Slashdot Mirror
Linksys and the GPL, Again
Rob Flickenger writes "While poking around on the Linksys WRT54G (one of the new Linux 2.4.5 based APs) at a SeattleWireless Hack Night session, we noticed a number of binaries in their firmware (including Zebra, PPP 2.4.1, and iptables to name three) that are released under the GPL, some of which are obviously modified. The question is, where is the source code to Linksys' modifications? Their "GPL Code Center" has the packages, but they are the pristine distributions, without any changes whatsoever. I've asked Linksys for clarification, but given Linksys' customer service reputation, I highly encourage other interested parties to ask them as well. More details are up on my weblog on oreillynet.com."
Is this going to chase away companies adopting Linux for use with their products?
I would really like to see some "Open source lawyers" ... or the lawyer version of open source software developers. People who go after random problems like this in their spare time. It would make the world a better place. Imagine GOOD lawyers, not bad ones - working for free for the betterment of society.
If there were people like that around, I would like to see them follow up this case, and those like it.
In the absence of open lawyers, I think a lot of GPL and licensing issues will not be followed up. Without someone to pursue a law or contract, it doesn't really do much.
We've been lucky until now because all the people using GPL software have the open source spirit. But the more open source gets into a market driven economy, the more we will see this type of thing.
Bring on the Open Lawyers!
Slashdot Syndrome: the sudden, extreme urge to correct someone in order to validate one's self.
we noticed a number of binaries in their firmware (including Zebra, PPP 2.4.1, and iptables to name three) that are released under the GPL, some of which are obviously modified
What he means by obviously modified? The file size is different? Maybe they just compiled it with different parameters!
Did anyone formally read the linked weblog that forms the basis of this article? It just might contain the answer. Imagine that.
Cheers,
Ian
we noticed that the zebra running on the WRT54G doesn't use the standard configuration file locations. This means that it must certainly be a modified binary.
This may just be stuff sent to the configure script, using the vanilla sources.
binaries are compiled with a modified GCC (with a signature string of "GCC: (GNU) 3.0 20010422 (prerelease) with bcm4710a0 modifications"). That bcm4710 refers to the Broadcom chipset that this AP is actually made from.
Did they release the modified GCC? Somehow I doubt they put gcc on the access point. Since they did not release the binary, they don't need to release the source.
Who is this "we" of which you speak? GNU/Linux users are not violating anyone's copyright. The GPL, the license does not encourage or facilitate copyright violation...
What are you talking about?
The article also states that LinkSys is using a modified GCC. So what? They aren't distributing a modified GCC, so they are not bound to distribute sources.
I can't say that I don't give a fuck. I've just run out of fuck to give.
Hence the reason why corporate industries shy away from the GPL and developing OSS in general. Giving competitors their superior code means they lose their competetive edge, and consequently costs them money.
From the article
"I believe the GPL is an important document that is intended to prevent exactly this sort of theft of code. Any company that incorporates GPL software into a commercial product and attempts to skirt the licensing terms is nothing short of a thief, building on the stolen effort of countless contributors. "
Let me make sure that I have this right - it is not OK to "steal" copyrighted software that is "freely" distributed, but it is OK to "steal" other copyrighted materials (mp3s) that were never "freely" distributed?
"Microsoft has made computing accessible to a population who would otherwise not be able to use computers" - B. Kernigha
I just presume that, given the audience that visits Slashdot, people will at least be smart enough to realise that they're now on the other side of the fence. Sure, maybe SCO are wrong. But maybe, just maybe, they believe they're in exactly this same position.
In both cases, I say, prove it. Prove that Linksys didn't build the source using their compiler (which they haven't given you a binary to, and so don't owe you source) and the original source code which the author of the article admitted was available for download, using configure flags to specify an alternate configuration file location.
Guess what? It's totally possible that Linksys is in full compliance with the GPL. This guy didn't bother to make sure that the code was in violation before crying foul and putting up a "Linksys sucks -- email them and ask for the modified source!" page.
I took two minutes to "apt-get source zebra", and look at this:There's nothing to see here, folks. There's no story here, because just like with the SCO stories, there is absolutely no substantiated evidence.
Congratulations, Michael. You have been trolled. Maybe if you'd read the article before posting it to the front page you'd have spared Linksys some bad publicity.
Somebody get that guy an ambulance!
Meanwhile, back to the LinkSys discussion, which is about LinkSys using someone elses's superior code. (And, BTW, is a bunch of crap, the article poster has no evidence that the binaries are modified.)
If corporations are people, aren't stockholders guilty of slavery?
If anybody bothered to RTFA...
He's basically making 2 claims.
1. Zebra uses non-standard file locations, so it must be modified.
2. GCC used to compile the system has been modified (binary signature is different).
However, I'm currious to what extent of moving files constitutes being "modified". Are these changes that can be made with "./config --target-dir=/someplace/else"? If so, then the claim is baseless because no modification of the source was necessary.
As for GCC, we can see that it was modified because the binary signature is different. Does this constitute a GPL violation? Possibly, I'm unclear what the intent of the GPL is in a situation like this. Basically, GCC was modified and used internally by LinkSys. If I modify GCC and don't distribute it to anyone other than me, do I have to put the changes out on a website (or anywhere)? No. Is it different for a corporate entity?
If binaries compiled with an undistributed modified GCC are distributed, does that then require the disclosure of the modifications to GCC? I think that the spirit of the GPL would have to say yes, but since IANAL, they may be perfectly within the law to keep it. It's exclusion may be just an oversight.
The last time a LinkSys issue came up, we discovered that it was just a matter of someone jumping the gun too quickly. I think that LinkSys is a smart company, and I think they respect the Linux community. I don't think they would shoot themselves in the foot with licencing issues. Let's all have a little patience and give them the benifit of the doubt until there are more facts than speculations, shall we?
As I've been stating and the other replier also stated zebra uses a configure script. --sysconfdir=DIR read-only single-machine data in DIR [PREFIX/etc] allows them to modify file locations, yet not modify the source. This means that the gpled source is all that needs to be downloaded, which is provided on that site.
And as I've been stating, I think Linksys is uses unmodified source code. Zebra uses the configure script to decide where files get stored. So all that is needed is --sysconfdir=DIR read-only single-machine data in DIR [PREFIX/etc] to place the files elsewhere, while not modifying the sourcecode.
You wouldn't have been a defendant anyway. Your company would have been. If I were your boss, I'd probably be displeased to find that one of my people added an additional operating system to our support load without prior authorization as well. If you were trying to sway him, you might have considered going to him before you went off on your own and did something that you obviously knew he wouldn't appreciate.
Yeah, if it doesn't already, the GPL needs to specify that the binary (or a 100% functional binary compatible equivalent) must be derivable from the source code in combination with a compiler/toolset (for which source code must be available, and this source code must produce the compiler/toolset (or functional equivalent) when used in conjunction with a standard compiler).
Tricky.
No thanks, the GPL is hard enough to sell as it is. Remember that fracas about using GPL'd Java packages? Holy shit! People were claiming that since technically the GPL'd Java code was linked at *runtime* that maybe the entire project would have to be GPL'd. Wow.
Give me a BSD or Apache license any day... licenses should not, in my opinion, have an almost religious ideology behind them.
You also said: By using a tool not generally available to build the source, the distributor has made it difficult for end users to enhance the software.
GPLers throw around that phrase a lot, "end users". The assumption is that an end user even knows what a compiler is. Most of them do not. For a true end user the GPL doesn't do or mean shit. I mean, come on, they have the "right" to modify their software... and most of them don't even know what a commandline is. That's very useful.
To the *developer*, the GPL is potentially another story. It's great to have access to code, to make changes, etc. But, let's keep that straight... the GPL is for the developer crowd and not the end user. It is not liberating the end user from anything at all.
My interpretation is that if you routinely need to change pieces of GCC to change your code, then the GCC source *is* your source and the GPL requires you to release it.
They only have to release the source code if they are distributing the software. In this case, it is embedded in a product (firmware). I don't know how the GPL would be interpretted in this case (are they distibuting this software).
I would say that in this case a company should not have to release their source. I think it is quite petty to be making this into a big deal. They've adopted linux in their firmware. It's been modified to work with their hardware, so how are these modifications going to be useful to people who haven't bought their router?
I do agree that in most that when you distribute modified GPL software you should release the source, but in this case the software is hidden inside a product. The only thing obvious to the user is the FUNCTION of the firmware, not the architecture of the firmware. So are they really distributing GPL'd software? Not in the traditional way.