Slashdot Mirror
GPL 3.0 Concerns in Embedded World
An anonymous reader submitted a story discussing version 3.0 of the GPL. An interesting piece that raises some valid points. Talks about the fact that the GPL hasn't been tested in court (yet) and how companies using it as a core of their business are gambling on a variable. Specifically targeted to embedded systems, but the issues spread beyond that.
A: Getting caught using GPLed code in their software.
Or..
B: Having to defend themselves against any accusation that they used GPLed code, whether they did or not. And on this concern, I can see some small amount of validity.
The biggest problem GPLed code could cause for software developers is by getting Cool Stuff Done First. Imagine having an idea that someone GPLed some code for first, then trying to make a profit off it. That, I think, is where Microsoft is starting to be afraid. Or at least, they should be. Once the Open Source movement starts to move on to innovation (Which I see happening sometime within the next year or so.) especially in the areas of User Interface design and solid API level work, it will become increasingly more difficult for MS and the other major developers to work without having to be damn careful of what code comes from where.
So what I think MS is hoping for by talking about the evils of Open Source, is just to get government funding and facilities away from projects that might open up more GPLed code to the world. If you can't beat 'em, cut the resources out from under them.
My own pointless vanity vintage computing page
Last year John Carmack opened Quake and the Quake World Client to the open source community under the GPL license. After seemingly no time, there were a plethora of cheat clients going around for it... the way to deal with this by one group was to make a new client that everyone had to use to connect to a new server -- and they didnt release the GPL for that. That was Quakelives -- there was even a /. on it.
Now, though, there is another problem with the GPL. About this same time, another group decided to do something about the cheaters. They created a VERY advanced cheating client using the GPL'ed code, and released the binary... it quickly spread throughout the Quake community... about a month and 1/2 ago, the group came forward: they had implanted a trojan in the cheat file that reported a lot of information (windows cdkey, mac address, real name, organization, icq numbers, email addresses, etc) to servers set up for this purpose. Now, after they came out there was a general uprising of the community about this: everyone was upset, but a few wanted to make sure that was "ALL" the info that was passed.. this should be a fairly easy thing but--they refuse to give out their source code.
The web page for this is Remote Visual Spy.
My question is -- exactly how could a situation like this be remedied? This is an issue that effects over 4000 unique people, but on the big scale of things -- ID Software is not likely to sue over this b/c they stand the chance of losing the GPL license over a small case. How could this be settled? Also: How can someone release code under the GPL with the knowledge that this won't happen? (taking source, modifying, releasing binary, and saying they will NOT release the source)
Ignoring the article (and it's possible FUD and/or misinformation), here's the crux of the matter for people who want to put their code under the GPL:
If a court case demonstrates that there is a "leak" in the GPL, then we need to be able to re-license our code under a GPL++ that patches the leak (hence the "or higher" clause).
However, we have no control over what a GPL++ might happen to say. What if RMS sells out (yeah, sure)? What happens after he dies? What happens if someone else takes over the FSF?
I don't see any particularly good solution to this problem. Probably the project maintainer should insert a clause reserving the right to re-issue the entire project under a new license at any time, regardless of who has contributed to it. However, the same questions asked about RMS above could then be asked about the maintainer, plus the problem of licenses for forks arises.
--
Sheesh, evil *and* a jerk. -- Jade
IANAL, but I think that the GPL probably will turn out to be enforceable for one simple reason. The FSF will be able to pick the time and place for a showdown. Copyright, unlike Trademark, does not require that the owner actively pursue violators. So the FSF can wait until they have just the right violator (someone not very well financed, and in a jurisdiction they feel will be friendly). Once they have nailed one sucker to the proverbial tree they will then have legal precedence.
The other thing that the FSF has in their favor is the fact that the entire software industry has been trying for years to strengthen copyright laws as they apply to software. After all the work and money they have spent they aren't likely to want to have a legal precedent that puts limits on copyright protection.
Oh, and there is a definite difference between most EULAs and the GPL, that is that the EULAs trigger on software use, but the GPL triggers on software distribution. Since copyright is designed to limit the distribution rights of the consumer,and not to specify what he or she may legally do with the material, this is a very important distinction.
As an embedded systems developer, this is an interesting issue to me. Real-time and compact embedded systems often put much of their code in what is conventionally viewed as kernel space in order to have direct access to hardware for key functions. Shared library mechanisms and kernel calls incur too much overhead for performance-critical operations, so these applications are typically statically linked and often have a fixed memory map.
In the context of the GPL, these code fragments must be released as they are linked with the kernel. With a kernel under the LGPL or other more permissive license, e.g. Red Hat's eCos, these functions may not need to be released. This is fine with me; if you don't like the GPL's requirements, use another OS.
Stallman is very clear on his intent in the GPL, although the wording in GPL 2 is not so clear. I fully expect that this will be clarified in GPL 3, to everyone's benefit. This will also make it less subject to potentially damaging judicial interpretation.
That leaves only the lack of legal precedents pertaining to the GPL. Yet the overwhelming majority of commercial software licenses, including Wind River's, are not court-tested and many of their provisions are blatantly unenforceable in many jurisdictions. This argument does not hold water.
Now consider for a moment that Wind River are one of the leading vendors of non-free, closed-source, proprietary OSes, notably VxWorks and pSOS. Their lunch is being eaten from above by Windows and Linux, and from below by uCLinux, eCos, and other free RTOSes. Clearly Schacker's statements are nothing more than a calculated FUD counterattack. He is trying to scare commercial embedded developers away from free software competitors and back to Wind River's proprietary solutions by raising the spectre of legal actions and a vague threat that companies might someday lose all of their proprietary code and with it their competitive advantage.
The truth is that the guidelines are clear, but Wind River can't compete. They would do much better for their investors to figure out how to adapt to the changing business climate instead of entrenching a lost position.
VxWorks is saying, gee, it'd be nice for our customers to have Linux above our RTOS to run their code on; why don't we put some shims in there and link the Linux kernel in and we'll be set (kind of like RT-Linux, I imagine). Oops, but we'd have to link, instead of using, say, pipes, so we hit the GPL linking clause.
But VxWorks has very little incentive to release their OS as open source, because of the basic economics of scarce resources -- in this case, their RTOS technology is pretty advanced, pretty stable, and they need to hold onto that lead to make money and pay programmers, etc. Happily, they do contribute to the GNU toolchain, using it for their platform and improving it (contributing back) so their customers, and everyone else, benefits. But that's because the toolchain isn't their core competitive advantage.
The article isn't FUD -- it's a legitimate point about the standoff between the GPL, which advocates fully public-domain programs as the only acceptable kind, and economics, where you must control a (naturally or artificially) scarce resource in order to make money and mantain an advantage against your competitors.
Corporations are legally required to act in the interests of their investors; they can't just say "we gave it all away and all our competitors now have our best technology, hope that's ok!". Meanwhile, low-level Linux developers are legally required to make their code freely available in exchange for the ability to link to freely available code. But that's not a good deal if your private code is better than the freely available stuff (and as an RTOS [at least], Linux ain't all that great). Hence, conflict.
> Now IANAL, but I doubt the GPL nor most web sites' terms of use would hold up in court. You can not be bound to what you do not have to read.
That's where the GPL is quite clever. You see, it doesn't take any rights away from you - it only gives you more rights than you had. The right to copy, under certain rules.
If you deny you're bound by the GPL because you didn't read it, then even if you win, you end up bound by normal copyright law and aren't allowed to be copying the code *anyway*.
- Muggins the Mad
Curt Schacker, vice president of corporate marketing for Wind River Corp
Ah, WindRiver - they would be upset. WindRiver sell a really HUGELY expensive (we are talking 'n' kilodollars per developer backside) POSIX OS / toolset for embedded development called VxWorks. They've managed to keep a commanding but certainly not monopolistic lead on the whole embedded OS scene for really quite a while now and the appearance of Linux that's just as good (debate), has shedloads more mindshare and is far cheaper has had a pretty decimating effect on their bottom line. The linked article is a classic example of FUD. Don't sweat it, they're doing it for you. A man called Curt Schacker is doing it for you, actually.
Bypass the whole thing, use BSD. (climbs into flameproof suit).
Dave
I write a blog now, you should be afraid.
As an example, Schacker offers this scenario: "Let's say you own a company that is building an Ethernet switch. Let's also say your value-add is software, and you have chosen to base your device on Linux. Can you imagine a court case some day that determines that all of the software you've developed falls under the GPL, and is now in the public domain? We fear this situation is impeding development in the embedded open-source arena."
What the heck does this mean? It's like saying that some day, the MS EULA means that MS owns all the code you've ever written. This is why lawyers exist. This is why you can (probably) contact the FSF. This is why there's been a bazillion questions about how the GPL operates, with most of them having been answered already.
Listen up, there is nothing about the GPL that makes it any different (in a legal standpoint) from the MS EULA, aside from changes in the terms and conditions. If EULAs in general are struck down, this could strike down the GPL as well. They're in the same family.
So let's look at the terms and conditions. The fear that your code will somehow have to be released under the GPL is covered by the LGPL, which is used to compile most apps that use the gcc compiler and libraries. The LGPL allows for commercial (closed source) apps to be compiled and linked against LGPL libraries.
If a company doesn't pay attention to this difference in licenses, it's their own fault. This is akin to mistaking the MS EULA for a Borland EULA. If you're still stuck, go get a lawyer or call the FSF.