those that distribute GPLed software must provide the source to the recipients of the distributions upon request. That does NOT mean that they have to make the source available on their website. It means that people you receive the ditribution, in the form of the DVD player, must receive the source upon request.

The thread started [lkml.org] with a request by an owner of the DVD player, to Liteon, for the source. The request was refused. If that's not a clear violation, I don't know what is.

Also, as Bruce Perens pointed out [slashdot.org] in another comment, the GPL requires that you offer to provide the source code to anyone, not just people who own the DVD player.

Re:Hold the phone.

[FreeLinux]

You are correct. I had not seen the initial LKML post.

Their refusal to provide the source upon request is a clear violation.

Is it the GPL

[ajs318]

..... or is it copyright law which is being violated here? Copyright law says you need permission from somebody to distribute copies of stuff. The GPL is permission to distribute copies of stuff as long as you comply with certain conditions. If somebody has been distributing binaries without making the source code available, then the permission granted by the GPL is automatically withdrawn.

If these companies are simply distributing binaries compiled from unmodified sources available on a site such as kernel.org, then there is not much of a case, because the source is already available elsewhere. They might be able to weasel out of their obligation by claiming someone else already has fulfilled it for them. However, if the kernel source has been in any way modified, then the GPL certainly requires source code to be made available in order for permission to copy to be granted. And it could be argued that the act of configuring the kernel constitutes a modification, or at least requires for the .config file to be released.

Of course, the whole thing might start to get unbelievably messy if someone were to reverse-engineer this firmware and post a source code listing somewhere ..... even a load of IFs and GOTOs that would compile to produce the same object code probably would do ..... there'd be more than enough work for all the lawyers in the USA sorting out who had violated whose copyright!

Free DVD players?

[pair-a-noyd]

If SCO is selling embedded licenses for $29 per device and the DVD manufacturers are RETAILING them for $29 at Wally World then they must be giving them away for free.

When you consider all the middle men and middle-middle men that handle the unit from assembly line in China to the isle pallet at wally world, each handler marking up the unit 100%, or at the very least, 50%, (and figure in shipping costs too!) the cost to produce a DVD player is most likely in the less than $1 per unit range. And if they paid the SCO scam of $29 per unit, they would be losing a LOT of money real fast.

It's in their best profit-interest to ignore the GPL and do what ever the hell they want. If they get sued they can fold shop, change name/address and be back to cranking out new players the next day.

Welcome to the wonderful game of "global greed"

Another GPL violation

[chrysalis]

OpenAdStream (http://www.realmedia.com/) serves a lot of banners you see on the web sites.

The core of the product is mod_oas.so, an Apache module.

It embeds GDBM and GNU Rx that are both published under the GPL licence. It doesn't dynamically links with these libraries, it really embeds a specific version of them (the server works without the libraries installed on the system). If you are an OpenAdStream customer, just run "strings" on the module to discover the name of the source code of GDBM and an RCS ID of GNU Rx.

However the module is commercial, closed-source software. The GPL licence is available nowhere in the product. Even GNU Rx and GDBM author's names are missing.

I sent them multiple emails about this, none ever were answered.

Haven't we ...

[judicar]

been here before [slashdot.org]

LiteOn Phomaster LVD2001 DVD Player

[acousticiris]

I purchased this DVD player [slcentral.com] late last summer and discovered the Linux kernel present on the upgrade BIOS disc.

This is the response I got from them:
----
From: DCTW_Service@liteonit.com
Subject: Re: Request for GPL Code
Dear Sir,

Sorry at the present, we don't provide the source code.
Thanks for your understanding.

Best Regards!
----
Of course, my understanding isn't important. The copyright owner's understanding is what matters.
I decided to e-mail the folks at the FSF for a follow up. I assumed that was the place to go, though I admit even today, that I'm not exactly sure sometimes.
Here was the response from them:
----
From: license-violation@fsf.org Subject: [gnu.org #114549] Linux GPL Code Violation - LiteOn Phomaster LVD-2001
For some reason, your mail never reached my inbox (indeed, the web interface to our RequestTracker seems to be having a bit of a hard time with it too). So, sorry for the late response.

We've already seen a few violations which look to be the same product as this under different packaging. We will add LiteOn to the list of people to write to about this. Thanks for the report.

--
-Dave "Novalis" Turner
GPL Compliance Engineer
Free Software Foundation
----
The whole process was really quite daunting from my perspective. It is my understanding that the Linux Kernel is not a GNU product (though much of the software in a typical linux distrubtion is). Being a linux/GPL/FSF/GNU newbie, it took me quite a bit of time to hunt down a place to submit my complaint. Does anybody know of a database of copyright owners who use the GPL, and more importantly a convenient location for notifying said individuals when a breach is found or suspected? Even the FSF site didn't have a spot that was blaringly obvious to someone who had never visited the site before for reporting GPL violations of their software.
I will say, its nice to see some attention being payed to this with regard to my DVD player. Not to advertise for the theifs, but its a great player...the new BIOS even allows one to play ogg encoded files written to a DVD or CF card. I'm interested, obviously, in getting my hands on the code and potentially flashing the BIOS with my own handy-work...maybe see if I can get the thing to take a hard drive or wireless network adapter in its PC card slot.

More information ...

[Pivot]

- is available here, http://www.duke.edu/~java32/bravo/bravohacking.htm l.

Re:But...

[Camel Pilot]

I am suprized that SCO has not offered an embedded licence - should be worth at least 2 points for SCOX

Actually,

[Raindance]

They have [eetimes.com] done so. It's $32 per device. RD

Re:But...

[JamieF]

>DVD don't have processors as such

Exactly. Instead, the logic for the DVD menus and the MPEG decoding are handled by cheerful little hedgehogs that live inside the DVD player.

From http://www.sigmadesigns.com/news/press_releases/03 0521.htm [sigmadesigns.com]:
"The EM8500 is designed around the system-on-chip concept with an internal 150 Mhz RISC CPU"

In this context, of course, RISC stands for "Rodents in Spiny Coats."

Re:Have they hacked the kernel?

[EvanED]

*Takes bait*

It doesn't matter if you don't modify the kernel; if you distribute it, you must provide source.

Re:Have they hacked the kernel?

[vidarh]

Let me see... The following is a short summary of COMPANIES, foundations, universities and government institutions that have copyright notices in the kernel source currently installed on my machine (by no means complete):

Redhat, IBM, AT&T, Stelias Computing Inc., Turbolinux Inc., Los Alamos National Laboratory, Carnegie-Mellon University, Tacit Networks Inc, Mountain View Data Inc., Cluster File Systems Inc., Axis Communications AB, Transmeta Corporation, Caldera Deutschland GmbH (now SCO), Procom Technology Inc., Conectiva Inc. Qualcomm Inc., Montavista Software Inc., Madge Networks Ltd., Fore Systems Inc., ATecoM GmbH, Sun Microsystems, Telford Tools Inc., Free Software Foundation, ITConsult-Pro Co., Farsite Communications Ltd., Sangoma Technologies Inc., Intel Corporation, SysKonnect, United States Government, Fujitsu Laboratories Ltd., Digital Equipment Corporation (now HP), Silicon Graphics Inc. (now SGI), Silicon Integrated Systems Corporation, PJD Weichmann & SWS Bern, Digi International, D-Link Corporation, DAVICOM Semiconductor Inc., MIPS Technologies Inc., Lucent Technologies Inc., RedCreek Communications Inc.Texas Instruments, University of California, Inside Out Networks Inc., Innosys Inc., Keyspan, Precision Insigth Inc., Va Linux Systems Inc, Broadcom, Hewlett Packard, ARM Ltd., The Victoria University of Manchester, SpellCaster Telecommunications Inc., Eicon Technology Corporation, Cytronics & Melware, QLogic, Perceptive Solutions, Mylex Corporation, LSI Logic Corporation, Compaq Computer Corporation (now HP), Tekram Technology, Seagate, Adaptec Inc., Creative Labs Inc.... Ok, I'm bored now, so that's all I can be bothered entering. Try a "grep -r -i copyright ." in your /usr/src/linux, and probably '(c)' as well.

Does that look like college kids to you?

Now, a lot of these companies are small, but quite a few of them are Fortune 500 companies too. There's your weight.

A lot of the above companies own copyrights on specific drivers only, so they may or may not apply in specific configurations, but many key contributors, such as IBM, SGI, Redhat, HP, Novell (SuSE) have their stuff all over the place in the kernel, and have money to go after you when it's their interest to protect their IP.

Re:Have they hacked the kernel?

[RevMike]

As far as a contract goes, I'm still convinced that it's null and void because there's no consideration involved.

And you'd be wrong. Time to go back to law school. See Contracts - Cases and Comment sizth edition, by Dawson et al. page 370.

"Consideration confers a benefit on the promisor or causes a detriment to the promisee...." In this case, the promisee is the redistributor of the GPL'd work, who is required to perfrom an act that he has no legal duty to perform - provide access to the source code along with the binary. There is consideration, therefore the GPL stands as a valid contract on that point.

Re:Have they hacked the kernel?

[abigor]

Cisco didn't challenge it after acquiring Linksys, who use Linux in their routers and switches. After speaking with FSF legal counsel, Cisco put up all of the source.

The company I work for has fairly deep contacts at Cisco. Believe me, they weren't concerned about bad PR. It was a legally wise decision.

The FSF has challenged many, many incidents of GPL violation. Every company challenged has chosen to settle out of court.

I suspect you don't work with GPL'd code, have never dealt with companies that do, and have actually never been involved in systems development at all.

Re:Have they hacked the kernel?

[Bruce Perens]

This has nothing to do with zeal. Just following the rules of the license. If the source is not distributed with the product, or made available from the entity distributing the binary for a period of three years after the binary is distributed, you're not complying with the license and have no right to distribute the software.

Lots of people ask for tons of money for a privilege we let people have without charge. The least they can do is comply with the terms of the license.Bruce

Re:Have they hacked the kernel?

[whiteranger99x]

It really pisses me off how overzealous you Linux people are. The GPL is there to protect freedom, not make it so companies are unable to use it to do business. Calm down for a bit and see what's going on before you react liek this next time.

Actually, from what I understand, the BSD license is more appropriate for businesses who do not wish to disclose their modifications.

Re:How do they know the GPL is being violated?

[Bruce Perens]

You have to distribute source whether or not it's a derivative work.

Bruce

Re:How do they know the GPL is being violated?

[danrees]

I would have thought somebody of your stature wouldn't have made such a simple mistake. The GPL doesn't state that distributors have to supply source with all products, only that it is supplied on request. Thus the company does nothing wrong until it refuses to release the source upon a request.

Re:How do they know the GPL is being violated?

[Bruce Perens]

Bzzzzzzzzzzz! Go read the license before you get up on that high horse. You have to distribute source. Yes, you have the option to distribute it with the product, or at a later date when asked. But you don't have the option to not distribute source.

Bruce

Re:How do they know the GPL is being violated?

[Bruce Perens]

And by the way, if you don't distribute the source with the product, you must include a written offer with the product, valid for 3 years, to distribute the source to anyone who asks. If that product doesn't come with source and doesn't come with that offer, they are in violation right now.

Bruce

Watchguard

[FreeLinux]

Has anyone been able to get the source from Watchguard? I've never been able to find sources from them. As for the written offer, I've never seen that either unless it is hidden away on their included CD-ROM.

Re:How do they know the GPL is being violated?

[swillden]

linux zealots at their best, foaming at the mouth whenever someone doesn't follow their every command.

You're trolling, but this raises some worthwhile points, so I'll respond anyway.

In the first place, this is no different whatsoever from the behavior of any copyright holder -- just try distributing DVD players running Windows CE without a license, and see if Microsoft doesn't get peeved.

In the second place, no one has to follow the commands of the "Linux zealots". Anyone can opt out of the GPL by simply not distributing GPL'd code. Don't distribute, and you won't be subject to the terms of the license.

Re:How do they know the GPL is being violated?

[whoever57]

The GPL doesn't state that distributors have to supply source with all products, only that it is supplied on request.

To comply fully with the GPL you have to offer the source code. The GPL is quite explicit about this: when you distribute a binary, you have to tell people how they can get the source code and the offer has to accompany the binary distribution.

Re:How do they know the GPL is being violated?

[Bruce Perens]

from a customer whom they previously supplied the binary to.

3(b) of the GPL says the written offer must apply to any third party, not just the person who got the binary.

Bruce

Re:How do they know the GPL is being violated?

[Micah]

Whoa, I wasn't aware of that.

What if, say, a consultant uses GPL code as the basis for code developed for a customer. He gives the customer the executable and said offer for source code.

Now if I, as a third party, simply know of the existence of that deal, having nothing else to do with it, I can go ask for the source code?

Is there a way for the customer to keep the derived code for himself, if he does not wish to distribute it? (I understand that if he does distribute it, it must be under the terms of the GPL.)

Re:How do they know the GPL is being violated?

[dossen]

If the customer wish to keep the modified version for himself, wouldn't it be possible for him to contract the modification out as a work for hire (or whatever the copyright term is), so that he and not the consultant owns added material as far as copyright is concerned? Then no distribution has taken place, and the GPL is not in play (as far as the modified version is concerned, the original was of cause still obtained and modified under the permission of the GPL).

Re:How do they know the GPL is being violated?

[dinivin]

Hey Bruce, do you know if anyone is doing anything about these violators [skyos.org]?

Off the top of my head they've modified GRUB, VideoLan, and KHTML and aren't distributing the source code or including a written offer for the source code in the distribution.

Dinivin

Re:How do they know the GPL is being violated?

[Bruce Perens]

Did they modify busybox? If so, I'd get involved because it's my copyright (and Erik Andersen's, and a bunch of other folks). The DVD player probably does contain busybox. The copyright holders can contact the violator directly, or they can ask FSF to do so. Or they can ask me for help - not that I have tons of time lately.

Bruce

Re:How do they know the GPL is being violated?

[dinivin]

They do not appear to have modified busybox (as far as I can tell). They have included a number of GNU utilities (and claim that they are unmodified and, hence, don't have to distribute the source).

Dinivin

Re:How do they know the GPL is being violated?

[chill]

You have to distribute source whether or not it's a derivative work.

Not exactly true. You do not have to DISTRIBUTE the source, you can make the source available on request and that is good enough.

See paragraph 2 of the GPL Preamble (...or can get it if you want it.) as well as Item 3, Sub-Item B of the main body:

"b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or,"

In short, you DON'T have to distribute the source WITH the product. Making it available via a download would satisfy.

-Charles

Re:How do they know the GPL is being violated?

[Bruce Perens]

If the written offer isn't there, they are already in violation.

Bruce

Just how many "Bruce Perens" are there?

[heironymouscoward]

by Bruce Perens (3872)
by .Bruce Perens (150539)

So will the real Bruce Perens please stand up and his karma whoring alterego please step aside? Unless you're _both_ the real Bruce Perens, in which case I excuse myself, oh schizophrenic one!

Re:How do they know the GPL is being violated?

[Anonymous Coward]

exactly.

the more maddening part is that Sigma is so violently anti-open source that they flat our refuse to release code to use their em8500 chipset. we had to reverse engineer the em8300 and 8400 chipset but so fgar we have discovered that they intentionally changed things to be radically different from the 8400 to thwart open source driver efforts. and all communication with the company about information has resulted in hostility towards a open linux driver.

Yes they have a binary driver available. it is completely a useless piece of junk.

Sigma designs is a hostile company. their attitude towards open source and linux in general is appaling enough, this is another stab in the back of every OSS developer.

Re:How do they know the GPL is being violated?

[Weaselmancer]

I think his terminology was incorrect. I think what he was saying is that it's a stock linux kernel with non-GPL'd kernel drivers.

Yes, that's exactly what I had in mind - thanks. Take a stock kernel, write your own drivers specific to your widget, and release a binary.

In this case the kernel would be GPL, but stock. You can get it anywhere. Your drivers would be non-GPL. They're your own business. Aren't they?

I'm asking because I work in the embedded field, and recently talked my engineering team into Linux for our next target. And this is the development path we intend to follow. We aren't modifying anything, we're using stock kernels and adding our drivers in.

I hope Bruce keeps reading this thread. I'm not trolling - honest! I'd really like to not wind up on "the list".

Weaselmancer

Re:How do they know the GPL is being violated?

[swillden]

In this case the kernel would be GPL, but stock. You can get it anywhere. Your drivers would be non-GPL. They're your own business. Aren't they?

There are two questions here. First, "Do you have to distribute the kernel sources?" and second, "Are your drivers GPL."

The answer to the first is yes. According to the GPL, you *must* either ship source with the device or provide a written offer, valid for at least three years, to provide the source to anyone who asks for it. IMO, it would probably be easie

Re:How do they know the GPL is being violated?

[Weaselmancer]

Can't help but notice that you're ".Bruce Perens", not "Bruce Perens". You might not be Bruce Prime. But I'll respond here anyways.

There are measures to protect again this sort of abuse.

I didn't realize that it was abuse to want to keep your code yours. I'm not intending to abuse anyone. Here's my problem - upper mgt. is ok with using Linux, but doesn't want to release IP. That's it. If we have to release IP, then the whole project switches to Windows CE. And having written for 3 years for Wind

Re:How do they know the GPL is being violated?

[Waffle Iron]

Modules do not have to be GPL'd. Nvidia provides kernel modules that are proprietary, as do many others.

Nvidia only gets away with this because they don't ship the Linux kernel. The end user combines nvidia's drivers with the kernel, creating an "incompatible" combination that can be used by the end user but may not be further redistributed.

Most embedded device manufacturers are going to be distributing the kernel with their modules. Since the modules link to the kernel as shipped, the modules must be GPL'd.

Re:How do they know the GPL is being violated?

[Paul Jakma]

The Linux Kernel explicitly allows you to distribute binary-only drivers with the kernel.

You are incorrect.

This is an exception to the GPL that the Linux Kernel contains in its copyright clause.

You are incorrect. The Linux kernel COPYING file is the standard text of the GPL, with 2 provisos before the preamble (would that be a prepreamble then?), namely to explitely state that syscall interface is fair-use / a GPL boundary:

This copyright does *not* cover user programs that use kernel
services by n

Re:How do they know the GPL is being violated?

[Nucleon500]

It depends on whether the distribution is commercial or not. If it's a noncommercial distribution, you can tell people to get the source from wherever you got it from (kernel.org) under 3(c). But you can only choose 3(c) if it's noncommercial, so an embedded hardware company would need to follow 3(a) or (b), either giving the source with the binary or giving a written offer, valid for 3 years, to get the source under the GPL for a nominal charge.

Re:time to prove GPL's right in court

[3Suns]

No reason to wait... This kind of thing has happened many times before. You send 'em a "comply or desist" letter, which should weed out all those infringing due to ignorance. So far, all GPL infringment cases have been settled out of court, which is why everybody's saying it's "untested in court". In reality, no lawyer in their right mind would actually try to fight the GPL. It's not like this issue's never come up before.

Re:time to prove GPL's right in court

[Zeinfeld]

No reason to wait... This kind of thing has happened many times before. You send 'em a "comply or desist" letter, which should weed out all those infringing due to ignorance. So far, all GPL infringment cases have been settled out of court, which is why everybody's saying it's "untested in court". In reality, no lawyer in their right mind would actually try to fight the GPL. It's not like this issue's never come up before.

Well Boies is certainly wrong but he is not insane, just exceptionally greedy and p

Re:time to prove GPL's right in court

[Bruce Perens]

The big difference is that the people who are violating the GPL are distributing the GPL code in a product. When you redistribute or sell the code, you have a different set of obligations than a user. The GPL allows the end-user to do almost anything.

Bruce

Re:time to prove GPL's right in court

[swillden]

How is it anti-business? If you want to distribute GPL code and don't like the license terms, you're free to negotiate others or to write your own code. This is exactly the same situation as with proprietary code, except that the GPL gives you an easy way out if you are willing to accept the restrictions that come with it.

BSD

[Midnight Thunder]

If anyone does not like the GPL license that goes with Linux, then there is BSD as alternative open source OS. By using BSD instead of Linux, there is no requirement to release the modified source. If you insist on using Linux then you should respect the terms of the contract. If your supplier uses Linux and you modify the code then you should either respect the GPL, ask your supplier to use a different OS, uses a different OS yourself or seek an alternative supplier, who does not use Linux in their product.

There are choices, and it is up to the business to make the best one for their needs and limitations.

Re:time to prove GPL's right in court

[swillden]

The GPL is anti-business because it seeks to undermine traditional business models (by reducing the cost of software to $0) while thwarting alternative business cases

Sure, the GPL is antithetical to traditional software businesses, but GPL software is also tremendously useful to lots of other businesses. Lots *more* businesses, in fact.

Sure there are plenty of /. pontificators who sit around on their couch proposing alternative business models, but 90% of those wouldn't pass the laugh test at a corporate board meeting.

Here's one, see if it passes the "laugh test": A company is in the business of producing computer-animated films. It can buy high-end hardware that runs expensive software which may not always do exactly what it needs, or it can grab GPL'd software, modify it as needed and run it on commodity hardware.

Now, which type of software better serves this business?

Or, how about this one: A company is in the business of selling powerful computers, high-end proprietary software products and professional services to integrate the software and hardware and make it meet business needs. This company can develop its own proprietary operating system(s), incurring huge costs that really only serve to support the hardware and services businesses, or the company can grab GPL'd software, port it to the company's hardware, port the software to it and train the company's services professional on it. The services professionals can then score additional points with their clients by pointing out that the clients are not locked into said company.

I'm sure you recognize this company.

The GPL is about making software available to users and keeping the software from being locked up and controlled. Many users, in business and not, appreciate this.

You can try to argue that this destroys software companies which will ultimately destroy software development, etc., etc., but that's crap. As long as there are people willing to give their work away for free, there's no market for competition to that work. In markets where the free stuff doesn't exist there are opportunities to sell proprietary software.

At the end of the day, this may very well slow the development of commercial software because it increases the risk that the investment will not show a return. I'm convinced that this slowdown will be more than offset by the fact that so much code is available for experimentation and enhancement by anyone, not just by the developers at one company.

Re:time to prove GPL's right in court

[God! Awful 2]

As long as there are people willing to give their work away for free, there's no market for competition to that work. In markets where the free stuff doesn't exist there are opportunities to sell proprietary software.

At least that used to be true before the GPL. With the BSD license, that would still be true. But now the popularity of the GPL license makes it difficult to even do that.

Anyway, this post is brief because you called me a troll and I find it unproductive to carry on arguing with people who

Re:time to prove GPL's right in court

[Waffle Iron]

The big difference is that the people who are violating the GPL are distributing the GPL code in a product. When you redistribute or sell the code, you have a different set of obligations than a user. The GPL allows the end-user to do almost anything.

And yet people constantly claim that the GPL is not anti-business.

If I create copies of a GPL'd program and sell them, I have an obligation to make the source available. That's anti-business.

If I create copies of Microsoft Windows and sell them, I get

Re:stop whining

[Geek of Tech]

I'm throwing away a perfect chance to use mod points on this, but think. The DVD Player is running Linux. Many people have contributed to Linux.

The part that denies you complete control over your own work by requiring distributed modifications and derivations also be licensed under the GPL.

Okay. First. It's not "their own work". It's the works of hundreds of individuals who have spent their time (many years) working on this Linux, agreeing to let others use it only if the source code is included.

Re:time to prove GPL's right in court

[zulux]

why can't you just ignore the GPL?

As a user... you can ignore the GPL. You can use the software as you see fit.

As a distributer of GPL'ed software - you have to get permission from the copyright holder to copy the software, or, if you'd like, follow the terms of the GPL.

With an EULA, you have to get permission from the copyright holder to copy the software. (Fat chance). Or.... nothing. EULA's don't give you permission to copy software at all.

Re:time to prove GPL's right in court

[3Suns]

Well if anyone said you can ignore a EULA, they lied. A EULA may not be legally binding in general (a hidden provision signing off your first-born child would just be so many useless words) because you hven't actually signed anything. But it does affect your use of the software. Agreeing to a EULA can legally limit the things you can do with the software and your legal recourse against the distributor.

EULAs are, however "unenforceable" in that it would be impossible/impractical for a software distributor to catch you violating the EULA, or gain enough evidence to prosecute you for it. It's like laws prohibiting oral sex in your home... It might be illegal, but for anyone (including the police) to catch you doing it, it would require them to break the law in the process of obtaining evidence. This is what most people mean by "unenforcable" (dunno about the legal definition if any... IANAL).

The GPL is significantly more enforcable, since it deals with the distribution of software, which must be done in public. These embedded devices contain GPLed software, that much anyone can verify, but the companies are not distributing the code. All the evidence needed to make a case is publicly available.

Re:time to prove GPL's right in court

[swillden]

why can't you just ignore the GPL?

You can. The GPL even says so. Section 5 says:

You are not required to accept this License, since you have not signed it.

However, if you don't accept the GPL, then ordinary copyright law applies, and copyright law says that you're not allowed to make copies of a copyrighted work without permission of the copyright holder. So, you can use GPL code without accepting the GPL, but you have no right to distribute it.

Section 5 goes on:

However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License.

If you want to make and distribute copies, you have to get permission. The GPL will grant you that permission, but only with some caveats. Or you can contact the copyright holder(s) and negotiate some other agreement that gives you permission. If you don't want to do either of those, then you can't distribute the code without opening yourself up to lawsuits.

Re:time to prove GPL's right in court

[vidarh]

You can ignore the GPL, but it wouldn't help you. GPL grants you rights you DON'T have by default under copyright law. If you pretend the GPL doesn't exist you DON'T have a right to distribute the work.

The GPL is setting out a set of additional rights that the copyright holders are granting you if you agree to abide by certain rules. If you don't agree to abide by the GPL you can still use the product, but copyright law prevents you from legally distributing it.

Re:A typical day on Slashdot...

[steeviant]

And one story with a post where someone who clearly spends a lot of time reading stuff on Slashdot whines about how bad it is.

What is this, some kind of public self-flagellation ritual or something?

Re:This is because the GPL is non-intuitive

[Bruce Perens]

No precedent? That's silly. The world is full of software licensors that charge money for the same rights the GPL provides.

Bruce

Professionals and Free Licensing

[_Sprocket_]

The GPL is non-intuitive, and does not have any real precident. Because of this, it is widely misunderstood. When somone says free software or open source, they will assume that it is completely free, not GPL. Everyone has been selling OSS as free software, when it is explicitly not.

At first, I was in complete agreement with the idea being expressed here. It falls in line with the popular misconception that "free software" is all about "no cost". From there it isn't too far of a leap to suggest that if source code is included, Open Source code might be mistaken for something in the public domain.

But then - we're talking about professionals in the software industry. Getting software at no cost and not being aware of its licensing is a neophyte's mistake. After all, Open Source software is hardly the first time software has been available without an up-front fee.

Look at the whole range of software commonly referred to as "freeware". Some lump Open Source software under this label. However, freeware also includes quite a range of software licensed under proprietary licenses. Some proprietary licenses limit use - often delimited by commercial or non-commercial use. Sometimes these licenses don't even allow redistribution of the binaries that are freely available from the author's site.

It is very common practice within the Industry for software to be restricted in ways other than cost. And even when a fee is paid, the software in question still involves licensing restrictions. Developers know that this includes software with source code.

In the end, I agree that the GPL and many other Open Source licenses will seem odd to Industry developers. However, shrugging off these restrictions as "non-intutive" is naive. Anybody who has spent any time in the Industry knows that "free" means very little when it comes to licensing. And they should have the basic instinct to investigate and understand the license involved in any software they acquire and use.

Re:This is because the GPL is non-intuitive

[drinkypoo]

The BSD license asks for credit in the form of maintaining the copyright notice and credits. The GPL asks for other people's work to be GPL'd. It seems to me that both ask for something in return... The BSD license is like Public Domain, except you get credit for your work.

Re:stop it.

[RdsArts]

What you want them to do is to allow them to use their software as if it were BSD licensed. What the companies are doing is stealing software, and then selling it to other people. They have every right, and futhermore a duty, to make noise about this. The "price" of GPLed software is to release the source, and you need to "pay" to use software they didn't write for commercial products. Sorry.

Oh well. I guess respecting the author's rights is unimportant next to making sure they use "anything but Windows," eh?

Re:stop it.

[nagora]

Guys, we are scaring them off.

I don't think I'm too worried about scaring thieves off.

TWW