Slashdot Mirror
Is Linksys Violating The GPL?
jap writes "According to this post on LKML, Linksys is shipping firmware for (at least their) 802.11g access-points based on Linux - without any sourcecode available or mentioning of it on their site. This could be interesting: it might provide the possibility of building an ueber-cool accesspoint firmware with IPsec and native ipv6 support etc etc, using this information!"
They have been using Linux for a long time on their routers/AP's.
Anyone who have one must have noticed it.
The one thing to say to their defence is that they are usually "driver friendly" with their PCMCIA WiFi cards.
I just hope that now they will wake up, straighten up the mess, and start helping the community with supporting 802.11g in Linux for their NIC's.
A couple follow ups on the kernel mailing list:
A very interesting bit from the busybox maintainer, who has evidently already sent linksys two letters
A post outlinging the possibility that Belkin is also shipping GPL'd code
A few other people are throwing their two cents in, but those were the most interesting, code be an interesting test of corporate policey, and the ability of the GPL to withstand a court battle.
Two points. I always have two points.
First, as someone else already said, just becuase it uses a linux kernel doesn't mean they modified anything, it could be a stock kernel. If they wrote userspace drivers and/or kernel modules using existing interfaces for their custom hardware, they are not obligated to release anything.
Secondly, if they weren't abiding by terms they had to according to the GPL, it would be COPYRIGHT violation, not license violation, as if you don't comply with the license, copyright law says they can't redistribute it. I know it seems like a silly point, but it's not.
People talk about the GPL being "tested in court" and whatnot.. but the fact is: If you don't accept the GPL as valid, then copyright law still stands, and says you can't redistribute, or make derivitive works. A judge can rule the GPL as invalid, but that would mean that nobody had any rights to redistribute anything.
It's not a license you had to accept and agree to in order to use the product.. so you can't "violate" it.
Linus, or any other kernel developer could go to linksys, and say "I have not granted you permission to use my copyrighted work, please demonstrate why you think you are allowed to do this". They can then either cite how the GPL allows them to do what they do, or concede that they have no right to distribute.
So as unclear as I can be.. it's not a GPL violation... and people are not forced to release code because of a nonexistant GPL violation... although that might be an acceptable remedy to all parties in most cases. They could also be forced to simply stop doing it.
You may be thinking of the LGPL instead, which relaxes redistribution requirements.
LRC, the best-read libertarian site on the web
Hi. I work for the FSF investigating GPL violations (and yes, we are also working on this Linksys thing). Can you tell me more about this Cisco issue? Is there any software FSF holds copyright on (the gnu c library, bash, gnu tar, gzip ...)? Does the unit come with an offer to provide source code?
Become a FSF associate member before the low #s are used
Er, you can mail me at novalis atsign fsf.org if you have any information.
Become a FSF associate member before the low #s are used
I see your point. However, if I had to guess, the silent treatment is while management tries to figure out what to do.
I could imagine quite possibly that they've signed some NDAs that won't allow them to release all their source code. Then this GPL stuff means that they have to release all their source code -- or so it seems.
So now they've got to figure out what to do, and while they're figuring, it's legally safer to say nothing to anyone.
Probably their best way out is either get the NDAs released [unlikely], or find out the individual authors of their modules, and work out individual licensing agreements [difficult, but possible] that keep it outside the GPL. At that point, though, you won't have your information.
That said, I have to think about SCO, and think that one shouldn't take a "All your codebase are belong to us" approach. My feeling is that trying to knock others out to get what you want, is kindof evil. And that goes in both directions.
So I think persistance is key, here, but if they made a mistake, (1) don't gloat -- rather, be meek (2) still be persistent, and try to get FSF's help pursuing this (3) hopefully get the FSF to offer them help in finding for themselves a legally sound position.
P.S. Good hacking job [and yes, that's hacking not cracking, though I hope that they don't just decide 'hit him with the DMCA -- he's too small to fight it.' Ugh. This DMCA gives all the power to big criminals, it seems to me, and takes power away from little law abiders.
Correct Horse Battery Staple: 72 bits of entropy. Enter "Correct H" into google. When it generates the phrase, that's
<BusyBox maintainer hat on>
S _code.bin
./cramfs.image /mnt /mnt/bin /mnt/bin/busybox /mnt/bin/busybox | grep BusyBoxd d /mnt/bin/busybox
This is what I did to verify that the Linksys firmware was violating the GPL....
#!/bin/sh
wget ftp://ftp.linksys.com/pub/network/WRT54G_1.02.1_U
# I noticed a GZIP signature for a file name "piggy" at offset
# 60 bytes from the start, suggesting we have a compressed Linux
# kernel
dd if=WRT54G_1.02.1_US_code.bin bs=60 skip=1 | zcat > kernel
# Noticed there was a cramfs magic signature at offset 786464
dd if=WRT54G_1.02.1_US_code.bin of=cramfs.image bs=786464 skip=1
file cramfs.image
sudo mount -o loop,ro -t cramfs
ls -la
file
strings
/usr/i386-linux-uclibc/bin/i386-uclibc-l
-Erik -- --This message was written using 73% post-consumer electrons--
Comment removed based on user account deletion
Probably their best way out is either get the NDAs released [unlikely], or find out the individual authors of their modules, and work out individual licensing agreements [difficult, but possible] that keep it outside the GPL.
It's too late for that: whether they do or do not release the source code at this point, they have already lost their right to release the binary. And their GPL violation is not that they haven't put up the source code for FTP somewhere, the GPL violation is that they didn't identify the product as using GPL'ed code in the first place, accompanied by an offer to make the source code available.
That said, I have to think about SCO, and think that one shouldn't take a "All your codebase are belong to us" approach. My feeling is that trying to knock others out to get what you want, is kindof evil. And that goes in both directions.
If someone has violated SCO's copyright in the way they claim, they should be punished severely: copyright violations like those claimed by SCO threaten not only companies, they threaten the very existence of open source software. (However, I believe that SCO's claims are bogus, so I don't see much danger of that happening.)
Likewise, if Linksys has violated the terms of the GPL, they should be punished severely. Linksys's behavior, shipping GPL'ed code without identifying it as such, is a fundamental violation of the GPL, and if the only consequence is that companies have their wrists slapped when found out (and it has taken years to find this out about Linksys), it undermines the whole idea of the GPL.