Slashdot Mirror
Abusing the GPL?
"How, you may ask?
Integrate the highly useful GPL code we're eyeing into our only slightly more complex (but much more lucrative) project, thereby saving us at least 30% of the coding involved. The company then go all the way to production with it, but instead of finally compiling the actual project for distribution, they instead compile a bunch of incomprehensible gobbledygook that just happens to compile to the same bytecode. You know the game: globally replace every function name, variable name, and so on from our code with nonsensical names (or random characters), remove all of the comments, and any other form of obfuscation they can introduce. They will then GPL the obfuscated gobbledygook, which isn't much more useful to anyone than reverse-engineered bytecode would be (it is a complex project). 'Voila!' All the benefits of a huge GPL project and countless thousands of volunteer hours and unreadable, incomprehensible source tree.
For the record: I do not think this is right yet, I have not been able to find any precedent for why the GPL should protect against this kind of abuse.
I'm not trying to snitch on my company -- or lose my job, which is why I am posting anonymously -- but hopefully some lawyers out there could point out some iron-clad legal reason preventing this sort of thing. I've read the GPL through at least a dozen times since yesterday, and so far it looks like our lawyer is right. I have not found any relevant linkage either, as I have mentioned. Links to extended legal analyses of the GPL from a technical standpoint (if any exist) would be the most helpful. All help is appreciated."
Obviously an IANAL comment but to me it just sounds dead wrong.
What you should do is put it as "What would Microsoft do". If you too microsoft's code and decompiled it and then changed a few names and recompiled it would they sue?
Would you company risk taking on Microsoft? If they would then tell them to go ahead and violate the GPL. If they wouldn't ask them why they feel they can get away with taking on someone smaller.
If you find another job please let us know who it is is doing this.
Matt Thompson - Actuality - Insert product here.
If you take some code and switch out all the variable names and change the spacing around, it's still the same code. If your lawyer is advising you differently, I'd be very suspicious of his motiviations.
"We returned the General to El Salvador, or maybe Guatemala, it's difficult to tell from 10,000 feet"
Speaking only for myself, here. I would resign immediately, and report the abuse to the FSF.
Life is too short to work for lowlife scum.
To find out whether the gobbletygook you distribute is source code or not is simple: if you normally add features to the program by editing the gobbletygook, it's source. If you instead edit the stuff that you compiled to gobbletygook and then recompile it, then the stuff you distributed isn't source and it's a clear-cut GPL violation.
If this isn't the form your company prefers for doing their own internal modifications, then this isn't the source code!
I think what your lawyer meant to say was 'you probably won't get caught, and if you do those damned GPL hippies can't afford lawyers anyway'.
By not being willing to put public pressure on your employer to stop this, you're as culpable as they are. The crime is being commited with your full knowledge of the action and the fact that it's illegal. Failure to report your company could leave you personally liable in the future.
because
(1) Although the source is obfuscated, it is still
GPL which means its freely available and freely
compilable.
2) If folks know from which original obfuscated
code the GPL derives, it may be possible to
write some program that separates it from the
new code and then the new (but obfuscated) code
can be examined and possibly cleaned up, then voila new GPL code.
So your company produces code that must be distrubuted freely - how can they benifit?
The source code for a work means the preferred form of the work for making modifications to it.
Your company is breaking the law... enough said.
If the unsaid company would generate their project GPL'd, at least the product would be free. I agree that messing up the code like that is really bad. If it can't be compiled, I think they will be sued.
INAL
"And we have seen and do testify that the Father sent the Son to be the Savior of the World"
1 John 4:14
Nowhere does it say that that code has to be non-obfuscated. Nor do I think it should. Do we really want to try and formalize that gray area between "obfuscation" and just plain "sloppy code?"
Not all of the code released under the GPL is what we would consider "good code." By that, I mean people release all sorts of toy projects and junk code under the GPL, for learning purposes. They use bad variable names and inefficient algorithms, but when do we start to consider code "obfuscated?" And more importantly, do we want to leave it to a lawyer to make that decision for us?
I say if you're really concerned about it, then leave the company. Otherwise, just write it off as mean-spirited. There's no law against being mean. :(
Like woodworking? Build your own picture frames.
Pretty boring stuff, but the overall point is that once the end product is GPL'd, it won't take long for someone in the bazaar to figure out a meaning for "asdfgh", and do a s/asdfgh/meaningfulName/g through the whole thing. Or even figure a way to diff it with the original source.
As long as it's GPL'd, the source will be available, and it'll be figured. You're wasting a lot of your time (and the rest of the community's) for very little reason.
No matter how complex your obfuscation, it's likely much less complex than, say, CSS or DES was.
jer
We may be human, but we're still animals
- Steve Vai
As far as I can tell, AINL, as long as you do in fact release the source code (and all linked pieces... must be careful about this), you are in compliance with the GPL, even if the souce code has been obsufacated as much as possible. Just remember though, *everyone* will get to see this source code. They will either know that 1. You are ripping them off by 'working around' the GPL. Or 2. Think your company is staffed with the most incompetent imbecil programmers anyhwere. So my question for you is... Why would *any* company want to release something that makes them look bad??? What exactly is the advantage they think they will get from this?
You were right in talking to your lawyer.
I would imagine this'd be something to think about for the next version of the GPL.
This doesn't seem too hard, although the part is limited. To quote from the GPL
"The source code for a work means the preferred form of the work for making modifications to it."
In this case - obfuscated code is not the preferred form of the work for making modifications to it - your company isn't going to be making the modifications to the obfuscated version - they're going to use an internal version and make modifications to that instead. In which case they would be in violation of the GPL. A bit of an arse to litigate I would guess.
The way I understand it, if you distribute GPL'd code to the public, you must also distribute the source code. It doesn't matter how much you modify it -- if you fail to release the source code then you are breaking copyright and can be sued.
GPLv2 says:
"The source code for a work means the preferred form of the work for making modifications to it."
Obfuscated source code is obviously not "the preferred form of the work for making modifications to it". 'Nuff said.
Are we talking about just compilation and use of an IDE? I we talking about compiling against libraries?
We're not talking about including source files.
It all sounds fine to me. I don't pay a royalty to Sun Microsystems just because I compiled under Forte. What am I missing here that you're doing?
Certainly it would be tough to argue that the bytecode is the "source code" used for a project. How could bugs be fixed in such code? The GPL requires that source be included. Certainly if it got to court you'd have a tough time telling a judge that the obfuscated code was the source, and trying to present that in response to a subpoena would probably get you jailed for contempt. The GPL is not a machine, and the company involved looks to me to be getting bad advice. You could do the workaround IF you actually planned to use only the obfuscated code, but then your maintenance costs would skyrocket.
While the code MAY be obfuscated, you're still releasing it under the GPL.
And while it's true that it's "Almost" as useless as reverse-engineered bytecode, it's not necessarily. Someone with the patience and, say, economic motivation, could still retrieve your full codebase, and be perfectly within their rights to do anything with it, including compete directly against the company.
If you really want to stop this, that's a tack you could take -- try to convince management that there IS a security risk in releasing even the obfuscated code.
I don't see companies like Microsoft or Cisco releasing even obfuscated source to code they consider valuable.
Xentax
You shouldn't verb words.
i can see this being used in bigger cases, such as if aol actually buys some open source o/s, then manipulates it to a disgusting end like this
Isn't youd company obliged (under the GPL license) to publish any modifications they make, under the GPL license? That would have interesting implications on their plans.
However unreadable the mess will be, it will still be possible to compile it to the working product.
This means that you cannot stop people from distributing the product) freely.
Sure, nobody can modify you program, but they can still use it without paying you.
The source code for a work means the preferred form of the work for making modifications to it.
.s files are the source code.
If anybody from your firm states in court that the obfuscated version of the code meets this definition, they will be perjuring themselves. Your company is not going to be having the developers maintain the obfuscated code. Any claim that the obfuscated code is actually the "source code" is a lie. Claiming that it is isn't any more true than claiming that your intermediate
Tell your company they should hire better lawyers. And find another job, because your employers appear to be a bunch of dishonest pricks.
The source code for a work means the preferred form of the work for making modifications to it.
So I guess, this is not going to work. Then again, IANAL, and I don't want to be one.
Do the fucking thing your boss says, as long as you
are not in power, follow orders.
But as soon as you follow the wrong orders, and
break the law, you are instantly in power.
Do your job, get paid, and fucking report them if
they ever fire you.
It is a win-win situation for you.
--
1) Java code is almost inherently open source. You can always decompile the .class code into .java files. There are obfuscators out there that change the names of the variables, etc, but you still have the basic logic of the code (it's just harder to figure out). If your company thinks a competitor wouldn't be able use this, they're probably mistaken.
2) The obfuscation process, if applied to the source code is essentially another compiliation. IANAL, but I think a lawyer could successfully argue that the obfuscated code is an intermediate step in the compiling process being used and doesn't constitue the original source code.
3) If the company wants to license the GPL'd code, they should comply with the restrictions and GPL their modifications or derivative works to it. Or, they can simply not license the GPL'd work!. There's a cost involved with everything, this is that cost.
"Save the whales, feed the hungry, free the mallocs" -- author unknown
Go ahead. Try it. Make my day.
IMHO you're allowed to port a GPL project to another programming language, eg. C to Pascal. But what if you port it to Assembler? Are you still complying GPL because you distribute the software with .ASM-files created with GCC or some other compiler? Or just dump your executables through de-assembler and claim that those are the source code.
- Raynet --> .
This is an interesting dilemma. However, I do not think chaning function names and variables, etc. is a very professional way of going about doing things... sounds like a bunch of university students who want to hand in the same programming project!!! if the savings are only 30%, then you should go ahead and write your code from scratch.
This is another type of abuse:
I once went to a job interview and when they were describing the product they told: "look at this piece of code, it was taken from tool X - a GPLed highly known tool". Of course their product was not free source.
It seems to me that this type of abuse if very hard to detect.
Although logicaly it doesn't sound like a violation of the GPL because you still can see the source code.
I question the motivation.
How would this benifit your company? The source will still compile right? It still can be obtained free. right? This just seems silly. The problem people have making money off of GPL'ed software lies not in the open source code but in the fact that people can get for free what you are trying to sell. I mean when was the last time you looked at the source of a project that you just wanted to use, not develope.
My guess is that Section 2a is the only thing that may help here:
This may allow someone to at least track down what the code was before obfuscation, but I see no requirement to name the source of the original code.Worse, Section 3 -- which allows distribution in binary -- only requires the source to be "machine readable". Again, nothing against obfuscation. Section 1 only says you have to keep the copyright notices and references to such as well as the disclaimers in your code.
I'd like to see what the FSF has to say on this.
woof.
Source without comments is like a joke without the punchline.
For me this is a huge inditement of Microsofts shared source and commercial licenses for code. Why? Well, if you rip of GPL'led code the authors while annoyed if they knew, are not going to be saddened by the loss of income. The bulk of them make money on the packaging, sponsorship, their day jobs or consulting related to the product.
Now 'shared source', and companies that provide Perl/PHP/JSP code with a commercial license *would* loose income! They don't have any more magic reverse engineering tools than the open source community.
What you're company is doing is morally very wrong but I don't think it'll kill the GPL as a license but it could have an impact on other ideas such as 'Shared Source'.
e4 e5
"They will then GPL the obfuscated gobbledygook"
:o)
So once they GPL the obsfucated code - I can then grab a copy, compile it, and sell it to your own customers for less money than you can?!
Cool
When it comes down to it, this is a really sticky question. There are certain algorithms which can only be done efficiently in one way. If I code a linked list in C++, and the optimizing compiler boils it down into the same object code as Microsoft's linked list class, do I owe Microsoft royalties? The source code is different, but it is very possible that the object code would be identical. If object code can be copyrighted, then this would place many open source projects in jeopardy, as they frequently borrow algorithms from the proprietary UNIXes.
I think a better approach for your company would be to have an analyst read through and analyze the GPL code, and then create something new based on the knowledge gained. Copy the algorithms, but not the code. This "black box" approach would take only marginally longer, and there would be no possibility that all of your code could be forced into open source status. Since the design is already proven with this approach, the only thing you would have left to do is the coding and testing (which should be about 8% of the total project cost.)
Is your software Complete? If it doesn't come with the source code, it's Incomplete Software .
The society for a thought-free internet welcomes you.
What could they possibly be working on that capable programmers couldn't write themselves? I don't think that this companies attempted theft is really that well thought through.
I mean the code is still GPL, just obfuscated. No where in the GPL does it say you can't obfuscate the code. It just says you have to make it avalable.
Why did it take so many posts for someone to point this out? Do people not read the GPL?
What a day to be without moderator points...
For those too lazy to read the whole thing, read section three, point #3 very carefully. Just because something compiles does NOT mean that it is source according to the GPL. That you would not do development on the obfuscated gobbledegook clearly shows that the obfuscated version is NOT the preferred form for modification. I would be highly suspicious that your lawyer is insufficiently anal when reading contracts if they missed this.
As for precedent, can anyone find a discussion of GPL'ed yacc/bison grammars? This would fit exactly the case above - the original source that must be distributed is the .y file, not the result of compiling the .y to a .c file. Unfortunately, I don't think that anyone has ever been tempted to rip off a GPL'ed grammar.
How are they expecting to maintain the source ?
If they're going to start off the clean code base
after releasing the mangled version, then that
would be a way more easy argument to sue them
(they could argue that the original cleaned
source got mangled, but they surely could not
argue that they needed to get the previous clean
version, I guess).
Verbatim from the GPL:
"The source code for a work means the preferred form of the work for making modifications to it. "
This gooble-de-gook is by no means the 'preferred form' for making modification, thus it is not source code under the GPL.
Get another job, this company is going down.
-josh
No Text
From the GPL:
The source code for a work means the preferred form of the work for making modifications to it.
While this obsfucated form of the source is indeed machine-readable, you're going to have a hard time passing it off as the preferred form for making modifications. Seems fairly open and shut to me.
and so this is NOT legal advice. But here's how the GPL works:
1. every contributer to the code has a copyright in their seperate piece
2. everyone who wishes to use the code is bound by the GPL to release their "new version" under the GPL
3. if you don't do this, or you place more restrictions on the code than expressly authorized by the GPL, the licence becomes void
4. then you are open to copyright violoation, and the statutory damages that apply.
Now, what this company is about to do may not feel right, but obsfucation does not seem to violate the GPL. BUT, they will have to go about that obsfucation carefully, and they must release their software under the GPL too. Because of that, I have a feeling that the community will react to decompile their code and rebuild it so that there is a readable version out there.
Lesson of the day: we need to update the GPL!
"In order to make an apple pie from scratch, you must first create the universe." -- Carl Sagan, Cosmos
Although logicaly it doesn't sound like a violation of the GPL because you still can see the source code. I question the motivation. How would this benifit your company? The source will still compile right? It still can be obtained free. right? This just seems silly. The problem people have making money off of GPL'ed software lies not in the open source code but in the fact that people can get for free what you are trying to sell.
I mean when was the last time you looked at the source of a project that you just wanted to use, not develope.
That is from the GPL. Obvious "incomprehensible gobbledygook" is not the preferred form of the work for making modifications to it. It is not source, because it is never modified. Admitted, the GPL is not very clear about what excatly constitutes "source," but this company asserting their obfuscated code is their source which they make changes to shouln't hold in court, in the case if the copyright holders want to pursue this firm. I wonder if the software in question is copyrigted by the FSF.
(BTW, I am not a legal advisor. This is my understanding of the GPL).
If you are including other people's GPL'd source code in a program which you distribute, then you must abide by the terms of that license. Section 3 of the GPL is precise enough to disallow scrambling the source code:
There is nothing to stop you changing all the variable names, or the style of someone else's code. However, if you distribute a GPL'd binary then the source you distribute with it must be the source that you prefer to use for modifying the program yourself. You may be called upon to prove this in a dispute.
For reference, section 3:
It's illegal to do that with any form of copyrighted work unless the copyright provisions specifically allow that, AFAIK.
Okay, this company would be violating the "spirit" of the license, but that's not illegal, so they could probably get away with this. However, there is one thing they do have to be careful with and that's the 30% of the GPL'd code they haven't written but plan on using. If they obfuscate this code and then attempt to claim copyright of it, there could be some big consequences. This is clearly illegal and doesn't involve the GPL at all. I'm also not sure how the system would work if they obfuscated the original 30% GPL'd code but the attributed copyright to the original owner. I'd assume that they'd still get in trouble because the copyright owner of that code did not produce the obfuscated mess. Might be slander or defamation of character(or one of those goofy legal terms).
But regardless, I think this company is going about things the wrong way. To the original Anon poster of the story, please, let us know when this code is released, I love a challenge and would be happy to go through and un-obfuscate this code.
Dodger_
By obsfuscating all you've done is create v+0.0.1 of whatever you started with in, but in your own fork. That means this alteration is covered by the GPL.
Standard not-a-lawyer stuff applies.
Cheers,
Ian
So you've either got an obfuscated sourcetree to maintain & bug fix, or you've got two sourcetrees, the internal one and the external one. In either case it's slowing development down, and the change of errors creeping in is increasing. All in all, not a good idea.
IANAL comment. This poster is probably just someone making this up (unless he works for the Mafia). Gimme a break: what you are talking about here is just plain scummy.
And what's the point anyhow? Take the GPL code and compile it as shared libraries. You don't have to open-source your project just because it links to open code.
It sounds like you just want to start a Llama lynching party.
My $0.02 will always be worth more than your â0.02, so
Ripping off GPL'd code is a copyright infringement just like ripping off Microsoft code. I assigned my copyrights to the FSF and I will vigorously assist the FSF in any way necessary in prosecuting GPL infringers of stuff I wrote.
Keep in mind that if someone willfully infringes a copyright, they can be liable not only for actual damages (the amount of income they cost the copyright owner) but also for statutory damages of up to $100,000 per infringement (i.e. they can have to pay $100K per infringement even if they didn't actually cost the owner anything). So don't do it.
The primary question of the article was "Is this legal or actionable with respect to the GPL?"
Even if the FSF knew about it, what could they do? There has to be a clear violation of the wording of the GPL, not just some gut reaction.
So the question stands: What can be done about this type of situation given what we know?
If there is something that can be done, then talk about reporting them.
FWIW: The BSD advertising clause would require at least one comment remain in the code, the original authors name. That would at least give someone a hint as to where the code came from when trying to interpret the "garbage" source.
There is nothing so silly as other peoples traditions, and nothing so sacred as our own.
The GPL states:
That term was written to prevent exactly the sort of obfuscation the attorney is proposing. Obfuscated code is demonstrably not the preferred version for creating modifications. So, what is being proposed is a GPL violation, and your company's attorney missed that part of the license. The talk about incidental resources isn't germane, it actually seems to be intended to confuse, because what is being proposed clearly is a derivative work, and the company attorney is acknowledging that when he suggests that the obfuscated code be GPL-ed.But there are simpler remedies than legal ones. If the free software developer community hears about a product using obfuscated code to circumvent the GPL, they will retaliate by creating a non-obfuscated version and using it to compete with your company's product. They are experienced at reverse-engineering, they have excellent tools for code reformatting and analysis, and there are a many programmers who will be angry enough to work on this.
If your employer wants to unashamedly take advantage, they are simply buying a lawsuit. The free software community does have the resources to bring one - it would probably be brought by law professor Eben Moglen of Columbia University. He wants more legal tests of the GPL, and would love to make an example of your employer. Don't go there.
Bruce
Bruce Perens.
I say, keep quiet, let your corportation take the legal flak. At least we can then resolve the legal status of the GPL ONCE AND FOR ALL and then move on.
Personally its issues like this that make the BSD license seem so much more "free" than the rather more restrictive and viral GPL
Its still GPL'd so I can take your company's product and distribute it for free. Where are you making your money?
The structure of the code remains the same (else why would it produce the same program), so some sort of pattern matching could be used to compare the code against the body of GPL code out there (it may well be obvious what its based on), and then "factorise out" the GPL code, leaving just the gobbledygooked novel code. Which may, given effort, be de-gobbledygooked, and made public (distributed under the GPL as a derived work). You are left with having no IPR distinguishing your company from the next guy.
Lesson: Trusting lawyers is dodgy to begin with (there are some ideas for legal rebuttals in the comments already), but dont underestimate the technical solutions either.
.. on being the one millionth poster to point out the "preferred form" clause! You have won a "Score -1 redundant" moderation. Your prize will be delivered shortly.
:)
-- MartinG To mail me: echo kewyjlcxyzvjfxbqwh | tr bcefhjklqvwxyz
If there is FSF copyrighted code for which your company is violating the GPL (duh, yes, this is a violation), let the FSF know. Otherwise, let the copyright holder know and point them to the FSF. There's a reason the GPL has never ('till MySQL v. Nusphere) gone to court, and that's the FSF's skills.
I see three possibilities here:
Ask that lawyer if he can sell versions of law books which he has translated into foreign languages without getting approval from the copyright holders. I'll be surprised if his answer does not begin with "Of course not...".
There also are protections for translated code. Just because your company can easily produce an assembly language translation of MS-Office code does not mean that you can use it.
Lets just look at the resulting software and ignore the mentioned source code issues.
The end software product binary is GPL licensed.
This means 1 person can buy it, and give it away to everyone else, as he is entitled to under the GPL.
Since you are giving away no cost software, what do you expect to gain from hiding the source.
Your company's tactics are clearly intended to violate the spirit of the GPL: to make the code unusuable. Usually when there's a violation of the spirit there's also a violation of the letter.
Incorporating code is NOT incidental use, by the way. Frankly, I don't see how the license of any tool can enforce a license on code (or text) that was created with it as a tool (e.g., a license on emacs couldn't force you to copyleft a novel you wrote on it), because the created code/text doesn't incorporate copyrighted intellectual property of the creator of the tool. But in your scenario, you ARE incorporating someone else's IP in your project, creating a derivative work, and so are guilty of violating the copyright on that IP - unless you follow the license.
Compare it to a translation: you are reproducing the meaning of the GPLed code with different words, which after all is what translation is. A translation of a copyrighted work must be licensed by the holder of the work's copyright.
If you (note that I said you, not your company: the moral responsibility here is the programmers', not the suits') do not want to follow the spirit of the GPL, I'd suggest looking for similar code that isn't GPLed but has a license that does not "contaminate" derivative works. If you can't find any, then you should take the 30% hit and write your own code. If it's such a lucrative project, and if the distribution of clear source code would represent a threat to your profit stream from the product, I would think you would be willing to accept such an expense to protect your own intellectual property - because if you violate the GPL and get caught, you could lose it all in court.
I am not an attorney, and the above does not constitute legal advice. You might want to ask an attorney of your own for advice, as you may find yourself caught in a situation in which you will be making yourself liable for the actions of your company.
... name your company. The unsuing bad press will put a stop to that right away.
Ed R.Zahurak
You know, oblivion keeps looking better every day.
Surely obfuscated code is equivalent to object code: it's only useful to the computer, not to programmers. (In ye olde days, obuscated code was actually used to distribute code that couldn't easily be reverse engineered, but still could be easily used on different platforms.)
The GPL requires you to make the source code available. Surely distributing obfuscated code is not good enough. You should definitely notify the FSF - if they know, then this won't go unpunished.
isn't this what apple did with X?
software should not cost more than hardware and
we are seeing that logical proposition being played out. No one likes computer programers anyways, they now know that they bitch about coding. C'm onm peeps can't you see that software's run is almost over? It's so much harder to steal hardware. Logically from the beging, it should cost more than harfware. There's no GPLing my cellphone! We've won. We did it. Long live hardware! Yes! I can't belive it.
I can't remember exactly where (can't find it in the GPL FAQ right now) but Stallman said that the code you distribute has to be the code that compiles to the binary you distribute. If you can't feed the code directly to a compiler then you are violating the GPL.
Of course, now every Slashdot reader knows what is happening if they get obfuscated source code of a GPL program. Obfuscated source code is an announcement that they are violating the GPL, so they'll be caught quickly.
Of course you can you dork! What the hell were you doing?
I don't see how this violates the spirit of the GPL, since there are no provisions in it for the quality or readibility of code.
.asm file that is just the disassembly of your binary isn't very useful for preserving the right to modify the program. Neither is deliberately and cleverly obfuscated source.
The "spirit" of the GPL is about being able to make modifications to the code. That is one of the rights that the GPL is trying to preserve. It isn't just about being able to get a free copy of the code you can compile (and if you're lucky for different platforms).
As at least a dozen other posts under this article have already said, there is language in the GPL providing for quality -- or at least editability. The source must be in the "preferred form" for editing. Because releasing a
The authors of the GPL understood that "openess" depended on at least the level of usability that was present when the code was written. Hopefully we've cleared this up (and this guy's company lawyer has been sacked).
The enemies of Democracy are
"I see on your resume that you were a programmer for Obfuscanium Unlimited. I've seen the gobbletygook code which you write, and I'm not interested in hiring anyone who writes such junk."
Until they actually release this code, there's nothing the FSF (or anyone else) can do. Talking about copyright violations isn't a crime, and there's a good chance management will come to their senses. As long as these people don't do anything immoral, I don't see anything wrong with working for them.
Threatening mass resignations from engineering, btw, is one tactic I'm currently seeing used to prevent a GPL violation at another company. Buyer's market though engineering talent may be right now, I expect it'll be effective -- turnover is just too expensive. Quitting right away (as soon as idea is raised) -- simply put, why?
1) Take a copy of gcc 2) Use your power of the source to fiddle with it, so that it isn't *quite* ANSI C compatible anymore. 3) Port the GPL'ed code you want to 'steal' to the new, gonzo implementation of the compiler. 4) Compile it, release the code and source together as per the GPL. Document nothing. ...at this point, you are not bound to release the code for your modifications to GCC unless you release a binary of the compiler yourself.
Or does my logic have a hole here?
The documentation just to track down the actual use of the variables, etc etc etc will be insanely complex.
Never mind the poor sod who has to go through it after and figure out what it does.
They have saved money on development issues, and transferred them out to Tech support isssues, thereby multiplying the costs.
Of course, to gain all of the legal benefits, they would probably have to erase all of the connections to the source as it was.
"It is a greater offense to steal men's labor, than their clothes"
Who is actually responsible for making sure that someone who abuses the GPL is punished?? Is it the original creator? How complicated would it be to prosecute a violation? What about salaries for lawyers if that is needed??
Henrik
i'm going to go down to my local electronics store, grab a dvd player, scratch out and replace the serial number and explain to security guard on the way out why it is now mine. if he doesn't understand, i'll direct him to your company lawyer.
i can see your dilema, if you have any other recourse for ethics violations, i would definately attempt that route. it looks like you have two choices, protest and get fired, or go under with the company WHEN it loses the impending lawsuit.
it's bad enough to steal from a faceless profiteering corporation, but from GPL. You might as be out kicking homeless people and stealing from little children.
i hope when this is all over all that is left of your company (if they continue) is your two weeks notice and it's burning cinders.
good luck
I'm not trying to snitch on my company
Well perhaps you should! If they are prepared to use such extrodinary lengths to f**k somebody over for their own profit, do you really want to work for them ?
This is the GPL, not some Microsoft shared-source crap. Usablity is a big part of it.
What the company is doing goes againist the spirit of the GPL, IANAL so I don't if it goes againist the letter. Since they are distributing the code they are compiling it looks OK, but they are not distributing the code they are using. Also, GPL usually has a provision to let FSF update the license if it wants to. It would be hard to write an anti-obsucation clause I imagine. Perhaps a provision againist a private version and a public version of the code?
Also, if obsucation of code really worked, I imagine we would see it a lot more since there are advantages of source code. Companies wouldn't have to go through the hassle of providing many versions of a binary if they didn't have to. Granted, this line of "not yet done, so it can't be done" thinking is often flawed.
IANAL, etc... etc... yadda, yadda, yadda.
The company then go all the way to production with it, but instead of finally compiling the actual project for distribution, they instead compile a bunch of incomprehensible gobbledygook that just happens to compile to the same bytecode.
You know the game: globally replace every function name, variable name, and so on from our code with nonsensical names (or random characters), remove all of the comments, and any other form of obfuscation they can introduce.
They will then GPL the obfuscated gobbledygook, which isn't much more useful to anyone than reverse-engineered bytecode would be (it is a complex project). 'Voila!' All the benefits of a huge GPL project and countless thousands of volunteer hours and unreadable, incomprehensible source tree.
Here is my take:
Other things to take into account:
Conclusion?
Bad idea. VERY bad idea. Release code under GPL, play nice, and nobody gets hurt... (wink! wink!)
IMHO, any company who tries that kind of stunt is going to end up on the trash-pit of dot-coms faster than you can say "GNU General Public License".
The right to offend is far more important than the right not to be offended. (Rowan Atkinson)
If anyone wants to prove me wrong, please do so. We need people to stand up for the GPL and protect the hard work that so many people entrust to it's care.
"If I wanted your input on my pet project, I'd stick my hand up your ass and use you like a sock-puppet." - Muse
Correction: you can't do that in Windows Media Player.
Winamp and any other quality Windows application will be happy to play a file as it downloads.
grep -ri 'should work'
If the company sells a copy to, or someone gives a recompiled copy of their work to, the federal government...does the Whistleblower law apply, so employees can sue their own company? Or does violating a copyright-connected license qualify as a Whistleblower-enabling violation in itself?
Correction: you CAN do that in Windows Media Player!
asobala writes: I would be highly suspicious that your lawyer is insufficiently anal when reading contracts if they missed this.
Am Not A Lawyer? :-P
*laugh* I'd mod you up if I had points.
-- MarkusQ
Mainly though, I object to the claim that Free software authors have less to lose than software companies. They lose something different, but I don't consider it "less". To consider it "less" means worshipping dollars over everything else.
Mod the above conversation above up.
I'm gonna go hide in my basement.
Communication is about content not presentation.
I am willing to bet it more or less *is*
but to still do so, is not a good idea. why? because when they release this b#llsh&t code open source, everyone will immediately pick up on what they did. This will only make them a HUGE amount of enemies, be VERY bad PR, and will probably get them sued regardless, and have everyone gunning for them.
sure, they could probably do it. but can they afford to?
"Computer games don't affect kids; I mean if Pac-Man affected us as kids, we'd all be running around in darkened rooms,
I recommend using an anonymous re-mailer to rat them out to all newsgroups where people might have a say in purchasing or not purchasing their product. It won't stop all sales, but at least it will reduce the fruits of
That being said, if I take the latest published book and substitute all 'variable names' by changing
So as I see it, that is where they are going wrong. Software is copyrightable, and they are plagerizing.
Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
One problem is to ensure that anything that is printed out looks different from the GPL version, which would be simple enough, though tedious.
Another problem is integrating new versions of the GPL code into your product.
I think the biggest problem is keeping it secret. Obviously, in this case, the company is not doing this part very well. It shouldn't be too hard for this anonymous coward to leak the info without becoming a primary suspect.
Again, this stunt should only be performed by trained professionals. Do not this try at home, kids.
>Two programs can't access the same file!
Oh really! How come databases, web servers and network shares all work under 9x/NT/2000 then?
You are a grade-A fuckwit. Please get a friend (or your mom if you don't have any) to slam your head in a door until you pass out!
Which other company has thrown more FUD against the GPL? They are dead set on proving the GPL is anti-american, atheist, and totally devoid of redeeming social value.
IMHO
If they do, whistle blow.
Accept the fact that they - the company that you work for - is looking for every advantage that they can find, and if it means that they can abuse the GPL they will. Any and every advantage. You have a moral and ethical problem, and you need to figure out what is more important to you (job or karma), and what the ramifications are for your actions. I would certainly talk to the orginal developers about your company's plan to co-op their code as well, and hire a lawyer of your own.
III.IIVIVIXIIVIVIIIVVIIIIXVIIIXIIIIIIIIVIIIIVVIII
- Speaking only for myself, here. I would resign immediately, and report the abuse to the FSF.
Ditto.
True. But it's often cheaper & easier in the long run than living with the knowledge that you should have done something and didn't.
I'm not saying that quiting is the right thing to do; I'm saying that he should do what ever he desides to be "the right thing," be it ever so hard or costly, with out regard to cost or consequence.
-- MarkusQ
In other news, programmer looses job after the CTO realizes which programmer exposed their immoral, but highly profitable business plan. When asked, the CTO said, "hey we can make money off other people's work. American is great!"
Having used academic licenses in the past, my experience has been that the licenses generally prohibit _use_ in commercial environments, whether the final compiled binary is built in the academic licensed IDE or not. Or, they prohibit _development_ of applications for commercial use. I believe Borland's academic licenses have, in the past, specifically prohibited the loophole you describe.
It would be hard to write an anti-obsucation clause I imagine
Not that hard; in fact, it's already been done. The GNU GPL, section 3, states: "The source code for a work means the preferred form of the work for making modifications to it." I don't think any reasonable U.S. district court judge would consider robo-obfuscated C to count as the "preferred form" for that purpose. See #3117740 for another explanation.
Will I retire or break 10K?
The principle behind most occidental law systems is that one cannot do indirectly what the law doesn't clearly allow him to do.
The same applies to contracts. In this case the spirit of the GPL prevails. The objective being not only to be able to recompile and 'port' your crippled source tree, but allow the community to learn from your project and improving on it by going through a readable source code. A crippled version thereof clearly destroys the community aspect of the GPL and I don't think that the FSF will overlook this argument when dealing with your company's case.
Obfuscation is a mean to cut the GPL's legs and arms, and I don't see a court of justice (even in the US) allowing that kind of misuse.
As long as someone is able to prove that the obfuscation was done in a mechanical way (and that doesn't necessarily imply the use of a computer) by application of a definable algorithm your company's strategy won't fly.
Whether it compiles or not, it's object code, plain and simple. What their brilliant lawyer suggests is equivalent to running 'gcc -S' on the source and claiming that the output is the source code.
By all means, let them go ahead and do it. It'll be a nice example for the next scumbags to come along, and besides, FSF lawyers have to eat too, you know.
1. Is it in violation of the GPL? This question is not a simple one, but such actions may very well be violation of the GPL. If this matter reached court, the question would center on whether the process applied to the GPL'd code constituted part of the process to create the derivative work, as derivitive work is defined in the GPL. For example, an expert might argue that code obfuscation can be part of the compilation process. It is oversimplified to say that laws are reinterpreted on the fly to capture the intent of the law. What is true is that these sorts of questions - for example, what constitutes compilation - are likely to be viewed in a manner which assists the obvious intent of the applicable contract/law.
2. If it is a violation, can it be proved? Probably. Our company works for lawyers on code plagiarism cases all the time. There are many algorithms you can apply to show statistically significant relationships between a body of code and its obfuscated counterpart. The same should be possible with bytecode. Once a reasonable basis for suspicion is established, plaintiffs could get discovery of the company's code repositories and depose employees under oath.
Christian Hicks
Elysium Digital, L.L.C.
http://www.elys.com
I'm not a great fan of the GPL, but this is simply a 'dirty trick' -- but one that can only work for a very short time, if there's significant dissemination of the source.
The gobbletygook has to correspond to the bytecode and that limits things. If they went for replacing by getting the same functionality, bytecode be damned.. well, then they'd be doing their own work and it'd be no big deal. But since they aren't, the source, the real source, will likely be found rather quickly.
What happens next? De-obfuscation. Publication. Dissemination. And the company loses 'control' along with reputation. And no benefit. [Insert security through obscurity argument(s) here.]
Looks like, unless the market they have is very obscure and thus few will get the source and fewer care about it, that this place is trying really hard to give itself a black eye.
The source code for a work means the preferred form of the work for making modifications to it.
Clearly, obfuscated code is not the "preferred form of the work for making modifications to it."
You need to fire your lawyer and hire one who can read.
Look up above at this post and it follow ups to see how.
But you have a good point - proving to a judge with no programming experience that the obviously obfuscated code is in fact code might be a hurdle. I wonder if compiling it and running it would be proof enough?
Games Workshop Petition
While your Company can remain anonymous for now, that anonymity will be lost when you release your product.
Once you release binaries under GPL, someone will demand the Source Code. When you provide them with unmaintainable obfuscated source they will sound the "GPL VIOLATION" siren. No matter how much you obfuscate, the original GPL programmers will recognise thier work... it will be immediately known which GPL work has been violated.
Your Lawyer may be betting that this strategy will raise enough doubt to intimidate a few GPL in-thier-free-time programmers from bringing a lawsuit. Will the Original GPL programmers risk time and money on a lawsuit they may not win?
If that's the rationale then source obfuscation is not even necessary. I believe you could take almost any GPLed work and release it under a proprietary license, and the original few authors will not be able to act against you alone.
Your Company must understand that thier tactic is designed to break the efficacy of the GPL. Then they will realise that there is a Foundation, a whole community and several companies whose survival depends on the efficacy of the GPL. Therefore, those few injured programmers will be joined. A lawsuit will be brought. Your Company will be damaged.
Jono
Get that statement in writing, in case you might need it in the future. Screwing yourself out of a job? I don't think so. If they have the balls to try something like this, then why trust them with your future? Point out why it is in violation of the GPL, point them to your post on
My beliefs do not require that you agree with them.
Sorry I meant. This post and its follow ups.
talk to Eben Moglen of the FSF. He defends the GPL on behalf of the GPL. You can send a notice of
- 13 .html
violation as setout in
http://emoglen.law.columbia.edu/publications/lu
From what I gather is your company is skating around buying licenses for a commercial development tool and using a student version or other version that is restrictive. You are then mangling the tool's generated code so it can't be identified and then compiling the mangled source with GNU tools.
Your company is still benefitting from the commercial tool and not paying the authors what is due them. The mangling doesn't change the fact that the tool was used and benefit was obtained in the first place. But the only reason you are mangling is to hide the generated code which you feel you need to distribute with the GPL code you are also using in the project. I think you should fire your lawyer.
'Same speed C but faster'
All this ranting about illegal issues....
The article stated that they were going to RE-RELSEASE the project under the GPL.
So that means it's still free. They were just going to make it unreadable for people like myself, who might be a fair programmer, but remove the comments and obfusticate (or whatever) the program, and I'll never figure it out.... Making the fact that it's GPL useless for me, except in the end product. I could always compile it and use it.... but just could not learn from it.
www.slightlycrewed.com - Because aren't we all?
Of course you can't.
And it is not only windows media player. I was sending some files with hyperterm over the NULL modem connection to my linux box, and I made the mistake of playing one of these files with the windows media player. Hyperterm froze and refused to send more data.
Amazing NT technology useful only for downloading p0rn (but you have to wait before you see the mpegs)...
If I'm reading the post correctly, the company in question doesn't intend to distribute source AT ALL. The plan as I see it is:
1. Take source tree from GPL project.
2. Make changes to source tree.
3. Obfuscate code and remove comments
4. Compile Obfuscated code and sell it as a product.
5. "We're not selling code from this GPL project, we're selling the compiled version of THIS"
6. Profit!
(I know I forgot the step about collecting underpants)
If the company's intent IS to distribute the Obfuscated source, they will have to put a notice in each altered file stating that it was changed, and the date of the changes, and release the changed code under the GPL. If the finished altered project is useful, somebody will come along and clean up the code, and very likely re-integrate it into the original project. A big pain in the ass, possibly giving the company in question a window of opportunity to sell their product (unless savvy ppl just recompile the obfuscated source and distribute binaries as freeware), but no big deal, although I think this may cause the company to lose a good deal of money (not to mention reputation), so I don't believe that's what the agenda is.
As I understand it though, there are no plans to distribute the source. The company plans to compile only their obfuscated version of the code, and claim they are not distributing a derivative work. If this project is owned/maintained by a small individual with no legal resources, they might even get away with it, as reprehensible and illegal as it may be. Of course, that individual could always just assign their copyright to the FSF, which has the expertise and the tenaciousness to defend the code, and this company will most likely be forced to capitulate and release their modified source, or at the very least discontinue distribution of the finished product. Either way, it represents a huge potential loss of investment if this one lawyer's legal opinion is flawed.
If I were the management of this company, I'd get a new lawyer, because the guy giving this advice is going to get them in trouble. If I were a shareholder of this company and I got wind of this plan, I'd divest before I lost all my money. If I were a shareholder of this company, and the plan got implemented without notifying anyone, and I ended up losing a bunch of money because of it, I'd sue management. If I were an employee of this company, and assigned to this project or one related to it, I'd do what I was told, while updating my resume and looking for other jobs, because most likely when the legal hammer comes down, that job isn't going to be there much longer (besides, who wants to work for a company with an ethical culture like this). While doing what I was told, I'd keep documentation on all potentially illegal activities I was involved with. Upon finding another job, I'd forward copies of that documentation to the owner of the original software, the FSF and the EFF. The two larger groups could then forward some legal advice to the owner, who can decide whether and how to pursue the matter.
Meanwhile, before this project really gets rolling, and management has committed a bunch of money to it, you should sit down with your immediate supervisor, specify your legal concerns, explain that obfuscating your modified source before compiling it doesn't make your product any less of a "derivative work" in technical terms, and that, if taken to court over it, a judge would most likely rule in the owner's favor, as this clearly violates the spirit of the license, even if it attempts to wiggle through a loophole. Explain also that even though the GPL has never been tested in court, it's been violated several times, and every time, the violating party has settled and come into compliance after being confronted with it, because they really didn't have much of a chance in court. Finally, explain that even if there is a slim possibility of wiggling through a tiny loophole, the company should abandon this strategy on purely ethical grounds. It's just wrong, and there are many better alternatives, which don't risk legal backlashes and turning your business into an industry pariah. At the very least, this idea should be shopped around to several good copyright and intellectual property lawyers, preferrably with experience in software copyright cases, and if possible, cases involving the GPL. Failure to get supporting legal opinions from several sources could easily be considered negligent assumption of risk and could expose management to a nasty shareholder lawsuit if this strategy backfires, not to mention the cost of losing intellectual property investments and reputation in the industry. Depending on the size of your company and its resources, this could even mean the company goes tits-up, or the relevent company division being dissolved. At any rate, a lot of you (including bosses) could lose jobs, and that's really not a good ting.
For instance, you could contact the owner of the code, and discuss purchasing the source tree under a different license. It wouldn't be free, but it still might be a lot cheaper than designing the project from scratch. Or you can do as another poster suggested, analyze the code and rewrite it, following the same basic design. The design engineers can study the source and draw out a design flowchart based on how the program works, which could be filled in with code by the programmers. This would at least keep you out of legal trouble. Alternatively, you could consider working with the GPL'ed project, releasing your modifications under the same license, and angling your business around integration and support contracts for the code, which your company would develop significant expertise in (depending on the type and complexity of the software in question, this may or may not be a good idea).
I'm just curious, but is the GPL actually legal? Can it be termed a legal contract? If a company took some GPLed source code and added it to their product, is there any precident that would force the company to lose a lawsuit brought against them? The GPL is just something someone made up, and no one actually signs, to use the products "protected" by it, so what legal standing does it actually have?
The people at your company seem to think that
"sourcecode" refers to the stuff that gets put
into the compiler. Wrong.
The GPL defines "sourcecode" as the form in which
modifications to the program are usually made.
As you are not working on the obfuscated version,
that version is *NOT* the sourcecode to your
application, at least not according to the GPL,
and so, publishing that version does not make
your company compliant with the GPL.
I always found the definition of the term
"sourcecode" in the GPL very clever, as it
definitely stops any attempt to circumvent the
GPL the way your company does. Believe me, many
people have had this idea before, the reason why
noone does it is because the GPL simply doesn't
fall for this trick.
"We won't use guns, we won't use bombs, we'll use the one thing we've got more of and that's our minds" - Pulp
I would have thought this would have opened a can of worms that your employer would have preferred kept shut - there is nothing preventing you (by that criteria) taking a full copy of their part of the source, re-obfusc-ing it so that it is superficially different from their version, then releasing it as a competing product. given it hasn't cost you any developer wages, you should make a fortune undercutting your employer... its even file-format compatable with theirs ;)
-=DaveHowe=-
I'm guessing your employer intends to release unreadable, modified source code which compiles to a salable binary. The modified source still has to be released for free, meaning anyone can compile it and use the resulting binaries without paying. This does not protect them from a fork in the original GPL code base, and for the same reason it doesn't always pay to take BSD source code and run with it: the BSD folks (just as the GPL folks) can implement the software application you've tried to sell, and their modifications will be readable and subject to improvement by anyone.
The risk is that soon after you start charging for yours, someone else is giving away and equal/better alternative. The more money you charge, the more GPL programmers' employers stand to save by duplicating your effort in a cooperative way (spreading the development cost as thin and wide as the market for such software).
Here's another reason your company's management is screwing the owners: Source written for GPL release is written with readbility in mind. That makes code management easier. If you are in a race, and there is no requirement for the code to be widely readable, it will eventually become spaghetti that must be scrapped. At that point you will have to "borrow" from the competing GPL project again. Admitting that you will have to spend money "following" the GPL code, do you want to try and get as much free code as possible (by promoting volunteer contributions to the code base) or do you want to maximise your own development costs aside from the initial code "import" while you rewrite and reintegrate the proprietary side of the app each time? Free software is more economically efficient. You may save on some of the sunk costs, but you can't avoid the risks of proprietary software.
--- Nothing clever here: move along now...
thanks to the proxy server running freebsd?
Guess there's nothing to prevent them from releasing a distro now - but hey, if they take this iffy legal stance I wonder how much GPL'ed code will end up proprietized.
So they make the changes they need in the open-source code, then before release they obfuscate it, and release it under GPL. So (they claim) the obfuscated source code still meets the GPL license, but is unusable to outsiders. Except maybe it violates the GPL license because the obfuscated code is not the preferred form for editing, and IIRC that's how the GPL defines "source code". This sounds a lot like the story of the soldier who shot himself in the foot to get out of the Army, and was court-martialed for damaging gov't property. And they kept him on the Army rolls until he finished his sentence in Leavenworth.. Whether or not this legal hack holds up in court, it's not a good idea, because:
1) Software maintenance of the obfuscated code would be a nightmare, even using the company's "dictionary" recording the obfuscations. Two other options:
(a) Keep the un-obfuscated code, edit that, and run it through the obfuscater again. But that definitely means what you released wasn't the actual source.
(b) Have a de-obfuscator program that uses the dictionary to reverse all obfuscations. But having that around amounts to an admission that the obfuscated code isn't editable in practice...
2) The downloadable obfuscated code would have to credit the original open-source code. So get one of those software plagiarism detector programs that analyzes for similar structures, and use that to discover the renaming and re-arranging that went into obfuscation. Add a little more code to get an automatic de-obfuscator. And the parts that don't match are the company's "secret" code changes.
If they used the BSD license, they wouldn't release the source. The point of this company's actions are to hide their changes, so why release anything if they don't have to?
What I haven't yet seen discussed is that since they are going to release something, customers would certainly be suspicious of a product licensed under the GPL with source that looks like it was written by a drunk pidgeon. If it were something like a C/C++ compiler that behaves awfully similar to lets say... GCC, I am sure we all would notice and give them some bad press.
The one thing I do feel good about in this situation is that the company is releasing the changes back. For every one company that we hear of messing with the GPL, I am sure there exist 30 more we will never even know about.
It might be gramatical, but it's not germane. I suspect it was intended to obfuscate.
Bruce Perens.
Hi-
You have to decide what the ethical response to your situation is. If you sit around and watch something you know is wrong happen, then you are at fault for not alerting the proper people.
If what they are doing is legal, but you think it is wrong nonetheless (wouldn't be the first time) then let your bosses know you don't agree with the situation and propose a better solution yourself. At least, if nothing else, when the shit hits the fan you can say, "I told you so".
T
Source code is the program 'in the preferred format for making changes'.
Obfuscated source, as you propose to distribute, is NOT the 'preferred format for making changes', because your company sure as hell isn't going to hack the messy obfuscated byte code when they need to update their product.
That mess that you intend to distribute may not be called 'source'. That affects how you may or may not use the GPL with respect to it, and I suspect that you probably won't be allowed to do it at all, no matter what 'incidental works' are involved. Your lawyer friend is only telling you half the story.
I think we owe it to this company to make a concerted effort to understand and use their product since they've spent so much time working on it :-)
As long as it's still compilable, there's no reason that someone couldn't build tools to unobfuscate it (with a bit of human guidance). Since it's GPLed, there's no reason he couldn't publish the result. So really all this cleverness is just a waste of time.
I've done similar things starting with *object modules*, resulting in commented source and a user's manual using nothing but a decent disassembler and my wits. It's more tedious than it is difficult. Having the source, in whatever form, would be a lot easier.
Your company wants to combine GPL'd code with their project and comply with the GPL by distributing your company's (intentionally) obfuscated code.
I'm surprised that many of the other provisions of the GPL don't bother your company. What about the fact that the GPL guarantee's the recipient's right to redistribute the binaries and source code freely. Would your company be willing to sell its code under a license (GPL) that guarantees that your clients can reverse engineer (your obfuscated code), distribute and sell original or modified versions of your programs free of charge?
Should be fairly easy to crack the obfuscator, since you have the plain text. Since it has to compile, I think it would be fairly difficult to write a secure code obfuscator.
One thing I've not seen mentioned, is code linkage. Our company backed away from GPL'd products even to the point of not even including them in the same packaging (tar.gz) as our binary code. Mainly because a case could be made, using the language in the GPL, that could suggest they are part of the same package (keeping in mind, the GPL never specifies what a 'package' is, it could be a tar.gz, a binary, etc), and we could be forced to release our source code.
:)
There is even MORE fear when your talking about code you actually link with your own proprietary code (as opposed to just distributing a GPL'd product with yours in the same tar.gz). This definately could be the basis of a case that could end up forcing your company to release their sourc code. It could be reasonable to suggest that anything linking to GPL'd (again, excluding anything packaged with GPL'd code, including libraries that are dynamically loaded, not linked against) has basically been an extension of that GPL'd code. This would clearly mean that the source code thats is actually modified (not garbled code) would have to be released, by the GPL definition of source code.
Our company would prefer to find public domain versions of code, get our own developers to re-write it, purchase something similar, or contact the author of existing products and try and make a seconady license agreement that use GPL'd code, mainly because the language in the GPL could be used to make a case against someone even packaging GPL'd code with their product, let alone linking with it and creating a binary from it.
I would also like to say, like others here, the GPL says you must release the source code you modify, NOT a garbled version of it. This means, if you make even one character of changes to that GPL'd code, you have to have made it on POST-GARBLED code, if it can be supported that it was made on pre-garbled code, and then the code was garbled specifically for release (even if the byte code was compiled from it, its not the version your modifying to do your changes), then you've violated the GPL.
I'd check to see where your lawyer's law degree was granted
This is just sharing without accreditation.
The person who sent this in needs to step up to the plate. If you feel this is wrong you need to tell your company. Don't stand on the side line and talk the talk but don't walk the walk like so many slashdoters seem to do.
Is this the kind of company you want to work for?
I can think of a few other, better ways, to use GPL code in commercial projects without pressing everyone's ethics button so hard. Better engineering, better PR, less work. Is that so hard? Sounds to me like the lawyer wants to have a few years steady work, and your CEO is too preoccupied with being evil.
- - - Non Caffeine Drink or Drink Error
The company is going to eliminate external contributions related to the company's contributions. This effect can be had without even intending to obfuscate the code. The Mozilla project had a slow start while the originial spegetti code was untangled. Fortantly, the Mozilla project made it through that and Netscape v6.1 is a much better product than Netscape could have ever produced through the traditional method of only providing the source code to those employees that HR seeked out and hired. The Caldera "open" administration project CODA, however, never made it past being very badly documented trash and Caldera as a result ended up discouraging external contributions eventually ended up with a limited customer product called Volution instead of the defacto Linux administration product. At the same time, the much better documented RPM code continues to be the package manager for multiple Linux distributions.
.
.
So, yes, there is cases where open source and even Free Software licenses have been used where the code has been obfuscated enough to discourage contributors. But by *purposily* obfuscating the code, not only does the company further discourage external contribution in an industry where finding labor of the right skill set is hard, but the company also ensures that Internet word of mouth about the company will be similar to that of LinuxOne or NuSphere. This type of bad press tends not to just remain on the Internet either and is hard to fight. Take for example Matrox which merely refused to give the programming specs for their products for a long time. They spent a great deal of time fighting out-dated XFree86 FAQs that made it verbatium into popular publisher's books and still stated that Matrox would never be supported because of Matrox. The company may find that by the time it discovers dissing the spirit of the GPL is not a politically good move that correcting for it will take MUCH more than just no longer obfuscating the code.
Has your company considered looking for a similar BSD licensed project? Even most BSD advocates look down on a company which violates or look-holes the GPL but when it comes to their own code they usually don't mind anyone doing just about anything (leave credit where it is due tho).
Then again, Bruce Perens hasn't had very many targets to "run out of town" yet. It might be fun to see how long another company survives making such a clear attack against:
Linux advocates
GNU/Linux advocates
Free Software advocates
Open Source advocates
Slashdot advocates
So, while the lawyer may have consider several legal aspects of obfuscating GPL modified works, did he really consider that GPL also tend to also be a religion in addition to a license (the word of GNU'ism)? Has the lawyer had much success with marketing an open attack on a religion in the past?
The GPL states that the code distributed must be in the preferred form used for modifications.
/* 3egyh23uh */ and the IDE looks this up from a hash table or something and displays some true comment...
OK, lets comply with that but still obfuscate it. Rather than obfuscating the code as a compiler style pass prior to compilation, build the obfuscation into a custom IDE. That way coder's on screen will see in their IDE a valid and easy to understand version of the code but all versions of code written to the disc at any stage is fully obfuscated.
Ie when the IDE sees what it identifies as a variable called adfg it displays on screen money_value however this is just a function of the idea, the true code is always adfg at all times. Even comments could be obfuscated such as the actual code having a comment of
Not that I condone these actions but there's always a dodge for all legal statements, now you're only left with "spirit of the law" type arguments.
Welcome to the real world. And what about countries that aren't bound by US law? If you can buy pirated copies of first run movies on the streets of just about any country in Asia what makes you think they give a damn about your untested GPL license? And what happens when they use this code in embedded devices so you can't even see it? Talk about giving everything away for free. You all run around screaming how stupid someone is if their system is unsecure but then give all your work away for free! That's like the bank paying millions for a secure vault to keep the money in, but then giving the whole business away to someone for free. Your assets are secure. They just aren't YOUR assets anymore.
Go to a public library. Logon to the internet terminal found in most public libraries. Create a Hotmail or Yahoo Mail account. Use that account to E-Mail the FSF with your company's name, the project's name, and as many details about the project as you can without personally identifying yourself.
Then, later, you can sleep like a baby, knowing you did the right thing.
The next Slashdot story will be ready soon, but subscribers can beat the rush and slashdot the links early!
If that's a troll it's a stupid one. Try harder.
If everybody grassed every bit of GPL source being used silently in a commerical product, the courts would be stuffed. But nobody does because our jobs are more important than our ethics.
The advertising clause was removed from the BSD license three years ago. If you want to use the license you should use this template.
Besides, if you happen on a file with the old license that is copyrighted to the University of California, the advertising clause is null and void.
The Drowned and the Saved - Primo Levi
HTH
-- the most controversial site on the Web
This is the third time I have mailed you. You are taking a long time to wake up to this problem.
I first mailed about a GPL violation with my company (under ND, so cannot discose - details follow). We then had hte PowerVR issue, where htey did not release source. And then we had hte FSFs comment on RTLinux (http://www.gnu.org/press/2001-09-14-RTLinux.html
So, there are three issues. RTLinux & patent, PowerVR not releasing source, and the linux binary driver GPL loophole described below. The primary copyright hoder, torvalds, is doing nothing about any of them. This is NOT what the linux community wants.
Speaking of GPL violations, I found a pretty flagrant one at work a few weeks ago...
Microtest (now XStore [xstoreonline.com]) put together a mess of GPL software - a modified Linux kernel 2.0.27, Samba 1.9.x, Apache, the MARS_NWE netware emulator, and GNU C libraries (libc5), among others, stuffed them on a flash chip in a drive-bay-size embedded 486-based computer, and sells it as their "DiscZerver [xstoreonline.com]" product line. Nothing wrong with the method, but there's plenty wrong in their implementation.
Previous 'Ask Slashdot':
We have some problems in the linux world. First, we jave the issues of RTLinux and their patent, wiht FSF commenting on it recently: http://www.gnu.org/press/2001-09-14-RTLinux.html)
Then we have PowerVR where they are not releasing the source (also a recent slashdot post).
And now, we have a loophole allowing these people to get away with it. There is a company already explooiting this loophole. Read on:
I work in the embedded hardware field. Today we received some hardware from a manafacturer, who uses linux to run on their hardware.
In the past I was given all source code to their product, as they are obliged to, given that their code is derived from the linux kernel itself.
However, today I was told that they will no longer be distributing their source,
since they have managed to incorporate all of them into a loadable kernel module (which they are referring
to as a "binary only runtime loadable driver". Apparently linus torvalds has recently said that binary
drivers can be
distributed in binary only form. From my knowledge of the previous source this company released, they have gone to considerable effort to move all of
their code into this "binary driver". It is not so much a binary driver, as a real time linux system hacked into a driver. I suspect they intercept certain system
calls to achieve this - I am in the process of checking the binary to find out.
I am under an NDA so cannot disclose more information, nor my name.
But is this against the GPL? I think it is, and given that my name exists in the linux kernel too, I am upset and would like
to do something about this - but apparently only Torvalds has the right to sue them - is that true?
(But he won't, since he has said binary only drivers are OK).
And where exactly do we draw the line between a derived linux kernel and the same thing implemented as a loadable
module?
"Making linux GPL was the best thing I ever did" - Torvalds. I'd hate to see the worst thing...
And that's the fault of the Windows OS?
Get a clue. It's the application that determines the sharing mode of the file when it opens it.
Though it would be nice to find a way to
prevent the company from doing this, I wouldn't
worry too much. The kind of obfuscations you
mention can probably by reversed by some
pattern matching code that "aligns" the original
GPL'd and the obfuscated code, much the way
current cheating-detection code can detect student
software submissions that have carried out similar obfuscations. It would serve the
company right to discover that their cleverly
obfuscated code had been de-obfuscated and all
their important changes revealed to the world.
The fact that they mod the code AFTER their own hacks are finished with it indicates in a rather matter of fact manner that the released code is not the "preferred form", nor is it easily reconstructible as in 'tar -xzf foo.tgz'.
In order to get away with this, they'd have to demonstrate that the released code is what their own grunts have actually been using while making their mods, at least. If not, it is obviously not the "preferred form".
Good judgement comes from experience, and experience comes from bad judgement.
- W. Wriston, former Citibank CEO
Why you don't buy that GPL:ed code from it's author, at whatever-license-you-want. Then you can use it as you wish, and you are safe. Both wins that way.
I surely agree that obfuscated code cant count as source code.
Here's the catches as I see em.
1) Will anyone ever bring this to court? Our Anonymous poster would have to blow the whistle first, otherwise we might never know WHOSE code is being stolen, and therefore no one would ever be able to sue. If this were being done by a 15 year old kid it would be called piracy, hacking, code jacking and worse.
2)Once in court can the company show that it modifies this obfuscated version of the code and not the other one? Remember, this would be decided by a jury (we try civil cases by jury in the states, I think this is US law we're discussing). To my way of thinking this is still like taking _Neuromancer_ , changing the names, and calling it your own. A US jury was capable of being conused by the math in the DNA evidence in the OJ Simpson case, they might be confused by the isues involved here too, simply because of terms like compiler, source code, object code, machine code, GPL, GNU, computer, and copyright.
*Sigh*
It does seem that obfuscation violates the GPL. But for it to stick someone has to bring a suit, prove that obfuscation is being practiced, and convince a Judge/and or Jury of that.
Anonymous, I hope you can contact the author of the original code so they have a chance.
IANAL, but
If you find this distasteful, make sure you keep copies (hard copies) of all internal emails and documents pertaining to this issue.
That will probably protect you and make the case a slam dunk if it ever goes to trial.
Send your boss an email objecting to the shaky legal ground and save his response where he asks you to go ahead with it. If you get fired for making noise look into the whistleblowers statutes.
Chuck
We know who you are Mr Gates. Posting this anonymously. Shame on you.
Ok, so they obfuscate the code by changing names around to gibberish, or in other words they're trying to impose a crude encryption on the code and then release it.
function blah();
gets transmuted into
function xglw()
and so forth, or so I assume. Even if you did bother to obfuscate all the brackets and other syntactical sugar, it would take simple cryptanalysis to bring the code back to readable status. How hard is it going to be to figure out that function xglw does certain things after you see it called from various places?
Your lawyer and your boss are idiots for the same reason various classmates were idiots back in college for trying to hand in other peoples' code with simple substitution performed on function and variable names. It's going to be a shock to your bosses when they find out they can't pull the same shit on the rest of the world that they did on their college professors.
----- The dumber people think you are, the more surprised they will be when you kill them.
Doing this would be a sure-fire way to royally anger every sane-minded person out there. No legal action possible, of course, but a lot of ill-will, screams, flames and gnashing of teeth, especially if said GPL'd code includes volunteer work (which you seem to imply). Boycott of the company's product seems a logical conclusion.
The company is out to sell this code. What are the chances that their target market is the same set (or even an overlapping set) of the group that would hypothetically boycott the software? That is, if the company in question is expecting to resell this to businesses, just how many of their potential clients do you see saying "Oh my gosh...they violated the spirit of the GPL! Let's boycott!"?
From my POV, I don't see that happening. Even within the open source community, were this offered for sale as an end-user product, I doubt a boycott would make much of a difference since most of us are cheap (as in, free beer). I'm guessing here, but I think the idea of a boycott, as nice as it might be, is simply unworkable in this case. Maybe the original annonymous poster could clear things up a little?
What is your Slash Rating?
Ever notice how you have to install Netscape for Galeon to work?
There's an ethical workaround here that gets everybody what they want quite simply.
Modularize the interface to the GPL code. GPL release this module: your company has just contributed to the community, and that is a good thing.
Release your product commercially, and "bundle" with the GPL module and all appropriate GPL documentation. Make sure that during the installation process the separation of liscence is clear.
Your company's proprietary code is Copyrightable, the GPL code stays GPL, Everyone is happy.
This comment is fully compliant with RFC 527.
Yes it is, unless they only add and change features to the app by changing the obfuscated code itself.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
If they compile for commerical uses, then it is quite possible that they could sue for violating "THEIR" products. It's quite possible they would have a legal case because the code wouldn't be the orignal. The fact that the program came before them may be overlooked in their favor, Shudders slightly. The implications are horrendous. Could you imagine Microsoft taking away linux and sueing every Open Source project on the planet for violating their code by reverse engineering? I know, I know, Stuff of horror movies, But the implications are there......
IANAL, but who is going to sue? The blunt answer with patents (and copyrights) is that without someone to actively defend the patent in court, the patent is effectively meaningless. The GPL is a contract, and so is even more dependent on legal enforcement. If no-one will sue for damages, what is there to lose? Bad karma?
It is very likely that the lawyer's advice is based on the following idea: obfuscate the code enough that it is not easily identified. If someone sues us, we will make sure it costs more than its worth to sue -- this is risk management and has little to do with strict legality. Sad but true, this happens all the time -- business is about risk & cost management, not ethics or fairness.
That said, if the company's name 'leaked' to the media and they became known as the thieves they are, I wouldn't be that upset. :)
There doesn't seem to be anything in the GPL regarding keeping the original copyright notices in the source. Can I take GPL'd source, strip out the copyright statements, and redistribute it?
1) this program that is to be sold may suck so bad, who cares?
2) if 30% of the 'crypt' is in plaintext somewhere else, that is a cryptographers dream
2a) decoding it back to clear text will be freshman-level crypto class material
2b) someone will do it for fun
3) Tell the company to just go and get some BSD code and then do what they want.
If this is against the 'spirit' of the GPL, I'm sure visions of RMS will haunt their dreams.
Moreover I seem to recall hearing that once the GPL has been violated, only the author can reinstate the violator's right to modify and distribute the code. If I were the author of the software package in question, I'd tell the company to get bent after winning the lawsuit. If you make me sue you, I'm sure as hell not going to let you benefit from my work anymore.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
I am not a lawyer... but I would suggest that you contact the lawyer for the FSF. I do not remember his name off the top of my head. You could always get an (mostly-)anonymous email account with yahoo or msn and email him from there.
good luck,
scott
Scott
janitor
sdn website family
email: scott at sboss dot net
Since that's his preferred form of modifying the source and adds a great deal of speed to the application, it's fine.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
If the product is released under the GPL, then anyone can redistribute the compiled code. Depending on the nature of the product, that could be a disaster for your company.
Softwarthat is primarily developed in Assembler is fully commented with meaningful variable and macro names. The output of a disassembler requires a boatload of analysis before it can even approach the usefulness of the "preferred form" of assembler.
The company that the article author works for had better hope that the source they intend to munge isn't owned by the FSF or a corporation with some money for lawyers like TrollTech. As Bruce Perens pointed out, Eben Moglen would love to run their..ahem! er..market penetration device through a pickle slicer.
The goal of the GPL is that the work of the community can't be *stolen* for private business. It promotes a fair way of increasing global computer skills and knowledge through the forced sharing of source code (the preferred form for human beings).If you integrate GPL source code in your software, then your software is GPL as soon as you decide to distribute it : that's the deal ! ;-) :-)
If the company's project is to be sold, therefore distributed, along with GPL material in it then the entire source of the project is GPL... any smart customer will handle back the source code to the GPL community. If the business plan of the company is about selling thousands of expensive licenses, they'll have troubles to sell more than one I bet...
The problem with obfuscating an existing source code has only to do with authorship if the original license remains unchanged... but who
cares about the author as long as the source code is useful and available ?
Of course, on the other hand, if they change the licensing terms, I'm sure the FSF will be glad to unleash an army of lawyers to torn that unlawful company to pieces, and burn their houses, kill their dogs, their familly, their friends...
Anarchy is about taking complete responsibility for yourself. - Alan Moore
It seems to me that the process of obfuscating the source code (as described by the original poster) and releasing only that violates the language in the GPL that defines "source code" as "the preferred form of the work for
making modifications to it" (section 3). What this company is offering is not the "source code", and distributing a work derived from GPL code without making the source code (as defined by the GPL) available. As I read the GPL, the distribution of an executable which contains GPL code not owned by the distributor along with an offer to make available obfuscated source violates the GPL.
I'm seeing lots of people attacking the idea of them obfuscating GPL'd source code that they have gotten form somewhere else and used. That is irrelevant - the original GPL source is still available from whereever the company picked it up.
The key issue is what it means if they obfuscate the additions and modifications that they applied to the original GPL source code to create their own product. They could do that while leaving the original GPL code unchanged. (The argument about preferred form for editting seems to show that this is not allowed.)
A consultant would have a much harder time if he was called in to a site that used "his" code only to find it's been obfuscated. He wouldn't be able to do his job and he wrote the code so he could do his job. A good lawyer could probably make a case for that being "injury" in the legal sense of the word.
The "preferred form" part of the GPL has often cited by now. Not only is his company morally wrong, it is very probably legally wrong as well.
Look, there IS another option.
Without knowing the details of what GPLe'd application is involved, it's hard to give good advise, but you may be able to talk to the authors of the code to re-issue the code under an additional license. Maybe the authors would be willing to release the code under the BSD, LGPL, apache, or other license in exchange for a few bucks...
Of course if this is really old GPL with hundreds of authors this becomes difficult. You would need approval from all the contributers.
You can do a black box re-implementation of something, IIRC, but the guy who reads the original code can not code it. He has to write a document explaining how the code works in English. Then a programming team takes his document and implements the API per his documentaton. Which 9 times out of 10 will be more of a pain in the ass than just writing code that provides similar functionality from scratch.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
First of all, IAAL. Second, the GPL's definitional distinction between source and object/executable form relies on two key terms that cannot be objectively measured: "preferred" and "normally". I defy you to provide me with objective metrics for measuring what is "normally distributed...with the major components...of the operating system on which the executable runs." Equally imnpossible is a definitive response to the question "what is the preferred form of the work for making modifications to it?"
In order to impart meaning to the GPL distinction between source vs. object/executable, one must go on a fact-finding parade to measure industry practice, and other wishy-washy standards. In the context of a dispute over a GPL'd bit of code, you can be damn sure that the GPL will collapse under the weight of this fact-finding process, and that the party with more patience and money will win that battle.
There are some things that lawyers understand better than geeks, believe it or not. We are (generally) excellent at spotting weakness in prospective arguments. In the case of the GPL, there are drafting holes big enough to drive a Trident submarine through. I've said it before, and I'll say it again: the GPL won't hold water in a dispute. The reason no one has given you any precedent (as per your request) is that the GPL has not been truly tested in court. Since the GPL eschews the lessons that lawyers have learned about drafting in the past (largely in order to score points with geeks by being colloquial in manner and sounding un-lawerly), it cripples itself with imprecision and ambiguities. The weakness in its core definition of source vs. object/executable is merely one of many fatal flaws in the document. To be perfectly frank, the GPL is a POS contract and I would arguably be liable for malpractice if I advised a client to use it for reason other than their unbending adherence to open source dogma.
In conclusion, you are likely to see many companies "abusing" the GPL. Rather than use the loaded term "abusing", I would prefer to characterize this behavior as "exploiting" the unsophisticated and niave drafting of the GPL's language.
Since I said "IAAL", I must also say that the above does not represent a formal legal opinion, that I do not represent you (the reader) as your lawyer, and that you should not treat this message as my legal advice to you. Laugh all you want -- I'm just sticking to my ethical directives, kids.
I'm not a lawyer, so don't use this as legal advice. Instead, you (the author of this slashdot article) may want to show it to your company's lawyer and suggest that he track this down.
According to this link, there is a case called "Whelan" that established that duplicating the detailed structure of a program was copying of expression rather than ideas, and therefore copyright infringement.
Also, I remember reading a very good article about ten years ago by law professor Pamela Samuelson, I think in Communications of the ACM or some other ACM publication, that talked about this decision and mentioned "detailed structure and flow", which would make the case for infringement even stronger.
Finally, I recall reading somewhere, perhaps in that same article, that there is some common law rule that the standard of similarity by which copyright infringement should be determined is supposed to correspond to how much access the alleged infringer had to the original work. In other words, if the alleged infringer had easy access to the original work (e.g., had carefully read the original GPL'ed source), then the standard for proving infringement is supposed to be easier.
Again, I'm just a layman. Don't use this as real legal advice.
Quote from the GPL: "The source code for a work means the preferred form of the work for making modifications to it". This is not the preferred form, as your engineers didnt work with the obfuscated version, they worked with the original one. This is no different from distributing a binary or asm dump. And I sure hope that Konq didnt just post an empty comment with that title...
If you modify code under GPL it remains under GPL even if that includes adding a large amount of code or simply changing all of the function and variable names.
The only reason for changing all of the function and variable names that I can think of is in an attempt to hide the codes origin. It seems despicable to me. If your company gets caught, this tactic will not protect them from a GPL violation. It will only prove that they knew what they were doing was wrong and tried to hide it.
The race isn't always to the swift... but that's the way to bet!
I really can't see what your company stands to gain from all of this. Putting the obfuscated gobbledegook under GPL has no advantage for them, given that the whole idea of obfuscating it was to get away from the GPL.
Even if the do GPL the obfuscated code, they won't be getting ALL the benefits of the GPL since they won't have hundreds of eyes checking the code for bugs for free - there'll only be company employees doing it.
To top this, the obfuscated code will be an absolute bitch to debug (there are always bugs that crop up post release) and upgrade. The only way to overcome this would be to keep a copy of the un-obfuscated code, write and test all updates to the unobfuscated code until you are happy with it. Re-obfuscate the code and recompile it. Send it to the customer for beta testing. Get their feedback. Etc. Etc.
Any errors that crop up during the obfuscation process are going to be an absolute bitch. If the code is as complicated as you say - it will not be an easy job to find what part of the obfuscation is going wrong. And even then you still might not realise that it is an obfuscation error.
Staff will need to be carefully controlled to make sure that all changes are made to the unobfuscated code, because changes to the obfuscated code will be lost next time obfuscation occurs.
Good staff relations will be an absolute essential because it only takes one disgruntled employee to blow the whistle. A quiet word to the original author and a note to the FSF could be all that is needed for an expensive and embarrasing public fiasco.
All in all, I think that your company may just be better off contacting the ex-student and offering him a fee for the right to use his code commercially. You won't be able to buy exclusive rights to his code - it's already under GPL - and that should reduce the price. I'm sure that whoever it is will be more than happy to grant your company a licence to use the code commercially in return for a couple of sheckles. I don't know how much the code is worth to your company, but a cheque for £1000 or so would be a nice windfall if it were being offered for permission to use an old college project of mine. Even a couple of hundred would be nice.
Brian M.
If a lawyer claims that it's safe to ignore the GPL, always ask him if he has reviewed the national copyright laws of every country your company does buisness with.
;-)
E.g. if you copy code from the Linux-kernel and you sell copies of your product to Germany, Suse might sue you in Germany. Or Conectiva might sue you in Brasil.
I really don't want to be the messanger that informs the CEO that he must cancel his trip to Rio due to an arrest warrent
i.e. I can modify the Linux kernel all I want, and I am under no obligation to provide anyone with my source code changes until and unless I distribute that changed kernel to another party. The moment of distribution is when the GPL kicks in, and requires me to make source available.
All movements for social change begin as missions, evolve into businesses, and end up as rackets.
I'm not an expert with legalese, but:
First arent all the copyright notices inside comments ?
Removing comments with the copyright notices would immediately violate T&C section 1. (while indicating acceptance of the whole document as per section 5), but then you aren't allowed to remove the comments. The obfusciation is seemingly permitted so long as the copyright comments still remain along with additional comments documenting the changes as required by section 2.
The obfusciation is seemingly a process of derivation, that is you start with GPL product and do some M-x replace-string's... This derivation process means that the "proprietary intellectual property" is still GPL'ed...
The GPL does NOT apply to sections not derived from GPL code, but only when they are published apart from the GPL portion. when the whole package is published it is still GPL'ed by inclusion of the GPL code (does anyone remember the Nvidia driver issues?)
Also according to section 5 the fact that you edited the GPL code at all indicates acceptance of GPL terms and conditions. Failure to accept prohibits you from making modifications (such as the string search and replace described)
The whole process seems expressly in violation of section 4, but i am no expert...
What I fail to see is how anyone can avoid GPL except by producing clean-room-code. I seem to recall Nvidia having this problem with their drivers a while back.
As an aside, isnt "chicken noodle soup" less than 30% chicken by volume? (but it is still considered a chicken product.) Your company's project might be 30% GPL code that was heavily edited (IMHO the only real weakness in the GPL is no "real" definition of "derived", however the common meanings of derive include "to trace the deveolpment of", which has been done...)
A couple of questions: Is it possible to write a perl/awk/sed script (or otherwise algorithmically describe the obfusciation? (since global replaces are used i would dare way yes...) If this is true then an argument can certainly be made that the work was "translated" from "ANSI c++" to "ANSI c++" (hasnt anyone done english-to-english translation between say a lawyer and an engineer? or perhaps heard of such things?). This translated copy would seemingly be covered by section 0 and all other sections (as incorporated into the defitition of modification)
just a few cents worth
-j.
This *sad* approach to open source software may not violate the letter of the law when it comes to the GPL, but it certainly violates the spirit of the GPL. At the core of the GPL is freedom to read the source code and make changes you see fit, to make the software do what YOU need it to. Redistributing source code that is purposefully hard to use and or modify is in direct contradiction to this. Things like this really bother me, and I'm afraid we'll only see more of it as mainstream businesses take a look at OSS. Companies want to cut costs... I'm sure this company can't be the only one eyeing OSS, and saying to themselves 'how can we use this, but not have to give back'. Companies like this take advantage of the good faith of the open source developers who have spend countless hours providing the world with stable, free code that we can in turn use or improve. I doubt any of these developers thought they were going to be helping this company create proprietary code stolen from their own. Perhaps it's time for a GPL revision that can address this issue. This exploitation is only going to get worse as time goes on...
Garbled source code is no longer what the GPL defines as "source code": The GPL defines source code as the form preferred for making changes. A pseudo-source isn't that.
Claus
The lawyer was completely correct in his statement, and I do it myself.
What his lawyer said is if you take, Visual Age for Java, or Visual Cafe, Student editions, which prohibit profit off of programs made with them, and create, compile, and test some software to perfection. Then instead of compiling with those student editions for release, you simply compile with the free JDK, then you have a work which you can legally sell.
so use the student compiler during development, and switch to the free unrestricted compiler for publishing.
The statement from his lawyer had nothing to do with the GPL, so how did he make this leap??
IANAL but the GPL says in Section 3:
"The source code for a work means the preferred form of the work for making modifications to it."
So obviously the obfuscated stuff isn't the source because your company will not use it to make modifications to the program, will they?
If the GPL is a POS contract (I couldn't argue one way or another), what other "open-source compatible" licenses exist that would better protect an author's wishes to keep his code in the community, prohibit the said code from being incorporated into a privately controlled, profit-seeking venture against said author's wishes, AND stand up in court?
I'm not asking you for formal legal advice, just your opinion as a lawyer. Are there any open-source licenses you COULDN'T drive a truck through? (much less a Trident...)
I think that this is a distinction that is much easier to make than the previous one you mentioned. All you have to do is to go to the computers where the people are actually writing the code and see what form of the program they are modifying. If they're working on the code in a format different from what is distributed, it's an easy case that the form that's being distributed isn't the preferred form for making modifications. That's especially true if you can find:
You're correct that this is not an open and shut thing, but it's not an intractable one, either. Most people have fairly sensitive BS detectors, and they're going to be able to tell that code that's been deliberately messed with to make modification more difficult is not in the preferred format for making modifications. All you have to do is show that a deliberate attempt has been made to obfuscate with the code and you're set.
There's no point in questioning authority if you aren't going to listen to the answers.
I assume that your company is planning on maintaining this codebase over time; if so, they will need to keep a human-readable copy around. This is the copy that the GPL requires you to make available to the public: "The source code for a work means the preferred form of the work for making modifications to it."
I suggest you find a way to keep your code from linking against the GPL'd code. You can still distribute them together, but your proprietary code can't be a derivative of the GPL'd code without making available (at no cost) the entire "preferred form of the work for making modifications to it."
Without knowing more about your project, I don't know what the best solution would be. Perhaps you could write a socket interface for the GPL'd code, which would have to be GPL'd. If you're lucky, maybe the original developers of the GPL'd code would accept that as a contribution and incorporate it into their project. Otherwise, you could fork the GPL'd project and make the human-readable source available for download from your company's systems. Then your product could use the socket interface and your company can use whatever license it likes for the 'much more lucrative' code.
include $sig;
1;
Unfortunately, it seems to me that there's a way to circumvent the "preferred form"...
You could make the gobbledygook to be your preferred source, by creating a completely proprietary, non-GPL development environment, which provides a mapping from gobbledygook to human readable code.
In this case, your "source" is the gobbledygook, and you just happen to use a weird IDE...
Nonetheless, it's immoral... but possibly not illegal.
oh well. I think you can figure it out.
Can you suggest or provide a more legally palatable alternative?
I forget what 8 was for.
I good corporate lawyer sizes up a situation
by evaluating risks... IN this case the laywer
probably feels:
He can defend the tactic (after study of
the GPL)
or
The "party" that might be offended
has limited resources to attack and the feds
won't see the behavior as a violation of
any business codes
Of course, it's really bad PR and hence puts your
company in a major bad light and marketing should
reject the idea ASAP. You can't buy such negative press in the technical space:
"Company finds way to close "open" for a profit"
A day without slashdot is like a day without stimulants... good for you but hard to take "cold turkey"
You should suggest to your company that instead of releasing the whole source code, they only release an obfuscated patch to the source code. As long as the patch does not contain any of the original work, it is not a derivitive work, and you will not be breaking the GPL.
The attempt to make it hard to impossible to read is basically a simplified form of encryption. Since they are just attempting to encrypt the source code for the express purpose of trying to hide it they code easily be busted for a copyright voilation.
You can add another case to this.
Just call a company employee, ask him which
particular module he works on then show him
the source and ask whether he can determine
where his particular code is. I can tell you
if the people obfuscated it enough the guy
won't be able to recognize his own code. And
if he does by some chance he will not be able
to answer any further questions on it.
-anand
A lot of people here are having trouble seeing what "preferred form" means. That is partly because the GPL never spells it out.
So I suggest to the maintainers of the GPL, the FSF I believe, the slight addition of:
Addendum. Terminology Definitions:
"preferred form for modifications": If a party modifies the product source code and releases their modified form, the "preferred form" is <insert ironclad legal definition of "the code that you hand modify in an editor when making changes, plus any tools that are required to transform the changes into the released product".>
That last part is key. IBM released the jikes compiler along with the parser that was generated by their proprietary parser-generator. So in a great gesture of openness, they released the parser-generator.
As usual, this "problem" can be solved by actually reading the damn GPL:
Obfuscated code does not qualify as the "preferred" form; you can't give one version away and hold an unobfuscated version for your own use. This is a clear GPL violation.
Tom Swiss | the infamous tms | my blog
You cannot wash away blood with blood
What benefit does a company accrue to taking someone's work, obfuscating(sp) it and then re-releasing it under GPL as one's own? Unless they are not actually intending to release as GPL..
Well, assuming what you say is correct, the benefits are few... The chances of getting caught are moderate, but if you or one of your staff is laid off/fired/quits then the word will get out and make its way to the original authors.
Nobody needs to "squeal" either. Say I write a lot of code for GPL's project X and this company comes out with product X' which is almost the same, but better. Their code is extremely obscure as well...
I might out of curiosity, run one of those web-based code checking tools. These are designed to find cheating students and do not require similar variable names, etc.
If caught the costs would be painfully high. I think most software companies would rather face a ravenous pack of lawyers than face the savage hordes of a jilted Open Source community. Every day operations would become difficult due to clogged email/phone lines, not to mention that your good corporate name would be mud.
The B/C analysis is vastly in favour of crediting the original authors. I think your managers and your lawyers are playing dice with your company's future. If I was a share holder (let alone an OS geek or an employee like yourself) I'd be quite pissed.
Good luck!
-b
Obfuscation is a transformation, same as compilation.
The original source is the source that must be released.
This is not legal advice. You need some.
The GPL is an EULA.
The GPL is not an end user licensing agreement because end users don't need to worry about it. Only non-end users (those who plan to redistribute) need to accept it.
Read the section of the GPL that mentions "preferred form of the work for making modifications to it". Deliberate obfuscation of the code with the intent of making it useless for the purposes of modification could easily be construed as an attempt to violate this part of the license, and I'm sure the FSF, after recent court decisions, would be happy to discuss the point before a judge.
> 2) If folks know from which original obfuscated
code the GPL derives, it may be possible to
write some program that separates it from the
new code and then the new (but obfuscated) code
can be examined and possibly cleaned up, then voila new GPL code.
Only about 30% or so of this codebase is from that original GPL'ed code; even if the original source for that 30% is found, that leaves A Lot of obfuscated source to clean up before you'd have a usable codebase of the Entire project.
A. Nomminous:
IANAL, but I do a lot of contract negotiation. No doubt you'll hear from Bradley Kuhn.
Is it legal? IMHO, Yes.
However, that begs the question: what does your company gain from this? Yes, they will release a product under the GPL where others cannot meaningfully read their code(*). How is this advantageous? It will certainly lead to bad press for your company, on Slashdot and elsewhere, and thus hurt sales/PR. It will not prevent others from copying and compiling your source code, as-is, for free, and does not therefore enhance revenue.
Either there's something you're not telling us, or this is a hypothetical situation that you are making up and not a real company.
(* = eventually, someone would crack and release a program to reverse the search-and-replace operation to obfuscate your code. After all, it's easier than reverse-engineering bytecode)
-Josh
From Section 3 of the GPL:
"The source code for a work means the preferred form of the work for making modifications to it."
Obfuscated code is clearly not the preferred form for making modifications. Hence this is clearly a violation of the GPL, and your company will probably be invited to argue their case in court.
I didn't know that Lionel Hutz took computer cases...
This sounds incredibly shady. If my boss came up to me and said "Jay, we need you to take this code from our competitors, change the variable names, and recompile it", I'd be pretty scared about it, along with any other legal decisions the company made.
=-Jippy
"The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable."
It specifically mentions the compile and install scripts. So it's the plain interpretation, not a strict interpretation, that leads to the conclusion that one must include the project files, etc. You need to distribute whatever is needed to transform the source -- in the form that *you* the developer normally use to modify it -- into the object files you distribute.
Note, I don't think that there's anything wrong with this or controversial at all. How useful would GCC be to you without all of the Makefiles? Not very.
If you actually care about the issue, hire your own lawyer right now. Note: "your own" lawyer means a lawyer that you pay from your pocket, not some company department or company program.
I would also recommend that you make your own paper copies of all the internal documentation that you can find regarding this decision process. It would be useful, at a future date, if the copyright owners whose rights are being violated can find these papers through the discovery process. Talk to your lawyer about a good way to do this.
First: The lawery of you firm are scum (ddddhaaaa).
Second: If this happens you can cont me in for the RI team that will turn the ofced souce back to the real form. The DCMA dosn't apply where I live (and if we ever get such stupid law i will move)
Third: Allso if your product is GPL you can still make mony from it (belive me). Theres no need to make a big PR of the GLP, just put it in your licence which nobody ever reads and put somewhere that the source code is avalible at and thats all (we sold over 4000 copis of our program and got only one request for the source code)
the overall point is that once the end product is GPL'd, it won't take long for someone in the bazaar to figure out a meaning for "asdfgh", and do a s/asdfgh/meaningfulName/g through the whole thing.
Well, many people have already piped in with the "preferred form" clause forbidding obfuscated code, but if this were not the case, I don't think you would need total obfuscation to be able to abuse the GPL.
If you re-obfuscate your code with every new release, and release often enough that everyone else spends all their time just de-obfuscating, then nobody will even bother trying any more.
Of course, once one release is de-obfuscated, someone could fork it and roll their own release, but merging the crooked company's changes into their version would be a major pain in the ass. It would still amount to the company having a choke-hold on their branch of the code.
Like I said though, it seems (fortunately) that the GPL already forbids this.
Accountability on the heads of the powerful.
Power in the hands of the accountable.
Fellow commander Thargoid hunter!
Highest propz to ya dude!
Microsoft!
Come on, tell me I'm wrong! Only Microsoft would be so evil/sneaky/mean !
"What thou shalt not, I shalt did!" -Bart Simpson
I find this to be a fascinating topic for this message board. The opinions seem to be overwhelmingly against this practice. In essence, taking GPL code and cosmetically changing it, is viewed as stealing and against the licensing terms, according to most of the posters here.
However, the overwhelming majority of posters on topics that deal with the RIAA are totally opposed to their position (me included). But I think it is interesting to point out that ripping an mp3 from an original CD is essentially a cosmetic change of something that is fundamentally the same, obtained for free. Isn't this a bit of a double standard? As much as we do not like the RIAA, this is a very similar situation.
It seems the only thing truly consistent here is that the sentiment overwhelmingly falls onto the side of the opposition of corporations and where the big money lies, which is not a valid reason for anything...it seems packed with envy to me.
anyway, fascinating story and posts...
cabodog77
"It's such a fine line between clever and stupid." -- David St. Hubbins, Spinal Tap
Obfuscated source is *STILL* *SOURCE* *CODE*.
l _offices_and_soforth_verily_verily_verily_yea, and neither does anyone else (And they appreciate it!).
For my work in classes, before I give a section of code to someone to learn from (IE, attempt to copy), it's obfuscated to hell. And it's written that way from the start. Obfuscation is *THE* single most powerful tool a programmer has to eliminate the least common denominator - the hoser who went to school and got a degree because 'der be sum gud money in compootrs!!!'
Obfuscation is good. Repeat after me, obfuscation is good. If you must spend an hour figuring out what code does, chances are, you'll know exactly what that code does, inside and out. Oh, it's written in those neat little conventions? Why then, you can tell what it does at a glance!
Or so you think, and then your product ships with bugs, half a million users fail to utilize the patch you've hastily provided after the fact, and countless servers are clogged and taken out by the resulting spewage of crap that happens.
For work? I do the same. Oh, granted, there are conventions I have to follow then, but I'm lucky enough to not have the boss from hell. I don't need to type out unsigned_long_integer_that_holds_the_total_for_al
Other programmers can figure out what toff is by looking at the code. Well, the good ones. We tend to chuckle at the ones who can't figure out what data type a variable is without those annoying little prefixes.
IANAL so this is only from my observation:
Several posters have pointed out that obfuscation is a violation of GPL, or at least the spirit of the GPL.
Unfortunately, until your company actually releases a product based on obfuscated GPL code (commits a violation), you can't take legal action in the courts; you can only get a GPL-friendly lawyer to send nasty cease-and-desist letters.
In other words, you can't stop it until it's too late. And if you do sue, the copyright holder (the creator of the GPL code which was borrowed) will probably have to be named as a plaintiff, as the violation was commited against HIS copyright, or possibly the FSF as a plaintiff's representative yadda yadda yadda. YOU probably will not be able to file suit as a plaintiff directly, unless somehow you can do it as a representative of the party claiming loss.
If you do nothing else, inform the writer(s) of the original code of your company's intentions.
Give me my freedom, and I'll take care of my own security, thank you.
Why would someone want to do such a thing?
First off, given an idea of which GPL'd code such a project is based on, one could re-substitute function and variable names, and then determine what changes had been made and why, so your code isn't secure from reverse-engineering.
Secondly, one of the reasons for the GPL is for people to be able to fix bugs and share those patches. By making it difficult for coders to parse the program, you're removing that capability.
So basically, you're losing the GPL's advantages, and keeping its disadvantages.
On more than one occasion I have written to authors of GPL code, stating outright that I am willing to pay for their code under a different license, only to be *given* written permission to use the code in a proprietary fashion.
"Hello, World", 17 errors, 31 warnings
IANAL, but I think this is the answer, although it has not been interpreted in the right way in the previous posts:
If we interpret "the preferred form of the work for making modifications" as "the form the company uses for making modifications" then the company has only two choices after the first release of the software:
I have a feeling it should be possible to get them with this...
If the project you want to rip off is owned by a particular developer or firm, why not approach them and see if they'd be willing to cut you a non-GPL'ed license to use the material in your project?
You know, the way good capitalists do it?
- jon
Ganymede, a GPL'ed metadirectory for UNIX
That is the way the world would work if it were logical. But alas our system of laws is often not.
Just because A = B and C = D. Doesn't mean that B + D = F. The judge just might look at whether there is a copyright protection mechanism in place. If so and if it is being circumvented, the judge might rule that the DMCA has been violated regardless of the license involved. In that kind of scope I guess it all comes down to which legal document takes precedence the license or the law. If it is the GPL, then great Hooray for our side. But if it's the DMCA, we could have a problem.
Communication is about content not presentation.
Under no circumstances should you whistleblow in this case. Unless people were going to get hurt or killed, or something really bad is going to happen if you don't, then keep your mouth shut (this is only code, not a matter of life or death). Not only will you lose your job if you do whistleblow, but no one else will ever hire you, especially if any legal procedings make it into the spotlight. Sure, the law "protects" whistleblowers, but you and your family still need a roof over their heads and food to eat.
If you do have moral reservations, or more importantly, you worry that you yourself may be implicated for this violation (and yes, it IS a violation), then you should start looking for a new job. You don't even have to tell your boss that this GPL violation is the reason you are leaving. If you feel the fecal excrement is about to impact the rotating blowing device, then leave immediately... no one can nail you for it. If you don't and this were to happen, well... look at the employees of Enron and/or BCCI, they are not on anyone's short list to be hired.
In case of fire, do not use elevator. Use water!
The original source before obfascation is still a GPL derived work. It is not 'some random other program' that is being released in the end, but that program. Making the variable names difficult to read cannot be seriously expected to be enough to make it a completely different source tree.
Not only does section 3 cover it about the most perfered form, but it would also be easy to argue that the non-obfascated program is in fact the one being released, as both versions of the source are the same program, or you'd not be bothering.
Either you have not spoken to a lawyer and are expecting users to point out your flawed thought process or you live in Southern California. There is a big difference in how the "gooblygook" was derived. Could you have produced your "gooblygook" thru other non-GPL'd tools as your example of a word processor /text editor would do? The answer is no.
Also, fools that believe that you can fool experts in a court of law by changing coding "names" deserve unemployment.
This code is under the GPL, and therefore technically, all of it is now free software, so why doesn't this annoymous reader distribute it himself? It can't be a corporate secret: It's GPL'd It is not the company's IP: It's GPL'd Even employees who contributed to the code don't have rights over the GPL'd parts you adopted. They only have rights to the parts they wrote. However, any code they contributed to the complete project comes under the GPL if it's distributed together with the GPL'd code. In other words, it's all free software, so why not beat them to the punch. Then their obfuscated garbage code would be just a waste of time and money. Anyway, though, I'm not a lawyer, so don't listen to me if you value your job and don't plan on getting sued. I guess whether they would win or lose is irrelevant when all your paychecks are going for legal fees...
All data is speech. All speech is Free.
Cool! That means I can translate any written works to Klingon, and they're no longer copyrighted by anyone but me. Hmmm. Maybe pig-latin would be easier.
If source code is the same source code, even if the variable names have been changed (which would seem like a plausible claim), then the license really isn't on the "literal" source code, it is on an algorithm. Therefore, this presents another problem: if the license is on an algorithm, it is very likely that more than one person can independently produce exactly the same algorithm...who owns the license to that? Take a queue implementation, for example. How different will different organizations' implementations of a queue be? If there was a GPL license on an app with a Queue, who owns the license? And does the license apply to the separate parts of the product (an individual class in an application, a la plagiarism in literature), or to the whole application? If the whole application, then this company gets away free, probably. But if not, there is a much bigger mess...there are small parts (classes) in probably all apps that violate existing licenses of other apps.
cabodog77
"It's such a fine line between clever and stupid." -- David St. Hubbins, Spinal Tap
The GPL license has yet to be brought to court. This is why companies are afraid of it because they don't know what would happen in a court of law. Until a company is brought to court, and they win, or loose, there is no confidence in GPL's ability to protect any source code.
Companies are afraid because they could legally have to open up ALL of their source code because even though they followed the GPL, they didn't quite interpret it correctly. If a companie wins, it could mean all source code out there is now up for grabs, then every company in the world would jump and essentially "steal" the worlds work under GPL.
Modesty is one of life's greatest attributes
Everyone knows the difficulty. By using GPL'd software any modifications you make are also GPL'd and must be released as source code that anyone else can then freely use. Meaning any changes you make that would have otherwise been proprietary are now basically free beer for everyone else's consumption.
The solution, it seems to me, is to separate out whatever is proprietary and GPL. Convert Any GPL'd software you want to use into DLL's or whatever library fits the platform for which you are coding. The GPL will still compel you to release source for DLL conversion you made, but it will not compel you to release your proprietary source. Code that calls the DLL is not part of the DLL itself.
I think that everyone wins with this approach. Companies reduce costs. GPL'd source code gets easier to use, and most likely better maintained. Companies don't have to give away their source code for free. Everyone is happy.
This is also an ethical solution. Although some may disagree, I believe it honors the spirit of the GPL. The part that was free is kept free. The part you added can be licensed as you choose, and that is how things should be.
Of course, as a lawyer, you should also realize it is ten times more expensive to defend than to sue. The costs of responding to discovery, alone, can easily hit six figures. And, (personal opinion) the obviousness of the obfuscation would probably be enough to prevent dismissal. So, the real question is not "could the Company in question win a suit," because we all know that in the lottery we call Trial by Jury anyone could win on any given day. The real question is "could the Company lose." A loss in court might result in the inability to sell their product for some period of time, or damages to the extent of their sales. If the company is small enough, this could mean the end of it. Is it worth the gamble?
Milo
A quote from the GPL:
The source code for a work means the preferred form of the work for making modifications to it.
The GPL states that you should provide the source code with your binary, and it correctly defines the term "source code".
Not just "the stuff that the compiler uses as input", but the preferred form for making modifications.
Case closed.
Roger.
I am legally allowed to use the environment to create my ANSI C++ code, which, when I compile it with GCC, I am free to use to whatever commercial end I like.
This is true. There's no way this could be considered a derivative work of your development environment. In fact, I don't see how ANYTHING could be considered a derivative work of any development environment. Shrink-wrap not withstanding (which is bogus to begin with), you have full legal right to use any software you have legally obtained for any legal purpose.
My company wants to translate this to an abuse of the GPL and has been advised 'full speed ahead!'
I don't see how. The previous scenario with the development environment did not involve any actual derivation. You were using the environment as a tool and did not create any derivative works of the environment.
The situation with source code is much different. A derivative work is a derivative work is a derivative work. If any significant amount of the source code gets included, incorporated, translated or transformed into your own work, your work is a derivative of the GPL source code. I don't see any way around this.
they instead compile a bunch of incomprehensible gobbledygook that just happens to compile to the same bytecode.
Hmmm, my brain's still churning this one over. I guess it depends on what you mean by "incomprehensible gobbledygook." If you use the bytecode to reverse engineer a fractal function that produces the same bytecode (as an example), then you would be in the clear. But if you use the source code to derive that gobbleygook then you are not in any sort of deterministic fashion, then you are not.
You know the game: globally replace every function name, variable name, and so on from our code with nonsensical names (or random characters), remove all of the comments, and any other form of obfuscation they can introduce.
Nope, can't do it. Obfuscation is still derivation. Obfuscation is still a form of translation, and translation is derivation. Besides which, the above in no way relates to your earlier statement regarding "incidental resources."
Let me tell you what you CAN do: You can reimplement the algorithms in the original GPL code. Then you will not be creating a derivative work.
All the benefits of a huge GPL project and countless thousands of volunteer hours and unreadable, incomprehensible source tree.
Even if you manage to get your scheme past the courts, you still run into a big problem. This problem is well known in the BSD community, which is why no one has yet been able to produce a *successful* proprietary BSD that wasn't already on good terms with a free BSD variant. The problem in a nutshell is that you've created a fork. Trying to track the original source while keeping your own features and improvements intact will be a nightmare of code management. If you're willing to burn all your bridges, go for it, but if you find yourself on a tiny desert island with no way off, it's your own damn fault.
Example: FreeBSD and Apple are on good working terms. Apple forked off Darwin, but had to make Darwin Open Source (and somewhat Free) in order not to create a horrible sync problem. BSD/OS was also derived from the generalized open source BSD code base, but they had to remain on good terms with the free BSDs, to the point that they even contributed their own proprietary code to FreeBSD just so it wouldn't get forked off into oblivion.
Another example: the GNU Emacs / XEmacs fork works for only one reason: they are both Free Software. If XEmacs was made proprietary from day one, it might possibly still be around, but GNU Emacs would be feature rich and viable while XEmacs would still be languishing back at the fork point.
A Government Is a Body of People, Usually Notably Ungoverned
Encourage the company to do this. There are hundreds if not thousands of _very_ smart folks that we gleefully create a derivitive work from their derivitive work that explicitly explains in great detail just what the code does in comments and they'll put variable names in that mean something. It could event be made into a contest (get EFF sponsorship?), 'The Deobfuscated C++ Contest' ...
If the original GPL code is 30% of the product that certainly qualifies as substantial contribution, and is not the case of using a tool that could otherwise be a different tool. Since one could say that the obfuscation program compiles the original GPL code to the obfuscated form, then the original GPL code is still the source. Unless it is LGPL code, then it would seem the entirity of their program would be forced under GPL.
- Tjp
I am in wallow with my inner money grubbing capitalistic pig. ... Oink!
that does not make me a LAWYER ....
shees
Eh. It doesn't really matter. What does matter is that he's got a legal theory as to how the GPL can be sidestepped. It might not hold up in court. But that doesn't matter until it gets to court. There's no Bad Law Fairy who's gonna come out of the sky and put things right. Somebody is going to have to mount a legal challenge to this abuse. That somebody has to have legal standing in the case and deep pockets. Now, don't all raise your hands at once!
OK, I just ran out of irony. Look, the mod system worked -- maybe not as fast as you liked, but it did. Don't feel bad because you didn't get to put on your Arnold mask and mod all the lamers down. It's just a damned filtering tool, not a way to Rebalance Universal Morality.please don't say la law or ally mcbeal
Now I can give away the program I built from GPL'ed source code.
How does your company sell a second copy of the program?
I rejoice that there are owls.
There might be a more airtight alternative public license. I don't know. One of the reasons that I became a lawyer was to avoid ever having to hire one.
What's the difference?
They're bad boys; they're stealing.
t_t_b
I'm on PJ's "enemies" list! Are you?
Yes, that would be one test for "preferred form", but there are others and the other side of any dispute will present them. The point is that the standard that you propose does not necessarily follow from the language of the GPL. In other words, your standard is more suitable than the GPL language. Of course, at trial, the credibility of your engineers and/or anyone testifying about their procedures will be at issue.
b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License. You say your company's going to GPL the end result. Disregarding it's obfuscated nature for the moment, you've otherwise satisfied the GPL in that it's available for free and open source. You will, of course, also be obligated to release all subsequent versions as GPL unless you redo it entirely (eg - the latest version can't be based on other GPL code or the GPL'd version of your code.) Whether the "preferred form" for editing will be enforced or not I would assume would depend mostly on the popularity of your project.
You may be a lawyer, but no other lawyers seem to agree with you.
:) When the company goes out of business it'll show they were lying.
I went across the hall at work yesterday and asked two lawyers who I often see over lunch about this. They said that while "preferred" and such terms are often fairly vague and cases hinge on those, in this case, where you can simply show the inability of the company to use the obfuscated code, and the obfuscating programs used, that it's dead simple.
Too bad modern judges can't hand down rulings that really cut to the heart of the problem...
Ruling that the company must delete all other source code and forever maintain the project using only this source code and other code in this form would quickly show if this was the preferred method.
(With creative and honest judges we could get by with a lot less of your type.)
If they release the (obfuscated or otherwise) code under the GPL, I can redistribute to my hearts content, as long as I follow the terms of the GPL.
I don't need to give the company a penny and nor does anyone else.
Ignoring the probable case that this IS in a GPL violation, I don't see how it can be lucrative.
Yours Sincerely, Michael.
It might be to the advantage of the Open Source movement, to have a collection of interpretive bulletins of the GPL, case studies, and related legal case history such that we see fewer instances of license abuse happening (or being contemplated) such as this.
You know the game: globally replace every function name, variable name, and so on from our code with nonsensical names (or random characters), remove all of the comments, and any other form of obfuscation they can introduce.
So your company would have NO issues with me developing a "random number" generator that just happens to return me a number that, when converted to bytes, is exactly identical to your finished product. Now, I did all the development effort, I generated the number, so I can sell that number to all comers. Fun, huh?
"Your superior intellect is no match for our puny weapons!"
would it be at all possible that the program spoken of here is the morpheas clone of gnucleas? they could want to remove the editablity of the code so that people could not remove the advertising from which they gain most of their revenue. think about it.
So I get that that it would probably be a violation of the GPL, and that dedicated and angry people have a number of ways to strike back. But, the post does not mention the company or project or lawyer involved. How would anyone know which project out there to investigate for the obfuscation?
(I'm ignorant here, not being a programmer myself, so perhaps the answer is obvious to you all. Fill me in.)
Microsoft has already used GPL'd code in their products. Check their website, they give credit to the author in the relnotes.htm file, but never did contact him, and only assumed it was bsd licensed. When his name is all over it, you'd think they'd ask.
The company can't even sell the product, since they don't own the exclusive copyright to it. Which means everybody else has just as many rights to do whatever they please with the software as the company. So really, even if it is a crappy and shady thing for them to do, it's also very stupid and not very well thought through. They'll get what's coming to them anyway.
-Justin
please
The *source* is what they created their oh-so-clever obfuscated code from. That's the bit the GPL refers to. Same would be said if they used a fancu GUI tool to generate the code I guess. Go ahead and let them do it. It would be great to see the GPL virus tested in court for a change.
Now when I see that lil term in context of what makes something source code, one thing jumps to mind that everyone else has ignored. Apologies in advance if others have already mentioned this and I missed the posting.
... I think thjey'd argue that 'preferred form' refers to format not quality or usefulness. People here are saying things like I'd prefer this or that or the other ... well, I'd prefer some bug-less elegant wonderful code ... that's what I prefer, but if the guy decided to make a huge mess o' spagetti out of it, that's his perogotive.
... they can internally do whatever the heck they like and the GPL doesn't say boo. It's all about the deployment. So if the run the 'pretty' code through an 'uglifier' and then compile that to deploy ... I say they're abiding by the GPL.
I always just assumed that the part of the GPL meant nothing more (or less for that matter) than 'plain text'. And that's it, ascii usually and perhaps in Europe or Asia some other encoiding - whatever it is that's run through the compiler. So they can't give me machine or assembly code and say it contains their modifications, they gotta give me the plaintext of their code, suitable for being compiled/interpreted, whatever.
I'm pretty sure that they can obfuscate and it's still in it's 'preferred form'
Bottom line, they can give us crap as long as it's the crap they compiled to generate what they distribute. The 'what they distribute' part is important here
Obviously I'm not a lawyer and I've only read through the GPL a few times to settle arguments over what it does/doesn't say. But I can see a valid argument for 'preferred form' == 'plaintext'
Bottom line I'm not sure. So, Please! If I'm missing something obvious here - chime in and let me know as I've always wondered why noone has ever just said 'it means plain text'
Kevin
imagine in MS decided to release a version (for cost) of debian with MS-office, but all the source for the debian was obstificated. They could argue that for them the preferred form of source is the obstificated code.
Judge: "Do your programmers make their modification to this gooble-de-gook?"
MS-lawyer: "Yes"
Judge: (looking incredulous) "How?
MS-lawyer: "For every programmer actively working to improove our source, we have ten others trying to work out what we did last week."
Judge: "So your programmers can't work out what other programmers working on the same code are doing?"
MS-lawyer: "That right!! No programmer can even work out what program they are working on. Its our preferred method of development"
Maybe they are doing this already...
Elivs
Your friends told you what you wanted to hear. Nevertheless, the GPL remains malleable to a fault.
What if the "preferred form of the work for making modifications" is an encoded document that requires a special interpreter to re-compile? Is that "machine-readable"? Technically, it is. Do "interface definition files" include the interpreter? Maybe - maybe not.
Notice how the GPL fails to require that the source code be presented in a form that can be compiled with readily-available tools? That's what I'd call a giant oversight.
BTW, the fact that your two lawyer friends don't agree with me does not mean that "no other lawyers" do. It's this kind of logic that separates my "type" from your "type".
He wants more legal tests of the GPL, and would love to make an example of your employer. Don't go there.
:-) Is your employer rich? If so, it could be a good way to get a nice FSF endowment started, eh? So many court cases are depressing from an open source coder point of view. Your employer could help cheer us all up! Please? Oh, and your lawyer should know that I have a patent pending on "A method of getting rich by convincing a hapless client to step into a bottomless legal morass"
Don't listen to Bruce. You're employer should definitely go there. Some of us would like nothing better than to watch a blatant GPL violator get dragged over the coals in court. Oh what a fun spectator sport it would be.
Because the GPL says you have to redistribute the source, modified or original, as source. You can do it as binary too, but you have to distribute the source to any person that you distribute a binary to that wants it. This obfustcated text is NOT source code... it is a preprocessed intermediate bytecode.
What if I call my obfuscation a new language, 'C--' and I offer to sell a compiler that compiles my C-- language to C?
Couldn't I offer the source to my new modules written in C-- and link to GPL'ed modules and meet the requirements of the GPL, even if a compiler for C-- is only available commercially?
Heck, I could make several key functions part of the C-- language spec and not have to release the code at all.
Please tell me that I'm wrong here.
There are 10 types of people in this world, those who can count in binary and those who can't.
You may be a lawyer, but you don't know squat about development.
The "preferred" source is *always* the highest-level code in a compilation sequence. This source, and this source alone, will maintain iterations across compilation cycles. On an idiot or an incompetent fool would attempt to modify any derived files unless there was absolutely no other alternative, e.g., ancient mainframe programs where the source code has been lost.
In this case, the company is proposing releasing COMPILED code, not source code. Don't be confused by the common usage of "compiler," technically a "compiler" is any program that takes text and rewrites it in a mechanicalistic manner into a second text. That includes conventional compilers, YACC and LEX parsers, ESQL/C preprocessors (such as Pro*C and ecpg), RPCGEN, gperf and code obscuration tools.
The fact that the compiled output can be run through a C compiler is irrelevant. The output of yacc, lex, gperf, rpcgen and Pro*C can also be run through a C compiler, but nobody who uses those tools would ever consider these derived files the "source." They processed files are distributed solely so that third parties without those tools installed can make changes to other files and compile the system as a whole.
For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken
You're really showing your ignorance when you jab at "modern judges". Judges today are some of the brightest, most dedicated people in any profession. This is especially true at the federal level (where it matters most) and less so for elected judicial seats. I used to work for the judge that shut down logging in most of the Pacific Northwest in order to require the EPA to undertake an EIS. Talk about cutting to the heart of the problem. There are a million other examples. What if someone sat you in a federal judge's chair and asked you to run a day of trial/orders/sentencings/settlement hearings/etc.? Think you could do as well? Think again.
If you don't like what the federal judiciary is doing, you can blame the Congress. And guess what? You vote for the Congress.
Aside from all that, have you ever read a legal opinion from the 19th century? I suspect you'd be squirming in your Aeron during all the pomp and circumstance.
I think preferred form implies preferred, human-editable form, but the wording is vague and could expose a possible loophole. If it does just mean plain ASCII/ISO-8859 text, then assembly would actually be acceptible assembly can come in plain text files! If we take preferred form to mean preferred human-editable form, then something like:
... };
dshkg_238 *dfk_jgdwrtF_EWFJewkjgt_jkewD_SGJL( xzcbCBxcV_39 dwleg_hfew, wd4397_3_frwek *fhjgew_w32Flsd, dsk39fd__ewhjg *dijh_t[] ) {
(or however they are obfuscating) is no more usable than assembly.
Liberty in your lifetime
While some judges might let you bring your industry usage of the term "preferred" to bear on the meaning and intent of this contract, just as many other will demand that the agreement be interpreted "within the four corners of the document". And why should one have to resort to an "industry standard" definition, when the question could easily have been addressed in the agreement itself? And how will you go about proving that your usage of preferred is widely-accepted? Will you bring in witnesses? How many? How many will your adversary bring in to prove that your usage of the term is not "industry standard"? How long will the parade of witnesses take? How much will it cost? Why wasn't this dispute clarified in the agreement before all the lost time and money? Do you have answers to these questions?
You stated that the highly desireable code was GPL, correct? Is there no way to write an LGPL CORBA or SOAP object to export the functionality to an external program? Provide yourself a legal padding of the communication protocol. Yes, you would have to develop and maintain two separate applications, but you wouldn't have to recode this incredibally useful GPL code {whatever it may be}.
Just food for thought.
assert(expired(knowledge));
what if you make an editor that automatically converts the obfuscated e.g. variable names to readable ones.
then it is a simple exercise in compression - your source code is smaller - and if you change a variables name in the editor, without changing any logic, then your version control, etc, is unaffected - how it should be.
also, if your programmers can't agree on naming conventions, they can set up their own in their own editor!
so you are working from the obfuscated source - it's your editor that provides use - surely you can't claim that the editor has to work a certain way - does the GPL specify "preffered method of reading source must be vi and ascii"?
A more effective argument to take to your boss against this violation might be as follows:
In this senario what is to stop another company (let's say IBM for the sake of argument) from taking your company's obfuscated GPL'd code, compiling it, and selling it to your company's customers at half the cost. If a compilable form of your product is released under the GPL, you have no legal recourse to stop this.
IANAL and don't have a comment as to the legality of this, but from a business perspective, your company would be shooting themselves in the foot.
Ben
I've seen obfuscators that just compile the source code into an executable, and then, from that executable, generate some simple C source code that makes zillions of lines of inline assembly calls.
Every obfuscator isn't just s/XXX/YYY/.
Apparently the lawyers of every company that has ever gotten notice of GPL violations from the FSF disagree with you. The reason there are no precedents is that nobody has ever dared go up against the GPL in court. All cases have been resolved with the companies deciding to comply with the GPL.
'Look at how many people all over the world are pressuring me to enforce the GPL in court, just to prove I can. I really need to make an example of someone. Would you like to volunteer?' - Eben Moglen, Professor of Law and Legal history at Columbia University Law School, General Counsel of the Free Software Foundation.
Ok, I have to point out that the GPL says nothing about 'usability'
Of course that's just my interpretation. Thanks for replying though. I always get grumpy that AC's get '0' and are filtered out by default.
Kevin
Clearly, type 4 is what normally gets distributed when someone modifies a GPL project. But arguably, type 3 or even 2 could be preferred by some people. (Especially if you neglected to modify the comments in the original code as you made your changes- it could be better to remove comments than to include untrue statements).
However, when I work on C++ code, if type 5 or 6 is availible, then I strongly prefer to use them as I study how to make my changes. Yet many (most?) people wouldn't be comfortable exposing all the dirty, broken, wrongheaded mistakes they made over years of developement, which is what would happen if CVS revisions were included.
All of items 2,3,5, and 6 refer to commments of one sort or another- things that make no difference when the program executes, and don't even effect the compiler, but serve just to inform interested humans. A CVS repository, a separate document file, /*comments inside code*/, even useful_and_descriptive_variable_names are all Auxiliary Documentation that is not technically part of the code.
Where should we draw the line? Where does the law draw the line?
Now 'shared source', and companies that provide Perl/PHP/JSP code with a commercial license *would* loose income!
There are very few companies that would voluntarily let loose or release income. Of course, it is possible that they could fail to retain income due to piracy. The word you were looking for is lose.
Congratulations! You have been participant #46 in my campaign to rid Slashdot of this error.
Proudly correcting Slashdot's most irritating linguistic error since 2002.
There was an e-commerce system listed on freshmeat about a year ago that was GPL, with various commercial licensing options available, and consulting help from the vendor also available. I got the source. It was no way usable. Split into thousands of modules with numbers, not names, and no x-ref, index, documentation, or explanations anywhere. So, I'd guess this is already happening, although perhaps not so flagrantly.
Hmm... sounds like blatent criminal action to me..
- EULA violation of the student licensed developmental software, which, if the whole of the text of the EULA/license agreement is read, depending on the license in question, limits the works produced from the product to be usable for non-commercial uses only. This, of course, depends on the license of the commercial software in question.
The produced work, if so restricted legally, cannot be re-licensed under the GPL as that would be a license violation and under the GPL, is not GPL'able.
- GPL violation will occur in the event of code obfuscation since the code base which is being worked on is not the code in question. Producing un-maintainable source code which the coders/maintainers do not themselves use is a violation of the GPL requirements for inclusion into the GPL.
The fact that the company takes the work produced from the student/restricted license copy of the commercial software and modifies it to appear as if it was not produced from that tool is demonstration of criminal intent to violate a software license/commit fraud.
The fact that the company plans on incorporating GPL'd source code into their product and rendering the released source unmanigable also opens them up to legal attack by the FSF.
Personally, I would look for a 2nd/3rd legal opinion and consider the lawyer in question of dubious moral fiber and incompetant if he/she believes that doing such a thing will save the company money by defrauding and abusing:
- Educational versions of softwares which are made available in good faith for students to use.
- The GPL which works to make source code open and available.
I would think that boycotting this company's products would be a good idea since from what the original poster has noted, what the company is doing amounts to nothing short of IP theft, license violations, and intent to defraud commercial companies who produced the software development platform/software and the GPL coders, upon which their product so heavily relies upon.
Just a couple of cents. And IANAL.
Words to live by. Having a J.D. (and a working knowledge of the law) is like carrying a nice big sharp katana - at least you can go down with a fight.
It's not the preferred form for compiling, though. What they compile is irrelevant, the GPL specifies the preferred form for making modifications to the code. Even if they built for distribution from the obfuscated code, unless that's actually the code their programmers work on it's not in preferred form per the GPL. The GPL also says preferred form, not preferred format, and form implies things in addition to just, say, text format.
Instead, your company is embarking on some hare-brained, complicated scheme to try to defraud open source developers, risking a legal injunction against their product, damages, and the wrath (and competition) of open source developers.
Obviously, there is something fundamentally wrong with your company's management, ethics, and business plan. I recommend jumping ship now, before the s*** hits the fan.
What the fuck does being a lawyer have to do with anything?
Are licensed members of the various states' bar assiciations (non-governmental organization, by the way) the only people allowed to read, understand, interpret, enforce, live by, be protected by, be excluded from, make, vote on, propose, opposed, enact, believe in, accept, or overturn laws in this country?
Complete bullshit. To established the "preferred" all you need is to ask any of the company's programmers one question: "When _you_ need to midify the program, do you use the obfuscated files that were released?"
Firstly I think it's not so easy to define source at all. I read some of the transcripts of the 2600 case that dealt with arguing that Code=Source=Speech. It was really revealing - defining source is a slippery issue.
Secondly even if your definition - must be human readable - is accepted, there are humans who can read machine language, in hex (I'm sure we've all got anecdotes about our favourite guru programmer doing just that). And to be honest most programmers, with a little effort, could train themselves to do the same.
Finally - you're assuming the obfuscated text is no longer source and that therefore there is a separate text which is the 'real source'. Let's think about how someone normally forks a GPL project, something like -
- take original GPL'd source code
- make modifications
- release new code, with source, and acknowledgement of original authors
But the GPL doesn't AFAIK require the release of the original source - only the source for your new version. Releasing the original code is the responsibility of the authors of the original project.
So in this case, obfuscation is part of the modifications, along with inclusion of some home-grown code (the original GPL code was only 30% of the whole right?). So legally how is there a difference?
However, these points in themselves lead to reasons why this approach would be unsuccessful. Namely,
- if hex machine code is human-readable then obfuscated C certainly is. Plus if it's been obfuscated mechanically - it can be de-obfuscated mechanically. Partially anyway.
- they have to acknowledge the original code's authors and therefore the original project. People can compare the obfuscated code with the original code and figure a lot of it out.
Using a combination of these I can forsee that it would be possible to generate a completely 'plain source' version and keep it in step with the obfuscated one, with relative ease.
To sum up - I think legally they can do this, but I doubt it will gain them much advantage.
But I am not a lawyer.
Personally, I think this would be a rather easy case to prove if anyone chose to pursue it.
... technically, at least).
A context diff of the "obfuscated" code against the code it's derived from would rather quickly show that the only changes from one to the other was symbols and the lack of comments. Unless, that is, they resorted to some rather serious Obfuscation like operator and function overloading, or trick use of preprocessor errors, in which case, a diff of the preprocessor output from the two code trees would also damn the offender pretty quickly.
I AM a (recovering) Lawyer (I am non-practicing) and I would advise your company that they are playing with fire by trying this. You didn't reveal which GPL Code your company finds so useful, but there are MUCH smarter ways to play this game, especially if the authors of the code you like so much HAVE assigned their copyright to the FSF. (See, FSF v. NeXT Computer, (over gcc) for instance).
I question the degree of "tech-savvy"-ness of your company's counsel if he's advising them to go "full speed ahead" on such a transparent, bad faith abuse of the GPL (can't call it a violation
utter rubbish
Suppose that I write a proprietary compiler for a wierd language that will link with the library (possibly auto-generating some C to stick through
GCC on the way). The compiler is not covered by the GPL, and, by having the source be a wierd, 'strict syntax' encoded language that -IS- in the preferred form, but requires a proprietary editor to effectively manipulate that 'preferred form', then the source is effectively useless.
This does, however, give a reasonably legitimate reason for GPL'd tools to reverse engineer binaries and pull obfuscated source to bits (i.e. why their purpose is not mainly for copyright violation etc.).
(Note that the GPL effectively prevents someone putting a 'you cannot reverse engineer etc.' clause into a license agreement, regardless of whether such clauses are enforceable in a given country).
IANAL, but this is just a thought.
John_Chalisque
You don't have to prove anything or have a whistleblower. All you have to do is ask them to come up with a plausible reason to modify the code other than "obfuscation." If they can't come up with one, it was either obfuscated (or changed by accident).
In the first place I'm not so sure it's so easy to define 'preferred form' but even if it was -
Imagine a GPL project called free-prog.
Company takes the the source to free-prog, modify it/add their own code in 'plain' readable source. Let's call this secret-prog.
Company never releases this code - so they don't have to release the source for secret-prog. This is legal under the GPL as I understand it.
Company obfuscates the source for secret-prog. They then add to this more code, probably a standard module for something useful but trivial - a File Save dialog let's say. They name this new project obfus-prog. This they compile and release, together with source - which is 99% obfuscated.
As long as they only ever release obfus-prog and not secret-prog then the 'preferred form' of the source for obfus-prog is the obfuscated source code.
Personally I think that's enough but a judge might require more. Maybe they'd also need to put up some artificial barriers between the two sets of code. Maybe you have to make sure that the two source trees are kept separate on separate servers. Have separate teams working on them - similar to clean room conditions for reverse engineering.
But I think the whole thing's moot. Obfuscated source is still source and there are programmers out there who can read, interpret and re-code it - and re-distribute it.
The question gives two examples, the use of external tools on a work, and the use of someone's code in a work.
Were the copyright incident on the work, then Microsoft, Borland, Watcom, IBM, etc would "own" every peice of software compiled under their compilers. The fact that they expose APIs and libraries for the user to use does not affect the issue.
The same holds true for any editors, IDE and so forth. What this means is, that if I were to use the GCC compiler as I would use MSC or VBASIC, then my work is not using any code created under the GPL, and my original work (the source code) does not contain any GPL or Microsoft or Borland code, and is therefore not copyright by any of these.
What matters is that these tools take an original set of text files, and produces an original work at the other end. As long as you "own" the source material, you "own" the output, and therefore you can do whatever you wish with it.
The second example suggests that there is some source code, that they wish to hide through passing through name-changes. Derivation, not incidence operates here, and then you would be covered by the copyright provisions of the author.
The fact that you want to hide the origions of the code is indication that it is not propper.
Your lawyer friend should need to consider these issues.
OS/2 - because choice is a terrible thing to waste.
Standard IANAL disclaimer. But I wouldn't necessarily agree with the 'this seems fairly intuitive' and I'd want to check with another lawyer or two. I would agree that 'incidental' might accurately be used if, for example, while a student with the student development package, you have code generated and later, in a commercial environment, found use for a piece of that code in one of your projects. However, something doesn't seem 'incidental' if one continues to use the student development package on a continual basis to generate code for a commercial environment and simply exclude the actual compliation by the package in order to evade licensing agreements. It seems if done continually, it might not look so 'incidental'. This would particularly be true, if, IMHO, one DID use the integrated package to compile throughout development and debugging and only, when it comes time to commercially distribute, the process is changed to compile outside the package. I'd just buy the package for commercial use. Even IF one was sued and won, they'd likely pay more in legal fees than they'd have paid for the package in the first place.
Using the hypothesis to code released being obfuscated for source distribution, when not the source used for development but only at time of distribution, would also likely seem to be the same intent, to nullify the intent and spirit of the GPL. It wouldn't be the code used for development, debugging, and distribution of the commercial product, but only to attempt to circumvent the spirit, if not the letter, of the GPL.
I think with the above, I'd be looking for another job. I personally would have trouble working for a company that takes such steps. Even if you don't have a problem with their thinking, remember, if they'll do it with software, they'll do it with their employees. Besides, I'd rather be able to sleep at night.
Okay, so you now you're distributing what are essentially platform-independent binaries, under the GPL. Anyone who gets these is licensed to distribute them freely, and they're allowed to produce modified versions, such as a recommented and sensible version.
Selling GPLed software depends on the gratitude of your customers. They'll be able to get it for free, but will have some reason to prefer paying to get it from you. It seems to me that providing only useless source in this situation will generate enough ill will that, regardless of the legality of what you're doing, you won't make any money.
In this context, other people being able to modify the program is the least of your worries.
GPL is dead
A good idea perhaps
Money makes the law
Apparently the lawyers of every company that has ever gotten notice of GPL violations from the FSF disagree with you.
Name one the FSF has taken to court. Companies bend to threats too, just to avoid the trouble.
I've finally had it: until slashdot gets article moderation, I am not coming back.
You may have somehow missed out on this, but lawyers are paid to disagree with other lawyers. No matter what your lawyer says, I guaran-goddamn-tee it that every other lawyer on earth will disagree with him if I pay them to do so.
The question you should be asking your lawyer is not "What do you think this contract means?" but instead "Do you think you could win this case?"
On second thought -- don't ask your lawyer if he thinks he could win the case. The other thing lawyers make money from is claiming to be able to win cases for you. Ask some other lawyer if he thinks your lawyer could win the case after making it clear that you can't afford his services.
Proud member of the Weirdo-American community.
The problem is that making this assertion generates a whole bunch of problems.
If you say that "preferred form" means preferred by the developer who releases the code, then the company can argue that the obfuscated form is preferred by them. This is probably bull, but it gives them plenty of scope for dragging out the lawsuit. (eg, refusing to show evidence that they use the obfuscated code in their development process because stronger legal proof is required to justify access to confidential business process information, yadda yadda yadda...) Also, as suggested elsewhere, they could internally use tools which substitute the obfuscated values for proper ones in the UI.
If you say that "preferred form" means preferred by an average GPL developer then you hit a problem. For example, suppose that a Japanese firm got some GPL code, produced a derivative work and released it under the GPL, as they are obliged to do, with no intent to cause trouble or fraud. However, they also translate all the comments, variable and procedure names into Japanese, meaning that when viewed in a non-Japanese IDE they come out as garbage undefined characters. Of course, this is far preferable to them because they do not have to read English variable names and similar. But since "average" GPL developers appear (by and large) to speak English, it could easily be argued that this was *not* their "preferred" form and thus that the Japanese firm had violated the GPL even thought they had no intent to.
All this talk of obfuscated makes me worry. This is preferred code here: http://www.ioccc.org/
This place seems to provide a sort of "safe forum" for these guys. There is a whole community of these people who would love to get their hands on code like this.
JFYI: I am completely kidding.
However, we should get this contest shut down immediately before it destroys our infallible license.
To be perfectly frank, the GPL is a POS contract
"Point of Sale", or "Piece of Shit"?
So really, they could just steal and modify the code, obfuscate it, then release in binary. That might even lower the chances of them getting caught. If morality is not an issue, why not take the easier route in the first place?
In any case, you might want to consider getting your resume out, as soon as you can. Dealing with unethical people like that, is a major risk - chances are you'll get screwed by them some day, too.
It sounds like the only way this would work is they would have to destroy the original, comprehensible, source code. Otherwise, they would not be releasing all the source code behind their application. But if they did that, they wouldn't have a viable application to maintain. I am not a lawyer, but I'll bet dollars to donuts that if they kept the comprehensible code (for maintenance and enhancements) and released only the junk, they would be guilty of some sort of fraud/abuse.
sorry, did I miss something? isn't there something in the GPL, saying, everything which CONTAINS the code/program/thing under GPL, must be published under GPL again? that's what is the pain in M$ ass, after all.
As far as I understood, you simply speak of STEALING the code, scrambling it in a way nobody can read it, and so, nobody could find out.
If you compile, or generate "something" which acts exactly like the original GPL program, just has been build from something different (it's a little bit like this reverse engineering stuff), it's still the same code, still under GPL, and still protected. Thats what tells me the funny thing called "common sense", and, even if most advocats don't have much left of it, many JUDGES have, in fact. At least in germany, can't speak of other countries.
regards,
large
Nonsense, you may be a lawyer but you're full of it. The GPL is no more vague than the majority of legal contracts out there, the "spirit of the GPL" comes through VERY clearly in the GPL, trying to violate the GPL with nitpicky technicalities comes through VERY obvious, and the definitions are only vague if you know nothing about computers/programming. You may have heard of "reasonable person" reasoning in law; to any 'reasonable programmer' who reads the GPL it is painfully obvious that obfuscated source is not a "preferred way to modify the work" but just an attempt to violate the GPL. I'm sorry, but judges don't buy into such blatant technicalities. So while you're obviously very eager to come off as more knowledgable about something than everyone else around here thereby stating your superiority and patronizing everyone here, your opinions are outright ridiculous. Any freaking CS graduate can clearly understand what is meant by 'source code' and 'object code/executable', there is NOTHING vague about it. No more vague to a judge than psychiatric jargon would be to a judge from a psychiatrist - judges are obviously not trained professionals in all things related to the cases they try, but judges can by and large figure out what is reasonable.
Any lawyer who opines upon such a scenario in the abstract is likely committing malpractice. The Devil is in the details. However, it seems apparent to me that the risk of getting such a blatant end-around probably wildly exceeds any perceived benefits derived therefrom.
I can think of a zillion reasons why the proposition described above would not work, but there simply isn't enough information to answer the question in slam-dunk fashion. Suffice it to say, however, that I am seriously doubtful that such a trivial pretense as a byte-code or object-code copy produced by other means could avoid a claim for copyright infringement.
Even so, to the extent that an "on the edge" defense is being prepared, the defendant had better be right. With such willfullness, a prevailing plaintiff is likely to obtain substantial statutory damages, perhaps as much as $150,000, an award of attorney fees, and an injunction against release of the product. If they made profits from the product in excess of that amount attributable to the taking, a prevailing plaintiff could elect for the greater amount.
In short, a commercial entity that tries to do so may well be poorly advised. But once again, I don't know enough particulars to make a determination one way or the other.
The question they have to ask themselves, "do I feel lucky?"
That decision was actually *required* under the law.
There are many comments in this post now, but I sure am not going to let a good debate pass me by.
What you are saying here is that the practitioners of the craft themselves do not know what common terms in their craft mean. There may be crafts where that predicate is true (law for example) but in the software industry, there is no doubt as to what source and object code means. I doubt it if you can coerce a judge to go on an expensive fact-finding mission, complete with metrics and statistics when all one needs is an expert witness.
Now guess what industry you're going to get that expert witness from?
The argument in this paragraph is a corollary to the preceding argument. It is also based on the predicate that practitioners of the programming arts are not in agreement with ``normal'' and ``preferred'' practices.
If you are arguing the question of What is the preferred language when programming business systems then, you would have hit the jackpot because in this case there is no such preferred and normal programming language. Indeed, no amount of fact-finding exercise can ever resolve this question. If I am arguing this fact then all I need to do is subpoena the archives of slashdot. But...
The disputation is "what is the preferred form of the work for making modifications to it?" In this case, practitioners are in agreement. It is what they call a source code. The term source code may be quite opaque to non-practitioners, but so is the term legal brief and tort. The fact that non-lawyers do not understand what tort and brief means does not mean that lawyers do not understand what they are talking about. (Despite the fact that the general populace seems to think so.)
If you are arguing against the GPL I would advise you against asking the other side to provide you with ``objective metrics for measuring what is normally distributed...'' Why?
This is a legal opinion only and you have stated so yourself. But the objective and the spirit of the GPL shows that the GPL was designed more as a memorandum of agreement rather than a POS contract. In cases of disputes over language and meaning, the courts always adhere to the ``intent and the spirit'' of what ever is being disputed.
By the way, argue that the GPL is a POS contract and you won't be getting any offers from Microsoft. :-)
I read at -1 its rather interesting to see what they do down there. Especially the few that like to follow me around.
Liberty in your lifetime
Simply obfuscating the source code before compiling to binaries and releasing it isn't a GPL violation.
However, it still doesn't make any sense. Why?:
1. If the source code compiles to the same program, then it can't be all that incomprehensible, obfuscation or no. Reverse engineering reasonable identifiers and comments into the code wouldn't be that difficult.
2. If the product is GPLed, then it is freely copyable. Its distribution by third parties won't earn the company any additional revenue. So, what does the extra obfuscation accomplish? Except for making it a bit difficult to create derivative works and fork off incompatible versions (but not impossible -- see 1), which wouldn't affect the company much in any case, it doesn't accomplish anything. The company might as well just release the source code unmodified, as it would save the time that would otherwise be wasted on obfuscation.
Nice to have an adult join us kids. Which ethical directive urges you to illustrate your Bio as "Imagine a Beowulf cluster fuck..."?
You may be right with regard to morally bankrupt fights over legal terminology, and I am neither a lawyer nor overly vocal about the GPL (which is great, but unfortunately seems to bankrupt programmers rather quickly).
But just as a man is allowed to defend himself in a court of law, it is certainly legal to write a contract which is understandable by people without a law degree? I for one would like to hear which holes you think are there so that these geeks can wrap their heads about it and stop companies from abusing their work.
Most of the disussion in this thread has focused on whether or not this action violates the GPL. Let's say it doesn't. What incentive does this company have to do this? The GPL does not do a very good job of defining "source code." What it is pretty clear about is that you must maintain the license on any work derived from a work covered by the license. The license also expressly allows other parties to take your work and re-release it under the license, with or without modification. So if you release obfuscated source for a highly lucrative project under the GPL, I can take that source, add a few inane features (or not), release more GPL'd gobbledygook, and undercut your price for the binaries and support. And you've given me permission to do so by slapping the GPL on your unreadable source. Unfortunately, this argument also shows some inherent flaws in the open source business model, but if you're just into free software (as in speech) it all works out quite nicely.
This explicitly includes the unobfuscated code and almost certainly the obfuscator as well although it is not clear that the obfuscator's source code is a necessary inclusion.
Got time? Spend some of it coding or testing
I wrote a parser like that not too long ago for VB-Script (ASP) because I did not want (most) people hacking the demo to avoid paying. It was an interesting experience. Microsoft has a VBS scrambler, but hackers quickly figured out the algorithm. I figured the best hiding approach was to *remove* human-meaning from variables and function names instead of encrypting them.
The components still are not selling very well though. Marketing lacking? Or perhaps they simply suck? Oh well. I'll have to keep my day job.
Table-ized A.I.
The original work is "owned" by the origional author. We can assume by definition of their having released it in a certain way, that their form is the preferred form of the work. Not much wishy washy about it.
But, back to the original post... They pose two distinct problems. 1) Using something like an IDE; and 2) producing a proprietary work, I assume (more lucrative), that interoperates with a GPLed one (trashed or not).
The "can't use our IDE to..." thing is a POS contract. Such contracts are enabled by copyright law in that the author need not make you a copy at all. Rather, they are more a declination to offer sale. Copyright alone would hold this a fair use, IF you could get a legal copy. They key? There is no interoperation between your work and the IDE. Data owned by you does not rise to the level of "interoperation between program(s)" needed for formation of a derived work.
BTW, where does GPL is a POS come from? I've never heard the GPL described as a POS, as there is simply no sale. It is a specific declaration of rights waived by the author at copyright and the conditions on which the owner voluntarily waves those rights.
If your proprietary code "interoperates" with code under the GPL, you have produced a derived work. By definition. Distributing that work is very much a copyright issue. IP lawyer's I've had to deal with about GPL in Fortune 500 and industry are very clear...
Their simplified motto for the masses? Never, ever, allow a machine instruction of your proprietary program to cause a machine instruction in any GPLed program to execute without clear indication from the author it's permitted (ie. the Linux kernel itself and the LGPL). Defenses to copyright are enumerated in the law and no number of "stupid computer tricks" appear therin.
There are 3 ways.
1) Fair use. You can assume that does not include profiting from re-distribution of other people's works.
2) Incidental interoperability. You can build a browser based on RFCs for HTTP/HTML. If it happens to interoperate with a GPLed server, so be it. You should avoid exploiting any unique feature found in the GPLed server.
3) Reverse engineering. You can build a propriatary browser by looking at the data that pass over the network between a GPLed browser and a GPLed server. (Network data is not "fixed in a tangible media", thus has no copyright protection.)
Now, you have to ask yourself one question, do you feel lucky today?
~shiny
WILL HACK FOR $$$
As I understand it, the GPL-ed code that your company wants to use is copyrighted by some developers. Why don't you talk to these guys and licence this code from them?
Mark
Fortunately, the letter of the GPL is sufficient by itself.
From the GPL: "The source code for a work means the preferred form of the work for making modifications to it."
From the previous post: "Obviously the clean source is preferred, but not required."
The first part is true; the second, due to the correctness of the first, is false. The clean source is preferred; the obfuscated "source" is NOT preferred. Thus, distributing the obfuscated "source" does not satisfy the GPL's requirement that the "preferred form" be distributed.
If you were going to debug or extend it, the clean source is preferred and the obfuscated "source" is not-preferred and thus, again, the obfuscated "source" does not satisfy the requirements set forth in the GPL.
Why "source" in quotes? As someone said above, if the obfuscated "source" is generated by mechanical translation from the clean source, the obfuscated "source" is not source at all. The clean source is source, the obfuscated is just output from some tool in the chain that ultimately produced the binaries.
(And lawyers wonder why they're the butt of so many jokes. This crap is enough to make even the most levelheaded pacifist want to gouge the eyes out of the freeloading cheating bastard who thought it up.)
Build stuff. Stuff that walks, stuff that rolls, whatever.
Here's what you do about this:
1. Don't say anything to your company.
2. Volunteer to do the obfiscation.
3. Make sure the obfiscation is reversable (don't tell anybody, of course).
4. When the project is done, quit and start your own company. I don't have to tell you selling what....
An engineer who ran for Congress. http://herbrobinson.us
Let's say (for the sake of argument) that I am an asshole. I make a project in which I (I here means a company rich enough to do court battles) 'borrow' 80% of the source from GPL'ed sources, and add 20% home-grown proprietary code. Now, to use this code I have made my own editor which has an obfuscate module you have to log into to use. When I release the obfuscated code (in accordance with the GPL) could I then use the DMCA to sue anyone who tried to clean it up? After all my 'protection scheme' would be broken, and the obfuscated code would be the preferred one to edit as the proprietary editor would translate the obfuscated code into normal source.
You have just demonstrated some of the wisdom of Solomon here. The company would win and then be hoist by their own petard, absolutely delicious. What concerns me is why is this guy working for these sleaze bags.
By replacing names etc. with nonsense words you only create a translation. Translation of copyrighted and -lefted works is subject to permission (i.e. license) of the copyright/-left owner.
Another view: the important part of computer programs is the structure, not the actual code (text) representation. You simply copy the protected essence - and thus violating any license or copyright law.
So if using a gooblegrocked code fragment you are violating licenses twice: once when "translating", second when using the translated code.
Well thanks for the correction. Although the thanks are reaching. You could just have a lack of mental capacity to fill in others mistakes 'in your head' and feel the need to spout off about it. I wonder? I shall not commit more time to this other than this reply.
You sir are a sad pedant that should get out more.
e4 e5
The first thing a judge will want to know is "What is source code?". If he or she learns that the gobbledigook was *generated* then clearly, it isnt source code. The authors of the proprietary code didnt author it in the obfustication, and they clearly wont be maintaining the obfusticated code. A judge will be able to understand this, and in fact, his or her non-understanding of the technical bullshit that these guys are flinging will be a good thing. It often amazes me how oh-so-clever we techies can be, when in fact we're just being daft.
:-)
Some people really think that lawyers and judges are stupid. They are not. They can be bought, but they arent stupid.
I think the author here is the person who wants to try this. You sound like a techie trying to be clever and sounding it out on here. Fuck off and get a life.
People are replacing the text of the GPL with the phrase "human readable". The key line in the GPL in this instance is "The source code for a work means the preferred form of the work for making modifications to it." Hex code, no matter how good the programmer is, is never the preferred form of the work for making modifications.
That means, if the obfuscated code becomes the true development source, it has become the "preferred form of the work for making modifications", hence the legal source. If they modify the original source, then obfuscate it, the preferred form is the original. It all depends on what version of the source is maintained.
Note that IANAL either, but it seems like clear english to me. It just depends on where the modifications are made.
-NYFreddie
Barbie of Borg - She doesn't just Assimilate, She Accessorizes too!
.. the source code. The obfuscated code is not the source. So I would expect the GPL to satisfactorily cover this case, enforcing the original comprehensible code to be released. Obfuscated code could be considered a form of object code.
So, the source code is being compiled twice instead of once, how does that invalidate the GPL?
It just seems to me that "preferred form" is way too vague, too open to interpretation.
Question is: how does this relate to definitions of pornography? The whole "community standards" doctrine, right? That's always seemed to be an extremely vague definition, but the only acceptable one, regardless of how well it's doing in the Information Age. Can an analogy be drawn between the language of that ruling (I do remember that it is the result of a ruling, not actual legislation, yes?) and the language of the GPL? Is the contract law/criminal law division enough to make the analogy invalid? (Hell, I'm pretty sure there are better examples of well respected legal vaguenesses.)
I suppose that it's possible that a pornography case would result in the "fact-finding parade" you describe above. But the impression I've always had is that "objective metrics" weren't the purview (or at least not the sole sustinance) of legal discourse; if a contract were so easily measured, why settle disputes with lawyers when a monkey with a calculator could do the figures, no? Actually, the very suggestion that objective metrics should be a requirement of a contract damages my respect for lawyers everywhere.
Hm. Most troubling.
IP is just rude.
Is there any torture so subl
This practice is very old. It is, in fact, the way many system consultants rip off their clients, who ask that some program be converted from, say, Fortran to COBOL. The consultant engineers (or buys) a converter that produces obfuscated code. That way, the consultant (or the converter developer) gets in on any new changes. If the client wanted to move entirely to COBOL and ditch Fortran, too bad; the converted still works on their new system.
As has been pointed out already here, a lawyer might find that the abuser would have to prove that recipients of the "source code" could continue development and modification, without having to purchase a converter; otherwise, the GEP is violated.
Furthermore, I'd like to see that company's mailbox when their idea of "source code" gets onto the Net. A scam like this could get really, really messy whether the company won in court or not.
--------------Rev. C.C.Chips---------------- For the real truth, visit
Do you work for Morpheus??!!
Suppose I have source code X, and a translated version Y. If I compile both X and Y on the same machine, it would produce the exact object code? No?
On that note, suppose I modify Y a little bit more, making source code Z. The chages may string references aim toward my company (trademarks, wording, etc). I would have slightly different code, but the code Z would be, let's say, 90% compatible with codes X and Y.
If that's the case, I could prove copyright violations because 90% of source code Z is exactly like my original code X. It's no different that copyright violations seen in the music industry, right? If I write a song that sounds like another, it's a copyright violation.
Any lawyers out there, please comment!
Coderz 4 Life
If the company is planning on using a tool,
or adding a part to the development process
whose sole pupose is to "obfuscate" the code,
then it could quite easily be argued that the
company is agreeing to the GPL in "bad faith".
IE they are deliberately lieing about their intentions in using the GPL code.
That should render the agreement null and void.
This won't work for the same reason that compiling a GPL'd program does not allow you ignore the GPL when distributing the resulting binary.
A work created by replacing all the identifiers in someone's copyrighted source is just as much a derivative as would be a work created by taking someone's novel and changing all the character and place names.
Tell your CEO to fire that lawyer. He's going to get you into a lot of trouble.
IANAL
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
You should at least anonymously inform the author(s) of the possible violation. It is thier work. After you told us, tell us about the code they are stealing.
See the GPL, v2, section 3: "The source code for a work means the preferred form of the work for making modifications to it."
Obfuscated code does not meet this criterion.
Well, if the object is to obscure the origin of the GPL portions of the code, it won't work. It is still possible to recognize obfuscated code by turning it into an abstract syntax tree and comparing that to the syntax tree of the original code.
If the object is to obscure the functionality of the company's code, obfuscating that won't work either. Using the same technology, one can take the obfuscated new code and turn it back into something readable without a whole lot of effort.
Perhaps they are shooting themselves int the foot?
Yes, it's the fault of the OS. Regardless of if it's technically possible for two programs to access the same file, two stock/standard programs (IE and Windows Media Player) can't. So if MS programmer can't even figure out how to code their programs to properly handle the same file, how do they expect their developers to?