Slashdot Mirror
Vidomi GPL Violation Case Resolved
Andy Tai writes: "The Vidomi GPL violation case, previously mentioned at slashdot as the "first legal test of the GPL", has been resolved without going to court. Vidomi has split their program into two programs and released the source code of the encoder, which links to other GPLed libraries, under the GPL. The FSF has approved the resulting arrangement as compliant with the GPL." See the original story.
As long as the program as distributed is compiled and linked against the LGPL version of B, they're fine. If/when they distribute a copy of B to be used with D, they should distribute the LGPL version. The fact that it works with GPL versions of B too is a happy side effect, and there is no guarantee that later versions of B will still work. If later GPL versions of B break binary compaitibility with the LGPL version, they can't upgrade, since they're only allowed to distribute versions linked with the LGPL version.
To use a real-world example: Thousands of commercial, proprietary, closed source software packages were distributed linked to the Motif libraries. Then LessTif was released under the GPL; this did not force all Motif-based programs to be licensed under the GPL. The fact that Motif program "Foo" happens to be functional if you replace Motif with a GPL library is irrelevant, since Foo is not distributed as linked with LessTif. The binary compatibility does not make Foo a derivative work of the GPL code. If LessTif offered a feature *NOT* in Motif, Foo could not legally use it without becoming a derivative work of the LessTif, with all that entails, but as long as they stick to distributing based on Motif Foo is fine, license-wise.
----
----
Open mind, insert foot.
Copyright says that the recipients don't have any ownership of the code at all. GPL says you have ownership, but with some responsibilities. Seems to me that the GPL is less restrictive (you own it and can produce derivative works, etc) than copyright. I think you have the wrong idea about copyright, including the idea of "derivative works".
I can see why you use the term "infect". But "protect" would work just as well, as would "enhance". I expect that you use "infect" because you have a bias, probably one that you copy from other people. If this is the case, you might consider reading about copyright, and engaging your brain before opening your mouth (or typing =-).
Screw right or wrong. Simply put, the company isn't meeting it's obligations if it doesn't make it's best effort to prevent this sort of thing. They accepted those obligations when they assumed ownership (not copyright) of their copy of the library's code.
I really don't understand why you're picking on the GPL with this scenario. I expect that LGPL'd libraries infrequently switch to GPL. It seems much more likely that a commercial vendor would require a a new license fee for every version they released, regardless of whether you get anything more for your money.
For example, consider the mozilla/netscape split. Mozilla ended up recreating everything from scratch, because some of Netscape's code was integrated with closed-source products. That sounds like a much worse "infection" than your infectious-GPL example. At least in the LGPL->GPL example, one could continue using the LGPL'd code if one wanted, because one *owns* the code.
If you ever create anything worth owning, I expect you'll come to appreciate the purpose of the GPL and LGPL, and quit acting so high an mighty about your decision to disagree with them on an ideological level. You'll might even come to agree with them if you ever wish to own something you created after signing an intellectual property release for your employer.
The GPL and LGPL are well concieved licenses, and were produced with legal advisors. They are *not*, as you claim, ridiculous.
"Pinky, you've left the lens cap of your mind on again." - P&TB
"I can see my house from here!" - ST:
So, putting 2 and 2 together, why can't the GPL be enforced in the same way? The lawyers get a cut, and the GPL gets enforced without the FSF or anyone else spending a penny.
--
Consider this scenario:
Distro "A" includes shared LGPL lib "B". Company "C" releases closed-source binary "D" that dynamically links against "B".
But, wait! Distro "A"'s *latest* version uses a new version of "B" that is binary-compatible with the previous version, yet is released under the GPL.
What is company "C" to do? All of a sudden they are distributing software that *could* be in violation of the GPL. (Yes, they could statically link that lib or do version checking. But is it really their responsibility to do so? What do they do about the copies already out there?)
Am I the only one that found it funny/ironic that Vidomi used GIFs for the scanned images of the letter from the FSF? Given Stallman's opinions scattered liberally around prep.ai.mit.org (next to every image), I cracked up.
cheers,
--sam
--sam
--sam
Any technology distinguishable from magic is insufficiently advanced.
Press Release from the FSA
For immediate release.
Due to the ever increasing potential for GPL code violations, the Open Source community has formed an alliance with your best interests in mind. Details below:
Keep it Legal --it is fast and easy!
Businesses copy code every day. Many of them get caught, don't let this happen to you!
Remember, all it takes is one disgruntled employee to trigger an audit.
Keep your code legal, release early and often! If in doubt about the legal issues surrounding your code just follow these three easy steps to make sure all your code is in compliance with the GPL.
1. Download a copy of our code inspector software. Its powerful search capability will find suspect code quickly and easily. Just point and click your potential problems away.
2. Contact the FSA for a free no risk consultation. Get help with your licensing problems from the people who know licenses best, the FSA.
3. Release any code through our dedicated portal and licensing service. Fast, painless and legal.
Do it today, before it is too late.
Blogging because I can...
Well, the FSF has a history of forgiving companies
and groups for initial mistakes with the GPL so long as they choose to become compliant. The latest one
was KDE/Qt debacle. The FSF seems to use its
leniency as a bargaining chip to bring people into
GPL compliance. IMHO, not a bad tactic.
That said, I am not seeing any indication of FSF
position in this case wrt past violations. They
may yet go to court, though I'd guess they have
better use for their money. OTOH, that press release
had "Open Source" all over it, so maybe RMS will
be pissed enough...
Vidomi has splited their program into two programs
I assume they splited off the part that included the spell and grammar checker.
---------------------------------------------
Recursive: Adj. See Recursive.
It doesn't matter what the FSF says, or what RMS says, or what the general opinion on Slashdot is. All that matters is what copyright law and the GPL say. A program linked by the end user at run time to a GPL library is NOT a derivative work! If you disagree, please cite copyright law where I am wrong. I've searched and searched and I can't find it.
A Government Is a Body of People, Usually Notably Ungoverned
All that matters is that they use GPL'ed works.
Wrong. Usage of GPL'd works is completely unrestricted. It only restricts copying, distributing and modifying the work. To quote from the GPL: "Activities other than copying, distribution and modification are not covered by this License."
The license says "if it is linked in thus-and-such a way, you must do these things."
To quote the GPL again: "a "work based on the Program" means either the Program or any derivative work under copyright law."
The GPL is operating under copyright law. It cannot change copyright law, and copyright law is completely silent on the topic of linking. The GPL does not apply to linkage unless it can be demonstrated that the linking process copies, distributes or modifies the Program. It does none of these. (actually a copy is created during program execution by the end user, but the copyright law and the GPL already allow that).
This is no different than a MS license saying "you may not publish benchmarks of this software without consent."
The GPL does not take away any rights already granted by copyright law, and clarifies this point in section 5. The Microsoft EULA, on the other hand, takes away rights that the law has already given to the user. You already have the legal right (in the US) to publish benchmarks about Microsoft products. If you agree and assent to the MS EULA contract, however, you have agreed to waive that right.
A Government Is a Body of People, Usually Notably Ungoverned
while, in theory, your fears do have a basis, in practice, i wouldn't worry about it. most big corporations out there are extremely paranoid about making any kind of internal legal/licensing errors. these are the same people who spend thousands on licensing C compilers and making sure that every single windows installation is 100% legit. they're just as afraid of lawyers and such as any of us (if not moreso). and chances are that their source code is constantly under review, and it is often licensed/sold to other companies and/or universities (even microsoft lets universities and such look at some of their source). for a big company, it is extremely important to make sure your source is legally self-contained, because you never know when you'll be selling it. and what if you inadvertently hired an RMS-like zealot to work on your shady source code? there's just too many risks, so its just not worth it.
what i would worry about, however, are the many small software/hardware companies who are illegally abusing, and profiting from GPL'ed code. there's no way of knowing if they're in the wrong. additionally, they have the protection of anonymity.
personally, i don't give a damn. while the GPL has its place, too many people are slapping the GPL on their projects simply because its fashionable. i release any of my personal projects under no license whatsoever, so if some poor schmuck really wants to use my code for his employer's closed source project, he can. maybe it will let him come home an hour earlier to spend time with his kids, watch tv, smoke crack, or whatever. seriously, who cares? in a truly Free world, no one should be forced to collaborate.
This is true, but practically speaking, patents work almost the same way. We see it all the time; someone gets handed a ridiculous patent because the USPTO does no research on prior art. The patent can later be overturned in court. Likewise, a copyright can be invalidated in court, if, for instance, the copyright holder turns out to have copied someone else's work.
In the example discussed above, let's assume that the USB specifications are so detailed that there is only one way to implement it. I would say that the code is therefore not an original work, as it is really just copied from the spec. Therefore, such a copyright could justifiably be overturned in court. Bear in mind though that IANAL, so I don't know how such proceedings would actually work. I'm just speaking hypothetically.
--------------------------
"Any fool can make a rule, and any fool will mind it."
"Any fool can make a rule, and any fool will mind it."
--Henry David Thoreau
This brings up an even larger issue: if there is something that can only be accomplished one way, and people are likely to find the solution independently, should such a thing even be copyrightable (if that's a word)?
It seems to me that the purpose of copyright is to prevent freeloaders from ruining a system. I guess I'm thinking along these lines because I've been using the gnutella network lately and there is a lot of discussion on how to keep freeloaders from ruining that system, but I digress... :-)
When looked at this way, the GPL and proprietary licenses both use copyrights to keep their respective developement systems working properly. Companies like MS charge money so they can pay their employees and shareholders, while GPL'ed projects force code users to release the code for changes or additions. Both, in their own ways, allow for the continued development of the software, while avoiding a "Tragedy of the Commons" type of situation by making freeloading difficult.
However, I think it is clear that in a situation like you have described, there is no freeloading involved, so a copyright should not apply. I'm not sure how copyright law actually works, though, so this is just speculation. I seem to remember that patents are only supposed to be granted for works that are not obvious to an expert in the field (not like this matters in practice). Perhaps copyrights work the same. Do any lawyers out there have more info?
--------------------------
"Any fool can make a rule, and any fool will mind it."
"Any fool can make a rule, and any fool will mind it."
--Henry David Thoreau
Okay, while I'm glad on general principles that there's that much more money not going into the pockets of lawyers, I was looking forward to seeing whether the GPL would actually survive a legalistic grilling from a judge.
Since it hasn't been tested, threatening GPL violations is still sorta at the bluff stage, or so it seems to me. There's still no precedent.
You cannot apply a technological solution to a sociological problem. (Edwards' Law)
If the company felt it was going to win, it would've continued the case. This represents a victory by the FSF and the GPL. Remember that the company first refused to comply, went to court, and have now backed down and have agreed to comply. Someone scored a point here, and it wasn't the company that was in violation of the GPL.
No, the judge didn't rule since they settled out of court, but the solution - "fix it so it complies" - is undoubtably what the judge would've ordered if the FSF had pushed to the end and insisted on a full trial.
What do you imagine the FSF's goal to be in such a case? It appears that their notion of their goal is to force companies to comply with the license.
They've succeeded in this case.
Considering the grey-area of what constitutes 'stolen code', I don't think there will ever be a way of being 100% sure. Is taking a clever 2 line 'for' loop from someone elses code (that doesn't contribute greatly to the core functionality of either the GPL or the code-stealer's product) stealing? This has probably been discussed at length at /. before, but I thought it was worth pointing out that nothing is black and white (or whatever colors you've set in your terminal ;).
.. with all the DCMA bruhaha going on, the core issue is trying to catch 100% of all infractions. I'd think it to be slightly hypocritical to suggest that the GPL community should go all out to ensure 100% compliance given the resistance to similar efforts from the content/media industry. I think 10% of technical infractions (and I'll argue that they are the visible, obvious, easy to detect infractions) of both the GPL and DCMA misuse constitutes 90% of the loss for both licences/acts. In the case of media, the loss is revenue and control, in the case of GPL, the benifits of collaberation, credit, and revenue to the original authors of code. In fact, if it can be prooven that not writing up tons of technical barriers and legal restrictions beyond the core purposes of the GPL doesn't damage the community to a large extent, it'd be good fodder to throw back to the backers of the DCMA .. you'd be able to say, 'Chill ... we know there is some misuse, but we're still in business and benifiting off of the existance of the GPL. Same should go for the DCMA.' You know, like J-walking .. its technically illigal but not econmically or socially viable to persure means of ensuring 100% compliance. In other words, the possible loss in value resulting from infractions of the GPL and DCMA are not worth the inconvenience of pursuing 100% compliance.
.. okay, putting on my flame retardant suit now. Interesting question tho .. I've thought about this a few times myself.
Okay, so once you can really define what is 'stolen' code, I'd imagine that it shouldn't be too hard to:
- check the symbols in the binary to see if there are any symbols that match up against the GPL'd lib in question
- check what the binaries are dynamically linking against (although I doubt you'd be so lazy as to link against a GPL library dynamically and not expect to be caught)
- check the strings in the binary to see if they contain any strings known in the GPL'd code in question
Of course, this assumes you already have a suspicion that a binary might be violating the GPL of software 'X'.
I almost wonder if it shouldn't be a convention to include some sort of static char buffer 'watermark' in GPL'd libs/APIs, so you could search a suspect binary. Granted, the stealer could recompile the GPL'd libs without the string, or just steal code verbatim, but like I said, its impossible to get 100% certainty.
You know what tho
Just a few thoughts
"Old man yells at systemd"
Actually, this is exactly the main method of "getting around" the GPL. The only drawback is that this involves some increased latency so its not really suitable for high-performance software.
Since it isn't actually linked with the GPL'd code but rather uses bog-standard IPC, then there really isn't anything that can be done, unless someone wants to try and make the GPL applicable to anything that a GPL'd program talks to, which I'm pretty sure would never fly.
disgruntled employees
A large number of software copyright violations are not found by audits, but by ex-employees. This won't get every company that does this, but it can get a surprising amount.
The unethical developer woould put it in on purpose in case they were let go under poor terms.
-no broken link
The original author of VirutuaDub put up a page about Vidomi where he mentioned that SloMedia infringed seven projects (VirtualDub, FlaskMPEG, DVD2AVI, MPEG2DEC, AC3DEC, XingMP3, smart deinterlacer). Does the newly GPLed source cover all the infringing projects or just VirtuaDub.
Either way the VirtuaDub author seems just as pissed as most of the Slashdotter here about how they nver released the original source.
--
The point of the GPL is to ensure that open-source programs remain open-source and freely modifiable.
Wrong. The point of the GPL is that users of software have complete and total freedom with the software they've been given not the next version or the one after but the version that was distributed to them.
I don't see why using it as a lever to get a company to release proprietary source code they never intended to open would do any good.
If the proprietary code is made up of seven different Free Software components then the users of the software are supposed to get the source for the software.
--
Imagine if everyone went around prosecuting everyone without giving them a chance to right their wrongs. That's certainly not how I'd want things to work.
The only "intuitive" interface is the nipple. After that, it's all learned.
"The question of whether a computer can think is no more interesting than that of whether a submarine can swim" -EWD
I don't see why using it as a lever to get a company to release proprietary source code they never intended to open would do any good. That would give Microsoft plenty of fuel for their "viral GPL" argument -- "See, if you even touch this stuff you'll be forced to release the source code for your ENTIRE PRODUCT LINE!"
Sure, Vidomi screwed up. But the gracious settlement ("Just fix it and we're cool") seems a lot better for all concerned.
No one can be forced to license their code under the GPL, even if they have violated the license. If a company violates the GPL, either deliberately or by misunderstanding the requirements, it is a copyright violation and should be handled as any other copyright violation. They really have two choices when it comes to resolving this: open up the violating code, or stop distributing it. They chose to take the second option and stop distributing the program in a manner that violates the GPL. Compliance has been enforced.
So did they ever release the source for the earlier binary that was causing all of the trouble? It would be like Microsoft making MS-Linux, but not releasing source code, and then, in order to settle out of court, they make another different version called MS-Linux XP which has things separated to avoid lincensing issues. The point is that the issues are with a different binary and a different code base! Breaking the GPL and then releasing a different similar binary and source code can't be an accepted way to allow people to break the GPL and get away with it.
How many companies must Stallman destroy before he forgets about Symbolics.
Let's find out. A-One... A-two... A-threeee... CRUNCH! Three.
For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
I think the important thing to take away from all this is that Professor Moglen writes his legal documents in LaTeX.
The evaluation of an action as 'practical' . . . depends on what it is that one wishes to practice.
Lemme get this straight:
Company takes GPL'ed code and puts it into their product and sells said product.
People notice their use of GPL'ed code and alert the FSF.
Company then (for its next release) makes it into 2 products instead of releasing the source code of the product that is already out.
Whats to stop any other company from making a "Woops! We didnt know that... here, next release we will split it into 2 different programs, k?"
Vidomi has splited their program into two programs
This news makes me so happy, I shited my pants. The original GPL violation made me so agry I spited.
Stupid like a fox!
Ok. So they wanted to link with some GPLed code, but of course that was prohibited by the license. So what they did now was create another stub open-source program which links with the GPLed code and then used IPC shared memory mechanisms to pass the information to the actual close-source program that does everything. Am I reading this right?
So then if what they did is legal than the same can be done with any other GPL application. Simply write an open-source stub that would link with the GPLed code and then use IPC/RPC/etc to communicate with the main program that you don't want to open-source. It will certainly be much slower than direct linking, but if speed is not an issue then it will work just fine. It seems to me that if GPL does indeed allow this than it is a definite loophole that perhaps needs to be fixed in a new version of the license.
Much of the debate between Vidomi and proponents of the GPL has been prolonged by Vidomi's incessant questioning of what exactly consitutes linkage. They have maintained from the very beginning that they don't think they're doing anything wrong, since the GPL code is in a separate DLL.
Of course, as many have pointed out, this is a fallacy - a DLL is, after all, another form of library - even if the code is not statically linked, it's linked nonetheless. The LGPL is designed as a less restrictive form of the GPL specifically for this purpose - enabling the distribution of a library without the "release your source" requirements of the GPL. Since Avery did not use the LGPL, we can assume that he intended the full requirements of the GPL to apply. In this case, fortunately, Vidomi has conceded.
Unfortunately, I can see future confusion arising the same question - what constitutes linkage? It's fairly trivial, for example, to write a small standalone application that links directly with a GPL library/DLL, and listens on a local TCP port. On receiving encoded commands from the TCP, it translates these to function calls into the GPL code, and returns the results back over the TCP connection - RPC style. Can the offending company, having written a trivial RPC layer, then release the source code for the server program, while keeping the client code closed-source?
Although the client is making extensive use of GPL code, it's not linked with it... it's in a completely different process. In fact, it could be on a completely different machine.
This strikes me as a relatively easy way for companies to get around the requirements of the GPL. Anyone have any thoughts on this?
Strags
Plus this gets us into the nasty scenario of there being only one way to perform a task (or onr OPTIMAL way), and then having the code for that task (or the optimal method for said task) being GPL'd.
Example: USB code in the kernel for Linux. Someone at some embedded development company needs to make their device USB compatible, so they write their own code to work with USB-- they've never used Linux, they've never seen the source for the kernel, but the compiled binary (let's say they both run on an x86 architecture) are almost exactly the same.
Would we immediatly assume the worst as a community, ignoring the possibility that the company and/or developers wrote their own code to handle USB? Or would we assume the worst because some developer, not even on the same team as the embedded developers, ran Linux at home and was on the kernel mailing list?
I guess I'm afraid that at some point we'll start witch-hunts for people who use GPL code and demand they open the entire project. I do want the GPL enforced, but certain things are so common that they're bound to be copied (by copied, I mean duplicated through the same efforts and work as the other party) over time.
All I know about Bush is I had a good job when Clinton was president.
Given that Microsoft has been spitting out FUD in large quantities about the viral quality of GPL and Open Source, this result actually proves them wrong, in the way that everyone always said it would:
All any developer need do, to use Open Source software, is invoke it as a separate program from the commercial program. All a company need do is keep all the stuff not part of its main line of business (the "crown jewels") in a commercial separate program and keep as GPL all the stuff that it doesn't need to control.
As an example, let's say the City of Seattle was reselling a computer program for electricity bill subrogation (a real example). They could have the really nifty stuff in a commercial program and leave most of it as GPL. The advantage is it's easier to resell - anyone who wants to can custom-code most of it, so long as it's not in the commercial section, which helps sell it, while letting the seller keep control of the proprietary code they sweated blood and research time to develop. Coders at the buyer are happy, cause they can fix bugs more often, and the seller is happy, cause more people buy their software.
End result is: GPL means more market!
--- Will in Seattle - What are you doing to fight the War?
Here is a question that has been nagging me - how is it possible to safeguard against closed-source developers stealing GPL'd code?
In cases like this, it's pretty easy to find out a violation took place. But what about a major closed-source project that uses pieces of GPL-d code? What if an embedded OS developer decided to use some Linux kernel code, without attribution, in a proprietary system? Would it be possible to detect the violation (looking for patterns in the binary, for example)?
Would it be possible to compel the company to show its source to a court in the event of a lawsuit?
The GPL may be enforceable, but that is cold comfort unless it is possible to detect and combat the use of stolen code.
A customer service representative will be with me shortly.
If all this should have a reason, we would be the last to know.
Let's sum it up:
a) It hasn't been tested in court.
b) You would have a tough time proving that it is actually stolen code. (Companies releasing closed source code? I don't think so.)
c) There are ways to get around it, ie to split the binaries and just show the links to libraries.
Oh... a sad day.
Screw 3...
Thats the general procedure.
To behave ethically you must always alert the wrongdoing part and then let them correct it anyway they want to.
Then if you have been harmed economically while the wrongdoing was taking place you can ask to be compensated for this. In this case the code was free so it's not the case here.
Take patents as an example. If someone is breaking your patent you must always let them fix that. You can't just sue the ass of them.
That is not morally defendable, maybe they did it by mistake or some other circumstances we don't know about.
Atlest this is the case in all western countries witch has similuar laws.
One of the biggest dissapointments I have in the US judicial system, is that it does not generally foster an attitude of compromise.
I think it is great that Vidomi and the FSF were able to work together to find a middle ground that fits the definition of the GPL
One of the best ways of complying with a license, is doing just that... finding ways to comply. Perhaps not a viscerally satisfying ending, but certainly one that is in the spirit of the open source community. If only all the GPL issues could be resolved with as little intervention of the legal establishment.
In a similar vien, make sure you write to the people at linuxda.com, and make them politely aware that what they are currently doing does not conform to the behavior expected by the open source community.
"Don't worry about the problems you have in mathematics, I assure you mine are much greater." - Einstein c.1919