Slashdot Mirror
Abusing the GPL?
"How, you may ask?
Integrate the highly useful GPL code we're eyeing into our only slightly more complex (but much more lucrative) project, thereby saving us at least 30% of the coding involved. The company then go all the way to production with it, but instead of finally compiling the actual project for distribution, they instead compile a bunch of incomprehensible gobbledygook that just happens to compile to the same bytecode. You know the game: globally replace every function name, variable name, and so on from our code with nonsensical names (or random characters), remove all of the comments, and any other form of obfuscation they can introduce. They will then GPL the obfuscated gobbledygook, which isn't much more useful to anyone than reverse-engineered bytecode would be (it is a complex project). 'Voila!' All the benefits of a huge GPL project and countless thousands of volunteer hours and unreadable, incomprehensible source tree.
For the record: I do not think this is right yet, I have not been able to find any precedent for why the GPL should protect against this kind of abuse.
I'm not trying to snitch on my company -- or lose my job, which is why I am posting anonymously -- but hopefully some lawyers out there could point out some iron-clad legal reason preventing this sort of thing. I've read the GPL through at least a dozen times since yesterday, and so far it looks like our lawyer is right. I have not found any relevant linkage either, as I have mentioned. Links to extended legal analyses of the GPL from a technical standpoint (if any exist) would be the most helpful. All help is appreciated."
Obviously an IANAL comment but to me it just sounds dead wrong.
What you should do is put it as "What would Microsoft do". If you too microsoft's code and decompiled it and then changed a few names and recompiled it would they sue?
Would you company risk taking on Microsoft? If they would then tell them to go ahead and violate the GPL. If they wouldn't ask them why they feel they can get away with taking on someone smaller.
If you find another job please let us know who it is is doing this.
Matt Thompson - Actuality - Insert product here.
If you take some code and switch out all the variable names and change the spacing around, it's still the same code. If your lawyer is advising you differently, I'd be very suspicious of his motiviations.
"We returned the General to El Salvador, or maybe Guatemala, it's difficult to tell from 10,000 feet"
Speaking only for myself, here. I would resign immediately, and report the abuse to the FSF.
Life is too short to work for lowlife scum.
To find out whether the gobbletygook you distribute is source code or not is simple: if you normally add features to the program by editing the gobbletygook, it's source. If you instead edit the stuff that you compiled to gobbletygook and then recompile it, then the stuff you distributed isn't source and it's a clear-cut GPL violation.
If this isn't the form your company prefers for doing their own internal modifications, then this isn't the source code!
Nowhere does it say that that code has to be non-obfuscated. Nor do I think it should. Do we really want to try and formalize that gray area between "obfuscation" and just plain "sloppy code?"
Not all of the code released under the GPL is what we would consider "good code." By that, I mean people release all sorts of toy projects and junk code under the GPL, for learning purposes. They use bad variable names and inefficient algorithms, but when do we start to consider code "obfuscated?" And more importantly, do we want to leave it to a lawyer to make that decision for us?
I say if you're really concerned about it, then leave the company. Otherwise, just write it off as mean-spirited. There's no law against being mean. :(
Like woodworking? Build your own picture frames.
Pretty boring stuff, but the overall point is that once the end product is GPL'd, it won't take long for someone in the bazaar to figure out a meaning for "asdfgh", and do a s/asdfgh/meaningfulName/g through the whole thing. Or even figure a way to diff it with the original source.
As long as it's GPL'd, the source will be available, and it'll be figured. You're wasting a lot of your time (and the rest of the community's) for very little reason.
No matter how complex your obfuscation, it's likely much less complex than, say, CSS or DES was.
jer
We may be human, but we're still animals
- Steve Vai
As far as I can tell, AINL, as long as you do in fact release the source code (and all linked pieces... must be careful about this), you are in compliance with the GPL, even if the souce code has been obsufacated as much as possible. Just remember though, *everyone* will get to see this source code. They will either know that 1. You are ripping them off by 'working around' the GPL. Or 2. Think your company is staffed with the most incompetent imbecil programmers anyhwere. So my question for you is... Why would *any* company want to release something that makes them look bad??? What exactly is the advantage they think they will get from this?
This doesn't seem too hard, although the part is limited. To quote from the GPL
"The source code for a work means the preferred form of the work for making modifications to it."
In this case - obfuscated code is not the preferred form of the work for making modifications to it - your company isn't going to be making the modifications to the obfuscated version - they're going to use an internal version and make modifications to that instead. In which case they would be in violation of the GPL. A bit of an arse to litigate I would guess.
While the code MAY be obfuscated, you're still releasing it under the GPL.
And while it's true that it's "Almost" as useless as reverse-engineered bytecode, it's not necessarily. Someone with the patience and, say, economic motivation, could still retrieve your full codebase, and be perfectly within their rights to do anything with it, including compete directly against the company.
If you really want to stop this, that's a tack you could take -- try to convince management that there IS a security risk in releasing even the obfuscated code.
I don't see companies like Microsoft or Cisco releasing even obfuscated source to code they consider valuable.
Xentax
You shouldn't verb words.
Do the fucking thing your boss says, as long as you
are not in power, follow orders.
But as soon as you follow the wrong orders, and
break the law, you are instantly in power.
Do your job, get paid, and fucking report them if
they ever fire you.
It is a win-win situation for you.
--
IMHO you're allowed to port a GPL project to another programming language, eg. C to Pascal. But what if you port it to Assembler? Are you still complying GPL because you distribute the software with .ASM-files created with GCC or some other compiler? Or just dump your executables through de-assembler and claim that those are the source code.
- Raynet --> .
My guess is that Section 2a is the only thing that may help here:
This may allow someone to at least track down what the code was before obfuscation, but I see no requirement to name the source of the original code.Worse, Section 3 -- which allows distribution in binary -- only requires the source to be "machine readable". Again, nothing against obfuscation. Section 1 only says you have to keep the copyright notices and references to such as well as the disclaimers in your code.
I'd like to see what the FSF has to say on this.
woof.
Source without comments is like a joke without the punchline.
For me this is a huge inditement of Microsofts shared source and commercial licenses for code. Why? Well, if you rip of GPL'led code the authors while annoyed if they knew, are not going to be saddened by the loss of income. The bulk of them make money on the packaging, sponsorship, their day jobs or consulting related to the product.
Now 'shared source', and companies that provide Perl/PHP/JSP code with a commercial license *would* loose income! They don't have any more magic reverse engineering tools than the open source community.
What you're company is doing is morally very wrong but I don't think it'll kill the GPL as a license but it could have an impact on other ideas such as 'Shared Source'.
e4 e5
When it comes down to it, this is a really sticky question. There are certain algorithms which can only be done efficiently in one way. If I code a linked list in C++, and the optimizing compiler boils it down into the same object code as Microsoft's linked list class, do I owe Microsoft royalties? The source code is different, but it is very possible that the object code would be identical. If object code can be copyrighted, then this would place many open source projects in jeopardy, as they frequently borrow algorithms from the proprietary UNIXes.
I think a better approach for your company would be to have an analyst read through and analyze the GPL code, and then create something new based on the knowledge gained. Copy the algorithms, but not the code. This "black box" approach would take only marginally longer, and there would be no possibility that all of your code could be forced into open source status. Since the design is already proven with this approach, the only thing you would have left to do is the coding and testing (which should be about 8% of the total project cost.)
Is your software Complete? If it doesn't come with the source code, it's Incomplete Software .
The society for a thought-free internet welcomes you.
What could they possibly be working on that capable programmers couldn't write themselves? I don't think that this companies attempted theft is really that well thought through.
Why did it take so many posts for someone to point this out? Do people not read the GPL?
What a day to be without moderator points...
For those too lazy to read the whole thing, read section three, point #3 very carefully. Just because something compiles does NOT mean that it is source according to the GPL. That you would not do development on the obfuscated gobbledegook clearly shows that the obfuscated version is NOT the preferred form for modification. I would be highly suspicious that your lawyer is insufficiently anal when reading contracts if they missed this.
As for precedent, can anyone find a discussion of GPL'ed yacc/bison grammars? This would fit exactly the case above - the original source that must be distributed is the .y file, not the result of compiling the .y to a .c file. Unfortunately, I don't think that anyone has ever been tempted to rip off a GPL'ed grammar.
Verbatim from the GPL:
"The source code for a work means the preferred form of the work for making modifications to it. "
This gooble-de-gook is by no means the 'preferred form' for making modification, thus it is not source code under the GPL.
Get another job, this company is going down.
-josh
From the GPL:
The source code for a work means the preferred form of the work for making modifications to it.
While this obsfucated form of the source is indeed machine-readable, you're going to have a hard time passing it off as the preferred form for making modifications. Seems fairly open and shut to me.
Damn, you have to be fast to not be redundant... Guess that's why they call it internet time. Was a pretty obvious answer really. I shouldn't have spent so long formatting it.
:(
Oh well, go ahead, Mod me to hell -- I never had any karma to begin with
Although logicaly it doesn't sound like a violation of the GPL because you still can see the source code. I question the motivation. How would this benifit your company? The source will still compile right? It still can be obtained free. right? This just seems silly. The problem people have making money off of GPL'ed software lies not in the open source code but in the fact that people can get for free what you are trying to sell.
I mean when was the last time you looked at the source of a project that you just wanted to use, not develope.
(BTW, I am not a legal advisor. This is my understanding of the GPL).
If you are including other people's GPL'd source code in a program which you distribute, then you must abide by the terms of that license. Section 3 of the GPL is precise enough to disallow scrambling the source code:
There is nothing to stop you changing all the variable names, or the style of someone else's code. However, if you distribute a GPL'd binary then the source you distribute with it must be the source that you prefer to use for modifying the program yourself. You may be called upon to prove this in a dispute.
For reference, section 3:
By obsfuscating all you've done is create v+0.0.1 of whatever you started with in, but in your own fork. That means this alteration is covered by the GPL.
Standard not-a-lawyer stuff applies.
Cheers,
Ian
So you've either got an obfuscated sourcetree to maintain & bug fix, or you've got two sourcetrees, the internal one and the external one. In either case it's slowing development down, and the change of errors creeping in is increasing. All in all, not a good idea.
The primary question of the article was "Is this legal or actionable with respect to the GPL?"
Even if the FSF knew about it, what could they do? There has to be a clear violation of the wording of the GPL, not just some gut reaction.
So the question stands: What can be done about this type of situation given what we know?
If there is something that can be done, then talk about reporting them.
FWIW: The BSD advertising clause would require at least one comment remain in the code, the original authors name. That would at least give someone a hint as to where the code came from when trying to interpret the "garbage" source.
There is nothing so silly as other peoples traditions, and nothing so sacred as our own.
The GPL states:
That term was written to prevent exactly the sort of obfuscation the attorney is proposing. Obfuscated code is demonstrably not the preferred version for creating modifications. So, what is being proposed is a GPL violation, and your company's attorney missed that part of the license. The talk about incidental resources isn't germane, it actually seems to be intended to confuse, because what is being proposed clearly is a derivative work, and the company attorney is acknowledging that when he suggests that the obfuscated code be GPL-ed.But there are simpler remedies than legal ones. If the free software developer community hears about a product using obfuscated code to circumvent the GPL, they will retaliate by creating a non-obfuscated version and using it to compete with your company's product. They are experienced at reverse-engineering, they have excellent tools for code reformatting and analysis, and there are a many programmers who will be angry enough to work on this.
If your employer wants to unashamedly take advantage, they are simply buying a lawsuit. The free software community does have the resources to bring one - it would probably be brought by law professor Eben Moglen of Columbia University. He wants more legal tests of the GPL, and would love to make an example of your employer. Don't go there.
Bruce
Bruce Perens.
It's only a copyright violation if the code is re-released. That's not /his/ responsibility, that's the company's.
ALSO - he's not talking about removing comments variablenames & whitespace in the gpl'd source, but his company's.
Desperation is a stinky cologne
I don't believe the original poster was judging anything. He was making a statement of fact. Under US law if you know of a crime but do not act to prevent it, you are considered an accomplice to that crime. It doesn't make a difference what his personal situation is or whether or not he has a family. It matters what the law says, and the original poster is correct.
(Of course I'm making the assumption that the original poster is governed by US law; it may be different in other countries)
From my reading, that is not the problem. It appeared that the company did release the code with source as GPL along with their product. They just obfuscated it before releasing it. That is not directly a GPL violation.
There have been cases before of obfuscated GPL code (Some video drivers in the Linux Kernel I believe) but those were original source from the manufacturer.
This article is about taking someone elses GPL code, obfusacting it, then re-releasing it with GPL intact.
There is nothing so silly as other peoples traditions, and nothing so sacred as our own.
It would be a civil violation, not a criminal one -- I'm quite sure it'd only be his company liable, not him.
(IANAL, though).
I just had an idea.
What if they claim that the obstafacation (sp?) is part of a copy-protection plan and that anybody whom writes a program to un-do it is violating the DMCA.
Could they sue even though the code is in fact GPL?
-J
Your company's tactics are clearly intended to violate the spirit of the GPL: to make the code unusuable. Usually when there's a violation of the spirit there's also a violation of the letter.
Incorporating code is NOT incidental use, by the way. Frankly, I don't see how the license of any tool can enforce a license on code (or text) that was created with it as a tool (e.g., a license on emacs couldn't force you to copyleft a novel you wrote on it), because the created code/text doesn't incorporate copyrighted intellectual property of the creator of the tool. But in your scenario, you ARE incorporating someone else's IP in your project, creating a derivative work, and so are guilty of violating the copyright on that IP - unless you follow the license.
Compare it to a translation: you are reproducing the meaning of the GPLed code with different words, which after all is what translation is. A translation of a copyrighted work must be licensed by the holder of the work's copyright.
If you (note that I said you, not your company: the moral responsibility here is the programmers', not the suits') do not want to follow the spirit of the GPL, I'd suggest looking for similar code that isn't GPLed but has a license that does not "contaminate" derivative works. If you can't find any, then you should take the 30% hit and write your own code. If it's such a lucrative project, and if the distribution of clear source code would represent a threat to your profit stream from the product, I would think you would be willing to accept such an expense to protect your own intellectual property - because if you violate the GPL and get caught, you could lose it all in court.
I am not an attorney, and the above does not constitute legal advice. You might want to ask an attorney of your own for advice, as you may find yourself caught in a situation in which you will be making yourself liable for the actions of your company.
That is a scary notion.
It could lead to a situition where corps. co-opt open source programs, embed a password protection scheme,than obfascate. They could then outright take all the code they want and make a program to give away. Then could then make money off of selling the passwords. All will being covered by the GPL and DMCA.
I don't see how this violates the spirit of the GPL, since there are no provisions in it for the quality or readibility of code.
.asm file that is just the disassembly of your binary isn't very useful for preserving the right to modify the program. Neither is deliberately and cleverly obfuscated source.
The "spirit" of the GPL is about being able to make modifications to the code. That is one of the rights that the GPL is trying to preserve. It isn't just about being able to get a free copy of the code you can compile (and if you're lucky for different platforms).
As at least a dozen other posts under this article have already said, there is language in the GPL providing for quality -- or at least editability. The source must be in the "preferred form" for editing. Because releasing a
The authors of the GPL understood that "openess" depended on at least the level of usability that was present when the code was written. Hopefully we've cleared this up (and this guy's company lawyer has been sacked).
The enemies of Democracy are
Until they actually release this code, there's nothing the FSF (or anyone else) can do. Talking about copyright violations isn't a crime, and there's a good chance management will come to their senses. As long as these people don't do anything immoral, I don't see anything wrong with working for them.
Threatening mass resignations from engineering, btw, is one tactic I'm currently seeing used to prevent a GPL violation at another company. Buyer's market though engineering talent may be right now, I expect it'll be effective -- turnover is just too expensive. Quitting right away (as soon as idea is raised) -- simply put, why?
If it is very special-purpose software, it might require alteration to be useful to another organization. If it is unreadable, it would be difficult to alter. So no one would have any reason to copy it.
Even if that's not the case here, it could happen.
The documentation just to track down the actual use of the variables, etc etc etc will be insanely complex.
Never mind the poor sod who has to go through it after and figure out what it does.
They have saved money on development issues, and transferred them out to Tech support isssues, thereby multiplying the costs.
Of course, to gain all of the legal benefits, they would probably have to erase all of the connections to the source as it was.
"It is a greater offense to steal men's labor, than their clothes"
I'm not trying to snitch on my company
Well perhaps you should! If they are prepared to use such extrodinary lengths to f**k somebody over for their own profit, do you really want to work for them ?
I'm also a GPL author, GPL has provided me with the cheapest way of imposing intellectual rights and stamping my name on some original ideas without having to set up a company and market it!
;-).
I'm not suggesting that people rip of other peoples code, that is wrong any time. What I am saying is that Free software (note not OpenSource) has lot less to lose than the companies that rely solely on the IP rights of their products and the ensuing protectionism.
Have you any idea how much legal fees are? My solicitor charges about 10 times what my dentist charges, and thats saying something
e4 e5
IANAL, etc... etc... yadda, yadda, yadda.
The company then go all the way to production with it, but instead of finally compiling the actual project for distribution, they instead compile a bunch of incomprehensible gobbledygook that just happens to compile to the same bytecode.
You know the game: globally replace every function name, variable name, and so on from our code with nonsensical names (or random characters), remove all of the comments, and any other form of obfuscation they can introduce.
They will then GPL the obfuscated gobbledygook, which isn't much more useful to anyone than reverse-engineered bytecode would be (it is a complex project). 'Voila!' All the benefits of a huge GPL project and countless thousands of volunteer hours and unreadable, incomprehensible source tree.
Here is my take:
Other things to take into account:
Conclusion?
Bad idea. VERY bad idea. Release code under GPL, play nice, and nobody gets hurt... (wink! wink!)
IMHO, any company who tries that kind of stunt is going to end up on the trash-pit of dot-coms faster than you can say "GNU General Public License".
The right to offend is far more important than the right not to be offended. (Rowan Atkinson)
If anyone wants to prove me wrong, please do so. We need people to stand up for the GPL and protect the hard work that so many people entrust to it's care.
"If I wanted your input on my pet project, I'd stick my hand up your ass and use you like a sock-puppet." - Muse
asobala writes: I would be highly suspicious that your lawyer is insufficiently anal when reading contracts if they missed this.
Am Not A Lawyer? :-P
*laugh* I'd mod you up if I had points.
-- MarkusQ
I recommend using an anonymous re-mailer to rat them out to all newsgroups where people might have a say in purchasing or not purchasing their product. It won't stop all sales, but at least it will reduce the fruits of
That being said, if I take the latest published book and substitute all 'variable names' by changing
So as I see it, that is where they are going wrong. Software is copyrightable, and they are plagerizing.
Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
One problem is to ensure that anything that is printed out looks different from the GPL version, which would be simple enough, though tedious.
Another problem is integrating new versions of the GPL code into your product.
I think the biggest problem is keeping it secret. Obviously, in this case, the company is not doing this part very well. It shouldn't be too hard for this anonymous coward to leak the info without becoming a primary suspect.
Again, this stunt should only be performed by trained professionals. Do not this try at home, kids.
Yes, it does:
'The source code for a work means the preferred form of the work for making modifications to it.'
Incomprehensible gobbledygook does not the preferred form make, any more than machine code.
What a lot of people appear to miss a lot of the time is that the GPL is _not_ one of those 'thrown together in a week' opensource licenses. It was developed over several years, and reviewed and rereviewed by the FSF legal counsel. It doesnt have holes like this.
Newbie lawyers looking at it for a few hours always misinterpret it. They dont have the technical savvy, nor the persistence to grasp the actual meaning and how thorough the GPL actually is when it comes to accomplishing its task.
The current MySQL AB/Nusphere legal issue isnt the first court case on the GPL because nobody has tried to violate the GPL before. It's because everyone else has realized they dont have a chance in court, and have given up rather than trying to persue a case which their lawyers have eventually realized they will lose.
IMHO
If they do, whistle blow.
Accept the fact that they - the company that you work for - is looking for every advantage that they can find, and if it means that they can abuse the GPL they will. Any and every advantage. You have a moral and ethical problem, and you need to figure out what is more important to you (job or karma), and what the ramifications are for your actions. I would certainly talk to the orginal developers about your company's plan to co-op their code as well, and hire a lawyer of your own.
III.IIVIVIXIIVIVIIIVVIIIIXVIIIXIIIIIIIIVIIIIVVIII
True. But it's often cheaper & easier in the long run than living with the knowledge that you should have done something and didn't.
I'm not saying that quiting is the right thing to do; I'm saying that he should do what ever he desides to be "the right thing," be it ever so hard or costly, with out regard to cost or consequence.
-- MarkusQ
It would be hard to write an anti-obsucation clause I imagine
Not that hard; in fact, it's already been done. The GNU GPL, section 3, states: "The source code for a work means the preferred form of the work for making modifications to it." I don't think any reasonable U.S. district court judge would consider robo-obfuscated C to count as the "preferred form" for that purpose. See #3117740 for another explanation.
Will I retire or break 10K?
What the author said was:
So, yes, they are intending to munge the GPL source they've incorporated, along with their own source, into a final, monolithically obfuscated product.Mail? Put "slashdot" in the subject to pass the spam filters.
1. Is it in violation of the GPL? This question is not a simple one, but such actions may very well be violation of the GPL. If this matter reached court, the question would center on whether the process applied to the GPL'd code constituted part of the process to create the derivative work, as derivitive work is defined in the GPL. For example, an expert might argue that code obfuscation can be part of the compilation process. It is oversimplified to say that laws are reinterpreted on the fly to capture the intent of the law. What is true is that these sorts of questions - for example, what constitutes compilation - are likely to be viewed in a manner which assists the obvious intent of the applicable contract/law.
2. If it is a violation, can it be proved? Probably. Our company works for lawyers on code plagiarism cases all the time. There are many algorithms you can apply to show statistically significant relationships between a body of code and its obfuscated counterpart. The same should be possible with bytecode. Once a reasonable basis for suspicion is established, plaintiffs could get discovery of the company's code repositories and depose employees under oath.
Christian Hicks
Elysium Digital, L.L.C.
http://www.elys.com
Get that statement in writing, in case you might need it in the future. Screwing yourself out of a job? I don't think so. If they have the balls to try something like this, then why trust them with your future? Point out why it is in violation of the GPL, point them to your post on
My beliefs do not require that you agree with them.
From what I gather is your company is skating around buying licenses for a commercial development tool and using a student version or other version that is restrictive. You are then mangling the tool's generated code so it can't be identified and then compiling the mangled source with GNU tools.
Your company is still benefitting from the commercial tool and not paying the authors what is due them. The mangling doesn't change the fact that the tool was used and benefit was obtained in the first place. But the only reason you are mangling is to hide the generated code which you feel you need to distribute with the GPL code you are also using in the project. I think you should fire your lawyer.
'Same speed C but faster'
All this ranting about illegal issues....
The article stated that they were going to RE-RELSEASE the project under the GPL.
So that means it's still free. They were just going to make it unreadable for people like myself, who might be a fair programmer, but remove the comments and obfusticate (or whatever) the program, and I'll never figure it out.... Making the fact that it's GPL useless for me, except in the end product. I could always compile it and use it.... but just could not learn from it.
www.slightlycrewed.com - Because aren't we all?
I would have thought this would have opened a can of worms that your employer would have preferred kept shut - there is nothing preventing you (by that criteria) taking a full copy of their part of the source, re-obfusc-ing it so that it is superficially different from their version, then releasing it as a competing product. given it hasn't cost you any developer wages, you should make a fortune undercutting your employer... its even file-format compatable with theirs ;)
-=DaveHowe=-
I'm guessing your employer intends to release unreadable, modified source code which compiles to a salable binary. The modified source still has to be released for free, meaning anyone can compile it and use the resulting binaries without paying. This does not protect them from a fork in the original GPL code base, and for the same reason it doesn't always pay to take BSD source code and run with it: the BSD folks (just as the GPL folks) can implement the software application you've tried to sell, and their modifications will be readable and subject to improvement by anyone.
The risk is that soon after you start charging for yours, someone else is giving away and equal/better alternative. The more money you charge, the more GPL programmers' employers stand to save by duplicating your effort in a cooperative way (spreading the development cost as thin and wide as the market for such software).
Here's another reason your company's management is screwing the owners: Source written for GPL release is written with readbility in mind. That makes code management easier. If you are in a race, and there is no requirement for the code to be widely readable, it will eventually become spaghetti that must be scrapped. At that point you will have to "borrow" from the competing GPL project again. Admitting that you will have to spend money "following" the GPL code, do you want to try and get as much free code as possible (by promoting volunteer contributions to the code base) or do you want to maximise your own development costs aside from the initial code "import" while you rewrite and reintegrate the proprietary side of the app each time? Free software is more economically efficient. You may save on some of the sunk costs, but you can't avoid the risks of proprietary software.
--- Nothing clever here: move along now...
So they make the changes they need in the open-source code, then before release they obfuscate it, and release it under GPL. So (they claim) the obfuscated source code still meets the GPL license, but is unusable to outsiders. Except maybe it violates the GPL license because the obfuscated code is not the preferred form for editing, and IIRC that's how the GPL defines "source code". This sounds a lot like the story of the soldier who shot himself in the foot to get out of the Army, and was court-martialed for damaging gov't property. And they kept him on the Army rolls until he finished his sentence in Leavenworth.. Whether or not this legal hack holds up in court, it's not a good idea, because:
1) Software maintenance of the obfuscated code would be a nightmare, even using the company's "dictionary" recording the obfuscations. Two other options:
(a) Keep the un-obfuscated code, edit that, and run it through the obfuscater again. But that definitely means what you released wasn't the actual source.
(b) Have a de-obfuscator program that uses the dictionary to reverse all obfuscations. But having that around amounts to an admission that the obfuscated code isn't editable in practice...
2) The downloadable obfuscated code would have to credit the original open-source code. So get one of those software plagiarism detector programs that analyzes for similar structures, and use that to discover the renaming and re-arranging that went into obfuscation. Add a little more code to get an automatic de-obfuscator. And the parts that don't match are the company's "secret" code changes.
If they used the BSD license, they wouldn't release the source. The point of this company's actions are to hide their changes, so why release anything if they don't have to?
What I haven't yet seen discussed is that since they are going to release something, customers would certainly be suspicious of a product licensed under the GPL with source that looks like it was written by a drunk pidgeon. If it were something like a C/C++ compiler that behaves awfully similar to lets say... GCC, I am sure we all would notice and give them some bad press.
The one thing I do feel good about in this situation is that the company is releasing the changes back. For every one company that we hear of messing with the GPL, I am sure there exist 30 more we will never even know about.
It might be gramatical, but it's not germane. I suspect it was intended to obfuscate.
Bruce Perens.
Hi-
You have to decide what the ethical response to your situation is. If you sit around and watch something you know is wrong happen, then you are at fault for not alerting the proper people.
If what they are doing is legal, but you think it is wrong nonetheless (wouldn't be the first time) then let your bosses know you don't agree with the situation and propose a better solution yourself. At least, if nothing else, when the shit hits the fan you can say, "I told you so".
T
Source code is the program 'in the preferred format for making changes'.
Obfuscated source, as you propose to distribute, is NOT the 'preferred format for making changes', because your company sure as hell isn't going to hack the messy obfuscated byte code when they need to update their product.
That mess that you intend to distribute may not be called 'source'. That affects how you may or may not use the GPL with respect to it, and I suspect that you probably won't be allowed to do it at all, no matter what 'incidental works' are involved. Your lawyer friend is only telling you half the story.
A lawer could make the argument that the obfuscated source code is not source code as defined by the GPL. It it pretty well stated by the GNU project that the source code of a program is the most understandable and modifyable form of the program. You company is "compiling" this GPL code into a non readable format.
--- Justin Dearing http://www.justaprogrammer.net/ We're just programmers.
I can think of a few other, better ways, to use GPL code in commercial projects without pressing everyone's ethics button so hard. Better engineering, better PR, less work. Is that so hard? Sounds to me like the lawyer wants to have a few years steady work, and your CEO is too preoccupied with being evil.
- - - Non Caffeine Drink or Drink Error
Go to a public library. Logon to the internet terminal found in most public libraries. Create a Hotmail or Yahoo Mail account. Use that account to E-Mail the FSF with your company's name, the project's name, and as many details about the project as you can without personally identifying yourself.
Then, later, you can sleep like a baby, knowing you did the right thing.
The next Slashdot story will be ready soon, but subscribers can beat the rush and slashdot the links early!
The advertising clause was removed from the BSD license three years ago. If you want to use the license you should use this template.
Besides, if you happen on a file with the old license that is copyrighted to the University of California, the advertising clause is null and void.
The Drowned and the Saved - Primo Levi
HTH
-- the most controversial site on the Web
The fact that they mod the code AFTER their own hacks are finished with it indicates in a rather matter of fact manner that the released code is not the "preferred form", nor is it easily reconstructible as in 'tar -xzf foo.tgz'.
In order to get away with this, they'd have to demonstrate that the released code is what their own grunts have actually been using while making their mods, at least. If not, it is obviously not the "preferred form".
Good judgement comes from experience, and experience comes from bad judgement.
- W. Wriston, former Citibank CEO
Or possibly the code in question will never have another public release. Fork 'em all.
IANAL, but
If you find this distasteful, make sure you keep copies (hard copies) of all internal emails and documents pertaining to this issue.
That will probably protect you and make the case a slam dunk if it ever goes to trial.
Send your boss an email objecting to the shaky legal ground and save his response where he asks you to go ahead with it. If you get fired for making noise look into the whistleblowers statutes.
Chuck
Ever notice how you have to install Netscape for Galeon to work?
There's an ethical workaround here that gets everybody what they want quite simply.
Modularize the interface to the GPL code. GPL release this module: your company has just contributed to the community, and that is a good thing.
Release your product commercially, and "bundle" with the GPL module and all appropriate GPL documentation. Make sure that during the installation process the separation of liscence is clear.
Your company's proprietary code is Copyrightable, the GPL code stays GPL, Everyone is happy.
This comment is fully compliant with RFC 527.
Yes it is, unless they only add and change features to the app by changing the obfuscated code itself.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
There doesn't seem to be anything in the GPL regarding keeping the original copyright notices in the source. Can I take GPL'd source, strip out the copyright statements, and redistribute it?
Moreover I seem to recall hearing that once the GPL has been violated, only the author can reinstate the violator's right to modify and distribute the code. If I were the author of the software package in question, I'd tell the company to get bent after winning the lawsuit. If you make me sue you, I'm sure as hell not going to let you benefit from my work anymore.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
Since that's his preferred form of modifying the source and adds a great deal of speed to the application, it's fine.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
Softwarthat is primarily developed in Assembler is fully commented with meaningful variable and macro names. The output of a disassembler requires a boatload of analysis before it can even approach the usefulness of the "preferred form" of assembler.
The company that the article author works for had better hope that the source they intend to munge isn't owned by the FSF or a corporation with some money for lawyers like TrollTech. As Bruce Perens pointed out, Eben Moglen would love to run their..ahem! er..market penetration device through a pickle slicer.
A consultant would have a much harder time if he was called in to a site that used "his" code only to find it's been obfuscated. He wouldn't be able to do his job and he wrote the code so he could do his job. A good lawyer could probably make a case for that being "injury" in the legal sense of the word.
The "preferred form" part of the GPL has often cited by now. Not only is his company morally wrong, it is very probably legally wrong as well.
Look, there IS another option.
Without knowing the details of what GPLe'd application is involved, it's hard to give good advise, but you may be able to talk to the authors of the code to re-issue the code under an additional license. Maybe the authors would be willing to release the code under the BSD, LGPL, apache, or other license in exchange for a few bucks...
Of course if this is really old GPL with hundreds of authors this becomes difficult. You would need approval from all the contributers.
You can do a black box re-implementation of something, IIRC, but the guy who reads the original code can not code it. He has to write a document explaining how the code works in English. Then a programming team takes his document and implements the API per his documentaton. Which 9 times out of 10 will be more of a pain in the ass than just writing code that provides similar functionality from scratch.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
First of all, IAAL. Second, the GPL's definitional distinction between source and object/executable form relies on two key terms that cannot be objectively measured: "preferred" and "normally". I defy you to provide me with objective metrics for measuring what is "normally distributed...with the major components...of the operating system on which the executable runs." Equally imnpossible is a definitive response to the question "what is the preferred form of the work for making modifications to it?"
In order to impart meaning to the GPL distinction between source vs. object/executable, one must go on a fact-finding parade to measure industry practice, and other wishy-washy standards. In the context of a dispute over a GPL'd bit of code, you can be damn sure that the GPL will collapse under the weight of this fact-finding process, and that the party with more patience and money will win that battle.
There are some things that lawyers understand better than geeks, believe it or not. We are (generally) excellent at spotting weakness in prospective arguments. In the case of the GPL, there are drafting holes big enough to drive a Trident submarine through. I've said it before, and I'll say it again: the GPL won't hold water in a dispute. The reason no one has given you any precedent (as per your request) is that the GPL has not been truly tested in court. Since the GPL eschews the lessons that lawyers have learned about drafting in the past (largely in order to score points with geeks by being colloquial in manner and sounding un-lawerly), it cripples itself with imprecision and ambiguities. The weakness in its core definition of source vs. object/executable is merely one of many fatal flaws in the document. To be perfectly frank, the GPL is a POS contract and I would arguably be liable for malpractice if I advised a client to use it for reason other than their unbending adherence to open source dogma.
In conclusion, you are likely to see many companies "abusing" the GPL. Rather than use the loaded term "abusing", I would prefer to characterize this behavior as "exploiting" the unsophisticated and niave drafting of the GPL's language.
Since I said "IAAL", I must also say that the above does not represent a formal legal opinion, that I do not represent you (the reader) as your lawyer, and that you should not treat this message as my legal advice to you. Laugh all you want -- I'm just sticking to my ethical directives, kids.
Really? I never heard of this. So you're saying that, if, say, someone rapes me, and the state has a strict liability standard for rape, where I'm not required to resist in order for the rapist to be criminally liable, I'm guilty of my own rape? (because aiding and abetting prior or during the commission of a crime makes one a principal to the crime, liable just as much as the 'main' perpatrator)
Or perhaps a simpler explanation is that you have no idea of what the hell you're talking about. Civilly and criminally, totally innocent bystanders have NO RESPONSIBILITY. Only if you've somehow acted, or have acquired a duty to act which you ignore, are you liable.
-- This and all my posts are in the public domain. I am a lawyer. I am not your lawyer, and this is not legal advice.
I'm not a lawyer, so don't use this as legal advice. Instead, you (the author of this slashdot article) may want to show it to your company's lawyer and suggest that he track this down.
According to this link, there is a case called "Whelan" that established that duplicating the detailed structure of a program was copying of expression rather than ideas, and therefore copyright infringement.
Also, I remember reading a very good article about ten years ago by law professor Pamela Samuelson, I think in Communications of the ACM or some other ACM publication, that talked about this decision and mentioned "detailed structure and flow", which would make the case for infringement even stronger.
Finally, I recall reading somewhere, perhaps in that same article, that there is some common law rule that the standard of similarity by which copyright infringement should be determined is supposed to correspond to how much access the alleged infringer had to the original work. In other words, if the alleged infringer had easy access to the original work (e.g., had carefully read the original GPL'ed source), then the standard for proving infringement is supposed to be easier.
Again, I'm just a layman. Don't use this as real legal advice.
i.e. I can modify the Linux kernel all I want, and I am under no obligation to provide anyone with my source code changes until and unless I distribute that changed kernel to another party. The moment of distribution is when the GPL kicks in, and requires me to make source available.
All movements for social change begin as missions, evolve into businesses, and end up as rackets.
I'm not an expert with legalese, but:
First arent all the copyright notices inside comments ?
Removing comments with the copyright notices would immediately violate T&C section 1. (while indicating acceptance of the whole document as per section 5), but then you aren't allowed to remove the comments. The obfusciation is seemingly permitted so long as the copyright comments still remain along with additional comments documenting the changes as required by section 2.
The obfusciation is seemingly a process of derivation, that is you start with GPL product and do some M-x replace-string's... This derivation process means that the "proprietary intellectual property" is still GPL'ed...
The GPL does NOT apply to sections not derived from GPL code, but only when they are published apart from the GPL portion. when the whole package is published it is still GPL'ed by inclusion of the GPL code (does anyone remember the Nvidia driver issues?)
Also according to section 5 the fact that you edited the GPL code at all indicates acceptance of GPL terms and conditions. Failure to accept prohibits you from making modifications (such as the string search and replace described)
The whole process seems expressly in violation of section 4, but i am no expert...
What I fail to see is how anyone can avoid GPL except by producing clean-room-code. I seem to recall Nvidia having this problem with their drivers a while back.
As an aside, isnt "chicken noodle soup" less than 30% chicken by volume? (but it is still considered a chicken product.) Your company's project might be 30% GPL code that was heavily edited (IMHO the only real weakness in the GPL is no "real" definition of "derived", however the common meanings of derive include "to trace the deveolpment of", which has been done...)
A couple of questions: Is it possible to write a perl/awk/sed script (or otherwise algorithmically describe the obfusciation? (since global replaces are used i would dare way yes...) If this is true then an argument can certainly be made that the work was "translated" from "ANSI c++" to "ANSI c++" (hasnt anyone done english-to-english translation between say a lawyer and an engineer? or perhaps heard of such things?). This translated copy would seemingly be covered by section 0 and all other sections (as incorporated into the defitition of modification)
just a few cents worth
-j.
It's legal standing comes from copyright law. It is a unilateral grant of rights to distribution (since copyright law does not grant such rights), provided that the redistributor also unilaterally grants rights as it has been given to him. It has as much standing as copyright denies these right to people, by default.
Garbled source code is no longer what the GPL defines as "source code": The GPL defines source code as the form preferred for making changes. A pseudo-source isn't that.
Claus
If the GPL is a POS contract (I couldn't argue one way or another), what other "open-source compatible" licenses exist that would better protect an author's wishes to keep his code in the community, prohibit the said code from being incorporated into a privately controlled, profit-seeking venture against said author's wishes, AND stand up in court?
I'm not asking you for formal legal advice, just your opinion as a lawyer. Are there any open-source licenses you COULDN'T drive a truck through? (much less a Trident...)
However, there is one thing they do have to be careful with and that's the 30% of the GPL'd code they haven't written but plan on using. If they obfuscate this code and then attempt to claim copyright of it, there could be some big consequences. This is clearly illegal and doesn't involve the GPL at all.
It involves the GPL in so much as the GPL is the only thing allowing them to distribute their resulting product in the first place.
I'm also not sure how the system would work if they obfuscated the original 30% GPL'd code but the attributed copyright to the original owner. I'd assume that they'd still get in trouble because the copyright owner of that code did not produce the obfuscated mess. Might be slander or defamation of character(or one of those goofy legal terms).
Copyright infringment (the obfuscated version is a "derived work") and fraud would appear to come into matters as well.
I think that this is a distinction that is much easier to make than the previous one you mentioned. All you have to do is to go to the computers where the people are actually writing the code and see what form of the program they are modifying. If they're working on the code in a format different from what is distributed, it's an easy case that the form that's being distributed isn't the preferred form for making modifications. That's especially true if you can find:
You're correct that this is not an open and shut thing, but it's not an intractable one, either. Most people have fairly sensitive BS detectors, and they're going to be able to tell that code that's been deliberately messed with to make modification more difficult is not in the preferred format for making modifications. All you have to do is show that a deliberate attempt has been made to obfuscate with the code and you're set.
There's no point in questioning authority if you aren't going to listen to the answers.
I assume that your company is planning on maintaining this codebase over time; if so, they will need to keep a human-readable copy around. This is the copy that the GPL requires you to make available to the public: "The source code for a work means the preferred form of the work for making modifications to it."
I suggest you find a way to keep your code from linking against the GPL'd code. You can still distribute them together, but your proprietary code can't be a derivative of the GPL'd code without making available (at no cost) the entire "preferred form of the work for making modifications to it."
Without knowing more about your project, I don't know what the best solution would be. Perhaps you could write a socket interface for the GPL'd code, which would have to be GPL'd. If you're lucky, maybe the original developers of the GPL'd code would accept that as a contribution and incorporate it into their project. Otherwise, you could fork the GPL'd project and make the human-readable source available for download from your company's systems. Then your product could use the socket interface and your company can use whatever license it likes for the 'much more lucrative' code.
include $sig;
1;
Unfortunately, it seems to me that there's a way to circumvent the "preferred form"...
You could make the gobbledygook to be your preferred source, by creating a completely proprietary, non-GPL development environment, which provides a mapping from gobbledygook to human readable code.
In this case, your "source" is the gobbledygook, and you just happen to use a weird IDE...
Nonetheless, it's immoral... but possibly not illegal.
'Breaking' the GPL would seem to be a civil, not criminal offence, would it not?
Not if you break it willfully for "purposes of commercial advantage or private financial gain". Willfully would be hard to prove in this instance though, since a lawyer in good faith advised the company that what it was doing was not illegal.
You should suggest to your company that instead of releasing the whole source code, they only release an obfuscated patch to the source code. As long as the patch does not contain any of the original work, it is not a derivitive work, and you will not be breaking the GPL.
I doubt it.... if Microsoft wants to bury the GPL, why would they use it and risk (a) giving it credibility, or (b) reinforcing their image as a bunch of cheaters? It's not as if they can't afford to write their own code...
I don't care if it's 90,000 hectares. That lake was not my doing.
I don't trhink it'll work; you're allowed to create and defend an access-control mechanism that is being used to keep people from accessing your work, not other people from their work.
Jay (=
(IANAL, of course)
As usual, this "problem" can be solved by actually reading the damn GPL:
Obfuscated code does not qualify as the "preferred" form; you can't give one version away and hold an unobfuscated version for your own use. This is a clear GPL violation.
Tom Swiss | the infamous tms | my blog
You cannot wash away blood with blood
What benefit does a company accrue to taking someone's work, obfuscating(sp) it and then re-releasing it under GPL as one's own? Unless they are not actually intending to release as GPL..
Well, assuming what you say is correct, the benefits are few... The chances of getting caught are moderate, but if you or one of your staff is laid off/fired/quits then the word will get out and make its way to the original authors.
Nobody needs to "squeal" either. Say I write a lot of code for GPL's project X and this company comes out with product X' which is almost the same, but better. Their code is extremely obscure as well...
I might out of curiosity, run one of those web-based code checking tools. These are designed to find cheating students and do not require similar variable names, etc.
If caught the costs would be painfully high. I think most software companies would rather face a ravenous pack of lawyers than face the savage hordes of a jilted Open Source community. Every day operations would become difficult due to clogged email/phone lines, not to mention that your good corporate name would be mud.
The B/C analysis is vastly in favour of crediting the original authors. I think your managers and your lawyers are playing dice with your company's future. If I was a share holder (let alone an OS geek or an employee like yourself) I'd be quite pissed.
Good luck!
-b
This is not legal advice. You need some.
Read the section of the GPL that mentions "preferred form of the work for making modifications to it". Deliberate obfuscation of the code with the intent of making it useless for the purposes of modification could easily be construed as an attempt to violate this part of the license, and I'm sure the FSF, after recent court decisions, would be happy to discuss the point before a judge.
The GPL explicitly gives permission to modify the source code and redistribute it. If a company claimed to be encrypting the code, they're still explicitly giving you permission to modify it. That includes removing any "copy-prevention" they want to add. (assuming you aquired the source under the GPL, which may not necessarily be the case even if it's available under the GPL)
(ianal, just a smart ass)
"The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable."
It specifically mentions the compile and install scripts. So it's the plain interpretation, not a strict interpretation, that leads to the conclusion that one must include the project files, etc. You need to distribute whatever is needed to transform the source -- in the form that *you* the developer normally use to modify it -- into the object files you distribute.
Note, I don't think that there's anything wrong with this or controversial at all. How useful would GCC be to you without all of the Makefiles? Not very.
This is not true. The FSF recommend handing the (c) over to them, since that would enable their lawyers to prosecute in event of a violation, instead of you having to fork out your own cash for lawyers. The standard lettering of the GPL license says:
(my emphasis)So the GPL-abusing company could use it under whatever version of the license they wanted.
Author, Shell Scripting : Expert Re
the overall point is that once the end product is GPL'd, it won't take long for someone in the bazaar to figure out a meaning for "asdfgh", and do a s/asdfgh/meaningfulName/g through the whole thing.
Well, many people have already piped in with the "preferred form" clause forbidding obfuscated code, but if this were not the case, I don't think you would need total obfuscation to be able to abuse the GPL.
If you re-obfuscate your code with every new release, and release often enough that everyone else spends all their time just de-obfuscating, then nobody will even bother trying any more.
Of course, once one release is de-obfuscated, someone could fork it and roll their own release, but merging the crooked company's changes into their version would be a major pain in the ass. It would still amount to the company having a choke-hold on their branch of the code.
Like I said though, it seems (fortunately) that the GPL already forbids this.
Accountability on the heads of the powerful.
Power in the hands of the accountable.
IANAL so this is only from my observation:
Several posters have pointed out that obfuscation is a violation of GPL, or at least the spirit of the GPL.
Unfortunately, until your company actually releases a product based on obfuscated GPL code (commits a violation), you can't take legal action in the courts; you can only get a GPL-friendly lawyer to send nasty cease-and-desist letters.
In other words, you can't stop it until it's too late. And if you do sue, the copyright holder (the creator of the GPL code which was borrowed) will probably have to be named as a plaintiff, as the violation was commited against HIS copyright, or possibly the FSF as a plaintiff's representative yadda yadda yadda. YOU probably will not be able to file suit as a plaintiff directly, unless somehow you can do it as a representative of the party claiming loss.
If you do nothing else, inform the writer(s) of the original code of your company's intentions.
Give me my freedom, and I'll take care of my own security, thank you.
Why would someone want to do such a thing?
First off, given an idea of which GPL'd code such a project is based on, one could re-substitute function and variable names, and then determine what changes had been made and why, so your code isn't secure from reverse-engineering.
Secondly, one of the reasons for the GPL is for people to be able to fix bugs and share those patches. By making it difficult for coders to parse the program, you're removing that capability.
So basically, you're losing the GPL's advantages, and keeping its disadvantages.
IANAL, but I think this is the answer, although it has not been interpreted in the right way in the previous posts:
If we interpret "the preferred form of the work for making modifications" as "the form the company uses for making modifications" then the company has only two choices after the first release of the software:
I have a feeling it should be possible to get them with this...
If the project you want to rip off is owned by a particular developer or firm, why not approach them and see if they'd be willing to cut you a non-GPL'ed license to use the material in your project?
You know, the way good capitalists do it?
- jon
Ganymede, a GPL'ed metadirectory for UNIX
This code is under the GPL, and therefore technically, all of it is now free software, so why doesn't this annoymous reader distribute it himself? It can't be a corporate secret: It's GPL'd It is not the company's IP: It's GPL'd Even employees who contributed to the code don't have rights over the GPL'd parts you adopted. They only have rights to the parts they wrote. However, any code they contributed to the complete project comes under the GPL if it's distributed together with the GPL'd code. In other words, it's all free software, so why not beat them to the punch. Then their obfuscated garbage code would be just a waste of time and money. Anyway, though, I'm not a lawyer, so don't listen to me if you value your job and don't plan on getting sued. I guess whether they would win or lose is irrelevant when all your paychecks are going for legal fees...
All data is speech. All speech is Free.
Of course, as a lawyer, you should also realize it is ten times more expensive to defend than to sue. The costs of responding to discovery, alone, can easily hit six figures. And, (personal opinion) the obviousness of the obfuscation would probably be enough to prevent dismissal. So, the real question is not "could the Company in question win a suit," because we all know that in the lottery we call Trial by Jury anyone could win on any given day. The real question is "could the Company lose." A loss in court might result in the inability to sell their product for some period of time, or damages to the extent of their sales. If the company is small enough, this could mean the end of it. Is it worth the gamble?
Milo
A quote from the GPL:
The source code for a work means the preferred form of the work for making modifications to it.
The GPL states that you should provide the source code with your binary, and it correctly defines the term "source code".
Not just "the stuff that the compiler uses as input", but the preferred form for making modifications.
Case closed.
Roger.
I am legally allowed to use the environment to create my ANSI C++ code, which, when I compile it with GCC, I am free to use to whatever commercial end I like.
This is true. There's no way this could be considered a derivative work of your development environment. In fact, I don't see how ANYTHING could be considered a derivative work of any development environment. Shrink-wrap not withstanding (which is bogus to begin with), you have full legal right to use any software you have legally obtained for any legal purpose.
My company wants to translate this to an abuse of the GPL and has been advised 'full speed ahead!'
I don't see how. The previous scenario with the development environment did not involve any actual derivation. You were using the environment as a tool and did not create any derivative works of the environment.
The situation with source code is much different. A derivative work is a derivative work is a derivative work. If any significant amount of the source code gets included, incorporated, translated or transformed into your own work, your work is a derivative of the GPL source code. I don't see any way around this.
they instead compile a bunch of incomprehensible gobbledygook that just happens to compile to the same bytecode.
Hmmm, my brain's still churning this one over. I guess it depends on what you mean by "incomprehensible gobbledygook." If you use the bytecode to reverse engineer a fractal function that produces the same bytecode (as an example), then you would be in the clear. But if you use the source code to derive that gobbleygook then you are not in any sort of deterministic fashion, then you are not.
You know the game: globally replace every function name, variable name, and so on from our code with nonsensical names (or random characters), remove all of the comments, and any other form of obfuscation they can introduce.
Nope, can't do it. Obfuscation is still derivation. Obfuscation is still a form of translation, and translation is derivation. Besides which, the above in no way relates to your earlier statement regarding "incidental resources."
Let me tell you what you CAN do: You can reimplement the algorithms in the original GPL code. Then you will not be creating a derivative work.
All the benefits of a huge GPL project and countless thousands of volunteer hours and unreadable, incomprehensible source tree.
Even if you manage to get your scheme past the courts, you still run into a big problem. This problem is well known in the BSD community, which is why no one has yet been able to produce a *successful* proprietary BSD that wasn't already on good terms with a free BSD variant. The problem in a nutshell is that you've created a fork. Trying to track the original source while keeping your own features and improvements intact will be a nightmare of code management. If you're willing to burn all your bridges, go for it, but if you find yourself on a tiny desert island with no way off, it's your own damn fault.
Example: FreeBSD and Apple are on good working terms. Apple forked off Darwin, but had to make Darwin Open Source (and somewhat Free) in order not to create a horrible sync problem. BSD/OS was also derived from the generalized open source BSD code base, but they had to remain on good terms with the free BSDs, to the point that they even contributed their own proprietary code to FreeBSD just so it wouldn't get forked off into oblivion.
Another example: the GNU Emacs / XEmacs fork works for only one reason: they are both Free Software. If XEmacs was made proprietary from day one, it might possibly still be around, but GNU Emacs would be feature rich and viable while XEmacs would still be languishing back at the fork point.
A Government Is a Body of People, Usually Notably Ungoverned
The GPL is a license that, when I apply it to my code, says that you may take my code, modify it (or not) and redistribute it. However it places the restriction that you MUST also distribute or offer to distribute the source code for anything you compile my code into.
This is why the GPL defines what source code is. And source code is HUMAN READABLE. Thast the point of source code. Code that has been preprocessed in some way, even if it is not a machine readable binary, is NOT source code unless it is in a human readable and inteligable language.
I do believe that this issue is specifically addressed in the GPL (along with a few other situations, which is why the GPL is so damned long).
This is definitly a violation of both the letter and the spirit of the GPL, and I urge the person who asked this question, or anyone else working for this corperation to blow the whistle on this project. It is a direct attempt to subvert the free software community.
-Steve
"I opened my eyes, and everything went dark again"
Eh. It doesn't really matter. What does matter is that he's got a legal theory as to how the GPL can be sidestepped. It might not hold up in court. But that doesn't matter until it gets to court. There's no Bad Law Fairy who's gonna come out of the sky and put things right. Somebody is going to have to mount a legal challenge to this abuse. That somebody has to have legal standing in the case and deep pockets. Now, don't all raise your hands at once!
OK, I just ran out of irony. Look, the mod system worked -- maybe not as fast as you liked, but it did. Don't feel bad because you didn't get to put on your Arnold mask and mod all the lamers down. It's just a damned filtering tool, not a way to Rebalance Universal Morality.Your faith in an untested document is touching, particularly given the number of informally expressed opinions from lawyers who don't seem to agree with you. (There are even one or two such postings further down this thread, if you care to look.)
Sure. And no-one from any world security organisation is reading this post, or your e-mail, either. Don't mistake for "not doing it" what is in reality "not getting caught".
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
Now I can give away the program I built from GPL'ed source code.
How does your company sell a second copy of the program?
I rejoice that there are owls.
There might be a more airtight alternative public license. I don't know. One of the reasons that I became a lawyer was to avoid ever having to hire one.
What's the difference?
They're bad boys; they're stealing.
t_t_b
I'm on PJ's "enemies" list! Are you?
Yes, that would be one test for "preferred form", but there are others and the other side of any dispute will present them. The point is that the standard that you propose does not necessarily follow from the language of the GPL. In other words, your standard is more suitable than the GPL language. Of course, at trial, the credibility of your engineers and/or anyone testifying about their procedures will be at issue.
Doesn't the GPL say something about the "Preferred form for modification" of the work? This obfuscated source code would most definitely not be the preferred form for making modifications to the program. I don't see how this case is much different from somebody saying "Well you can get the source to our program by disassembling it, its easy!" Since assembler is not the preferred form for making modification to the program, this argument doesn't work.
main(c,r){for(r=32;r;) printf(++c>31?c=!r--,"\n":c<r?" ":~c&r?" `":" #");}
You seem to have missed what the point of the source code is. It is not to make the program have zero cost, there are much more effective ways to do that.
#2: it is not "use" of the code that requires them to release the new version, it is *distribution* of the code. You can take any GPL program and write your own in-house variation with your own proprietery additions, and NEVER release the code, as long as the resulting program is used in-house.
You may be a lawyer, but no other lawyers seem to agree with you.
:) When the company goes out of business it'll show they were lying.
I went across the hall at work yesterday and asked two lawyers who I often see over lunch about this. They said that while "preferred" and such terms are often fairly vague and cases hinge on those, in this case, where you can simply show the inability of the company to use the obfuscated code, and the obfuscating programs used, that it's dead simple.
Too bad modern judges can't hand down rulings that really cut to the heart of the problem...
Ruling that the company must delete all other source code and forever maintain the project using only this source code and other code in this form would quickly show if this was the preferred method.
(With creative and honest judges we could get by with a lot less of your type.)
If they release the (obfuscated or otherwise) code under the GPL, I can redistribute to my hearts content, as long as I follow the terms of the GPL.
I don't need to give the company a penny and nor does anyone else.
Ignoring the probable case that this IS in a GPL violation, I don't see how it can be lucrative.
Yours Sincerely, Michael.
You know the game: globally replace every function name, variable name, and so on from our code with nonsensical names (or random characters), remove all of the comments, and any other form of obfuscation they can introduce.
So your company would have NO issues with me developing a "random number" generator that just happens to return me a number that, when converted to bytes, is exactly identical to your finished product. Now, I did all the development effort, I generated the number, so I can sell that number to all comers. Fun, huh?
"Your superior intellect is no match for our puny weapons!"
While you are determined, I somehow doubt it. Lets say that the project is Linux. The Linux code becomes totally obfuscated, etc, etc. Maybe even there is a pass compiler developed internal to the company that cleans up the code. Would you really go through line by line to simplify the code? If so then no compiled code is safe from you. But I doubt many would actually go through this. Code is only valuable when you can read it and compile it cleanly. The GPL does not cover this situation. The GPL does not say it needs to compile or needs to be readable. Hence I could twist GPL code and mine and give them to you!! Interesting concept nonetheless... So I guess people are starting to get interested in Open Source.
"You can't make a race horse of a pig"
"No," said Samuel, "but you can make very fast pig"
For some good info on how GPL enforcement is usually done by the FSF, read this article.
'Look, at how many people all over the world are pressuring me to enforce the GPL in court, just to prove I can. I really need to make an example of someone. Would you like to volunteer?' - Professor Eben Moglen - FSF General Counsel
imagine in MS decided to release a version (for cost) of debian with MS-office, but all the source for the debian was obstificated. They could argue that for them the preferred form of source is the obstificated code.
Judge: "Do your programmers make their modification to this gooble-de-gook?"
MS-lawyer: "Yes"
Judge: (looking incredulous) "How?
MS-lawyer: "For every programmer actively working to improove our source, we have ten others trying to work out what we did last week."
Judge: "So your programmers can't work out what other programmers working on the same code are doing?"
MS-lawyer: "That right!! No programmer can even work out what program they are working on. Its our preferred method of development"
Maybe they are doing this already...
Elivs
Your friends told you what you wanted to hear. Nevertheless, the GPL remains malleable to a fault.
What if the "preferred form of the work for making modifications" is an encoded document that requires a special interpreter to re-compile? Is that "machine-readable"? Technically, it is. Do "interface definition files" include the interpreter? Maybe - maybe not.
Notice how the GPL fails to require that the source code be presented in a form that can be compiled with readily-available tools? That's what I'd call a giant oversight.
BTW, the fact that your two lawyer friends don't agree with me does not mean that "no other lawyers" do. It's this kind of logic that separates my "type" from your "type".
He wants more legal tests of the GPL, and would love to make an example of your employer. Don't go there.
:-) Is your employer rich? If so, it could be a good way to get a nice FSF endowment started, eh? So many court cases are depressing from an open source coder point of view. Your employer could help cheer us all up! Please? Oh, and your lawyer should know that I have a patent pending on "A method of getting rich by convincing a hapless client to step into a bottomless legal morass"
Don't listen to Bruce. You're employer should definitely go there. Some of us would like nothing better than to watch a blatant GPL violator get dragged over the coals in court. Oh what a fun spectator sport it would be.
Because the GPL says you have to redistribute the source, modified or original, as source. You can do it as binary too, but you have to distribute the source to any person that you distribute a binary to that wants it. This obfustcated text is NOT source code... it is a preprocessed intermediate bytecode.
What if I call my obfuscation a new language, 'C--' and I offer to sell a compiler that compiles my C-- language to C?
Couldn't I offer the source to my new modules written in C-- and link to GPL'ed modules and meet the requirements of the GPL, even if a compiler for C-- is only available commercially?
Heck, I could make several key functions part of the C-- language spec and not have to release the code at all.
Please tell me that I'm wrong here.
There are 10 types of people in this world, those who can count in binary and those who can't.
You may be a lawyer, but you don't know squat about development.
The "preferred" source is *always* the highest-level code in a compilation sequence. This source, and this source alone, will maintain iterations across compilation cycles. On an idiot or an incompetent fool would attempt to modify any derived files unless there was absolutely no other alternative, e.g., ancient mainframe programs where the source code has been lost.
In this case, the company is proposing releasing COMPILED code, not source code. Don't be confused by the common usage of "compiler," technically a "compiler" is any program that takes text and rewrites it in a mechanicalistic manner into a second text. That includes conventional compilers, YACC and LEX parsers, ESQL/C preprocessors (such as Pro*C and ecpg), RPCGEN, gperf and code obscuration tools.
The fact that the compiled output can be run through a C compiler is irrelevant. The output of yacc, lex, gperf, rpcgen and Pro*C can also be run through a C compiler, but nobody who uses those tools would ever consider these derived files the "source." They processed files are distributed solely so that third parties without those tools installed can make changes to other files and compile the system as a whole.
For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken
Nope, EULA's go beyond copyright and may do other things. They can forbid you to disclose your opinions on the product, they can forbid you to disassemble the product and they can force you to wear noseglasses while using the product. None of the restrictions in an EULA are dependent on wether or not you want to do something restricted by copyright law. They are additional restrictions, and you are (maybe, depending on a courts point of view) bound by the license if you use the product at all.
While some judges might let you bring your industry usage of the term "preferred" to bear on the meaning and intent of this contract, just as many other will demand that the agreement be interpreted "within the four corners of the document". And why should one have to resort to an "industry standard" definition, when the question could easily have been addressed in the agreement itself? And how will you go about proving that your usage of preferred is widely-accepted? Will you bring in witnesses? How many? How many will your adversary bring in to prove that your usage of the term is not "industry standard"? How long will the parade of witnesses take? How much will it cost? Why wasn't this dispute clarified in the agreement before all the lost time and money? Do you have answers to these questions?
You stated that the highly desireable code was GPL, correct? Is there no way to write an LGPL CORBA or SOAP object to export the functionality to an external program? Provide yourself a legal padding of the communication protocol. Yes, you would have to develop and maintain two separate applications, but you wouldn't have to recode this incredibally useful GPL code {whatever it may be}.
Just food for thought.
assert(expired(knowledge));
good point, i like that example. but the MS one could be debateable, if you are actually rewriting it in assembly, could be a bit different, but who knows about other restrictions on viewing the code in the first place
Apparently the lawyers of every company that has ever gotten notice of GPL violations from the FSF disagree with you. The reason there are no precedents is that nobody has ever dared go up against the GPL in court. All cases have been resolved with the companies deciding to comply with the GPL.
'Look at how many people all over the world are pressuring me to enforce the GPL in court, just to prove I can. I really need to make an example of someone. Would you like to volunteer?' - Eben Moglen, Professor of Law and Legal history at Columbia University Law School, General Counsel of the Free Software Foundation.
Clearly, type 4 is what normally gets distributed when someone modifies a GPL project. But arguably, type 3 or even 2 could be preferred by some people. (Especially if you neglected to modify the comments in the original code as you made your changes- it could be better to remove comments than to include untrue statements).
However, when I work on C++ code, if type 5 or 6 is availible, then I strongly prefer to use them as I study how to make my changes. Yet many (most?) people wouldn't be comfortable exposing all the dirty, broken, wrongheaded mistakes they made over years of developement, which is what would happen if CVS revisions were included.
All of items 2,3,5, and 6 refer to commments of one sort or another- things that make no difference when the program executes, and don't even effect the compiler, but serve just to inform interested humans. A CVS repository, a separate document file, /*comments inside code*/, even useful_and_descriptive_variable_names are all Auxiliary Documentation that is not technically part of the code.
Where should we draw the line? Where does the law draw the line?
That is a ridiculous ploy on the Free Software Foundation's part, if true. Their lawyers could just as easily defend you pro-bono (or the FSF could agree to pay your lawyers'
bill)
It's not the preferred form for compiling, though. What they compile is irrelevant, the GPL specifies the preferred form for making modifications to the code. Even if they built for distribution from the obfuscated code, unless that's actually the code their programmers work on it's not in preferred form per the GPL. The GPL also says preferred form, not preferred format, and form implies things in addition to just, say, text format.
It's not a ploy, it's an assurance. Before the FSF is going to commit money and resources to defending a project, they want some proof that the author is truely commited to Free Software. Authors have refused to persue GPL violations in the past, and the FSF doesn't want to let authors pick and choose who can violate the GPL. They also do not want to defend a project that could potentially change it's liscence and become proprietary software sometime in the future. As long as the FSF holds the copyright that can't happen.
So while you are right, they could defend people without assigning copyright to them, they are trying to protect the interests of Free Software, and protect hemselves from being abused.
Instead, your company is embarking on some hare-brained, complicated scheme to try to defraud open source developers, risking a legal injunction against their product, damages, and the wrath (and competition) of open source developers.
Obviously, there is something fundamentally wrong with your company's management, ethics, and business plan. I recommend jumping ship now, before the s*** hits the fan.
What the fuck does being a lawyer have to do with anything?
Are licensed members of the various states' bar assiciations (non-governmental organization, by the way) the only people allowed to read, understand, interpret, enforce, live by, be protected by, be excluded from, make, vote on, propose, opposed, enact, believe in, accept, or overturn laws in this country?
Firstly I think it's not so easy to define source at all. I read some of the transcripts of the 2600 case that dealt with arguing that Code=Source=Speech. It was really revealing - defining source is a slippery issue.
Secondly even if your definition - must be human readable - is accepted, there are humans who can read machine language, in hex (I'm sure we've all got anecdotes about our favourite guru programmer doing just that). And to be honest most programmers, with a little effort, could train themselves to do the same.
Finally - you're assuming the obfuscated text is no longer source and that therefore there is a separate text which is the 'real source'. Let's think about how someone normally forks a GPL project, something like -
- take original GPL'd source code
- make modifications
- release new code, with source, and acknowledgement of original authors
But the GPL doesn't AFAIK require the release of the original source - only the source for your new version. Releasing the original code is the responsibility of the authors of the original project.
So in this case, obfuscation is part of the modifications, along with inclusion of some home-grown code (the original GPL code was only 30% of the whole right?). So legally how is there a difference?
However, these points in themselves lead to reasons why this approach would be unsuccessful. Namely,
- if hex machine code is human-readable then obfuscated C certainly is. Plus if it's been obfuscated mechanically - it can be de-obfuscated mechanically. Partially anyway.
- they have to acknowledge the original code's authors and therefore the original project. People can compare the obfuscated code with the original code and figure a lot of it out.
Using a combination of these I can forsee that it would be possible to generate a completely 'plain source' version and keep it in step with the obfuscated one, with relative ease.
To sum up - I think legally they can do this, but I doubt it will gain them much advantage.
But I am not a lawyer.
Personally, I think this would be a rather easy case to prove if anyone chose to pursue it.
... technically, at least).
A context diff of the "obfuscated" code against the code it's derived from would rather quickly show that the only changes from one to the other was symbols and the lack of comments. Unless, that is, they resorted to some rather serious Obfuscation like operator and function overloading, or trick use of preprocessor errors, in which case, a diff of the preprocessor output from the two code trees would also damn the offender pretty quickly.
I AM a (recovering) Lawyer (I am non-practicing) and I would advise your company that they are playing with fire by trying this. You didn't reveal which GPL Code your company finds so useful, but there are MUCH smarter ways to play this game, especially if the authors of the code you like so much HAVE assigned their copyright to the FSF. (See, FSF v. NeXT Computer, (over gcc) for instance).
I question the degree of "tech-savvy"-ness of your company's counsel if he's advising them to go "full speed ahead" on such a transparent, bad faith abuse of the GPL (can't call it a violation
utter rubbish
Does thier obfuscation remove the GPL notices and author names? From the sounds of it this guy's company plans on stripping out all comments, although I suppose it would be trivial for them to leave only that part intact.
You don't have to prove anything or have a whistleblower. All you have to do is ask them to come up with a plausible reason to modify the code other than "obfuscation." If they can't come up with one, it was either obfuscated (or changed by accident).
I'm actually not jabbing at modern judges. I'm saying that they don't have the freedom to hand down the "right" judgement in many cases. I doubt many judges like finding for some jerk over the person they screwed around, just because the jerk had an expensive lawyer draft up a misleading contract.
And as for congress. If I didn't vote for the winner in my riding, do I get to disclaim all responsibility?
To answer your other post...
Both of the lawyers agreed that because preferred form is fairly easy to establish. Much like people on here were saying, set one of the developers down and make them develop with the mangled source.
The GPL does require all build-related scripts and the preferred from of source code. If the preferred form requires manipulation, it should be in those scripts. If not, they'd better be able to develop with that source.
As to no other lawyers agreeing... Sure, others do, the greedy ones working for the company mentioned, as an example. But you're the only one I've seen on Slashdot, or talked to in person, who seems to think that "preferred form" isn't fairly obvious.
In the first place I'm not so sure it's so easy to define 'preferred form' but even if it was -
Imagine a GPL project called free-prog.
Company takes the the source to free-prog, modify it/add their own code in 'plain' readable source. Let's call this secret-prog.
Company never releases this code - so they don't have to release the source for secret-prog. This is legal under the GPL as I understand it.
Company obfuscates the source for secret-prog. They then add to this more code, probably a standard module for something useful but trivial - a File Save dialog let's say. They name this new project obfus-prog. This they compile and release, together with source - which is 99% obfuscated.
As long as they only ever release obfus-prog and not secret-prog then the 'preferred form' of the source for obfus-prog is the obfuscated source code.
Personally I think that's enough but a judge might require more. Maybe they'd also need to put up some artificial barriers between the two sets of code. Maybe you have to make sure that the two source trees are kept separate on separate servers. Have separate teams working on them - similar to clean room conditions for reverse engineering.
But I think the whole thing's moot. Obfuscated source is still source and there are programmers out there who can read, interpret and re-code it - and re-distribute it.
The question gives two examples, the use of external tools on a work, and the use of someone's code in a work.
Were the copyright incident on the work, then Microsoft, Borland, Watcom, IBM, etc would "own" every peice of software compiled under their compilers. The fact that they expose APIs and libraries for the user to use does not affect the issue.
The same holds true for any editors, IDE and so forth. What this means is, that if I were to use the GCC compiler as I would use MSC or VBASIC, then my work is not using any code created under the GPL, and my original work (the source code) does not contain any GPL or Microsoft or Borland code, and is therefore not copyright by any of these.
What matters is that these tools take an original set of text files, and produces an original work at the other end. As long as you "own" the source material, you "own" the output, and therefore you can do whatever you wish with it.
The second example suggests that there is some source code, that they wish to hide through passing through name-changes. Derivation, not incidence operates here, and then you would be covered by the copyright provisions of the author.
The fact that you want to hide the origions of the code is indication that it is not propper.
Your lawyer friend should need to consider these issues.
OS/2 - because choice is a terrible thing to waste.
You really tainted your own credibility here.
"Modern Judges" are a real problem, especially at the federal level. That may be a subjective opinion, but a survey of those who hold the opinion (asking those who disagree would be pointless) at which level judges are most corrupt, and a definite majority would show those at the federal level are.
You then go and cite a case where a judge exercises a bias to rule *contrary* to existing law -- by shutting down logging, an otherwise legal activity-- to side with a complainant in the absense of evidence!
Standard IANAL disclaimer. But I wouldn't necessarily agree with the 'this seems fairly intuitive' and I'd want to check with another lawyer or two. I would agree that 'incidental' might accurately be used if, for example, while a student with the student development package, you have code generated and later, in a commercial environment, found use for a piece of that code in one of your projects. However, something doesn't seem 'incidental' if one continues to use the student development package on a continual basis to generate code for a commercial environment and simply exclude the actual compliation by the package in order to evade licensing agreements. It seems if done continually, it might not look so 'incidental'. This would particularly be true, if, IMHO, one DID use the integrated package to compile throughout development and debugging and only, when it comes time to commercially distribute, the process is changed to compile outside the package. I'd just buy the package for commercial use. Even IF one was sued and won, they'd likely pay more in legal fees than they'd have paid for the package in the first place.
Using the hypothesis to code released being obfuscated for source distribution, when not the source used for development but only at time of distribution, would also likely seem to be the same intent, to nullify the intent and spirit of the GPL. It wouldn't be the code used for development, debugging, and distribution of the commercial product, but only to attempt to circumvent the spirit, if not the letter, of the GPL.
I think with the above, I'd be looking for another job. I personally would have trouble working for a company that takes such steps. Even if you don't have a problem with their thinking, remember, if they'll do it with software, they'll do it with their employees. Besides, I'd rather be able to sleep at night.
Okay, so you now you're distributing what are essentially platform-independent binaries, under the GPL. Anyone who gets these is licensed to distribute them freely, and they're allowed to produce modified versions, such as a recommented and sensible version.
Selling GPLed software depends on the gratitude of your customers. They'll be able to get it for free, but will have some reason to prefer paying to get it from you. It seems to me that providing only useless source in this situation will generate enough ill will that, regardless of the legality of what you're doing, you won't make any money.
In this context, other people being able to modify the program is the least of your worries.
Apparently the lawyers of every company that has ever gotten notice of GPL violations from the FSF disagree with you.
Name one the FSF has taken to court. Companies bend to threats too, just to avoid the trouble.
I've finally had it: until slashdot gets article moderation, I am not coming back.
You may have somehow missed out on this, but lawyers are paid to disagree with other lawyers. No matter what your lawyer says, I guaran-goddamn-tee it that every other lawyer on earth will disagree with him if I pay them to do so.
The question you should be asking your lawyer is not "What do you think this contract means?" but instead "Do you think you could win this case?"
On second thought -- don't ask your lawyer if he thinks he could win the case. The other thing lawyers make money from is claiming to be able to win cases for you. Ask some other lawyer if he thinks your lawyer could win the case after making it clear that you can't afford his services.
Proud member of the Weirdo-American community.
It's not so much that "preferred form" is obvious, it's that "the preferred form" is obvious. Note, not "a preferred form". The common meaning of "the preferred form" allows for exactly one form to fit this description. In other words, out of all of the available forms, the one that is the best possible form for modification is the one that has to be distributed. Quite clearly, if the company is continuing to modify the program in form X, then form X is, prima facie, the only possible form that fits the phrase "the preferred form".
The only way this could be negatived (yes, that is a verb in lawyerspeak) is by demonstrating that the form used for development is a form not convenient to others, and the translated form is actually preferable for those others.
IANALY, but I did top the year last year, and this is a simple question of interpretation that a first year law student could deal with.
Any lawyer who opines upon such a scenario in the abstract is likely committing malpractice. The Devil is in the details. However, it seems apparent to me that the risk of getting such a blatant end-around probably wildly exceeds any perceived benefits derived therefrom.
I can think of a zillion reasons why the proposition described above would not work, but there simply isn't enough information to answer the question in slam-dunk fashion. Suffice it to say, however, that I am seriously doubtful that such a trivial pretense as a byte-code or object-code copy produced by other means could avoid a claim for copyright infringement.
Even so, to the extent that an "on the edge" defense is being prepared, the defendant had better be right. With such willfullness, a prevailing plaintiff is likely to obtain substantial statutory damages, perhaps as much as $150,000, an award of attorney fees, and an injunction against release of the product. If they made profits from the product in excess of that amount attributable to the taking, a prevailing plaintiff could elect for the greater amount.
In short, a commercial entity that tries to do so may well be poorly advised. But once again, I don't know enough particulars to make a determination one way or the other.
The question they have to ask themselves, "do I feel lucky?"
Simply obfuscating the source code before compiling to binaries and releasing it isn't a GPL violation.
However, it still doesn't make any sense. Why?:
1. If the source code compiles to the same program, then it can't be all that incomprehensible, obfuscation or no. Reverse engineering reasonable identifiers and comments into the code wouldn't be that difficult.
2. If the product is GPLed, then it is freely copyable. Its distribution by third parties won't earn the company any additional revenue. So, what does the extra obfuscation accomplish? Except for making it a bit difficult to create derivative works and fork off incompatible versions (but not impossible -- see 1), which wouldn't affect the company much in any case, it doesn't accomplish anything. The company might as well just release the source code unmodified, as it would save the time that would otherwise be wasted on obfuscation.
Enough with your rape fantasy though, why can't anybody on slashdot hold a conversation without comparing apples to volvos?
Nice to have an adult join us kids. Which ethical directive urges you to illustrate your Bio as "Imagine a Beowulf cluster fuck..."?
You may be right with regard to morally bankrupt fights over legal terminology, and I am neither a lawyer nor overly vocal about the GPL (which is great, but unfortunately seems to bankrupt programmers rather quickly).
But just as a man is allowed to defend himself in a court of law, it is certainly legal to write a contract which is understandable by people without a law degree? I for one would like to hear which holes you think are there so that these geeks can wrap their heads about it and stop companies from abusing their work.
This explicitly includes the unobfuscated code and almost certainly the obfuscator as well although it is not clear that the obfuscator's source code is a necessary inclusion.
Got time? Spend some of it coding or testing
Nevertheless, the original poster said: Under US law if you know of a crime but do not act to prevent it, you are considered an accomplice to that crime. This is a _very_ broad statement; it is not one that is limited to the GPL situation we've been discussing here.
And in fact, if you'd bothered to note the identity of the other respondant to my post, it was at least partially retracted! Smagoun agreed that there is no such general rule. At most, a government can pass a law that imposes a duty on a class of individuals, but of course, people outside of that class are exempted.
And the rule in the vast, vast majority of cases is one of no liability for an innocent bystander. I can watch people murder, rape, or steal with impunity if I do nothing to help. (generally -- there's some finer matters involved as well) Likewise, I can watch people die, or be crippled by grevious injury, or suffer mental trauma, and not raise a finger, and that too is acceptable.
After all, much as our initial inclination to require that aid be given beckons to us, there are better reasons to let it alone. For example, one is 'where does it end?' If someone suffers a heart attack on a busy sidewalk, does everyone in the world owe him a duty to perform CPR? What if there's more than one person -- is the 2nd guy to arrive liable for not beating the first to help? Are people on the other side of the street liable? People on the next block? In cars? In buildings? Who are already occupied with other pressing duties?
HOWEVER, I never made the claim that accessories weren't usually civilly or criminally liable! You're bitching at me for something I never said! Your complaints are, I'm afraid, all in your head. What posessed you to post about a total non-issue, I cannot even imagine.
And from someone with a three digit ID... Tsk tsk.
-- This and all my posts are in the public domain. I am a lawyer. I am not your lawyer, and this is not legal advice.
~shiny
WILL HACK FOR $$$
Not quite. There have been several cases on this, and as far as I remember, it has gone both ways.
You _may_ be able to get out of the license in court. Unless you're in a UCITA state, in which case your politicians have been looking out for your interests really well, and ensured that you dont have rights anymore.
You have just demonstrated some of the wisdom of Solomon here. The company would win and then be hoist by their own petard, absolutely delicious. What concerns me is why is this guy working for these sleaze bags.
It just seems to me that "preferred form" is way too vague, too open to interpretation.
Question is: how does this relate to definitions of pornography? The whole "community standards" doctrine, right? That's always seemed to be an extremely vague definition, but the only acceptable one, regardless of how well it's doing in the Information Age. Can an analogy be drawn between the language of that ruling (I do remember that it is the result of a ruling, not actual legislation, yes?) and the language of the GPL? Is the contract law/criminal law division enough to make the analogy invalid? (Hell, I'm pretty sure there are better examples of well respected legal vaguenesses.)
I suppose that it's possible that a pornography case would result in the "fact-finding parade" you describe above. But the impression I've always had is that "objective metrics" weren't the purview (or at least not the sole sustinance) of legal discourse; if a contract were so easily measured, why settle disputes with lawyers when a monkey with a calculator could do the figures, no? Actually, the very suggestion that objective metrics should be a requirement of a contract damages my respect for lawyers everywhere.
Hm. Most troubling.
IP is just rude.
Is there any torture so subl
If it's a niche product, then yes, there's a limited userbase, and the customers of the original GPL code will presumably be the target market of this company. Huge overlap if it's, say, control software for an oilrig, smaller overlap if it's accounting software, very little overlap if it's a text editor (unless it's vi or emacs!)
Author, Shell Scripting : Expert Re