Slashdot Mirror

Karen Sandler of the GNOME Foundation (and Software Freedom Law Center) called attention to this exact problem in 2010 after she had a Medtronic defibrillator installed.

http://www.softwarefreedom.org...
https://www.youtube.com/watch?...

m claiming the following things about reality. GRsecurity may be violating GPLv2 (I'm not taking a definite position on that). If so, GRsecurity doesn't have a valid license for the Linux kernel, and is forbidden to change or further copy it. If GRsecurity doesn't have a valid license, GRsecurity can't grant a license, and therefore their customers are running unlicensed copies of software.

And reality disagrees with you. Per the GPLv2:

"4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance."

"6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License."

From the SFLC:

This is GPLv2's "automatic downstream licensing" provision. Each time you redistribute a GPL'd program, the recipient automatically receives a license from each original licensor to copy, distribute or modify the program subject to the conditions of the license. There is no requirement to take any action to ensure the downstream recipient's acceptance of the license terms, see above. This places every copyright holder in the chain of descent of the code in legal privity, or direct relationship, with every downstream redistributor. Two legal effects follow. First, as sec. 6 says, parties themselves remaining in compliance have valid permissions for all actions including modification and redistribution even if their immediate upstream supplier of the software has been terminated for license violation. Their licensed rights are not dependent on compliance of their upstream, because their licenses issue directly from the copyright holder. Second, automatic termination cannot be cured by obtaining additional copies from an alternate supplier: the license permissions emanate only from the original licensors, and if they have automatically terminated permission, no act by any intermediate license holder can restore those terminated rights.

It also follows, as sec. 6 makes clear, that licensors are in no way responsible for enforcing compliance by third party recipients or distributors. Every licensee gains or loses permissions from each original licensor solely on the basis of its own conduct .

We know from the MAFIAA and lawsuits that illegitimate copies of copyrighted works can cost a whole lot of money. The Linux kernel does not operate under a copyright-assignment principle, so there's a large number of people with copyrighted code in the kernel, and I believe any of them could sue.

But they are all bound by sections 4 and 6 of the GPL as "original licensors" of their contributions, they've automatically granted licenses to GRsecurity's customers by the terms of section 6, and those licenses were not terminated by GRsecutiy's alleged violation of the terms of section 4.

Hence, it looks legally risky to me to rely on a kernel supplied from GRsecurity.

Wrong.

While the user may not be responsible for the sins of the distributor, this is only the case after the distributor successfully conveys the GPL to the user upon the work. I contend that the distributor never had the right to convey the GPL to the user at all upon an infringing derivative work, and that a direct grant by the kernel developers to the user is thus never triggered.

And I contend that you're wrong. In the SFLC's own words:

Automatic Downstream Licensing

Each time you redistribute a GPLâ(TM)d program, the recipient automatically receives a license, under the terms of the GPL involved, from every upstream licensor whose copyrighted material is present in the work you redistribute. You can think of this as creating a three-dimensional rather than linear flow of license rights. Every recipient of the work is âoein privity,â or is directly receiving a license from every licensor.

This mechanism of automatic downstream licensing is central to the working of copyleft. Every licensor independently grants licenses, and every licensor independently terminates the license on violation. In the case of GPLv2, this termination is automatic, while under GPLv3 the party breaching the licenseâ(TM)s terms may be able to cure before termination. Parties further downstream from the infringing party remain licensed, so long as they donâ(TM)t themselves commit infringing actions. Their licenses come directly from all the upstream holders, and are not dependent on the license of the breaching party who distributed to them. For the same reason, an infringer who acquires another copy of the program has not thereby acquired any new license rights: once any upstream licensor of that program has terminated the license for breach of its terms, no new automatic license will issue to the recipient just by acquiring another copy.

It does not matter whether "the distributor []ever had the right to convey the GPL to the user." The user takes their license directly from every contributor, and cannot be liable for using a GPLed work unless they themselves directly violate the GPL.

I no longer need your clarification. It's eminently clear that you're in the wrong.

'Software Freedom Law Center (SFLC) versus Xterasys Corporation and High-Gain Antennas, LLC'

A Practical Guide to GPL Compliance --

"How exactly the GPL works is still unclear as not many cases have gone through the courts. I know that because of this most companies absolutely prohibit any open source code within a mile of their commercial applications, even in cases where a light reading of the GPL would suggest it is ok to do so. Remember the GPL is designed to be viral. You don't want to run the risk of violating the GPL by inadvertently infecting your proprietary closed source code." link

'Software Freedom Law Center (SFLC) versus Xterasys Corporation and High-Gain Antennas, LLC'

A Practical Guide to GPL Compliance --

"How exactly the GPL works is still unclear as not many cases have gone through the courts. I know that because of this most companies absolutely prohibit any open source code within a mile of their commercial applications, even in cases where a light reading of the GPL would suggest it is ok to do so. Remember the GPL is designed to be viral. You don't want to run the risk of violating the GPL by inadvertently infecting your proprietary closed source code." link

Royalties from licensed commercial distribution fuel continued development and innovation of an open and free option. The balance depends upon adherence to the license restrictions in the open and free option.

But it's time to think about more than your desires to copy freely when you sit down at a keyboard

So DRM every file? Also what does this even mean?

Free stuff from Google does not mean free in the sense Richard Stallman ever intended it.

RMS: Free "stuff", not Freedom. Really? In 2016?

In other words, if you offer your software on an open and free basis, any use is fair use.

The Free Software Movement said this over 30 years ago. Slashdot, stop posting shit from linkedin blogs and maybe you'll survive. I don't care what site the bullshit was laundered from (ars). Everyone else: https://www.softwarefreedom.or... Annette Hurst don't quit your day job.

You make a good point about "transitional" mess. But I'm interested in what holes you found in Microsoft's patent pledge. Do these arguments from eight years ago still apply? Or has Microsoft fixed them?

MOOXML, which was unnecessary when a perfectly good open format ODF already existed

Was ODF suitable to round-trip every single feature of the existing .doc, .xls, and .ppt formats? Or would it have required Microsoft to drop features on which at least some paying customers depend? For example, do compatibility options in Word and formulas and macros in Excel survive a round trip to ODF?

Microsoft fan-boism/shilling

I have never been paid by Microsoft or anyone else to recommend Microsoft products. As a fan of free software, I want to make sure the anti-OOXML claims are as strong as they can be: sufficiently detailed and free of holes that might threaten the overall argument for free software.

I don't know why you think that. The Software Freedom Law Center agrees with me that if Google had released their version of Java under the GPL, there wouldn't be a copyright issue.

Software Freedom Law Center's brief regarding whether the Supreme Court should take the case or not:

https://www.softwarefreedom.or...

This is something Eben Moglen discusses in his Freedom in the Cloud talks, which I strongly recommend.

Reminds me of something Eben Moglen says in one of his Freedom in the Cloud talks:

So what do we need? We need a really good web server that you can put in your pocket and plug in any place. It shouldn't be any larger than the charger for your cellphone. You should be able to plug it into any power jack in the world or sync it up with any wi-fi router that happens to be in this neighborhood ... It should have a couple of USB ports that attach it to things. It should know how to bring itself up; how to start its web server; how to go and collect your stuff from all the social networking places you've got it.

It should know how to send an encrypted backup of everything to your friends' servers. It should know how to micro-blog, It should now how to make some noise that's like tweet but doesn't infringe on anyone's trademark. It should know how to ... be your avatar in a free net that works for you and keeps the logs. You can always tell what's happening in your server and if anybody else wants to know they can get a search warrant.

This is a compiler. What stops a company from branching a GCC and keeping their own mods secret?

The threat of having the Software Freedom Law Center filing a lawsuit against them?

They can leave the GPL license in place but just not contribute their changes anywhere.

...and hope nobody in a position to sue them finds out.

I'm pretty sure they would be free to put their own changes in a separate dll under a different license and just hook it into the normal GCCs compile process.

And I'm pretty sure they wouldn't, under the terms of the GPL; the fourth paragraph of section 1 "Source Code" in the GPLv3 says

The “Corresponding Source” for a work in object code form means all the source code needed to generate, install, and (for an executable work) run the object code and to modify the work, including scripts to control those activities. However, it does not include the work's System Libraries, or general-purpose tools or generally available free programs which are used unmodified in performing those activities but which are not part of the work. For example, Corresponding Source includes interface definition files associated with source files for the work, and the source code for shared libraries and dynamically linked subprograms that the work is specifically designed to require, such as by intimate data communication or control flow between those subprograms and other parts of the work.

(emphasis mine).

Or they could (Apple for example is pretty big brother why not get bigger?) just require people submitting to their App store to provide the source via a web submission and run their custom compiler against the code.

As GCC isn't covered under the GNU Affero General Public License, they might be able to get away with that.

The monetary cost of "a near perfect surveillance state" has become/is rapidly becoming negligible.

The more pertinent trade-off at this juncture is Freedom vs Security.

Another thing to keep in mind... the government is not the only powerful actor capable of taking away freedom by using surveillance.

Its hard to know how things will play out, but its certainly an important topic for people to be aware of and think critically about.

Inadequate in every way, but at least a place to start.

"I was talking to a senior government official of this government about that outcome and he said well you know we've come to realize that we need a robust social graph of the United States. That's how we're going to connect new information to old information. I said let's just talk about the constitutional implications of this for a moment. You're talking about taking us from the society we have always known, which we quaintly refer to as a free society, to a society in which the United States government keeps a list of everybody every American knows." —Eben Moglen, "Innovation Under Austerity"

Eben Moglen gave a talk where he warned us about a conversation he had with an American government official who wanted a "robust social graph" of Americans. And again at Moglen's re:publica talk as Nicole Brydson reminds us. Of course, I'd prefer to point to a copy of this talk in a format friendly to free software, but I don't know of one.

Moglen reminds us in his talks about how right Richard Stallman (RMS) is, and how we need to do the work of sharing what RMS teaches to others. RMS was right (as per usual) we need software freedom more than ever. Social action based on an ethical grounding (not mere technical convenience or speedy development) is exactly what this situation calls for. I hope everyone will take the time to read or listen to Moglen's insightful talks and take them seriously. They're deeply engrossing and filled with interesting history, so much so that they reward repeated listening and social action.

I think you're misreading the article. The Winestock is not making the "if you have something to hide ..." argument, he's anticipating it. His argument is that the computer industry, and perhaps computing as a technical endeavor, tends the direction of centralization of computing power and grunt work which then leads to centralization of data. Both governments and business – even cool, supposedly "revolutionary" businesses – like it this way. So, don't look to the high tech companies for help protecting your privacy. As he says in TFA:

Pleading will not help because the interests of those companies and their users are misaligned. One reason why they are misaligned is because one side has all of the crunch; terabytes of data, sitting in the servers, begging to be monetized. Rather than giving idealistic hackers the means to liberate the users from authority, the democratization of computing has only made it easier for idealistic hackers to get into this conflict of interest. That means that more of them will actually do so and in more than one company.

You see, in the past, the computer industry was dominated by single corporations; first IBM, then Microsoft. Being lone entities, their dominance invited opposition. Anti-trust suits of varying (lack of) effectiveness were filed against them. In the present, we don't even have that thin reed. Thanks to progress, we now have an entire social class of people who have an incentive to be rent-seekers sitting on our data.

Being members of the same social class, they will have interests in common, whatever their rivalries. Those common interests will lead to cooperation in matters that conflict with the interests of their users. For example, the Cyber Intelligence Sharing and Protection Act (CISPA) is backed by Microsoft, Facebook, Yahoo, and, yes, Google, too.

As the head of the Software Freedom Law foundation, Eben Moglen says, keep your data locally, at home, where the 4th Amendment still has some effect. As Winestock is saying, you better be ready to defend even the right to do that.

When you absolutely positively have to defend your software at all costs, accept no substitute.

https://www.softwarefreedom.org/

https://en.wikipedia.org/wiki/Software_Freedom_Law_Center

EFF might help. But this is more in line with the Software Freedom Law Center. Defending FOSS developers against unjustified patent claims is part of their mission.

It depends...industry and gov do use open source. The license on the code would also dictate whether or not it could be used(assuming the developer is abiding by the code license). Whether the final product can be re-released into the community is a matter of whether the final product is restricted, such as in a mission critical or export restricted technology. Also, if the open sourced code license requires any applications developed from or integrated with it also become open sourced would limit its usage based on the same reasons as exposing proprietary code to those terms.

A quick google:

http://www.softwarefreedom.org/resources/2011/government-acquisition-and-gpl.pdf

It isn't always that way. From back in 2010:

Killed by Code: Software Transparency in Implantable Medical Devices (related video) (BBC summary of the main story)

Written primarily by a free software attorney whose doctors also recommended an implanted ICD and who examined 1) the regulatory requirements, 2) what the device makers have to actually submit to the FDA (not source code), and some other relevant security and design characteristics like just how close to you a controller device would need to be before being able to connect with and control your implanted device, in order to make an informed decision about the surgery.

One of the most important issues discovered during this process was just how little doctors had through of these issues, if at all. If your doctor is recommending an implanted device, whatever you decide about the treatment, it is important to discuss these issues with your doctors and help them understand your concerns.

It is not about DRM at all

Not at all you say? Not at all about DRM...then what happened here:

https://www.softwarefreedom.org/blog/2012/jan/12/microsoft-confirms-UEFI-fears-locks-down-ARM/

A signed bootloader with the kernel path and device drivers prevent the next aulurion worm/rootkit from taking shape as nothing untrusted can run from the kernel.

It also ensures that users cannot do this sort of thing:

http://www.evilavatar.com/forums/showthread.php?t=7650

Or even something as simple as this:

https://en.wikipedia.org/wiki/Decss

See, the distinction here is subtle. If the user can modify their kernel, but only when their computer is a special "modify the bootloader" mode (or if the user can sign their own bootloader etc.), then the security argument makes sense. If the user cannot, then there is no security argument, because forbidding the user to modify their own system has nothing to do with security -- unless by "security" you mean "DRM."

If this could be used for gnu/Linux the situation would be great for security.

...and that is a case in point. If this could be used for GNU/Linux it would be great for security; it cannot be, because this is not about the security of the user, but rather the security of privileged "media partners" and other companies. The security that "Secure Boot" is meant to provide is security against secret keys being copied out of RAM by some teenager using a debugger, or cheating in MMOs by people who modified their kernels to defeat anti-cheating technologies, or people who might try to use their computers in ways they were supposed to pay extra to do, and so forth. The adversary in the "Secure Boot" security model is the user of the computer , and that is the problem.

If you don't like it, disable it. You can also add your own certs.

Oh really?

Microsoft confirms UEFI fears, locks down ARM devices

On x86 systems Microsoft needs computers to be compatible with older versions of Windows. On x86 systems the Microsoft Hardware Certification says that manufacturers must include an option to disable UEFI SecureBoot, and must allow the owner to load his own keys. However on systems with an ARM processor Microsoft doesn't need to worry about hardware being compatible with versions of Windows because there are no versions of Windows for ARM. On ARM systems Microsoft has mandated that MANUFACTURERS ARE FORBIDDEN TO INCLUDE ANY OPTION TO DISABLE UEFI SECUREBOOT. On ARM systems Microsoft has mandated that MANUFACTURERS ARE FORBIDDEN TO INCLUDE ANY POSSIBILITY OF OWNERS LOADING THEIR OWN KEYS.

Microsoft has made it crystal clear that they can and will use UEFI to lock computers AGAINST their owners and to anti-competively lock out any possibility to load alternate operating systems when they do not have to worry about compatibility with older versions of Windows.

Currently ARM processors are primarily used in smartphones, however at least one manufacturer, Qualcomm, has announced they will be manufacturing ARM based PCs. Microsoft has mandated that owners of these PCs be denied any possibility of disabling the system and denied any possibility of loading your own keys.

Microsoft has announced the Windows 7 End Of Life date to be January 14, 2020. On that date Microsoft is no longer concerned with x86 computers being compatible with pre-UEFI operating systems. On that date Microsoft can drop the "Disable SecureBoot" legacy support. On that date there is every reason to expect Microsoft take their ARM-style no-legacy-support terms and impose them on all PC manufacturers.

Your "If you don't like it, disable it" is already false on some systems today, and there is good reason to suspect Microsoft may forbid it on all systems in a few years.

-

Oh you mean corporations like IBM, EMC, Netgear, WDC,Google ? Yeah, the GPLv3 really scared them :-).

Listen to my presentation here:

http://www.softwarefreedom.org/podcast/2011/may/10/why-samba-switched-to-GPLv3/

to explain why GPLv3 is a *better* license for commercial use the GPLv2.

Jeremy.

Just because you publish and given away a copy of a work does not mean you have released any claim to copyright on it. This is not trademark law where protect it or lose it applies.

Try reading some of the many fine primers available at the SFLC. http://www.softwarefreedom.org/

Missed the question submission thanks to work travel, but would have brought up something that is an ever-growing fear of mine: That the biggest threat to our rights cannot be defeated with clever code and honest marketing, but constant, unrelenting political maneuvering.

If you look around, what shuts out individual rights is achieved through Capitol Hill. Not just in an election year either ;-)

When forming Open Source Matters (and thereafter Joomla) I was grateful to Eben Moglen and crew at the SFLC and think they have other great ideas in the making that will benefit us all. This is a very project-centric view however, and is all about the software for the most part.

That's all well and good, but what is out there to help change policy, and protect (and unfortunately reclaim) our rights to code and hack? Do you know of any efforts that use politics instead of emacs/vim to further this goal?

Only good thing though is these RT devices will quickly be sold at fire sale and maybe we can put Android on them ;)

Perhaps that is one of the things that M$ aims to prevent in its lock-down of ARM systems. To get certified for Vista8, any ARM device that ships with Windows 8 will never run another operating system, unless it is signed with a preloaded key or a security exploit is found that enables users to circumvent "secure" boot. That will definitely crimp the style of any home modders.

Hackable medical devices are a known problem -- there's a great paper on it from Karen Sandler, at that time at the Software Freedom Law Center (she's given OSCON talks about it too):

Killed by Code: Software Transparency in Implantable Medical Devices

And the SFLC's announcement / summary of the paper:

Software Defects in Cardiac Medical Devices are a Life-or-Death Issue

Hackable medical devices are a known problem -- there's a great paper on it from Karen Sandler, at that time at the Software Freedom Law Center (she's given OSCON talks about it too):

Killed by Code: Software Transparency in Implantable Medical Devices

And the SFLC's announcement / summary of the paper:

Software Defects in Cardiac Medical Devices are a Life-or-Death Issue

No, but they settled out of court all the same over it (There's a hint, Mr. "I'm a Copyright Attorney"...if you don't know the consequences of that situation, you might not be a very good one.)

http://sourceauditor.com/blog/tag/lawsuits-on-open-source/
http://www.softwarefreedom.org/news/2008/mar/17/busybox-verizon/

If there wasn't teeth behind that whole thing, I can ASSURE you that Actiontec and Verizon wouldn't have settled in the manner they did. It is for this reason I wouldn't retain your services because it's dead clear you've not got a clue in a crucial space of your claimed specialization.

Mark Shuttleworth is not a stupid guy, and it seems likely that he is engaging in a misrepresentation rather than a misunderstanding of what he was told by the SFLC. There are a couple of points worth making in this context.

First, the SFLC does not appear to sanction Shuttleworth's interpretation of Grub2 and its implications for UEFI. The SFLC is a signatory of the FSF's statement on UEFI, "Stand up for your freedom to install free software." It has also called out Microsoft's, er, flexible attitude toward its statements and representations about UEFI in the ARM context.

Second, Ubuntu has often shown this inclination to make a "separate peace" with Microsoft and the OEMs without really helping the larger community. The certified hardware deals with Dell and others don't really guarantee a system that will run any distro well without the help of binary blob drivers, and if that's not the point of the certification process, I'm not sure what is--other than to gain some positive cred and some market share in the corporate IT world.

Third, the scenario Shuttleworth is purportedly so worried about--an OEM "screwing up" and not shipping a PC in custom mode, making it impossible to replace its bootloader--is a pretty bad one to have to worry about in the first place. It sounds more like making a deal with a hostage taker than making a deal with the FSF does, because although the FSF does try to be litigious about its copyright, at least you know what its red lines are. Microsoft, as is shown by what they're doing with UEFI in the ARM space, is playing games here, trying to stay one step ahead of antitrust litigation in the Wintel world but no farther.

  Why is this so hard to comprehend?

http://www.softwarefreedom.org/blog/2012/jan/12/microsoft-confirms-UEFI-fears-locks-down-ARM/

http://download.microsoft.com/download/A/D/F/ADF5BEDE-C0FB-4CC0-A3E1-B38093F50BA1/windows8-hardware-cert-requirements-system.pdf System.Fundamentals.Firmware.UEFISecureBoot items 17.c, 18 and 19

For systems based on one popular architecture, about 6 months ago.

For other architectures, as soon as they think they can get away with it.

ARM is bootlocked (as are IOS and quite a few android devices). Try to keep up.

An interesting difference is that Microsoft makes bootlocking a requirement for other vendors to get their hardware certified for Windows.
See also http://www.softwarefreedom.org/blog/2012/jan/12/microsoft-confirms-UEFI-fears-locks-down-ARM/.

I guess Microsoft's approach could be viewed as a form of "exclusive dealing" as defined by Wikipedia (http://en.wikipedia.org/wiki/Exclusive_dealing), because it excludes other operating systems from being used with Windows-certified tablets.

That looks pretty anti-competitive to me, and I hope the EU jumps on them for this. Aaron Williamson (see softwarefreedom.org link above) thinks it won't happen in the US, but the European Commission seems to have a somewhat wider concept of what is unacceptable. They also are not afraid of stepping on some corporate toes. Which includes European corporations, as the auto industry found out the hard way ;-)

Oh really? Read this and tell me again how I can turn off secure boot on my ARM device. Because I won't be able to.

Linux is not an operating system, it is a kernel.

Actually, it is an operating system. It by itself is just a kernel, granted, but an operating system kernel is itself an operating system. I realize you were just trying to point out a triviality, but you are incorrect in your terminology. You may not use the term in that fashion, and you may prefer to call linux the kernel where as {flavor of the month} as the operating system so that you can try and draw a line to show the difference to people that aren't familiar with it, but that doesn't make it incorrect to label it as such. The linux kernel meets every requirement necessary to be called an operating system itself. If you can find a definition of Operating System by ANY relevant source, please provide it, because it meets every definition I've ever heard of.

What difference does it make if other OSes support secure boot, if you cannot install those OSes as a result of secure boot being used?

Then disable secure boot.For example, hold down shift while you turn on the computer to enter the UEFI. Select the "Security" section, then uncheck "secure boot enabled". Click OK. Reboot. Boy, that was hard.

This is a cop out; unless there is a simple way for users to install their own keys, this is something that will further restrict how people can use their computers. You can jailbreak your iPad if you want, but the majority of people have trouble doing so.
There is a simple way for users to install their own keys, or disable secure boot entirely if they want. And selecting a menu option is not quite the same thing as download this program from this site, connect your iDevice, sideband load this, hit these 20 keys while you reboot, then make sure you check the version of iOS you are running because this backdoor doesn't work in the versions x,y,z.

...which is something Microsoft pressures them not to do on ARM devices:

https://www.softwarefreedom.org/blog/2012/jan/12/microsoft-confirms-UEFI-fears-locks-down-ARM/

And you can't load an alternate OS on my refrigerator, my drier either, or my TV. While it's technically possible I suppose, people aren't demanding it, nor would I suspect a large amount of users want to buy an ARM based tablet with windows 8 and want to dual boot to another OS. There are plenty of devices out there that can run the OS of your choice.

First of all the Secure Boot in UEFI wasn't mandated by Microsoft

Except when it comes to Windows 8 on ARM systems. Then Microsoft does mandate secure boot.

A feature any OS is free to implement, including linux.

1. Linux is not an operating system, it is a kernel.
2. What difference does it make if other OSes support secure boot, if you cannot install those OSes as a result of secure boot being used?

Secondly, motherboard manufacturers are able to add (or pre-add) any key (or none at all) if they choose.

This is a cop out; unless there is a simple way for users to install their own keys, this is something that will further restrict how people can use their computers. You can jailbreak your iPad if you want, but the majority of people have trouble doing so.

Thirdly, there is nothing keeping users from being able to install their own key (or additional keys) through the UEFI boot process, assuming the UEFI manufacturer provides one.

...which is something Microsoft pressures them not to do on ARM devices:

https://www.softwarefreedom.org/blog/2012/jan/12/microsoft-confirms-UEFI-fears-locks-down-ARM/

Really, stop spreading your FUD.

What FUD? We said years ago that iPad style lock-down is coming to desktops and laptops; now we have moved a step closer. There is a lot of money to be made from attacking computer users' freedom, and now that Apple has pulled in billions of dollars doing so, everyone else wants to join the party.

Is not some lame "hacker" (should be cracker...) but instead the everyday crappy bread-and-butter code. See e.g. http://www.softwarefreedom.org/news/2010/jul/21/software-defects-cardiac-medical-devices-are-life-/

But I guess spouting silly buzzwords like Terrorism and "SOMEONE THINK OF THE CHILDREN" gets more funds and makes more striking headlines than cool headed reasoning... Oh boy.

It's not that bad. ImgSeek author has been informed of the patent application filled and there's always http://www.softwarefreedom.org/

EFF isn't working alone here. SFLC submitted a petition to extend the jailbreaking exception to all computing devices. https://www.softwarefreedom.org/news/2011/dec/02/proposed-dmca-exemption/

I agree comment posters *seem* to acting very hypocritical today but it could be possible that a different set of people are objecting for a different set of reasons.

Also just to correct something which keeps being misrepresented in comments this laywer is a female. She also has an engineering degree and is a programmer. She intended to review the software herself with the help of fellow programmers.

Also people might be interested to know that she worked as a pro bono counsel for the Software Freedom Law Center from 2005 until 2011 and now works as an executive director for the GNOME foundation. She still accepts pro bono cases from the SFLC and is the SFLC treasurer.

http://www.softwarefreedom.org/about/team/
http://www.youtube.com/watch?v=5_pRH8lzaQo

there is a proper way to incorporate BSD licensed code into a GPL project, while complying with the BSD license's attribution requirement.

http://www.softwarefreedom.org/resources/2007/gpl-non-gpl-collaboration.html

Your information is from 4 to 7 months ago. Since December, Microsoft has changed the requirements to be more strict than what you read previously.
In fact, it was even mentioned on /., so where have you been?

Due to the truly amazing amount of information in your post that is inaccurate, I assume that you are either
1) a troll, or
2) 13 years old ...nevertheless, I'll provide some answers. Maybe it will be helpful for the OP.

Did the guy mention that he copyrighted his work? If he put it out there with nothing indicating that, there's an argument that he put it into the public domain,

If you don't trust me, how about the US Copyright Office?

Q: Do I have to register with your office to be protected?
A: No. In general, registration is voluntary. Copyright exists from the moment the work is created. You will have to register, however, if you wish to bring a lawsuit for infringement of a U.S. work. See Circular 1, Copyright Basics, section “Copyright Registration.”

You go on...

If someone is violating the GPL license and selling a modified version of his work, I'd recommend he contact the Electronic Frontier Foundation, who can help defend him, most likely free of charge.

While the EFF are a bunch of hoopy froods who protect our rights in cyberspace, they are certainly not the first people I'd contact about a GPL infringement. They're not even the 4th or 5th on my list.

Here's my list:
1) GPL-Violations.org - Volunteers, knowledgeable folks who will answer your questions pretty quickly
2) The SFLC (Software Freedom Law Center) - Volunteer lawyers (much slower to respond due to demand, but they know their stuff)
3) The Software Freedom Conservancy (if you want to align your FOSS project with a "non-profit home and infrastructure for FLOSS projects.")
4) The Free Software Foundation, if you have a specific question about some of their GPLed software
5) Bradley Kuhn, Harald Welte, etc..

Jesus... It's amazing what crap a first poster can say.

Have you even read the text of the GPL(v2) ?

No, you can not sell GPLed software you didn't write, though you may charge a distribution fee, and you must provide a way to access the source code you're distributing. If some a-hole is charging $50-ish bucks for your software, take him down.

Here's an exact quote from the on the FSF's website:

Does the GPL allow me to sell copies of the program for money? (#DoesTheGPLAllowMoney)

Yes, the GPL allows everyone to do this. The right to sell copies is part of the definition of free software. Except in one special situation, there is no limit on what price you can charge. (The one exception is the required written offer to provide source code that must accompany binary-only release.)

When you mention a "distribution fee," I believe that you're talking about clause 3(b) of the source requirement of the GPLv2 (relevant section italicized):

b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or,

Section 3(b) is talking about a requirement to provide source code to people you've already given binaries. You can still charge them a bunch of money up front for initial access to the program.

It's not always easy to understand parts of the GPL, and the GPLv3 made the whole darn thing a bunch

...the Software Freedom Law Center

They exist specifically for evaluating and defending against this sort of infringement. They're experts, and their services are generally free.

SFLC's request would be a bigger win. Here's their submission:
https://www.softwarefreedom.org/resources/2011/SFLC-proposed-DMCA-exemption.pdf

And their press release gives an introduction:
http://softwarefreedom.org/news/2011/dec/02/proposed-dmca-exemption/

SFLC's request would be a bigger win. Here's their submission:
https://www.softwarefreedom.org/resources/2011/SFLC-proposed-DMCA-exemption.pdf

And their press release gives an introduction:
http://softwarefreedom.org/news/2011/dec/02/proposed-dmca-exemption/

If that's so, and I have no objection to what you're saying (the NeXT/GCC affair demonstrates why Bradley Kuhn says "Apple lawyers have a pathological hatred of GPL"): should free software hackers consider forking CUPS or keeping track of the latest GPL'd version of CUPS with an eye toward forking should CUPS' license become non-free? Apple owns CUPS now so I think it's reasonable to wonder about the future of the print system a lot of free software distributions have become dependent upon.

You have a cell phone and you have a cell phone network provider and if your cell phone network provider is Sprint then we can tell you that several million times last year, somebody who has a law enforcement ID card in his pocket somewhere went to the Sprint website and asked for the realtime location of somebody with a telephone number and was given it. Several million times. Just like that. We know that because Sprint admits that they have a website where anybody with a law enforcement ID can go and find the realtime location of anybody with a Sprint cellphone. We don’t know that about ATT and Verizon because they haven’t told us.

In the longer term, however, Freedom Boxes might also be useful for resisting wiretapping. In a post to the liberation tech mailing list (sorry, I can't link to the actual post since the archives are subscriber-only), Eben Moglen gave the following explanation:

On the question, how can personal servers deal with network non-neutralities, the answer is by tunneling among themselves. So Bob and Carol and Ted and Alice live in different places, maybe different countries, and have different upstream connectivity providers. If Bob's Freedom Box notices that he can't connect to port X at address Y, the box opens a tunnel to Carol's box, through the encrypted "route" they share, and asks Carol's box to proxy the traffic. If Carol's can't do it, maybe Ted's can. Alice's freedom box, which is located inside a country with a national firewall, uses Bob, Carol, Ted, and a hundred more of her friends abroad to lift her over the national firewall many times a day.

Clearly the same approach could be used to avoid surveillance as well as filtering. Now, of course, that still assumes your ISP allows you to have some kind of connectivity to some of your friends - NAT could be a major issue here, as other commenters have noted.

That is actually the concept that sparked the Diaspora project: each person storing their own social data in a plug computer inside their homes, where no-one can touch it (without a search warrant). See the original talk by Eben Moglen.

From what I know, the Software Freedom Law Center ( http://www.softwarefreedom.org/ ) provide pro bono legal representation to creators of Free and Open Source projects. Maybe you should contact both the SFLC and the maintainer of the mtr and see if there's any way of getting them together to file a GPL violation case or an injunction.