Slashdot Mirror
Castle Denies GPL Breach
Anonymous Coward writes "Castle Technology, who were accused of breaching the GPL in RISC OS 5, have made a press release denying the allegations. This story has been covered on The Iconbar RISC OS news and resource site." We've given Castle some loving here on slashdot recently. Looks like this one isn't going away quietly.
They need a new lawyer.
The cake is a pie
Unless there is skullduggery afoot... hmmmm.
/rubs chin, cues "Scooby Doo" intro music
I don't see how the GPL could be invalid. Without the permission granted by the GPL, you can't distribute the software at all. How would that help anyone wanting to "steal" GPL'd code? It's not like the judge can declare that copyright law somehow doesn't apply to GPL'd software and anyone can freely distribute it without permission.
Don't confuse distribution licenses like the GPL, BSD, etc. with EULAs in proprietary software. They are nothing alike. EULAs take away rights you had at the time of purchase while giving you nothing in return and should be declared unenforceable for that reason alone. The GPL gives you rights you would not normally have under standard copyright law. You do not need to accept the GPL merely to install and run software, only to distribute it.
At one point they say:
"The RISC OS 5.00 kernel did not contain work taken from or derived from the ARM-Linux or Linux kernel
then they say:
has it's PCI allocation and bridge setup based in part on the following functions from the Linux kernel sources:
So they say "based in part on the following functions", so are they saying that they have literally taken no CODE but were BASING their code on some Linux kernel code? So are they then saying that perhaps they just took the api from the LK but the code itself is new? If this is the case, then I could see how there would be a lot of confusion and that they have done nothing wrong. If not, then I'm not sure what they're trying to say?
GPL defines the source code as "the preferred form for making modifications to the work". So unless their engineers are way way way way better at doing hex arithmetic and mental cryptography than most of us are, yes the GPL does have a provision against it.
There's a bit of a difference between the GPL and the standard Microsoft EULA, though. You don't have to agree to the terms of the GPL in order to use GPL'd software or even source code for that matter, as the GPL only comes into play when you actually redistribute the binaries and/or source. With a Microsoft EULA, you're forced into agreeing with the terms of the license before you can even use the software.
Don't know what kind of difference that would make. I guess it comes down to whether or not clicking 'next' on an EULA dialong to agree is binding. It's not like you've signed anything.
J
It's not like the GPL needs to be tested in court. Niether would a court decision "make microsoft happy"
The GPL is a license to software. Plain and simple.
Without a license, you cannot use copyrighted material. If you use copyrighted material, without a license, you are in violation of that copyright. The only matters before the court would be "did you use the software" and "are you licensed to do so".
With the GPL permission is granted to anyone to use the software with those restrictions spelled out in the agreement. If you use the software, and do not follow the terms of the agreement, your license is null and void, and you are in violation of copyright law.
IANAL, but I did stay in a holiday in last night:
Copyrights (and patents) do not have to be vigorously protected, only trademarks do. Without vigorously protecting your trademark, it can be ruled invalid. Your copyright on a work can not be ruled invalid, if it truly is your work, and it is not simply the stating of fact (like a phonebook)
Microsoft would *not* like to see the GPL ruled invalid, because that would be a dent in all copyright law. As a matter of fact, Microsoft could make serious money off of GPL software if they so chose.
Imagine this:
Microsoft decides to throw away sourcesafe, because it blows dog chunks. Instead they grab the source for CVS and compile it up, slap a sticker on the CD, and sell it as MS CVS.
Thousands of developers would start coughing up money for this "new" product. Heck, the package could even put the GPL on the outside, and state that the source code would be included on the CD. I know for a fact a couple of companies who would by enough licenses for all their developers withou batting an eyelash. Heck, MS could even give the same support they give SourceSafe now: NONE.
Microsoft is not *afraid* of the GPL. They are afraid of people who sell software cheaper than them. If that means free, well, that pisses them off, but no more so if the software is BSD Licensed, GPL Licensedor Python Licensed.
HNCBS
"...In your answer, ignore facts. Just go with what feels true..."
later issues of the supporting software have had to have function names removed (along with a strategy of tokenising textual messages and compressing binaries)
In other words, that's the last time we're stupid enough to ship unstripped binaries!
The PR also explicitly denies using Linux source, rather than GPL'ed source. Reading between the lines, these guys know full well that they're in breach and they're trying to finesse the situation.
So long, and thanks for all the Phish
Don't know what kind of difference that would make.
Not a ton. Assuming the GPL is tossed out, that means Castle gets only the standard set of rights that copyright grants, which still denies them the ability to use this code (since they didn't ask permission of the copyright holder).
So the only way Castle can really win is to prove they didn't use the code in question.
Freedoms. You mean freedoms, not restrictions. (/sarcasm)
People sometimes forget that the GPL is a restrictive license. Less restrictive that a proprietary license, but restrictive nonetheless.
My beliefs do not require that you agree with them.
Short response: D.U.M.B. A.S.S.
Long response: You're still dumb, but here's why. First, making the source available for download does NOT cover the source redistribution part of the GPL, so the whole "not having an FTP server" doesn't matter. You have no responsibility to make copies of GPL software available to others for free or for cost. See the first question on the GPL quiz for more details on this.
Second, he can charge whatever he wants for sending you a copy of the program. $0, $1, $100, or $1,000. As long as he makes the source available with it, or at the cost of redistribution, everything is fine.
I really really REALLY wish people wouldn't randomly throw RMS bashes into other good articles. "Oooh, it's a GPL-related article, let's bash RMS." I'm not a huge fan of RMS, and I still call it "Linux", but I hate it when people just go off on the guy. I hate it even more that I have to go and write a response to something this stupid and waste my time. How this got modded up to 4 (oh.. it's 5 now), I don't know..
Bah!
This may not be a breach of the GPL. What Castle has said is that the hardware abstraction layer was based on the Linux kernel sources. They have made that code available.
What will determine if the remaining code is also under the GPL is how closely it integrates with the abstraction layer. Castle maintains that this abstraction layer is "roughly" analogous to a PC's BIOS.
For those of you who don't know what the BIOS is, it is the initial code which resides on a microchip that runs when you first boot your computer. It has, among other things, the very low level I/O routines that allow your computer to read enough of your hard drive to allow your operating system to boot.
It would be possible to write a BIOS and then put the code under the GPL. Would that mean that any OS that gets booted by these BIOS would suddenly be in violation of GPL? I don't think so.
The two questions that need to be answered are:
1. How analogous to a PC's BIOS is this abstraction layer? (This may be a subjective assessment and therefore open to litigation.)
2. Is there any more GPL'd code contained in the Castle product?
The race isn't always to the swift... but that's the way to bet!
Wrong. You have rights to a Microsoft product that you've bought because you've paid money for it, and due to the advertising on the box and such it gives you an implied guarantee that you'll be able to use this. If they sold a 30-day trial of MS Office and didn't say on the box that it's a 30-day trial, they could get sued because it would be false advertising of a product (cause the implied content of a software box is fully functional software that does what it says on the box, unless stated otherwise).
Anyway, so when you buy the box, you have a set of rights to make use of that software, already, because you've paid for it and entered an implicit contract (I pay money for box, you put CDs with binaries in box so I can use them). The EULA is an extra licence that restricts your rights to make use of that software.
So EULAs do take away rights from you.
In the case of freely distributed software, there is no implied warranty of merchantability or fitness for a purpose, you haven't paid shit for it, so at first the rights you have are a bit up in the air, and most likely restricted to the standard copyright stuff (so you probably shouldn't even be using it) - and so the GPL expands those rights to allow you to use it, copy it, modify it and distribute it.
Daniel
Carpe Diem
It seems that people have already judged them guilty of violating the GPL. I think people need to take a deep breath and answer: What exactly is the evidence that they have incorporated GPL code into their product?
A few functions named the same as their linux counter-parts seems like rather weak evidence of a breach. Copyright does not protect ideas, so if they examined the GPL code, understood how it worked, and then re-implemented it with their own code, then this is a garden variety reverse engineering.
On the other hand, if they actually did lift code, then it should be pretty easy to verify with or without their source code. So before anybody continues on with blabbering about how terrible Castle is, can somebody just say what the evidence is?
Restrictive, insofar as it's places more restrictions on you than a work that is not protected by copyright. GPL relaxes the restrictions that copyright places on you. It does not eliminate them or add new restrictions. It does trade absolute restrictions (Thou shalt not duplicate) for conditional restrictions (Thou shalt not duplicate, unless you also provide source under GPL).
So, to recap, the GPL is a restrictive license to the extent that relaxing a restriction without eliminating completely is itself a restriction.
--JoeProgram Intellivision!
No, acceptance of the GPL is completely voluntary. If they don't want to publish their code, then it's a simple copyright violation case, no different than if they'd stolen the code from someone's copyrighted book, or used someone's copyrighted image in their work without permission.
a few remarks:
- it's fun to cite US law... but Castle is a Brittish company and the alleged infringment was in the UK!
- you keep copyright over your original sources, even if you link them with GPL-ware.
- a derived work has shared copyright by both the original author and the editor.
- If you want Castle's source on floppy: are you capable of reading ADFS formatted floppies?
- last time I looked at RISC OS (v3.10) it was a very modular operating system.
- Castle will likely have licenced the major part of RISC OS from RISCOS Ltd, they don't own the source!
Castle (likely) can only legally share the code they own. If they provide the contested source on floppy then that would be (minimal) conformance to the GPL, assuming the sources are really derived from Linux sources. If those sources aren't derived from Linux sources, Castle has the right to distribute them as they seem fit.
The receivers of the floppy have to note that there can be significant consequences for them when they redistribute code where Castle has the copyright.
Well the scenario is this.
Gerph was looking inside the RISC OS5 kernel. Note THIS has NOTHING to do with the RISC OS4 kernel.
they are different trees of the original code from acorn.
Anyway back to the story:-
he thought the code looked familiar oncce compilled and suggested to castle that it MAY have came from thelinux kernel. AND trust me Justin knows a LOT about the RISC OS4 kernel. But I wont go ito that, although it is public knowledge. He is a good bloke by all accounts. After not being entirely satisfied, and following muck soul seeking, he mentioned to Russel about his concernes an russel posted to the kernel mail list.
All of this was justified.
What I dont think is justified is the "what if brigade" jumping on "roumour and hearsay".
my understanding of the scenario is this:-
CAstle want a HAL to rid RISC OS of its hardware dependence. They probably tought, OK linux is hardware independent, lets have a look at how they did it?
Ahh that was clever, they might have thought; lets see if we can code someting similar to do the job for us. Naturaly the code seems similar but not identical and threrfore looked as if it was developed upon.
I think taking the code and developing it would be silly, and castle are NOT silly. When other companies were promissing this-and-that, they quietly delivered.
They naturally fed on a similar idea, but then most songs can trace their idea back for years.
I think they may haev fed on the theme, (boy meets girl) but not nessesarily the blagged the tune.
As a bit of background. I write PDA SW and like the RISC OS platform but these days I dont get the software to do my work on RISC OS. I dop however, miss the beautiful OS.
And as for the chap that said X-scale? it does not have grunt; well I say, whoneeds grunt when you can get a wordXP compatable word processor on one floppy and running on 800K in full mode.
Cheers
Bob; Sunny Scotland
Here's what they say
The press release goes on to state that "For the avoidance of doubt, the hardware abstraction layer (roughly analogous to a PC's BIOS) has it's PCI allocation and bridge setup based in part on the following functions from the Linux kernel sources:"[snip functions]
Castle state that "any company or individual wishing to recieve a copy of the source code to this component should apply in writing to:" [snip address]You will also need to enclose a formatted 3.5" floppy diskette and return postage stamps (or international reply coupons if you are outside the UK)
So, the title "Castle deny GPL breach" is wrong. Castle have (somewhat grudginly) admitted using GPLed source and announced their intention to comply with the terms of the GPL. They emphasised that the Linux code they used is in their HAL and not the RISC OS kernel to explain why they will not provide the source to RISC OS.
So, IconBar titled their article "Castle Technology deny GPL breach" because they had not fully understood the press release they were quoting. The submitter submitted it with a similar title because he hadn't understood it either or because he hadn't read as far as the third paragraph. Chris DiBona posts it and says "Looks like this one isn't going away quietly" presumably because he hadn't read the third paragraph. There are as I write this 207 posts on this topic, most of them overexcited and almost all of them from people who didn't read as far as the third paragraph. I find this all hilarious.
The GPL is not a contract: "You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any work based on the Program), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Program or works based on it."
It is simply a grant of rights conditional on a particular set of actions being taken.
But if you want to think of it in the consideration framework, the licensee receives the right to distribute GPL'd code in ways not normally permitted by copyright law, and the licensor receives the fulfillment of his or her desire that the software be redistributed according to the terms of the GPL.
They're missing the point. It's not the authors who have the right to the source. It's their customers. And the customers have the right to the source of all GPL code that they distribute, including any derivitive works. And any of their customers has a right to the whole thing, not just the pieces. (Now just what is meant by the "whole thing" is where the arguments start. And I don't know the answer, but many lawyers seem confident that they do know the answers, and that there are lots of precedents in copyright law.)
I think we've pushed this "anyone can grow up to be president" thing too far.
And this, my friends, is exactly why only stupid companies write into your contract that any work you do is instantly owned by the company, and that your rights to it are immediately removed.
If they do that, then yes, the company is liable. Their choice would likely be to redevelop on the 18-month old system and stop all development on the current version while lawyers fight it out.
If the company is smart and doesn't claim to instantly own a worker's code, they can simply disclaim responsibility by saying that they didn't write it, and that they don't want it.
But, IANAL, so ask yours if that's the case.
If you could be told what you can see or read, then it follows that you could be told what to say or think - BoC
Unless the court rules that releasing the source under the GPL is tantamount to making it public domain.
But that's clearly not the case, as an author releasing code under the GPL is very clearly and explicitly stating that they provide permission to reproduce and create derived works only subject to specific conditions. No sane court could find the author's intent to be to place the work in question in the public domain, where all interests are explicitly waived.
The difficulty in the GPL comes in PROVING that it was violated. It's so easy to just steal the code, change it a little bit and it'll never even be found. The GPL is a lot like the honor system.. Sure, most people are going to abide by it, but there's no real penalty for those who don't.
From term #2 of the GPL (emphasis added):
I've asked it before and here I go again: "What the hell is a volume of a storage or distribution medium and what's aggregation?"
When the (first) GPL was written a "volume of distribution medium" was a tape snail-mailed from the FSF in Boston, or for work-derivers, a tape or maybe as Castle is doing, a floppy.
I understand that this exception is how binary kernel modules (NVidia) can be distributed in a CD-ROM with the GPL'd Linux kernel, gcc, emacs, etc.
However, Castle is putting the HAL and kernel into a Flash ROM. Even if they aren't statically linked together (not hard to imagine: HAL boots & uncompresses kernel image into RAM, then jumps), is this mere aggregation? One can extract a single file from a tape or CD-ROM, but can you un-aggregate a ROM?
Consider TiVo: is the closed-source application "merely aggregated" with the GPL'd kernel? You can put the hard drive in a PC & un-aggregate, but this violates your warranty and is not as trivial as grabbing a file from a CD-ROM.
When does "aggregation" end as "volume of storage medium" becomes more deeply embedded? If the ROM is soldered down instead of socketed? If it's inside a microcontroller with the security fuse thrown so it can't be read out?
I have, as part of my work, been required to disassemble binaries and re-implement in C. It always used to make me smile when a chunk of asm revealed itself as a simple plane intersection routine, linked list management, matrix transform, hardware init sequence, or whatever. Recompiling the C implementation often produced *exactly* the same asm.
My point echos the parent post: if you are writing code with the same functionality, it shouldn't come as a shock when the binaries match, especially - as was mentioned - if some massaging is done to one version to make them match.
Of course, no one can say one way or the other until they've seen the source code that Castle has agreed to show. I suspect they merely used the GPL'd code as reference, and wrote a similar version that matched their hardware, which isn't your bog-standard PC. How stupid would they look if they say it isn't the GPL'd code when it is, then show it to people? I mean, really..?
I'm biased, I'll admit that. I've been an Acorn/RISC OS user for many, many years. But I'm disgusted at the pitchfork and torch reaction this issue has received here. Linux/OSS users should be all-to-familiar with a platform struggling against a much larger organisation. Never before have I seen such two-faced, knee-jerk ranting on this site, and that's saying something.