Kernel Modules that Lie About Their Licenses 587
jon787 writes "An email to LKML about the Linuxant's HSF Modem drivers lying to the kernel about their license has prompted some interesting replies. Lots of talk about how to effectively blacklist these kind of things; a patch is here. One of the more interesting is this one. Linus as always has his $0.02."
Of course Linus has something to say. (Score:5, Insightful)
Squashing... (Score:5, Insightful)
Great idea, for this hack, anyway. Problem is, they'll come up with something else next time. I think this one really is up to the lawyers, unfortunately.
Get over it (Score:4, Insightful)
BUT... the linux kernel developers need to get over their fanaticism about open-source drivers. There are many reasons companies cannot or will not make their driver source public. For wireless cards, the FCC effectively prohibits it. For video cards and others, much of the value of the card is in fact in the driver and companies have a right to keep that under wraps.
Poor processes (Score:4, Insightful)
(And if the answer to the question is: "people will cheat and we can't stop them", then there is little point in playing legislator.)
Creative null character? (Score:4, Insightful)
Re:Can't get over it (Score:5, Insightful)
Re:Get over it (Score:4, Insightful)
That is a hard requirement for Linux success, in the past, now, and in the future.
For example if 3D desktops becomes the standard open source 3D driver will need to be developed, if the gfx companies don't like that we need to take our money someplace else.
For the record I do run nvidia binary driver today.
Re:Can't get over it (Score:3, Insightful)
If you can't find it in your heart to accept binary drivers, maybe computers aren't for you ;) j/k
But why? (Score:5, Insightful)
I think a more appropriate way of handling things would be have a message explaining _why_ the tainted message is coming up, and why they can't GPL the driver. Work with the system, not against it.
-Erwos
Does that thing actually work? (Score:3, Insightful)
hypocrites (Score:0, Insightful)
Re:Get over it (Score:3, Insightful)
There is NOT a problem with binary only vs. open source modules. It is a problem with the company lying to the kernel, saying their module has a GPL liscense, when in fact it does not. There would be no problem if the liscense string had said:
"GPL for files in the \"GPL\" directory; for others, only LICENSE file applies"
instead, however, it says:
"GPL\0for files in the \"GPL\" directory; for others, only LICENSE file applies"
Notice the sneaky \0.
So what's it going to be? (Score:4, Insightful)
If /. has no respect for other people's choice in licenses and cheers people ignoring the license, then it must also cheer on people breaking the license in Linux. You can't have it both ways.
Get over it? Can't... (Score:3, Insightful)
As for your assertion, drivers can be non-OSS and still work perfectly, and OEM's aren't forced to make their stuff OSS - just ask NVIDIA if you don't believe me. Therefore, you're posting a strawman there...
The linuxant cheat isn't a problem because of the source code being closed, it is a problem because it pretends to be open-source when it is not, failing to warn whoever installs it.
Excuse me, but... (Score:5, Insightful)
Yes, but the kernel is not a person, right? In fact lying to hardware/software is a well-accepted practice for interoperability, emulation and fair use. If we want it to be illegal, we might as well defend DMCA.
Re:Get over it (Score:5, Insightful)
No, the FCC says the card cannot do certain things. Putting these restrictions in the drivers of each individual OS is not a good plan. The restrictions belong in the firmware. This is a safer way to ensure FCC compliance at the same time as allowing open source drivers.
The linux kernel developers need to get over their fanaticism about open-source drivers.
Who the hell are you to tell the kernel developers what they should care about? The kernel is licensed and written the way it is because the developers want it like that. If 3rd parties aren't prepared to play along, then they don't have to release linux drivers. They can't have it both ways.
Thought experiment (Score:5, Insightful)
Suppose that Lexmark made a printer that looked for a certain string in a ROM on an ink cartridge. Let's say the string was "The manufacturer of this cartridge agrees to the terms of the ELL (Evil Lexmark License)." If the string is present, the printer works great; if the string is not present, the printer has undesirable behavior of some kind.
Further suppose you want to make an ink cartridge for your Lexmark printer, and thus for the purposes of optimum interoperability, you imbed into the ROM: "The manufacturer of this cartridge agrees to the terms of the ELL (Evil Lexmark License).\0Just kidding. Of course I don't REALLY agree to the Evil Lexmark License, because after all, IT'S EVIL!! It even has \"Evil\" right there in the name, what more proof do you need?!? Sheesh, people!"
Are you bound to the ELL?
Re:Get over it (Score:2, Insightful)
Which one is the pot and which is the kettle here?
Re:Can't get over it (Score:5, Insightful)
The hell you say. A Cisco router is just a CPU and some RAM with a few IO ports thrown in. Its the IOS firmware and software that makes it do its thing.
Lying should be OK... (Score:5, Insightful)
If Office 2003 started asking the Win32 API - areYouReallyMicrosoftWindows(). Then MS Windows would return true...
What would Wine get to return?
Re:Get over it (Score:3, Insightful)
And in a perfect world there would be no war or hunger.
That is a hard requirement for Linux success, in the past, now, and in the future.
No, that is a hard requirement that is going to further alienate the Linux community and make companies less likely to bother supporting their hardware on the platform. What this will result in is drivers made by the community that work, but don't have all the snazzy features you paid $$$ for.
That's also why I have just a SoundBlaster 16 PCI. It does the trick and sounds good, but it's also just about the only card you can buy and take advantage of all its features.
For example if 3D desktops becomes the standard open source 3D driver will need to be developed, if the gfx companies don't like that we need to take our money someplace else.
Like.... somewhere else where they... build cool 3D graphics cards... and have open source drivers... which would be.... who? I'm also assuming this company would care enough about the few hundred to few thousand Linux customers they might get versus the few million Windows customers?
For the record I do run nvidia binary driver today.
Yep, thought ya did. Why didn't you take your money elsewhere?
Personally, I think the Linux community needs to just deal. You can't have your cake and eat it, too. Maybe after Linux gains some significant user-base, you can demand things from product manufacturers. Until then, however, you should ease up a bit and just be happy that Linux is even supported.
Re:Good Luck (Score:5, Insightful)
The problem with the compatibility argument is that it's wrong. The primary purpose of the license string is to track whether the kernel has loaded a closed-source module. Many kernel hackers choose to ignore bug reports from systems that have loaded closed-source modules since there's a very good chance that the bug is in code that they can't access and fix. But failing to export a GPL compatible license string doesn't have any effect on the kernel's ability to load and run a module, so there's no compatibility reason to export a dishonest description of the module's license.
Re:Can't get over it (Score:4, Insightful)
When you buy a router, you're buying the function of routing. That's nearly 100% implemented in the firmware (for consumer-level routers, probably IS 100%). The hardware is just there to support the firmware's function.
Here goes my karma... (Score:2, Insightful)
This ain't flamebait, but a rather trenchant commentary on the hypocrisy that I see.
Re:Can't get over it (Score:3, Insightful)
Firmware can be valuable intellectual property just like any other hardware/software. If a company chooses to keep it closed, that is their decision. If you don't like it, don't buy that piece of hardware. Unfortunately, you'll probably find a small selection, at least today.
If a company finds a drop in sales due to keeping closed source, they'll change their business model to be competitive. If on the other hand most people don't care, they haven't given away their 'secrets' while still supporting customer usage.
Re:I know! (Score:1, Insightful)
So have a complex and developer hostle system of certification, not for quality testing, but for nothing more than license conformity.
But aside from that, this entire kernel checking licenses thing is insane. Can Linux go any further out of its way to make sure it is never adopted by hardware companies?
Question: Are there any non-communist distros out there? (or is it even possible) Where the kernel is patched to prevent this sort of stupidity and where binary drivers are hosted in the distros updates, you know, a USEABLE distro?
Re:Get over it (Score:3, Insightful)
The Free Software movement was started my RMS because the spooler for the new Xerox printer installed at the AI Lab did not come with source code. It had a tendency to jam and not tell the user before he walked across the campus to retrieve his job. The old printer did this (IIRC) but RMS had the source and was able to notify the user (actually, all of the users with print jobs in the queue) so that the printer could be unjammed before a trip was wasted.
Accepting non-free drivers is giving up your freedom. Personally, I use GNU/Linux because I am freed from the whims of the developer. If you wish to be a slave again please return to Windows or the Mac OS while the rest of us continue to use our Free Software.
The driver argument is foolish anyway. If you really must keep things secret (e.g. wireless cards) then move more things into the firmware and make the driver more simplistic (e.g. only allow the driver for the 802.11 card choose the channel to broadcast over instead of the exact frequency).
It's funny how you want to give in to non-free drivers when they are essentially the reason GNU/Linux exists in the first place.
ObDMCA reference (Score:4, Insightful)
And with the DMCA firmly in place, it will be illegal to hack YOUR hardware.
Jeez, I used to think I might be a little paranoid, but not any more...
Re:Here goes my karma... (Score:3, Insightful)
The RIAA would give away their entire music library for free, *including* the individual samples and source data, with the sole proviso that people not take their samples and include them in music where the sample data is not in turn released.
Then someone ran out and sold a song that swiped RIAA member samples without releasing their own.
That would probably get people on the side of the RIAA, yes.
The actual situation is a little different.
Request the source (Score:3, Insightful)
Re:Good Luck (Score:5, Insightful)
1. That's a trademark, this is copyright. Very different.
2. There is no real reason why they _have_ to have "GPL" at the start there. Their code will work without it, it will just cause a message to the effect that there are non-GPL drivers loaded to be displayed.
3. In the case you site it _is_ the console's integral code that displays the trademark. In this case it is the module code in question that includes the text "GPL", followed by a string termination character, in a space reserved for the module's license.
OTOH, I would note that the letters GPL do not in themselves constitue a license grant; they are merely an abbreviation that is usually used to refer to a specific license. In this case, however, they could just as easily stand for "Greg's Private License" (under which you don't get any rights whatsoever).
Re:Thought experiment (Score:5, Insightful)
Re:The system makes you lie (Score:3, Insightful)
They could do so anyway. BSD-licensed code can be relicensed to GPL-licensed code.
Re:Can't get over it (Score:3, Insightful)
Re:/0 is like a period, it ends the statement. (Score:5, Insightful)
LinuxAnt is really screwed here, as their drivers obviously won't work anymore
Re:Good Luck (Score:3, Insightful)
Agreed, in theory. But the solution they use here is worse, no? Because now, instead of unhappy users, you have ticked off kernel developers. And they have no reason to support you, your users, your business model, anything. They now start talking about blacklisting you and your drivers and your children from the kernel in any way whatsoever. So now, instead of having stuff that worked but didn't get free support, you have stuff that won't work because the community has decided that they hate you and want to see you and your crappy hardware to burn in hell.
Not a good plan, it seems to me.
Why do i care? (Score:3, Insightful)
I have a kernel. I have a device. With out said driver the kernel is useless to me.
So the driver is closed and propitiatory, as long as it works with my kernel why should I care. ( all religious OSS arguments aside.. I'm taking for a *real* reason )
The alternative seems to be no driver, and the kernel becomes a useless lump of code. We cant demand that companies that produce hardware support anything they don't want too, be happy they at least give us closed drivers... 5 years ago they didnt even do that, unless it was for a Microsoft kernel.
Re:Excuse me, but... (Score:3, Insightful)
That would make sense if this had anything to do with "interoperability, emulation and fair use". The kernel doesn't care what license it is; it will load a module under any license. This is strictly a user documentation string for the people who might have personal care about the license. You can put "This code 0wned by Darl", and it will load just fine.
This is strictly a case of a manufacturer lying about the license to the end user.
--
Evan
Re:So what's it going to be? (Score:4, Insightful)
There's no reason you need to do this. The kernel happily loads any license. They are lying for the sake of misleading users. There's nothing to circumvent. This is like Pizza Hut advertising that they are giving out Free Pizza, and then cutting off the edge of the coupon that says "$15 per pie charge". There is no technical reason for this; this is simply lying to the end users.
--
Evan
Re:Thought experiment (Score:4, Insightful)
> great; if the string is not present, the printer
> has undesirable behavior of some kind.
But there is where you analogy breaks down. If all the printer did was log in it's memory somewhere that a non-lexmark ink cart had been used so they could void your warranty for any printhead damage there would be no objection. But printers refuse to print without the secret knock and linux will load a module without the GPL tag.
Re:Thought experiment (Score:4, Insightful)
The fact is, the kernel doesn't arbitarily malfunction when it's tainted. Instead, the taintedness is a great sign to tell the user that they really need to go to the original authors for help since no one else is able to properly debug their proper (and of course, two different modules from two different companies which each taint the kernel creates a problem which no single entity can resolve). Faking the string to not cause taintedness helps no one (in the short term it might help the company, but it might not in the long run; people might pay support money to get bugs fixed in one tainted module). Faking a string in a printer cartridge helps the user to get cheaper ink. It also helps create competition (always a good thing).
Ironically, Lexmark's cases against various clone ink cartridge makers might decide the result of this same type of deception. Faking a string to make some program behave the way you want might be unhelpful and possibly unethical (by misleading users into believing they're using only GPLed code or wasting developers time on problems they can't solve thanks to code they can't see), but it's hard to see how it could be made illegal. Now getting such companies for false advertising...
These people wanted $15 for a Linux driver (Score:3, Insightful)
I just went and bought a serial port external modem for $13 (shipped). Works like a charm.
Re:Good Luck (Score:4, Insightful)
It's not just a political issue, but I guess if you have political issues with operating systems, that's a conveniently ignorant view to take of the situation. This driver is surreptitiously loading itself as non-GPL code while telling us that it is GPL. This effects the way Linux hackers treat bug reports that are tainted with this module. This is accomplished by loading that "GPL" flag and enabling helpers that prevent bugs reports from being flagged as tainted.
Therefore, not only does it complicate bug reports, it complicates bug reports by loading pieces of code that it's not allowed to. I'd say that makes it malware, rather than a political issue.
I will try to explain this to you (again) (Score:2, Insightful)
Why? Because there are some ways of writing device drivers that make the drivers *not* be a derivative work of the kernel. P.ex., the NTFS driver distributed by Microsoft, NTFS.DLL, is not a derivative work of the kernel, but might, by way of (GPL'd) glue code, be load in the addressing space of the kernel and linked to it.
MODULE_LICENSE("Other license") means: "this module is constructed in a way that makes it a non-derivative of the kernel; you can modprobe it, and as it's not derivative, the GPL does not apply to it; don't allow it to see those symbols that would make it derivative";
MODULE_LICENSE("GPL") means: "the license of this module is GPL, please do the linking for me to the symbols that will make me a derivative work of the kernel", while
MODULE_LICENSE("GPL\0but not really") means: "I'm a fucking liar, and I want to roll the dice without paying the price (I want to be a non-GPL-licensed derivative of the kernel)."
Got it?
Re:Why do i care? (Score:4, Insightful)
Dinivin
Re:Why do i care? (Score:3, Insightful)
What happened here is a binary only module pulled a sneaky trick to say that it isn't a binary only module, and the debug information no longer tells the developers that the kernel was running with code they don't have the sources to debug, hence wastes their time trying to figgure out a problem they can't solve anyway. It's just stupid on the part of Linuxant, doesn't really benifit them in any meaningful way, and gives them lots of bad press.
Re:Get over it (Score:5, Insightful)
Freedom means diffrent things to different people, but for most of us, I suspect, freedom is not ultimately defined by anything so trivial as access to the source code for a video driver.
I am freed from the whims of the developer
Then we can safely assume you are a master coder whose word is law in GNU/Linux?
Re:Can't get over it (Score:5, Insightful)
Neither do the kernel developers; the -great-great-etc-grandparent's assertion that they actively refuse to allow all things closed source was a straw man. All the kernel developers want to be able to do is have the kernel note when it is running a closed-source driver, so that they can easily filter out bug reports that would require them to have access to sources they don't have. They don't want to get blamed for problems caused by someone else's code whom they can't do anything about. Who in the hell can fault them for that?
But then its MY choice, not the kernel nazis. I thought that is what Linux was all about, Free as in speech, not as in beer.
It is your choice. The "kernel nazis" are in whole hearted agreement. They just want to be able to mark kernel dumps from kernels they can't fix. Their choice. Comprende?
Re:Thought experiment (Score:1, Insightful)
Mozilla does not give an alien user agent unless the user chooses so. This is usually done to circumvent browser checks which aren't really necessary or when the user can live with small incompatibilities. Because the user has to actively set a different UA, he knows that his browser of choice isn't supported and he's on his own.
Now, if you lie about your browser in order to receive support even though the website author clearly told you that Mozilla isn't supported, then yes, that would make you evil in the same way that Linuxant is "evil".
Re:These people wanted $15 for a Linux driver (Score:3, Insightful)
Re:Get over it (Score:5, Insightful)
Regardless of why it was proposed, the reason Linus finally accepted the MODULE_LICENSE stuff was that everyone was wasting a LOT of time trying to track down bugs that ended up being caused caused by binary-only drivers.
The effect of MODULE_LICENSE is mostly just to mark the kernel as "tainted" -- its internal state affected by code which isn't available for the kernel developers to consult when debugging.
This shows up in crash dumps, so if someone posts dump of a crash in which binary drivers were involved, the kernel developers know upfront not to bother (the bug has "crossed the county line", so to speak).
Linuxant's excuse is that the tainted message was too confusing for users (they don't appear to have any qualms about wasting kernel developer time).
Of course Linuxant's proprietary code which they can't let anyone see is pristine and perfect, and could never, ever be the cause of a bug...
Re:Good Luck (Score:3, Insightful)
In which case, the bug should also manifest itself if the modem wasn't loaded, so why lie about the module licence?.
What companies are doing if they lie in the module licence is using the linux developers as 1st line support - someone looks at the problem in a so-called "clean" kernel, tracks it down to one bolted on "black box" and refer the user to the supplier. Result, developer wastes time locating non-related bugs, which I believe is the reason the "tainted" message came into being in the first place
It's still a pretty good reason, though, to have your driver lie to the kernel. Maybe, just maybe, you're sure your driver is ok, and don't want its closed-ness to get in the way of people getting bug reports for completely different parts of the kernel.
No, it's not a valid reason at all. If you're sure you're driver is okay, a kernel bug should still be there if your driver is absent. If it's not, maybe, just maybe, the bug is with the module, and by lying to the kernel you're just wasting everyones time.
Re:Poor processes (Score:2, Insightful)
how will people cheat, and how can we stop this
The discussion on LKML makes it look like the developers, in their attempt to enforce truthful taint flags, are responding in a way that is headed for a cat-and-mouse game of the sort we see in the spam wars. We all know how ugly that can get. I see two ways out, both techniques borrowed from the spamwar trenches.
Both apporaches require some infrastructure, so there is work to be done now to save a greater amount of work later.
Re:Thought experiment (Score:3, Insightful)
This is more like the manufacturer actually printing "official Lexmark ink cartridge" on the cartridge.
Imagine if the printer failed and the user sent it to Lexmark for it to be fixed. Would Lexmark really be out of line if they claimed that the user broke it by putting in that unapproved cartridge?
Re:Thought experiment (Score:4, Insightful)
I seem to remember this from the early days of IE....
Re:LinuxAnt is really screwed? (Score:3, Insightful)
Nonsense... The GPL is for everyone who values their freedom.
The GPL is used by many developers who distribute the fruits of their effort for nothing beyond the expectation that anyone who finds their work useful enough to build their own products upon will provide said products under the same license. Even if those products are sold for profit, the derivative work should be as Free to those who purchase it as was the original work. From that perspective, the GPL is absolutely for developers.
Similarly, many users choose to purchase and use GPL products because they know that this license protects their rights to use and customize their software for their own purposes, in perpetuity. The GPL is absolutely for users.
Re:/0 is like a period, it ends the statement. (Score:2, Insightful)
Is that really the case? I thought their response was that they didn't want multiple warnings issued when one should suffice.
Stop the Whining, the clueless do not deserve... (Score:3, Insightful)
Doing these things honestly and functionally isn't all that difficult.
For instance, my company makes a sweet little device that, among other things, has a bunch of FPGAs (Field Programmable Gate Arrays). There is some language (I have never seen) that creates, via a source file (I will never possess) and a compiler (we license for a nut), to create a byte-stream (I have sitting around in a file) that gives the FPGAs their personality.
When my boss came in and started whining about the GPL I pointed out that the three modules were GPL-able and that distributing them under the GPL was about as "wanton with our intellectual property" as sunday school.
The drivers are just not that interesting. From one (the one that loads the FPGA images) you could learn how to copy a byte string into a single register. e.g. "for (int counter = 0; counter image_size; ++counter) { *FPGA_Personality_Register = image_buffer[counter]; }"
Oh yea, there is a lot of boiler-plate around this, and I actually do that inside a fpgaflash_write() etc. But this is *not* rocket science.
In point of fact, virtually all of the "Intellectual Property Issues" people have with respect to software are, frankly, crap.
A bunch of people doing a lot of truely marginal work have created a mythology of value. Somehow the way _*THEY*_ increment an integer is so much more fascinating than the way the rest of us do it. "But Boss," they say, "if everybody out there figures out that we put *our* serial uart at 0x2df instead of 0x2f0 then nobody will need us any more."
Bull.
If you provide a good product at a reasonable rate then people will pay you for it.
Every year I spend $20 to $50 to pay my taxes with one or another tax prepration software product. I do this *despite* the fact that all the forms and things are there and (obfuscated 8-) open source. (And I actually buy the software instead of pirate it, since to steal software when that is how I make my living would be hypocritical.)
The only people who have to worry about Open Source are the people who make crappy software.
Trust me, nobody wants your job. Nobody wants sneak in and rewrite comercial drivers *IF* *THEY* *WORK*. Nobody cares about your "proprietary register mapping" *IF* *IT* *WORKS*. The people who are going to make a nockoff of your board are just going to trace out your hardware if they want to clone it, and its is going to take them how long to disassemble your Windows driver to make their compatable device?
Gee, if they want to compete, they could just make their clone to one of the already-existing drivers they have source too anyway.
There is *NOTHING* *OF* *VALUE* in your drivers. Really. Get over yourselves and start harvesting all that free money by making a product and having the OS community improve your products' drivers for free.
It boggles the mind that people like nVidia and ATI want to keep their drivers closed when their real value is in the chipsets themselves. Everybody knows how Direct-X and OpenGL is going to present the data at that level. Why do they even *care* if someone knows that the data buffers are reformatted and their addresses are crammed into a doorbell register at a particular address. Do they think we can't possibly fathom the concept of laying out data and putting addresses into doorbell registers? Do they expect us to be supprised when it turns out that the eight hardware rendering pipelines they brag about on the box are backed up by eight separate linked lists (or whatever) in the driver?
And you just know that on the flip side, there is someone at each of these companies trying to outsource the driver development even as the first team of idiots are jealously garding their source code.
Back to the example, all the "value" in our product is in the complex and subtle control of state *below* the driver in the hardware, and in the complex and robust interractions of the applications and protocols
Re:Fork? (Score:2, Insightful)