Slashdot Mirror
Is Linksys Violating The GPL?
jap writes "According to this post on LKML, Linksys is shipping firmware for (at least their) 802.11g access-points based on Linux - without any sourcecode available or mentioning of it on their site. This could be interesting: it might provide the possibility of building an ueber-cool accesspoint firmware with IPsec and native ipv6 support etc etc, using this information!"
The GPL has no real valid legal meaning until it has been tested in a court of law. I think the fact that no GPL violation case has ever made it into a courtroom speaks volumes!
They have been using Linux for a long time on their routers/AP's.
Anyone who have one must have noticed it.
The one thing to say to their defence is that they are usually "driver friendly" with their PCMCIA WiFi cards.
I just hope that now they will wake up, straighten up the mess, and start helping the community with supporting 802.11g in Linux for their NIC's.
A couple follow ups on the kernel mailing list:
A very interesting bit from the busybox maintainer, who has evidently already sent linksys two letters
A post outlinging the possibility that Belkin is also shipping GPL'd code
A few other people are throwing their two cents in, but those were the most interesting, code be an interesting test of corporate policey, and the ability of the GPL to withstand a court battle.
Two points. I always have two points.
First, as someone else already said, just becuase it uses a linux kernel doesn't mean they modified anything, it could be a stock kernel. If they wrote userspace drivers and/or kernel modules using existing interfaces for their custom hardware, they are not obligated to release anything.
Secondly, if they weren't abiding by terms they had to according to the GPL, it would be COPYRIGHT violation, not license violation, as if you don't comply with the license, copyright law says they can't redistribute it. I know it seems like a silly point, but it's not.
People talk about the GPL being "tested in court" and whatnot.. but the fact is: If you don't accept the GPL as valid, then copyright law still stands, and says you can't redistribute, or make derivitive works. A judge can rule the GPL as invalid, but that would mean that nobody had any rights to redistribute anything.
It's not a license you had to accept and agree to in order to use the product.. so you can't "violate" it.
Linus, or any other kernel developer could go to linksys, and say "I have not granted you permission to use my copyrighted work, please demonstrate why you think you are allowed to do this". They can then either cite how the GPL allows them to do what they do, or concede that they have no right to distribute.
So as unclear as I can be.. it's not a GPL violation... and people are not forced to release code because of a nonexistant GPL violation... although that might be an acceptable remedy to all parties in most cases. They could also be forced to simply stop doing it.
No, it'll run some BSD, as the BSD license allows this kind of usage.
Eg. OpenBSD would be ideal for an access point, with all the advanced networking&security features.
You may be thinking of the LGPL instead, which relaxes redistribution requirements.
LRC, the best-read libertarian site on the web
Hmm, denied access for me, but when I nmap it and try and fingerprint my DI-614+:
Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
Interesting ports on (192.168.0.1):
(The 1600 ports scanned but not shown below are in state: closed)
Port State Service
80/tcp open http
Remote operating system guess: LinkSys WAP11 wireless AP firmware ver. 2.2
Nmap run completed -- 1 IP address (1 host up) scanned in 8 seconds
hmm..
I call bullshit.
Even if they made no changes, they still have to provide a copy of the GPL itself, and tell the user where they can obtain the source.
As for "legal ways of circumventing the GPL", I've seen plenty of people spout this line, but never seen any of them produce an actual legal loophole in the GPL. I'd bet that you're no different.
Interestingly enough, Cisco's Content Engine module (it's a web cache) for the 2600/3600 routers, run linux. So, is Cisco violating the GPL? Maybe, by not providing source. But, it doesn't mean they modified the source at all, much of the functions in it appear to be handled by external programs that they have written.
The module itself is just a PIII 500 mobile processor with a laptop drive and some memory. Basically, just a PC on a tiny card. It's neat.
Hi. I work for the FSF investigating GPL violations (and yes, we are also working on this Linksys thing). Can you tell me more about this Cisco issue? Is there any software FSF holds copyright on (the gnu c library, bash, gnu tar, gzip ...)? Does the unit come with an offer to provide source code?
Become a FSF associate member before the low #s are used
ObGPLQuote:
Carousel is a lie!
Er, you can mail me at novalis atsign fsf.org if you have any information.
Become a FSF associate member before the low #s are used
They *do* mention it if you buy their products, and they include a written offer for source code ... but they didn't always.
Not that such an argument would matter much if they were indeed found to be misusing GPLed code, of course.
Try not. Do or do not, there is no try.
-- Dr. Spock, stardate 2822-3.
Doesn't matter. The firmware is downloadable regardless of whether you own the product or not - and the firmware includes a CRAMFS filesystem containing the kernel and busybox, so it's binary distribution of GPLed code. The offer of source has to be available to anyone who could obtain it from them. Read section 3 of the GPL.
I see your point. However, if I had to guess, the silent treatment is while management tries to figure out what to do.
I could imagine quite possibly that they've signed some NDAs that won't allow them to release all their source code. Then this GPL stuff means that they have to release all their source code -- or so it seems.
So now they've got to figure out what to do, and while they're figuring, it's legally safer to say nothing to anyone.
Probably their best way out is either get the NDAs released [unlikely], or find out the individual authors of their modules, and work out individual licensing agreements [difficult, but possible] that keep it outside the GPL. At that point, though, you won't have your information.
That said, I have to think about SCO, and think that one shouldn't take a "All your codebase are belong to us" approach. My feeling is that trying to knock others out to get what you want, is kindof evil. And that goes in both directions.
So I think persistance is key, here, but if they made a mistake, (1) don't gloat -- rather, be meek (2) still be persistent, and try to get FSF's help pursuing this (3) hopefully get the FSF to offer them help in finding for themselves a legally sound position.
P.S. Good hacking job [and yes, that's hacking not cracking, though I hope that they don't just decide 'hit him with the DMCA -- he's too small to fight it.' Ugh. This DMCA gives all the power to big criminals, it seems to me, and takes power away from little law abiders.
Correct Horse Battery Staple: 72 bits of entropy. Enter "Correct H" into google. When it generates the phrase, that's
Unfortunatly there are many, many misconceptions when it comes to the GPL. One of the previous comments stated that Tivo used Linux but had not released their source code. The reason is that they don't have to! I would be surprised if Linksys would be required to release their source code under the GPL.
The misconception that I see the most is that because a product runs on top of Linux, or uses the Linux kernel then the product is also GPL'd, not so. If the product has changed the sourcecode for Linux, those changes are covered under the GPL. This is why companies like Tivo are not required to release their source. The Tivo software was written without using any existing GPL'd code as it's base, therefore it can be covered under any licensing agreement the author sees fit.
As for Linksys, I'm willing to wager that they implemented all of their code as kernel modules. So if ask for the source code under the name of the GPL, all they are obligated to give you is the source code for the Linux kernel, sin any kernel modules they've written themselves. Kernel modules can be licensed any way the author sees fit.
-Runz
<BusyBox maintainer hat on>
S _code.bin
./cramfs.image /mnt /mnt/bin /mnt/bin/busybox /mnt/bin/busybox | grep BusyBoxd d /mnt/bin/busybox
This is what I did to verify that the Linksys firmware was violating the GPL....
#!/bin/sh
wget ftp://ftp.linksys.com/pub/network/WRT54G_1.02.1_U
# I noticed a GZIP signature for a file name "piggy" at offset
# 60 bytes from the start, suggesting we have a compressed Linux
# kernel
dd if=WRT54G_1.02.1_US_code.bin bs=60 skip=1 | zcat > kernel
# Noticed there was a cramfs magic signature at offset 786464
dd if=WRT54G_1.02.1_US_code.bin of=cramfs.image bs=786464 skip=1
file cramfs.image
sudo mount -o loop,ro -t cramfs
ls -la
file
strings
/usr/i386-linux-uclibc/bin/i386-uclibc-l
-Erik -- --This message was written using 73% post-consumer electrons--
My guess is that nobody at Linksys thought about their obligation to provide source code, or if they did, the process fell through the usual corporate cracks.
Does just using GPL software really mean you have to distribute the source? Could Linksys claim that they are not, in fact, distributing GPL code in any form, but are actually just using GPL software in their hardware?
Comment removed based on user account deletion
Probably their best way out is either get the NDAs released [unlikely], or find out the individual authors of their modules, and work out individual licensing agreements [difficult, but possible] that keep it outside the GPL.
It's too late for that: whether they do or do not release the source code at this point, they have already lost their right to release the binary. And their GPL violation is not that they haven't put up the source code for FTP somewhere, the GPL violation is that they didn't identify the product as using GPL'ed code in the first place, accompanied by an offer to make the source code available.
That said, I have to think about SCO, and think that one shouldn't take a "All your codebase are belong to us" approach. My feeling is that trying to knock others out to get what you want, is kindof evil. And that goes in both directions.
If someone has violated SCO's copyright in the way they claim, they should be punished severely: copyright violations like those claimed by SCO threaten not only companies, they threaten the very existence of open source software. (However, I believe that SCO's claims are bogus, so I don't see much danger of that happening.)
Likewise, if Linksys has violated the terms of the GPL, they should be punished severely. Linksys's behavior, shipping GPL'ed code without identifying it as such, is a fundamental violation of the GPL, and if the only consequence is that companies have their wrists slapped when found out (and it has taken years to find this out about Linksys), it undermines the whole idea of the GPL.
Bzzz. Wrong. Section 3 of the GPL:
(emphasis mine)If they've distributed executables which would require compiler modifications, those compiler mods would also have to be distributed. The exception above about not distributing the compiler doesn't apply, as the GCC with Broadcom modifications isn't "normally distributed" with the Linux kernel.
One of my switches runs IOS on a PowerPC 403GA, running at either 25 or 33 MHz.
The linksys AP has a MIPS processor, which is probably running at 125 MHz.
It could run IOS without breaking a sweat.
Apples and oranges. On your switch, IOS just manages the system; the heavy lifting (frame forwarding) is actually done by ASICs for that very purpose.
On another note though, I'm not sure why the original posted is calling IOS "bloated" -- perhaps today there are a number of features that are not necessary for the core purpose of the box, but they don't typically add "overhead" to the box itself.
Most Cisco boxes are "underpowered" in terms of CPU, but they still manage to do the job.
The new(er) Cisco Aironet access points migrated away from the old VxWorks-based OS to IOS (see: Aironet 1100 are shipped as such, Aironet 1200 have a conversion kit)
This is not enough. I want the source code of all the GPL code (modified or not) by Cisco. If they do only provide a patch to a well-known source code, this is not respecting the GPL. Of course since I do not have such a module, I can not complain... but aquiring one just to remind Cisco that they do not understand the GPL and are not respecting the rules would be fun... Cisco and the FSF already discussed some issue in other cards like NAM, IDS, ... At least they have less problem using Windows for running IP telephony solution, Microsoft is less regarding since they don't care about freedom much.
Don't let the computer/expert control the election. Information for Belgium in french: http://www.poureva.be/
The microsoft wireless broadband router also identified itself as runing linux to both NMap and a GFI languard scan, so did a Netgear RT314. Anyone care to run strings on their firmware?
Even if Linksys complies after some cajoling, this demonstrates the practical "loophole" we have been witnessing for the past 2 years:
.tar.gz's because I do everything possible to be able to use the stock products. Why? These are long term products, life spans of about 10 years. Living with a set of patches for every damn tool we need... I have better things to do. If there's a way to avoid changing the origian sources, we'll go ahead with that one.
companies use GPL'ed stuff, and if they get caught, they (often) comply. For each violation that gets caught, there might be several that get away.
So what? I mean, I'm all pro GPL and also a GPL sw coder. I work for a company that manufactures slot machines that run linux and loads of other GPL'd software aswell as our own apps. Technically we don't distribute the slotmachines so we're not bound by GPL, and if we were, we'd just put a simple ftp server that would have the
And what's the real beauty is that when we discover bugs or make future enhancements or such changes, we try real hard to get them into the actual sw package, again just to avoid having to maintain a large set of patches.
And for example Linksys failing to offer a stock kernel tar ball in their site doesn't sound that serious to me. A proprietary sw mogul using gpl'd code in their product, now that would be a serious violation.
1 Earth is warming, 2 It's us, 3 it's royally bad, 4 we need to take action NOW
Yes, I know the guy is almost certainly a troll, but this won't take long.
"Part of this license states that any changes to the kernel are to be made freely available.
Unfortunately for us, this meant that the great deal of time and money we spent "touching up" Linux to work for this investment firm would now be available at no cost to our competitors."
Sorry, thanks for playing. It merely states that you have to make the source available to those you give binaries. You can make all the changes you want to the kernel for a client, as long as you give that client the source as well. No-one else need have it.
In the instance of kernel changes, it makes a hell of a lot of sense, too. Lets assume for a moment that you weren't a troll. This company would have a custom kernel, but without the new modified kernel source they couldn't install anything else that would also patch the kernel, or even rebuild when bugfixes are released.
"I Know You Are But What Am I?"