Linksys and the GPL, Again

Rob Flickenger writes "While poking around on the Linksys WRT54G (one of the new Linux 2.4.5 based APs) at a SeattleWireless Hack Night session, we noticed a number of binaries in their firmware (including Zebra, PPP 2.4.1, and iptables to name three) that are released under the GPL, some of which are obviously modified. The question is, where is the source code to Linksys' modifications? Their "GPL Code Center" has the packages, but they are the pristine distributions, without any changes whatsoever. I've asked Linksys for clarification, but given Linksys' customer service reputation, I highly encourage other interested parties to ask them as well. More details are up on my weblog on oreillynet.com."

How does Cisco relate to this

[neye_eve]

They just bought linksys, right? So wouldn't this take an increasingly interesting turn if it's Cisco violating the GPL instead of "just" Linksys. heh, go after the deep pockets :-)

Re:How does Cisco relate to this

[sTalking_Goat]

The question we should be really asking is, how can we get SCO from this...come one there must be some way.

Re:How does Cisco relate to this

[TedCheshireAcad]

Havent thought about this before, but if the Linksys router uses Linux 2.4.x, and Cisco owns Linksys, then Cisco can join the fight against SCO. If SCO is claiming that kernel 2.4.x infringes on its IP, then Linksys/Cisco should be fighting not to pay ~$700 per router they've sold.

Re:How does Cisco relate to this

[rifter]

You call $7.50/hr "great money" in the US? Let's see how long you live on minimum wage. Dork!

1) Minimum wage is much much less than that in most US States.

2) Just because McDonald's is a corporation does not mean it is one of the "many" mentioned. I doubt many of the corporations I have worked for pay minimum wage to anyone under their employ, and they do pay quite well to most of the workers I have direct contact with.

Re:How does Cisco relate to this

[Gleef]

Federal minimum wage is $5.15/hour in the US. Some states have a higher minimum wage, no state has a lower one, most states just use the Federal minimum wage.

In many areas of the country, "unskilled service" jobs are the only ones really growing. These are jobs like Grill crew at McDonalds, retail clerk at a Hallmark store, security guard for Securitas, etc. Many of these jobs pay minimum wage whenever they can get away with it.

That being said, while the US minimum wage is next to impossible to live on, in many ways it actually is "great money" compared to average wages in many other countries, or the wages that "illegal" immigrants get in the US.

Troubling.

[Meat+Blaster]

I'm concerned about the recent increase in GPL stories lately where companies that are embracing Linux are being carefully scrutinized. Maybe it's counterproductive to constantly play the hardline approach when Linux is finally starting to get decent drivers... I know part of the reason I switched to Linux in the first place was because I didn't like some of the tactics commercial software vendors were using.

Is this going to chase away companies adopting Linux for use with their products?

Re:Troubling.

[pork_spies]

Look, I write kernel code. not much, but a little. My contact with the users of my code is that if they make something better with my code then they can let me use it too. It's not "going for" anybody to ask that they honour the deal the I (and every other kernel hacker) have struck with them.

Re:Troubling.

[oPless]

I don't understand these companies.

Why use something GPL'd when you can use *BSD that has little or no encumbarance like this?

Or am I missing something here?

(Note: I'm a Debian bigot - not a *BSD one)

Re:Troubling.

dont like it? use BSD.

Re:Troubling.

[aborchers]

Is this going to chase away companies adopting Linux for use with their products?

Companies that don't play by the rules shouldn't be using Linux, even if it costs us good driver support, etc. One of the benefits of using the GPL is that it provides a self-protection mechanism to ensure that Linux is not closed off and fragmented into opaque binary distros. If such fragmentation were allowed, you will see exactly the problems you had previously with commercial vendors appearing in Linux products, only multiplied.

Re:Troubling.

[keester]

I'm concerned about the recent increase in GPL stories lately where companies that are embracing Linux are being carefully scrutinized.
This is FUD. Companies don't support linux because they want to be community friendly. They do it because there is a demand and they want to make money. If they are going to profit from GPL code, then they should follow the terms of the license agreement. It really is that simple.

Re:Troubling.

[femto]

No, it's only going to chase away dishonest companies, which the community doesn't need anyway.

If a company doesn't like the GPL, what's wrong with approaching the authors and saying 'Look, we can't live with this, can we negotiate some other license?'. Instead dishonest companies break the law, and violate the authors' copyright. If someone did it to them, they would be using words like 'theft' and 'pirate'. It's not playing hardball, it's called common courtesy.

Re:Troubling.

Well, if you don't enforce the GPL, then it will become useless. Companies will choose to ignore it and appropriate others' code without giving anything back. This all may seem trivial until some large company decides to take GPL'ed code and make it their own without releasing any source. And suppose they then say that the modified code belongs solely to them.

If you don't fight the small battles, the big ones are that much harder to win.

Re:Troubling.

[sc00p18]

Who cares if hardware companies support Linux if they can't play by the rules? I would rather not have those companies around at all. Don't forget the lessons RMS strives to teach us daily.

Re:Troubling.

[quinine]

Where are these decent drivers you speak of? So far as I know there are none. Granted, this is a problem with Broadcom and not Linksys, but it's fishy to me that their WAP runs linux but that linux cannot be used to run their cards.

Re:Troubling.

[John+Hasler]

> I'm concerned about the recent increase in GPL
> stories lately where companies that are embracing
> Linux are being carefully scrutinized. Maybe it's
> counterproductive to constantly play the hardline

If these companies were using VXWorks or Windows CE you can be damn sure that they would be required to comply with every detail of the much more complex licenses. Why should they not be required to comply with the GPL? It's not like it's difficult or expensive.

> Is this going to chase away companies adopting
> Linux for use with their products?

Only the ones who think that "Free software" == "public domain".

Re:Troubling.

[enjo13]

Not exactly true...

A lot of companies support linux (and Mac OS for that matter) for many reasons.. a common one among them being Goodwill. They recgonize that a lot of IT decision makers are also Unix* users.. by supporting your product on Linux those decision makers become familiar with it and have a positive view of the product which translates to sales on other (more prominent) platforms.

As they say in business school, 'never understimate the power of goodwill.'

Re:Troubling.

[Simon+(S2)]

If such fragmentation were allowed, you will see exactly the problems you had previously with commercial vendors appearing in Linux products, only multiplied.

are you talking about the bsd license? do you see this happening with bsd?

Re:Troubling.

[JanneM]

Because the stuff they want to use is available under GPL, but not BSD?

Re:Troubling.

[RealAlaskan]

>>f such fragmentation were allowed, you will see exactly the problems you had previously with commercial vendors appearing in Linux products, only multiplied.

>are you talking about the bsd license? do you see this happening with bsd?

If you don't see it, it is probably because the commercial forks aren't called BSD anymore.

Windows notoriously used BSD networking code. Do you suppose the Microsofties contributed their changes back to the code base? So far as we know, no one has forked and closed an entire *BSD distribution, but I would imagine that most of the basics of them have been forked and closed multiple times.

I suppose that you could say that shows that the protections of the GPL are overkill; after all, the *BSD's are surviving quite nicely. You could also say that the GPL gives us tools to prevent anti-social behaviour, and that those tools are being applied to Linksys.

Re:Troubling.

[s88]

While I whole-heartedly agree with your statement (I run several open source projects myself), being a corporate employee I can also sympathize with the previous statement.

I think you'll find in about 90% of the cases the modification people want to make to the source are not "improvements" per se, but just modifications. When writing a driver, or any library for that matter, you have to make certain assumptions about usage patterns. In some cases the assumption don't match up with how someone wants to use the code. The code may provide 99.9% of the functionality they want, but its missing a critical extension point, or does something slightly different than you want it to.

Under GPL, you basically have your hands tied. You can't legally modify and use the code withouth submitting them back, and you can't really submit back the changes because they are usually hacks to get it to work how you want (not "improvements" on the code).

Its a tough position to be in. And as the previous post says, if you want to be safe you have to just not use the code.

Re:Troubling.

[Matt+Ownby]

However, in this case Linksys may just be careless, sloppy or ignorant of its obligations. I think it would be a mistake to assume that they are blatantly defying the GPL. I agree that Linksys ought to be reminded of its GPL obligations, but I think it is imperative that this reminder be courteous and polite. Even if Linksys recognizes that they are in the wrong, they won't be eager to continue linux support if everytime they release an update, they receive angry responses.

Re:Troubling.

[pavon]

Yeah, but we really ought to approach this with more grace than the "guilty till proven" innocent stance that slashdoter's seem to seeth with. I mean this guy doesn't have any concrete evidence that the GPL has been violated, didn't give Linksys time to respond to his claims, but instead just posted slander about them on a large news source. Yeah, thats the way to get people to embrace the GPL.

This should be the appropriate line of behavior when you notice a potential GPL violation.

1) Contact the author of the software in question.

They are the ones that have the right to persue a copyright violation, and thus should be the ones to deal with the potential violators, not an angry vigilante. Furthermore, there may be other circumstances which you are not aware of, like if the author is distributing the code in question under a second license. For all you know that "obviously modifed" version was writen by the author himself, so make some money on the side.

2) The author should politely contact the suspect explaining that there is some concern that they might be using his software against the terms of the licence (GPL), and request more information about the situation.

3) The author should check with the good guys at the FSF to make sure he understands all the nuances of the GPL in this situation.

4) If the suspect is not cooperative, the author should then send a more stongly worded letter, stating that the company is in violation of the law. It would be very preferable to hire a laywer to help draft this letter and take a second look at the situation at this point.

5) If the company is still not cooperative, then and only then the author should publicise the violation to the community in the hope that public backlash will cause the company reverse their opinion.

6) As a last resort legal actions should be taken, if money can be had for the trial.

Yes, Linksys has a history of things like this but that does not justify these knee-jerk reactions.

Re:Troubling.

[Jim+Hall]

Under GPL, you basically have your hands tied. You can't legally modify and use the code withouth submitting them back, and you can't really submit back the changes because they are usually hacks to get it to work how you want (not "improvements" on the code).

That's incorrect. The GNU GPL does not require you to submit anything back to the project you modified. However, the source code is under the GNU GPL, and the GNU GPL does require you to make that source code available if you redistribute the program. Check section 3.

If you make changes (even a hack to get something to work right on your hardware, or even to correct someone's spelling mistake in an error message), those changes are also under the GNU GPL, and you are similarly required to make that source code available if you redistribute the program.

I work on several open source / free software projects, including the FreeDOS Project. I've dealt with companies who use and redistribute FreeDOS and forget to provide the source code. Usually, all it takes is a friendly note: "hey, you forgot to make the source code available ... see section 3 of the GNU GPL ... here are some ways to do that." If the email is not harrassing ("show me the source or I'll sue your pants off") or intimidating ("you are so lame, why didn't you include the source?") the company will correct it and make the source code available as soon as possible.

The key thing to remember here is not to be an asshole to Linksys/Cisco. If they didn't provide the source code, just remind them what to do, and they'll fix it. If we act like assholes, what kind of message does that send to Linksys/Cisco?

(I'm not suggesting the original poster is an asshole - he's not. But we should be sure to keep our attitudes in check when dealing with Linksys/Cisco.)

-jh

Re:Troubling.

[duffbeer703]

BSD code is considered the reference implementation.

And don't try to tell anyone that Linux networking code borrows or borrowed from BSD.

Re:Troubling.

[Feztaa]

Under GPL, you basically have your hands tied. You can't legally modify and use the code withouth submitting them back, and you can't really submit back the changes because they are usually hacks to get it to work how you want (not "improvements" on the code).

What the hell are you talking about? The original maintainers don't have to accept your patches in order for you to be able to distribute binaries. Just make whatever changes you want, no matter how trivial, and then make sure to distribute the source right alongside the binaries (have a link to the source on the same page that links to the binaries, or put the source and binaries on the same CD, etc). You don't have to care what the original author thinks about the changes you've made. You just have to distribute the source.

Better yet, if the changes you're making are for "internal use only", then you don't even have to distribute the source, simply because you're not distributing binaries (you don't see Google/Amazon/whatever falling over itself to give you it's source code, do you?).

Re:Troubling.

[iabervon]

But people have not taken the hardline approach in cases of GPL violations. The hardline approach would be to sue the companies for damages, demand settlements, or prohibit them from using the code at all, all of which would be possible approaches. The approaches that have actually been taken have been to inform the companies of the violation and ask them to come into compliance with the terms of the license, with no penalties to compensate for their previous violation.

If anything, this will clarify to companies considering using GPL software their obligations and risks, and those turn out to be less than what many companies may have heard or a bit more than the companies may think they can get away with.

We are in the process of developing a set of precedent as to what options will lead to what requirements: if you follow nVidia's pattern, you're fine; if you follow Linksys, you'll have to contribute a particular set of changes; and so forth. This lets a company evaluate software they could use with an understanding of what work they would have to do to use it, and what of this work would have to be contributed back to the community.

Re:Troubling.

[Otter]

Absolutely, companies have to play by the rules. At the same time, there is probably a better way of enforcing the rules than the usual mechanism of "somebody thinks there might be a GPL violation and immediately sends the Slashdot mob after them".

In this case, the only evidence AFAICT that the Linksys binaries are based on modified code is that files are installed in non-standard locations, which hardly requires source modification. And, as usual, the complainant hasn't bothered to wait for a response from the company in question. (Atypically, he at least asked.) It's far from clear that we need to go to DefCon 3 over this.

Re:Troubling.

[that+_evil+_gleek]

Yeah. But you don't have to submit it, just distribute it with the binary, or make available.
You don't have to submit it. I mean send them a patch just they can drop it?
I can see how using linux for embedded systems could be a problem for ad-hoc, quick and dirty designers. They will naturally modify the C source directy, because it takes the least amount of thought. Their concern is if they release all their changes, since its all comodity components any anyone would then recreate everything they do.
Trivially. Pinksys would spring up (think: Pinktie v Redhat), sell all their products as kits, and undersell them... Of course, they just to make a lib from scratch with what they needed to imp. (Like liblinksysrouter5.so or whatever) still some cavaets.. but I believe its feasible in some circurmstances...
But if they just hack libc sources, then yeah, I believe they need to make those changes available.
Incidently, I'd love to see some of those small case pc systems just distributed as kits, with lower price because less labor, I might buy one then.

Re:Troubling.

[dnoyeb]

You are never required to distribute the source. It has to be resonably available. (i.e. I shouldnt have to drive to Texas to get it.)

Re:Troubling.

[jalet]

> Is this going to chase away companies adopting
> Linux for use with their products?

If this is true, then it's not about companies adopting GNU/Linux for use with their products. Instead it's about companies stealing others' work and claiming its theirs. I don't think we will miss them if companies like this go away, or bankrupt.

Re:Troubling.

[jdh-22]

If a company doesn't like the GPL, what's wrong with approaching the authors and saying 'Look, we can't live with this, can we negotiate some other license?'.

That is exactly what we shouldn't do. If they don't like the GPL then they shouldn't be using software developed the GPL. Once you start letting one or two get through, they will all want to.

We just have to live by the GPL, and all that it stands for. And if they don't like it, too bad.

Re:Troubling.

[Varitek]

A lot of companies support linux (and Mac OS for that matter) for many reasons.. a common one among them being Goodwill.

That isn't goodwill to Linux, though. In accounting terms, goodwill is an asset of the company.

Re:Troubling.

[N1KO]

That example you gave makes it sound like the reason is increased market share rather than goodwill. If a company does things other than for increased market share, increased profit or decreased costs you can tell there's a problem (like most internet companies a couple of years ago having the objective of increasing share price).

Re:Troubling.

[Rogerborg]

Don't presume to tell me how I can and can't license my copyrighted code, and I won't tell you how to license yours. It's possible to release code under GPL and sell it, for example, which is win-win-win (author, purchaser, everyone else) as far as I can see.

Re:Troubling.

[e2d2]

This brings up a good point, if a hardware company uses GPL code, modifies it, then release their hardware with that modified code is the selling of the hardware considered distribution (they just distribute the hardware)? You don't really distribute the binaries in the traditional sense of allowing users to download the code or send them a CD.

I say it is distribution, but I was wondering if it has been discussed/ironed out by the FSF..

Re:Troubling.

[radish]

Embedded software is still software. If you sell hardware which includes the software, then you are distributing the binaries, and you must make the source available. I would think that putting it on the driver disk, or even just linking to it on your website would be sufficient.

Re:Troubling.

[p3d0]

Sorry, the GPL doesn't require anyone to let you have their modifications to your GPL'ed code. They are only required to distribute source with their modified binaries.

Re:Troubling.

[jdh-22]

I didn't presume anything, I read the GPL license.

Specificly:

You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any work based on the Program), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Program or works based on it.

Once a developer decides to use/copy/update any code under the GPL, he/she is accpecting the GPL license period. There is only one person telling how to license your copyrighted code, and that is the orginal developer of the software.

So if you don't like your code to be licensed under the GPL, go make your own.

Re:Troubling.

[bitblit]

Here's the deal. The whole Linksys GPL flap started because Linksys was NOT releasing their drivers for Linux. Those of us with wireless cards containing the Broadcom 4301 chipset were told to f-off and that Linksys would NEVER offer a driver for our chip. Because of this, I started "The Linux Broadcom 4301 Driver Project" (http://linux-bcom4301.sourceforge.com). It was a member of our project who exposed Linksys' use of GPL initially. Companies profiting from GPL, as Linksys clearly is, must be willing to "give back" -- that is the whole purpose of GPL.

Re:Troubling.

[Grotus]

You may be reading the GPL license correctly, but I think you are missing the point of the posts to which you are replying.

femto says

If a company doesn't like the GPL, what's wrong with approaching the authors and saying 'Look, we can't live with this, can we negotiate some other license?'

The we he uses is referring to the original authors of the particular piece of GPL'd software. The we that you use in reply seems to be referring to 'the OSS community'. The reply of Rogerborg

Don't presume to tell me how I can and can't license my copyrighted code, and I won't tell you how to license yours. It's possible to release code under GPL and sell it, for example, which is win-win-win (author, purchaser, everyone else) as far as I can see.

seems to agree with the we as original authors interpretation.

Your statement

There is only one person telling how to license your copyrighted code, and that is the orginal developer of the software.

is what leads me to believe that you are just misinterpreting the we from femto, as well as missing that Rogerborg is referring to himself as the original developer.

Re:Troubling.

[dominator]

There is a better way. I'm in the process of filing suit against a repeat GPL violator. The guys at the FSF are *extremely* happy and willing to help you through this. They're willing to provide legal assistance and even represent you throughout the process. Their goal is to free software, and to protect the rights of the free software that's out there.

If you have a problem, send Bradley Kuhn a quick email. He'll probably get back to you within a day or two. If things look naughty, you'll probably have a phone or in person conversation with him and/or Eben Moglen. I have.

Slashdot should be a last resort for these sorts of things. Mass hysteria and flamage is bad. The press is a powerful weapon that you should use - but only when it's the right time for it. Only use this if your other doors have been shut. Treat it like a doomsday device.

If you haven't contacted the FSF or the program/library's author about this, posting this to Slashdot is downright irresponsible and even reprehensible.

Dom

Re:Troubling.

[Gizzmonic]

One of the benefits of using the GPL is that it provides a self-protection mechanism to ensure that Linux is not closed off and fragmented into opaque binary distros.

So...Linux is instead closed off and fragmented into a jillion open-source distros, many that brag about the difficulty of installation.

Sorry, but the GPL does not prevent 'forking,' as a matter of fact, it encourages them. Whether you think this is good or bad, you must admit that /etc is a very different place in different Linux distros.

I prefer the uniformity of other operating systems, it makes me more productive. Yeah, I could 'just use' one Linux distro, but there's nothing that Linux does especially well compared to other operating systems, so I'm constantly trying different distributions. But it ultimately leads to confusion, especially in terms of system preferences and differences between GUI apps.

It makes me hungry for a pop-tart.

Re:Troubling.

[dnoyeb]

Its implied. If you agree to make available another car for my car, and take my car and say the other car is at the north pole, a judge wont accept that it.

Re:Troubling.

[benploni]

Juniper's Junos is a major fork of freebsd that is closed source.

Re:Troubling.

[p3d0]

Granted, it doesn't apply to the Linksys situation. I was responding to this:

My contact with the users of my code is that if they make something better with my code then they can let me use it too.

If that's his contract, then he had better use something other than the GPL.

Re:Troubling.

[kcbrown]

However, in this case Linksys may just be careless, sloppy or ignorant of its obligations. I think it would be a mistake to assume that they are blatantly defying the GPL.

Perhaps. But do you think Linksys would be equally forgiving if they found someone who was defying whatever agreements they might have with Linksys? They might be, of course, but given the sheer number of cases out there of people (and small companies) being sued by corporations for various kinds of IP violations, both real and imagined, I don't think there's much reason to believe that Linksys will be what would appear to be an exception to the rule.

I'm normally inclined to give people the benefit of the doubt, but corporations have screwed others over so many times, so badly, and for so long that I can no longer give them the benefit of the doubt.

What goes around comes around. If corporations want to be treated fairly then they must treat others equally fairly. They haven't been doing that, so what do you expect people to do?

Re:Troubling.

[jbolden]

There is nothing hardline about it. Companies need to be educated on the differences between BSD style licenses (which they've used for 2 decades) and GPL style licenses which are newer. Companies don't expect to casually disregard contracts when it comes to commercial software.

Re:Troubling.

[jbolden]

There is nothing interesting about it. Copyright law regards making copies not what you do with those copies. A hardware vendor copies and distributes the code just as much as a software vendor does.

Re:Troubling.

[Rogerborg]

Quite right, but I was going to summarise it as "Duhhhh". ;-)

Re:Troubling.

[koekepeer]

yeah like hans reiser proudly states on your console after you run mkreaiserfs

you have to have a *damn* good product to sell it in this way, though

Re:Troubling.

[arete]

Although I can understand why you took issue with it, his statement wasn't wrong, it just wasn't lawyerly enough.

Under the GPL, in a common class of changes (those that are distributed) he'd likely eventually get to use the changes. Reading his other posts, I think he understands that there are limitations to this.

His point was about the GPL being an obligation, but I guess you can't make a point on Slashdot without mucking around in the details. : )

Re:Troubling.

[Rogerborg]

It's perhaps more common that you think. After all, how would you know? Confidentiality would be one of the terms of purchase.

For example, my company wanted to buy a non-GPL license for a common GPLd winCE installer package (because it links a GPL self extractor stub to the compressed package). The author declined, not because of a principled anti-commercial stand per se, he just believed (incorrectly, in our view) that there wasn't a GPL issue with using it, and so couldn't understand our concern. In the event, we spent the money that he could have had as a reward for his work on writing our own.

After looking at the correspondance and the situation, I came to an inescapable conclusion: he was an idiot, and his intransigence produced a lose-lose situation. The sooner GPL zealots get it through their heads that it's not polluting their karma to sell non-GPL versions of their work as well as releasing it under the GPL, the better for everyone concerned.

Re:Troubling.

[koekepeer]

as long as the changes involved in making this commercial package are made freely available in source.

if not, and it would only be used by the buyer, he would at least have to sign some kind of agreement not to redistribute it. how else can we avoid future violations? (e.g. modified code by buyer, and redistributed as a binary)

Re:Troubling.

[Rogerborg]

Please think about what you're saying. Do you honestly believe that if you write code then release it under a GPL, that restricts what you can do with that code?

There is nothing, legally or ethically, to stop you from taking a piece of code that you've written yourself and released under the GPL, then selling or licensing it to anyone you like, under any terms you like. You can license the source, you can sell binaries, you can do whatever you like. That doesn't effect what people can do with your GPL licenced version, any more than the GPL license effects what you or your other licensees can do with the code.

Seriously, you need to take a long hard look at what you think the GPL actually is, and why you think that. It's just another license, it doesn't have superpowers.

Re:Troubling.

[p3d0]

Ok, fair enough. I just think there's a common misconception that the GPL forces people to publish the source to their modifications, and that's not true if the mods are not distributed.

Re:Troubling.

[Jeremiah+Cornelius]

Why use something GPL'd when you can use *BSD that has little or no encumbarance like this?

Why be part of a community, when you can prey on the efforts of others?

Why choose to participate in a society of equals, when you can create an artificial priviledge for yourself?

Bloody Libertarians. Finer ethics are found amongst dogs.

Re:Troubling.

[aborchers]

Sorry, but the GPL does not prevent 'forking,' as a matter of fact, it encourages them.

True enough, but I'll take OSS forks under a license that gives me all rights to modify as I see fit over binary forks that lock me out of the code and into the vendor any day of the week...

Re:Troubling.

[catenos]

But it would be totally pointless if someone did. They can't do anything WITH the source on the system. It's a closed system. They can't get into it without violating the extremely expensive warranty they purchased. The only purpose in asking would be merely to cause us trouble.

There is a very valid reason: If you go out of business (or there is some other reason, why they cannot/want not do business with you any longer), they can (at least theoretically) do something theirselves, hire another company, whatever.

It only sounds like "merely to cause you trouble" to you, because you are unable to see a valid reason; and (a version of) bash (that runs your scripts without error) is easy to come by these days.
Think of what is in 10 or 20 years. You get the idea.

If someone asked, and they were a licensed customer (not a third party), then we would do it.

You only have to give it to a customer, except, of course, if the customer selled the system. But if you didn't at least hand out the "you can get the source from us" notice, you have already broken the GPL.

Re:Troubling.

[koekepeer]

we are not disagreeing, i just worded my arguments wrongly... semantics & bad reading from my side... sorry about that

by-the-way, you should be writing these kind of rants to the SCO group, not me ;)

have a nice day

DMCA...

[perly-king-69]

Are you sure you're not infringing your countries' laws by fiddling around with the internals of the router

Or is that still legal?

Re:DMCA...

[keester]

Ouch! What a shock this would be:

SlashDork: You're violating the GPL.

Linksys: So, slap me on the wrist. BTW you're going to jail for violating the DMCA.

Re:DMCA...

[Magic+Thread]

Does the router have some sort of access or copy control on it? If not, the DMCA has absolutely nothing to do with it.

Re:DMCA...

[BlueWonder]

Are you sure you're not infringing your countries' laws by fiddling around with the internals of the router

If this is so, the manufacturer is not allowed to embed GPL'ed code (not written by the manufacturer himself) in the router at all. He would violate section 7 of the GPL:

[...] If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. [...]

Re:DMCA...

[perly-king-69]

No they wouldn't

They could embed it in some copy protected hardware, and still release the code, surely?

Re:DMCA...

[booch]

Ouch, you're right. And claiming that they can't protect it with the DMCA doesn't work. Because you're still going to jail, and they're still just paying a small penalty for violating the GPL.

Re:DMCA...

[BlueWonder]

Well, according to section 3 [...] complete source code means [...] the scripts used to control compilation and installation of the executable. If I were a judge in a court case about this question, I would interpret that to mean that they must provide whatever is necessary to get the executable into the hardware.

I realize, of course, that real courts might see this very differently.

Who takes the reigns?

[Doesn't_Comment_Code]

I would really like to see some "Open source lawyers" ... or the lawyer version of open source software developers. People who go after random problems like this in their spare time. It would make the world a better place. Imagine GOOD lawyers, not bad ones - working for free for the betterment of society.

If there were people like that around, I would like to see them follow up this case, and those like it.

In the absence of open lawyers, I think a lot of GPL and licensing issues will not be followed up. Without someone to pursue a law or contract, it doesn't really do much.

We've been lucky until now because all the people using GPL software have the open source spirit. But the more open source gets into a market driven economy, the more we will see this type of thing.

Bring on the Open Lawyers!

Re:Who takes the reigns?

[bn557]

I've met a few, although they usually go by public defenders. They start out 'for the good of society' but after defending the 7th 14 year old who shot his mama cuz she wouldn't buy him some new pumas, they quickly turn to alcohol and depression.

Pat

Re:Who takes the reigns?

[psxndc]

I would really like to see some "Open source lawyers" ... or the lawyer version of open source software developers. People who go after random problems like this in their spare time

Ha! ROFLMAO! Stop, you're killing me! Lawyers don't have time to do more lawyering "in their spare time". Seriously. I can sit down for an hour and bust out a fair amount of code. A lawyer probably can't make a dent in all the documentation surrounding a case in an hour, if (s)he can even find an hour to do it in. Sorry, but my friend is an IP lawyer and free time is a luxury for him.

psxndc

Re:Who takes the reigns?

You mean like the EFF and the ACLU?

Re:Who takes the reigns?

[Dog+and+Pony]

Imagine GOOD lawyers [...} working for free for the betterment of society.

Lol. ;-)

(Ok, jokes aside: I'd really like that too. But that was just too funny. :))

Re:Who takes the reigns?

[GrenDel+Fuego]

One person who seems to be involved with a lot of these cases is Erik Andersen. He is in a unique position where he is the copyright owner of one of the pieces of code that keeps getting used by vendors (busybox), and his father is lawyer.

He can politely contact companies as a copyright owner, and he has a lawyer to back him up if they do not comply.

Re:Who takes the reigns?

[LorenDavie]

How about this: Form a non-profit organization that essentially works like the BSA: threatens to sue non-compliant companies. Proceeds from successful lawsuits (after the lawyers take their incentive-producing fee) would be donated to open source projects. I'm not a huge fan of litigation, but it seems to me to be the best way of creating a "GPL Police".

Re:Who takes the reigns?

[iamkrinkle]

isn't that (kinda) what the EFF is. I think a lot of those guys are working for free

Re:Who takes the reigns?

[Evil+Grinn]

Lawyers don't have time to do more lawyering "in their spare time"

I think they call it pro bono.

Re:Who takes the reigns?

[psxndc]

Most pro bono work is not done in their spare time, it is done as part of their daily practice. Usually it is done as a way to represent those that could normally not afford a lawyer or are for non-profit organizations. It could be done for many reasons: the firm requires a certain amount, it is a nice thing to do, or it just gives the lawyer a warm fuzzy. Doing these sort of cases pro bono would be entirely feasible. My objection was doing it in the lawyer's free time.

psxndc

Re:request?

[dhodell]

One should not have to formally request the source. The source distribution must be easily obtainable. I doubt that dealing with the hassles of a merged (read: taken over) company's customer service (who probably know nothing of the case) will pass as "easy going". Of course, IANAL :(.

Could it be.....

Could it be that they are using stock versions of these apps..

Many times what seems like magic, is nothing more than spending some time with the config files, and understading the options that are available.

obviously ?

[javatips]

we noticed a number of binaries in their firmware (including Zebra, PPP 2.4.1, and iptables to name three) that are released under the GPL, some of which are obviously modified

What he means by obviously modified? The file size is different? Maybe they just compiled it with different parameters!

Re:obviously ?

Please read the article. The default locations of files were changed, implying that the sourcecode has been changed on where those files are looked for.

Re:obviously ?

[blane.bramble]

Considering some of the files for zebra can be reconfigured when running configure, and others can be specified on the command line, this implies nothing of the sort without any specific examples.

Re:obviously ?

[sfire]

Please understand that zebra uses autoconf, the released source has a configure script which allows --sysconfdir=DIR read-only single-machine data in DIR [PREFIX/etc]. This does not change the source.

Re:obviously ?

[Dogun]

Download the firmware updated, dd the right section, mount it cramfs.
Look at the busybox binary.
run strings on it.
There is at least 1 error message that isn't in standard busybox. That is a surefire sign that they made a modification to it.

As for zebra, I heavily suspect it's the same deal.

Re:obviously ?

[op00to]

How about you show us the results of your experiment instead of just making sweeping generalizations?

Re:obviously ?

[jdavidb]

Best sig ever.

Re:obviously ?

[p3d0]

Woah, easy there fella. There's a difference between an unsubstantiated assertion and a "sweeping generalization". He could easily say "how about you get off your lazy butt and do the experiment yourself and prove me wrong".

Re:obviously ?

[brakett]

it might differ from the standard busybox, but does it differ from the busybox from the linksys code center http://www.linksys.com/support/gpl.asp? If the linksys binary matches the source code they have published I dont really see a problem.

Re:obviously ?

[Dogun]

You may have been confused by what I was saying. busybox was an example of a modified utility. Zebra was probably modified as well. The busybox maintainer was vocal as all hell, which is probably why his code is up there. Zebra's maintainer may have been a little less vocal.

Re:request?

[finkployd]

Absolutly not, but you do have to make it available upon request.

Finkployd

Re:request?

[ThePiMan2003]

Actually the company just has to give it to any customer who requests the source, unless they make changes then they have to send it to the dev team. Of course if the dev team decides they don't want the changes...

A new bad guy?

[mao+che+minh]

Linksys makes some really swell wireless devices based on modified code that was released under the GPL. Linksys does not release the source code, and obfuscates the process of retrieving the code when you ask for it.

To date, many people have asked, no one has recieved.

It looks like Linksys wants to use superior GPL code, but doesn't want to play by the rules and let competitors in on the action. If they were going to act this way, than they should have stuck to proprietary works.

Re:A new bad guy?

[sfire]

And it can all be downloaded from the web here

Re:A new bad guy?

[JZ_Tonka]

"It looks like Linksys wants to use superior GPL code, but doesn't want to play by the rules and let competitors in on the action. If they were going to act this way, than they should have stuck to proprietary works."

Hence the reason why corporate industries shy away from the GPL and developing OSS in general. Giving competitors their superior code means they lose their competetive edge, and consequently costs them money.

Re:A new bad guy?

I know for a fact that a few other companies are using Linux in their network devices (ie, VPN gateways, routers, etc.) that are not even mentioning they are using Linux and calling it their own proprietary OS. This was from a conversation I had with one of the company's product managers. I bet many other network device manufactures out there are using modified Linux and other GPL'ed code in their products and not revealing that they are.

Re:A new bad guy?

[Ktulu_03]

Please mod this up...the source code is available from Linksys.

Re:A new bad guy?

[DavidTC]

Their superior code? If it's their superior code, they why don't they release it under whatever license they want?

Meanwhile, back to the LinkSys discussion, which is about LinkSys using someone elses's superior code. (And, BTW, is a bunch of crap, the article poster has no evidence that the binaries are modified.)

Re:A new bad guy?

[avdp]

Companies that sell a product based on the GPL code might shy from using the GPL code. Yes, maybe.

But companies (like the one I work for) that use GPL code extensively to support their internal operations (manufacturing) and don't have to release one line of that code to anyone have no problems with the GPL.

Re:A new bad guy?

[Cplus]

Can anyone confirm whether those are the original versions of the code or the linksys modified versions?

Re:A new bad guy?

[entrager]

Did you not read the submitter's comments? The code there is the original source of those packages, not the modified code Linksys uses.

Re:A new bad guy?

[sfire]

It is my thinking that they are one and the same. Placing configuration files in a different spot is as easy as --sysconfdir=DIR read-only single-machine data in DIR [PREFIX/etc] to the configure script, which is part of the source distribution.

Re:A new bad guy?

[sfire]

And as I've been stating, I think Linksys is uses unmodified source code. Zebra uses the configure script to decide where files get stored. So all that is needed is --sysconfdir=DIR read-only single-machine data in DIR [PREFIX/etc] to place the files elsewhere, while not modifying the sourcecode.

Re:A new bad guy?

[Zak3056]

And as I've been stating, I think Linksys is uses unmodified source code

And as the author of the post linked below states, you're probably wrong.

http://developers.slashdot.org/comments.pl?sid=730 95&cid=6580589

I'll quote:

Download the firmware updated, dd the right section, mount it cramfs.
Look at the busybox binary.
run strings on it.
There is at least 1 error message that isn't in standard busybox. That is a surefire sign that they made a modification to it.

As for zebra, I heavily suspect it's the same deal.

Re:A new bad guy?

[The+Vulture]

Yep, this is true.

The compnay that I worked for (Com21) used only vxWorks, mainly because it worked for us, and we didn't have the time or money to invest in another operating system.

However, Broadcom has heavily invested in Linux, as it saves them a ton of money in licensing fees from WindRiver (believe me, WindRiver writes their royalty contracts like it's the dotcom boom). Because it takes more than your average individual to make use of these images, I think that they're hoping that nobody will reverse engineer it and see what they're doing.

In fact, it wouldn't surprise me if Linksys were using straight Broadcom reference code, with their own webpages (for their own logos) put in place. This was quite common in the cable modem market - some Taiwanese CM manufacturers would use straight Broadcom reference code, a BRCM reference board and then just design their own plastic molding.

-- Joe

Re:A new bad guy?

[entrager]

Not that I'm against being modded up, but was my comment seriously worthy of a +4 Informative? I didn't really give any information that wasn't already presented....

Oh well.... maybe someone can counter-balance that with a mod of Offtopic to this post?

Re:A new bad guy?

[silas_moeckel]

OK first off remember Linksys realy dosent make very much of anything it got these AP's internals from Broadcom. Had a bunch of SDK warriors put there logo on everything and called it there so did a few other companies. They were told it had GPLed software so they released the GPLed software not nessicarily knowing if broadcom changed it or not realy it's broadcom that people should be putting preasure on about complying with the GPL section 3.

Re:A new bad guy?

[op00to]

I'm all for peopel doing things themselves, but if this was really true, wouldn't the quoted poster who is making these claims of shenannigans on Linksys want to post his evidence too? I won't believe it untill I see it.

Re:A new bad guy?

[p3d0]

No, that's what Overrated is for.

Now stop being all gushy and modest and just take your Karma like a good whore. :-)

Re:request?

[mccalli]

Did anyone formally request the source? The[y] just might give it up. Imagine that.

Did anyone formally read the linked weblog that forms the basis of this article? It just might contain the answer. Imagine that.

Cheers,
Ian

Reasons why this might not be true

[sfire]

we noticed that the zebra running on the WRT54G doesn't use the standard configuration file locations. This means that it must certainly be a modified binary.

This may just be stuff sent to the configure script, using the vanilla sources.

binaries are compiled with a modified GCC (with a signature string of "GCC: (GNU) 3.0 20010422 (prerelease) with bcm4710a0 modifications"). That bcm4710 refers to the Broadcom chipset that this AP is actually made from.

Did they release the modified GCC? Somehow I doubt they put gcc on the access point. Since they did not release the binary, they don't need to release the source.

Re:Reasons why this might not be true

[perly-king-69]

binaries are compiled with a modified GCC

Could this, plus params sent to ./configure cause the obvious changes?>

Re:Reasons why this might not be true

[anthony_dipierro]

For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable.

They don't have to release the source of the modified GCC, but they do have to release the binary. Also they have to release the configure script, and the Makefiles, and the installation scripts, and anything else they modified.

Re:Reasons why this might not be true

[samhalliday]

They don't have to release the source of the modified GCC, but they do have to release the binary.

i really dont think they do; read your GPL, if you release binary code, you have to supply a means of getting the source code. but to hit your argument at the base... the fact is, they don't even need to provide binaries for the modified gcc. it is being used "in house" and there is therefore no need to redistribute the changes. (remember, gcc is not provided to the end user in the router firmware)

Re:Reasons why this might not be true

[sfire]

Under what grounds do they have to release the modified gcc?

Also, they do release the configure script, its a part of the source, they just pass it some parameters, like --sysconfdir=DIR read-only single-machine data in DIR [PREFIX/etc] and then call make. The configure script makes the make files, which are not part of the source distribution, because the configure script creates said make files.

Re:Reasons why this might not be true

[jared_hanson]

Did they release the modified GCC? Somehow I doubt they put gcc on the access point. Since they did not release the binary, they don't need to release the source.

If it was LinkSys who modified GCC and used it as their own compiler (and did not distribute it), then now, they do not need to release the source.

However, the authors speculation was that it was Broadcom who modified GCC to produce code for their own chip, the BCM4710. If Broadcom was distributing the modified compiler as part of an SDK to third-party developers using the chip, then Broadcom would have to release their changes.

Re:Reasons why this might not be true

[samhalliday]

who modded this "overrated"?? parent makes a good point... the changes can be made with configure parameters to the vanilla tree. if this kind of trivial change is the only accused modification of GPL'ed code, then whoever made the complaint ought to retract their argument and apologise to Linksys for public embarressment.

Re:Reasons why this might not be true

[anthony_dipierro]

the fact is, they don't even need to provide binaries for the modified gcc. it is being used "in house" and there is therefore no need to redistribute the changes.

Well, they don't need to provide the binaries for the modified gcc under the license of gcc. But my interpretation (which could be wrong) is that gcc is a script used to perform compilation, and as such must be distributed with the source. This is open to a different interpretation, though. Certainly the Makefiles, configure files, and installation scripts have to be distributed, as they clearly are "scripts used to control compilation and installation of the executable."

Re:Reasons why this might not be true

[sfire]

If it is broadcom that made the changes, then broadcom would have to release the source to those that get the modified version of the gcc, ie linksys. Since linksys does not release the binary of the gcc, they are under no obligation to release the source.

Re:Reasons why this might not be true

[aridhol]

then Broadcom would have to release their changes.

Yes, Broadcom would have to release their changes. But not to the general public. The source only has to be released to the same organizations to whom the binaries were released - in this case, Linksys. If Broadcom gave you a copy of their modified GCC, they'd also have to give you a copy of their source.

Re:Reasons why this might not be true

[samhalliday]

But my interpretation (which could be wrong) is that gcc is a script used to perform compilation

well, thats your interpretation, not the stance of the FSF, GCC or more importantly what is stated in the GPL.

calling the legendary gcc "a script" is just plain offensive.

Re:Reasons why this might not be true

[anthony_dipierro]

On the grounds that it is a script "used to control compilation [...] of the executable."

The configure script makes the make files, which are not part of the source distribution, because the configure script creates said make files.

I'm not familiar with the details of the compilation of those packages. If configure makes the makefiles, since configure is "normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs," you're right that the makefiles wouldn't need to be distributed.

Re:Reasons why this might not be true

[anthony_dipierro]

well, thats your interpretation, not the stance of the FSF, GCC or more importantly what is stated in the GPL.

The stance of GCC is completely irrelevant. The other two points would be great, if you had backed them up rather than just asserting them.

calling the legendary gcc "a script" is just plain offensive.

Legal terminology generally is. If you're not going to consider gcc "a script," then you've opened up a huge loophole in the GPL. Anyone can create modifications to GCC which make the changes they want to make to the GPLed software rather than make the changes in the source. Then they don't have to release those changes.

Re:Reasons why this might not be true

[JimDabell]

If Broadcom was distributing the modified compiler as part of an SDK to third-party developers using the chip, then Broadcom would have to release their changes.

Yes, but only to the third party developers, they have no obligation to release the source to the world. Ask one of those third party developers to get you a copy.

Re:Reasons why this might not be true

[Jah-Wren+Ryel]

You are confusing installation and configuration on the user's system with installation and configuration done at the factory.

The GPL refers to the tools used to install the software on the user's system by the user's own hand. The software in question here is embedded, that means all the software was installed at the factory and thus any tools used to install that software are not covered by the GPL.

Re:Reasons why this might not be true

[samhalliday]

The other two points would be great, if you had backed them up rather than just asserting them.

ok, look here then or if you are too lazy, then i quote

The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable.
(emphasis mine)

have you checked the gcc archives to see if this change in gcc was sent to them? they dont need to do that, but i suspect they did, so that they dont need to patch future gcc versions. a lot of commerical companies use gcc, and a lot of the bug fixes are performed by those compaines and sent back to the gcc team. even apple build MacOS with gcc.

Re:Reasons why this might not be true

[Software]

If Broadcom was distributing the modified compiler as part of an SDK to third-party developers using the chip, then Broadcom would have to release their changes.

This is true, but Broadcom would only have to release the changes to the organizations that they (Broadcom) distributed the binaries to. There is no requirement in the GPL that the changes would have to be distributed to anybody who asked.

Re:Reasons why this might not be true

[prgammans]

But they cannot prevent linksys from releaseing the changes to anyone, though as has been said linksys are under no obligation to relese it.

Thus it could be argueed that the bad press from towards Broadcom, from not releseaing it would be worse than the almost garanteed relese of it at some point thus they should release it.

Re:Reasons why this might not be true

[anthony_dipierro]

However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable.

The modified version of gcc is not normally distributed with the major components of the operating system on which the executable runs.

have you checked the gcc archives to see if this change in gcc was sent to them?

No, I haven't.

they dont need to do that

Yes, they do.

Re:Reasons why this might not be true

[JBark]

Yes, the do.

No, they dont, and here's why.

Possibilty 1) Linksys modified gcc themselves, but they only used it internally, so they don't have to provide the source.

Possibilty 2) Broadcom modified gcc, and provided it to linksys, who used it to generate code. If Linksys asks for the source code, Broadcom must provide it for them, but they aren't required to give it to anybody else.

In either case, the modifications to gcc are not required to be made public.

Re:Reasons why this might not be true

[GnomeKing]

They don't have to release the source of the modified GCC, but they do have to release the binary.
i really dont think they do; read your GPL, if you release binary code, you have to supply a means of getting the source code. but to hit your argument at the base... the fact is, they don't even need to provide binaries for the modified gcc. it is being used "in house" and there is therefore no need to redistribute the changes. (remember, gcc is not provided to the end user in the router firmware)


Hang on... Does this mean that somebody can modify their compiler to take the source code and interpret it and compile different source code into the binary?

i.e. using their in-house compiler, produce a binary which no one else can produce from the source they have distributed?

From what I understand, this seems to be claimed to be GPL complient, but could be abused to go against the GPL's spirit...

Re:Reasons why this might not be true

[arkanes]

An interesting question. Legally, Broadcom can't stop Linksys or any Linksys employee from restributing it. But I bet that anyone who did so would get in trouble with upper management...

Re:Reasons why this might not be true

[anthony_dipierro]

Linksys modified gcc themselves, but they only used it internally, so they don't have to provide the source.

I'm not talking about the copyright/license for gcc, I'm talking about the copyright/license for the tools being built.

Re:Reasons why this might not be true

[samhalliday]

well, is it really a compiler then? it breaks ANSI/ISO standards and not only will this piss off 3rd parties; i suppose it could probably be argued that the compiler is a "compliment" to the executable (as documented in the GPL) and changes must therefore be submitted.

in this case, the gcc changes are related to the binary driver, so it does not make sense to try and exploit a possible loophole, i suspect it is most likely just a gcc bugfix, and that it was most likely submitted to the gcc team for future releases so that Linksys (and 3rd parties) dont have to add maintaing gcc to their list of things to do.

Re:Reasons why this might not be true

[SpaceLifeForm]

Which violates the spirit if not the intent of the GPL.

The point being, that you should be able to re-build the binaries from source and make them *match* the distributed binary. If you can't do that, what is the point of being able to find the source?

Do you know that the modified GCC has not created a problem? If you can't rebuild from source and make it *match*, you don't have control over the binary! You can't fix any bugs, nor can you verify (without extensive effort) that the binary was derived from said source.

The mods to GCC and any other build tools *MUST* be provided.

Re:Reasons why this might not be true

[samhalliday]

go read the GPL. the change to gcc was most likely a trivial one (and not needed to be submitted back to the community; although commonly done as a gesture of goodwill), a bugfix perhaps.

if it cannot be compiled by another c compiler, its probably because it is not ANSI/ISO C, not becuase you dont have changes to the compiler source.

besides the changes are for fixes to the driver code, which isn't GPL.

Re:Reasons why this might not be true

[SpaceLifeForm]

You don't *know* that the mods to GCC were trivial!

This is all about Reflections on Trusting Trust.

Re:Reasons why this might not be true

[anthony_dipierro]

Because the license for the tools requires that you release the modified gcc.

Re:Reasons why this might not be true

[HoppQ]

Do you know that the modified GCC has not created a problem? If you can't rebuild from source and make it *match*, you don't have control over the binary! You can't fix any bugs, nor can you verify (without extensive effort) that the binary was derived from said source.

The mods to GCC and any other build tools *MUST* be provided.

Well, that's an interesting standpoint. What about those who distribute binaries of GPL software compiled with a non-GPL licensed compiler (e.g. a Microsoft product), are they in violation of the GPL since they are not providing the source for the compiler used with a GPL-compatible license?

Re:Reasons why this might not be true

[SpaceLifeForm]

In my mind, yes, they are in violation of the GPL. Do I personally care? No. I will not use those binaries because I can not *trust* them.

The point of GPL is to allow you to *trust* and *control* your software execution environment.

Re:Reasons why this might not be true

[RedK]

However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable.

The modified version of gcc is not normally distributed with the major components of the operating system on which the executable runs.

Not the modified version, but GCC is available on pretty much any version of Linux, and as the GPL states, you do not need to redistribute the compiler. And yes, even though your GCC does not support the Broadcom target, it can still build the software project in question (since this is software which is normally available on Linux).

You are wrong, and you just can't admit it.

Re:Reasons why this might not be true

[anthony_dipierro]

as the GPL states, you do not need to redistribute the compiler.

The GPL does not state that.

Re:Reasons why this might not be true

[Dr.+Photo]

Yes, Broadcom would have to release their changes. But not to the general public. The source only has to be released to the same organizations to whom the binaries were released - in this case, Linksys. If Broadcom gave you a copy of their modified GCC, they'd also have to give you a copy of their source.

And if Broadcom distributed the binaries to Linksys, and Linksys distributed a device with the binaries to you, then Linksys must make available to you the source code, which should not be a problem, since Broadcom must in turn make the sources available to Linksys.

Re:Reasons why this might not be true

[aridhol]

But Linksys didn't distribute the GCC binaries. So they are not required to distribute the GCC sources.

Re:Reasons why this might not be true

[RedK]

as the GPL states, you do not need to redistribute the compiler.

The GPL does not state that.

Err.. are you at least reading what people answer in reply to your post. samhalliday already covered this, and you replied to him. Read the GPL, or better yet, i'll repaste what he pasted :

The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable.

Now, reading lesson 101. Need not, as in doesn't have to, include compiler unless compiler accompanies the executable, or in this case, the firmware. Linksys sure as hell aren't shipping the Broadcom GCC and your Linux distribution includes the GCC which can compile their source. So, they don't need to include the modified GCC and it's source. So, you are wrong, and you can't admit it.

Re:Reasons why this might not be true

[anthony_dipierro]

However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable.

Now, reading lesson 101. Need not, as in doesn't have to, include compiler unless compiler accompanies the executable, or in this case, the firmware.

It doesn't say that. It says the source code distributed need not include anything that is normally distributed with the major components of the operating system on which the executable runs.

The modified compiler is not distributed with the major components of the operating system on which the executable runs.

Linksys sure as hell aren't shipping the Broadcom GCC

And that's precisely why they are in violation of the GPL.

and your Linux distribution includes the GCC which can compile their source.

It might be able to compile it into something. But it can't compile it into the binary which they are distributing.

Re:Reasons why this might not be true

[RedK]

It doesn't say that. It says the source code distributed need not include anything that is normally distributed with the major components of the operating system on which the executable runs.

Unless Linksys were to ship an executable of the compiler, in which case the source is required, yet they do not, so it is not required. Read again that paragraph, and when you are done, read it again.

The modified compiler is not distributed with the major components of the operating system on which the executable runs.

It might be able to compile it into something. But it can't compile it into the binary which they are distributing.

It doesn't matter that the modified compiler isn't shipped since you do have GCC. On top of that, what if they compiled GPL code with Visual C++ ? Can't ship the source to the compiler and no, your last argument doesn't stand as a binary built by GCC and one with Microsoft's compiler won't be the same either.

It's simple, you have a GCC for your platform, which will compile their code for your platform. They have a GCC to compile it for their platform. No where does the GPL garantee the executable you build from their source will be the same executable they built from their source, just that the source code will be the same and the binaries, though different, will have the same fonctionnality. Read it again, one more time, and you'll see.

On top of that, if you were to get your hands on that particular devkit from Broadcom, you'd get the compiler to compile your code for it. At that precise moment, you'd be entitled to the source. But you wouldn't have to give it out to people just because you cross-compiled some GPL source. This is quite simple actually. Stop being a Troll and I guess i'll stop feeding you now.

Re:Reasons why this might not be true

[anthony_dipierro]

Unless Linksys were to ship an executable of the compiler, in which case the source is required, yet they do not, so it is not required.

No. They must ship an executable of the compiler, because the compiler is part of the source.

The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable.

It doesn't matter that the modified compiler isn't shipped since you do have GCC.

GCC is not the script used to control compilation of the executable. The modified version of GCC is.

On top of that, what if they compiled GPL code with Visual C++ ?

If the executable ran on Windows, then that would be fine.

Can't ship the source to the compiler

You don't have to ship the source, only the binary.

and no, your last argument doesn't stand as a binary built by GCC and one with Microsoft's compiler won't be the same either.

Right. This is a different argument. Visual C++ is normally distributed with a major component (the compiler) of Windows. As long as the executable ran on Windows, this would be fine.

It's simple, you have a GCC for your platform, which will compile their code for your platform.

The GPL doesn't require the scripts which could compile the software. It requires the scripts which actually do compile the software.

They have a GCC to compile it for their platform.

The only important platform is that on which the executable runs. I'm not sure what platform you are referring to as "their" platform and "your" platform.

No where does the GPL garantee the executable you build from their source will be the same executable they built from their source, just that the source code will be the same and the binaries, though different, will have the same fonctionnality.

Actually it doesn't say either of those two things. It says you have to distribute "the scripts used to control compilation and installation of the executable." Not the scripts which will build the same executable, and not scripts which will produce code with the same functionality.

On top of that, if you were to get your hands on that particular devkit from Broadcom, you'd get the compiler to compile your code for it.

And if I had wings I could fly out my window. The GPL doesn't require it to be possible for you to get the source. The GPL requires that you either distribute the source, or that you distribute a written offer to obtain the source.

GPL avaiable from LINKSYS

[GdoL]

The GPL clearly states that the modified source code must be avaiable on-line? Or the modified code may be only avaiable off-line?

Re:GPL avaiable from LINKSYS

[pork_spies]

The GPL states no such thing. Making the code available on line does not meet the requirements of the GPL. It has to be supplied, on request, and after a reasonable fee is paid, on a usable medium.

Re:GPL avaiable from LINKSYS

[zhar]

Well, from the horse's mouth:

from http://www.gnu.org/licenses/gpl-faq.html
------

Does the GPL require that source code of modified versions be posted to the public?

The GPL does not require you to release your modified version. You are free to make modifications and use them privately, without ever releasing them. This applies to organizations (including companies), too; an organization can make a modified version and use it internally without ever releasing it outside the organization.

But if you release the modified version to the public in some way, the GPL requires you to make the modified source code available to the program's users, under the GPL.

Thus, the GPL gives permission to release the modified program in certain ways, and not in other ways; but the decision of whether to release it is up to you.

--------
So, if Linksys did modify the software, they (for the most part) must release the source. If they didn't modify it, and only messed w/ configuration files, then they should be good.

Re:GPL avaiable from LINKSYS

[Magic+Thread]

Actually, making the code available online is just fine if that's where the binaries are. See the GPL FAQ; source and binaries have to be "in the same place." I know that doesn't apply in this case, since the binaries aren't online, but as a general statement about everything GPL'ed, what you've said is not true.

Re:More and more...

[SubtleNuance]

Who is this "we" of which you speak? GNU/Linux users are not violating anyone's copyright. The GPL, the license does not encourage or facilitate copyright violation...

What are you talking about?

Re:request?

[npietraniec]

Well, I don't know if asking some helpdesk lackey qualifies as a formal request, but he still hasn't been denied.

2.5 is development...

[pfleming]

...not the 2.4 series. They are using an *older* kernel, not a newer one.

Re:request?

[0x0d0a]

Frankly, I'm pretty sure that they already have, when people requested "source" earlier, not "kernel source", you know?

The shame of all this is that it produces bad PR for Linux (other companies don't want to use it if they get bad articles about companies apparently getting screwed).

Re:request?

[3dr]

The GPL doesn't say how the source must be distributed if you distribute a program. It must simply be available.

Charging fees for it is possible and within the GPL restrictions, too, so even if source is made available, it may not be free as in beer.

Re:More and more...

[yarbo]

He's talking about how much "we" love to download copies of movies/songs.

Tell it their competitors

Why ask them over and over agian. Ask once if they do not provide source, let their competitors know, I am sure they would be inetersted. Let marketplace figure this thing out. It would be cazy for Linksys to continue violating licence when competitors know, makes it too easy to blackmail them.

Re:More and more...

[anthony_dipierro]

I don't scream about GPL violations. Copyright law is stupid, whether it's forcing you to pay money or to release source.

How do we tell?

[BenjyD]

With no real threat of serious (ie costly) legal action for violating the GPL, what's to stop this happening again and again? How many other companies have stolen GPL code and are distributing it without our knowing about it?

Then again, if someone did sue for copyright infringement, what kind of damages could you claim?

Re:How do we tell?

[Doesn't_Comment_Code]

I'm not sure how we will tell if anyone used GPL'd code in their proprietary software. Anyone who gets caught is probably one in a thousand or more. And I don't think there would really be any monetary damages to sue for.

But image this...
You are a company who illegally took GPL'd code and put it in your own software package. Then you pretended it didn't come from open code, and you wouldn't release the source. Then ten years down the road, you get caught. During those ten years you may have invested millions of dollars in Research and Development of your software. But now there may be a legal claim that all that code is public. I don't know if a judge would uphold an argument like that. But the threat of having to realease all the code from a major software product would be scarey to a large software distribution company. Image if Adobe was found to have copied GPL'd code into photoshop. It would kill them if they had to open the source for it. They would have ten competitors (who don't know about GIMP) immediately develop software that they could seel much cheaper (to people who don't know about GIMP).

This is just one example. But I think this would be the real damages sued for in a court case.

Re:How do we tell?

[Albanach]

In the UK, Copyright infringment is a criminal offence. This means you do not ahve to sue, you can walk in to your local police station with evidence that a crime has been committed and they will investigate it.

As to what damages you can claim, being a criminal offence we can look at what penalties could be enforced by the courts. These are determined by the copyright act 2002, amending the Copyright Design and Patents Act 1988.

The 2002 Act raises the maximum penalty for conviction on indictment for the offences referred to in sections 107(4), 198(5) and 297A(2) in Parts I, II and VII of the Copyright, Designs and Patents Act 1988 respectively. In more detail these offences (which are not themselves changed) are those in:

• sections 107(1)(a), (b), d(iv) or (e) of the 1988 Act relating to the making for sale or hire, importing or distributing infringing copies of copyright material;
• sections 198(1)(a), (b) or (d)(iii) of the 1988 Act relating to the making for sale or hire, importing or distributing in the course of a business illicit recordings infringing performers' rights; and
• section 297A(1) of the 1988 Act relating to making, dealing in or advertising unauthorised decoders for conditional access services.

The new maximum penalty for these offences for conviction on indictment is an unlimited fine and/or up to 10 years in prison to reflect the seriousness of these crimes and to bring the penalties into line with the existing ones for similar trade marks offences in section 92 of the Trade Marks Act 1994. The changes made by the 2002 Act are to increase the maximum prison term from 2 years to 10.

I suspect there has to be at least one UK developer involved in these projects. Now, if a ten year jail term isn't enough to deter, I'm unsure what is.

Re:How do we tell?

[Trailer+Trash]

With no real threat of serious (ie costly) legal action for violating the GPL, what's to stop this happening again and again? How many other companies have stolen GPL code and are distributing it without our knowing about it?

Then again, if someone did sue for copyright infringement, what kind of damages could you claim?

Why is this rocket science? If someone is "violating the GPL", they are violating copyright law. The damages, which every slashdot reader should know well since they rail against the RIAA everytime they attempt to collect them, is $150K per incident. These are "statutory damages", meaning that I don't have to prove that $150K of damage was done to me for each incident.

Read this paragraph until it makes sense. LinkSys has no inherent right to distribute any of that GPL'd software because someone else owns the copyright. The copyright owners have said "you may distribute my copyrighted code under these very strict conditions (which you and I know as the GPL), but I reserve all other rights." If LinkSys decides to not abide by those conditions, then they have no right to distribute the software. This is why the whole "but the GPL hasn't been tested in court!" argument shows remarkable cluelessness in those who use it. It's not relevant, standard copyright law applies.

Michael

Why is it "obvious"?

[aridhol]

The "obvious" change is that the configuration files are in a different-than-standard location for Zebra. However, there are two problems with this:

• Zebra has a commercial port by the primary developers, which may be modified by license
• ./configure --prefix=whatever --sysconfdir=xxx allows you to change file locations before compiling, without changing the source.

The article also states that LinkSys is using a modified GCC. So what? They aren't distributing a modified GCC, so they are not bound to distribute sources.

Re:request?

[jonfromspace]

Ahh, that clears it up.

Thanks.

Details of issue

[Selanit]

For those who have not read the linked weblog entry, here are the reasons he believes it to be a GPL violation:

1) "One perfect example of this is Zebra, the advanced dynamic routing software package. By opening the firmware file directly, as well as by making queries through the makeshift ping interface mentioned earlier, we noticed that the zebra running on the WRT54G doesn't use the standard configuration file locations. This means that it must certainly be a modified binary." He also mentions that Linksys seems to have used a modified GCC to compile their software, "with a signature string of "GCC: (GNU) 3.0 20010422 (prerelease) with bcm4710a0 modifications"). That bcm4710 refers to the Broadcom chipset that this AP is actually made from."

2) Yes, the author DID email Linksys asking for the source code. You can read that message here. According to the update at the bottom of the weblog entry, he got a response shortly before midnight on 29 July, but it just said that the issue was being directed to second level support.

Re:Details of issue

[SuiteSisterMary]

1) As somebody points out, you supply config file locations when you run ./configure. Different locations does NOT mean, in any way, shape, or form, that you've 'modified the source.'

2) Exactly; he hasn't been told 'no' yet. Nobody is in violation of anything. Or do you expect the first level techs, of the 'is it plugged in? Is it turned on? Is the power out in your building?' variety, to have source tarballs kicking around?

Re:Details of issue

[dublin]

"One perfect example of this is Zebra, the advanced dynamic routing software package. By opening the firmware file directly, as well as by making queries through the makeshift ping interface mentioned earlier, we noticed that the zebra running on the WRT54G doesn't use the standard configuration file locations. This means that it must certainly be a modified binary."

We can only hope that Linksys prosecutes this jerk under the DMCA for illegal code tampering. :-)

It's pretty clear now that there's no GPL violation here at all, and this fellow was just trying to smear Linksys. It's exactly this sort of bahaviour among GPL zealots that makes me refuse to use any GPL code in any commercial context, ever. Even if you do absolutely *nothing* wrong, a single accusation like this can cost your company tens of thousands of dollars in legal fees, opinions, and lost productivity as your staff tries futilely to engage in damage control. That sort of risk and exposure obliterates any possible savings by using GPL'ed code, so it's far cheaper and safer just to find other alternatives, or if really necessary, re-implement the crucial pieces to avoid any GPL claims on them.

Remember that Stallman and the GPL's stated goal is to eliminate even the possibility of anyone ever making any money whatsoever from software. If you really want to be a waiter so you can give away your software as RMS suggests, more power to you. Personally, I'd rather have the vibrant and profitable software economy back again...

GPL compliance re: GCC

[hankaholic]

Unless they provided you with a license to run the compiler which they have, they aren't required to furnish source code.

If they were provided with a modified version of GCC, they themselves do have a right to the modified source. The GPL provides you with the freedom to make and distribute modifications to a program which is licensed to you.

However, it doesn't say that you have to provide the program itself to anyone.

I use GPM for mouse handling. The software was made available by the author(s). I can make modifications to it all I want, but unless I provide someone else with a binary based upon my modified source, I don't have to provide source code to anything.

Know your rights well. Know where they stop even better -- you don't want to come off as a maniac claiming rights to that which isn't yours, but be sure that you know what rights are provided to you.

I'd like to know RMS' take on GPL'd apps being distributed as part of an "embedded" device. Google, here I come...

Re:GPL compliance re: GCC

[drinkypoo]

Soon enough everything you purchase which is larger than a cdrom will come with a cdrom (or dvdrom) containing a multimedia presentation on its use, care, and feeding. At this point it will be advisable to just stick all the necessary source code on there. This solves the problem with linux being used to power an "intelligent" appliance, like a refrigerator with an LCD panel and a bar code scanner. Something like that is quite likely to have software that comes with it in any case, so that's the place for the source.

Personally I think the way to go is to print it on onion-skin paper and bind it into one of those tiny little plastic-cover books found on the counters at bookstores, typically dictionaries and bibles... So long as it's not the source to linux or something, that would be a 40 or 50 volume set :P

Sick SCO on 'em!

[fuqqer]

1. Maybe someone could tell SCO that the Access Point uses unauthorized derivatives of SYS V unix containing hundreds of thousands of lines of code.

2. Then SCO could sue Linksys to release their code so they could see if it contains their "IP". Then the Slashdotters could see the code.

3. PROFIT!!!

Take this sig and shove it.

Re:Sick SCO on 'em!

[satterth]

As funny as this is, it's also just plain wrong at the same time.

If Linksys gets sued and then somehow goes out of buisiness or closes up shop regarding Accesss points and linux, then who's gonna make all the neat hardware for geeks to play around with while installing their own linux to it?

Re:More and more...

[generic-man]

Read the names of people complaining about their right to steal music and movies, then compare with the names of people complaining about companies stealing GPLed code. They're not the same.

Slashdot is full of knee-jerk reactions, but they don't come from the same people. Blocking a particularly whine-filled category such as Your Rights Online will lessen your angst quite a bit.

Re:Wow

[0x0d0a]

Probably when it was developed, 2.4.21 wasn't out.

And 2.4.5 is not a development kernel. Anything of the format 2.X.Y, where X is an odd number, is a development kernel.

Re:request?

[sfire]

And according to the weblog, the gpled code can be downloaded here

Re:request?

[anthony_dipierro]

Informative? From the GPL:

a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or,

b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, [em mine]

c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.) [em mine]

They're not allowed to do c), they're not doing a), and they're not doing b). Technically they're in violation regardless of whether or not they make it available upon request.

Re:request?

Look it up. You have to distribute machine-readable source for free (less duplication and media costs, if any) to anybody who asks for it.

The GPL is very specific.

hey dp

[MORTAR_COMBAT!]

Copyright law isn't forcing you to release source -- by simply following copyright law you could NOT release source even if you wanted to, nor copies of your software, based on somebody else's copyrighted software.

The GPL allows you to copy things you would not normally be allowed to copy under copyright law.

Re:hey dp

[anthony_dipierro]

Copyright law isn't forcing you to release source -- by simply following copyright law you could NOT release source even if you wanted to, nor copies of your software, based on somebody else's copyrighted software.

Nonsense. Copyright law is making it illegal for me to modify and distribute software without releasing the source. In other words, copyright law is forcing me to release the source.

The GPL allows you to copy things you would not normally be allowed to copy under copyright law.

So?

Re:hey dp

Nonsense. Copyright law is making it illegal for me to modify and distribute software without releasing the source. In other words, copyright law is forcing me to release the source.

Not true. Copyright law prohibits you from distributing the software at all (binary or source), even if you don't modify the source.

The GPL allows you to copy things you would not normally be allowed to copy under copyright law.

So?

So it speaks to your misconception about copyright law. It's only the GPL in this case that's letting you distribute at all, with the proviso that you also make the source available.

Re:hey dp

[MORTAR_COMBAT!]

Nonsense. Copyright law is making it illegal for me to modify and distribute software without releasing the source. In other words, copyright law is forcing me to release the source.

Not at all. Copyright law basically says that you can't make any copies of a copyrighted "something". In this case that "something" is a computer program. Copyright law basically says that you cannot make any copies of that computer program (this excludes backup copies for fair use). The GPL provides additional terms, some of which include granting you the right to copy this "something", which you would in no way be able to legally do without these additional terms.

So?

The GPL is less restrictive than pure copyright.

Re:hey dp

[anthony_dipierro]

The GPL is less restrictive than pure copyright.

So? I agree the GPL is less restrictive than pure copyright. I just think there should be no restrictions at all in the first place.

Re:hey dp

[llefler]

Copyright law means you have to have permission from the copyright owner before you can copy something. It's that simple.

GPL gives you permission to make copies and derivitives without having to ask or pay for them. With the condition being that you have to make your changes available according to the rules of the GPL.

Copyright law doesn't stop you or force you to release your code.

BTW, GPL relies on copyright laws. It can't be less restrictive. It just outlines one method where permission to copy has been given.

Re:More and more...

[Magic+Thread]

There is a big difference between selling a product that violates copyrights and downloading something copyrighted that you aren't supposed to have. If Linksys is indeed violating the GPL, they're making money from it. If I download some song I didn't buy, I am not actually profiting. Not that it's okay to do so, but it is less bad.

Thus, it wouldn't be entirely hypocritical to download copyright-restricted songs and consider GPL violations a bad thing. Besides, most of the comments I've seen here don't endorse the former anyway. They do oppose egregiously harsh penalties for it.

Re:More and more...

[radja]

well yes I download songs. it's legal too, just like taping from radio. it's not infringement.

Re:More and more...

[schon]

They're violating out copyright, as we violate others' copyrights.

To quote Tonto when he and the lone ranger were surrounded by cannibals - "What do you mean by 'we', Paleface?"

You may be, but _I_ am not violating anyone's copyright.

Re:More and more...

[mjmalone]

"We" are complaining that they are not making the source freely available, it is very different. We are complaining that they are NOT shareing information with the community, they are complaining that we ARE sharing information with the community. The posts about MPAA/RIAA/DMCA violating our rights are in fact arguing the same thing as posts about companies no abiding by the GPL. "We" think that information should be free to be used by everyone and not burdened by restrictive silly licenses, copyrights, and patents.

Everyone is picking on LinkSys....

[FreeLinux]

..what about the others.

There are a few other hardware vendors that use Linux and, to my knowledge do not release the source. The first that comes to mind is Watchguard. They make the Firebox firewall which uses the 2.2x kernel and a whole bunch of other highly modified stuff including Watchguard specific modules that almost certainly need to be LGPLed at the least. I have not formally requested the source from the but, I don't see it on their site and it doesn't come with thier software CD-ROM.

I dunno....

[JordoCrouse]

This is concerning to me. It is great that so many people are willing to take up the torch and complain / harrass / mail-bomb the various companies that are violating the GPL, but I fear that these efforts actually end up diluting the efforts of the legitimate package owners to protect their own packages.

In the case of Linksys, I know that several of the package owners have retained legal counsel, and have been making actual legal efforts (ie, letters from an attorney's letterhead rather than an e-mail) to remedy the situation. And of course, this is the right and proper way to handle things, (hopefully) resulting in the proper remedies proscribed by the GPL and the applicable copyright laws.

But when average concerned citizens get involved it reduces the power and the influence of the actual responsible party, and it results in an ucoordinated effort may disturb the legal wrangling, which will end up costing the package owner time and money.

My advice? If you are aware of a GPL violation, contact the package owner. He may already have started action. If he has not started action, and you have the time and/or means to assist, then please do so. Otherwise, simply document your findings, and pass it to the correct authorities. At least contact the guys, so the first place they hear about your efforts isn't on /.

Re:I dunno....

[gbjbaanb]

you're quite right about contacting the package owner and letting them handle things - after all, it's *their* copyright that is being violated, and has little to do with any do-gooder geek screaming about his rights to the GPL source code.

In many cases software released under GPL is also released under commercial licences too - so what if the 'violating' company is using that? You can scream all you want at the company, bring its reputation into disrepute with the community and turn out you're attacking something that actually supports the OSS creators!

(see http://slashdot.org/comments.pl?sid=73095&cid=6580 222) for a perfect example.

oxymoron

[endoboy]

Imagine GOOD lawyers

while you're at it, imagine whirled peas

Re:oxymoron

[MountainBoiler]

why oh why can't slashdotters spell?

Re:oxymoron

[endoboy]

that's spelled exactly as intended (and correctly)

hint: it's a play on words, and a pretty old one at that.

Re:oxymoron

[MountainBoiler]

I was aware of that. I intended to place a tag, but didn't look at the preview and sent it - my xml got chopped.

Duplicity

[WindowsTroll]

From the article

"I believe the GPL is an important document that is intended to prevent exactly this sort of theft of code. Any company that incorporates GPL software into a commercial product and attempts to skirt the licensing terms is nothing short of a thief, building on the stolen effort of countless contributors. "

Let me make sure that I have this right - it is not OK to "steal" copyrighted software that is "freely" distributed, but it is OK to "steal" other copyrighted materials (mp3s) that were never "freely" distributed?

Re:Duplicity

The difference is people who download MP3s don't sell them to other people. If a GPL-like license were written for music, it would allow the currently illegal practice of downloading for personal use.

Re:Duplicity

[Stone316]

Since when did the author say it was ok to violate copyright materials (mp3's)? He may have never downloaded an MP3 and your painting him with a stick. Its within his legal right (just as it is within the RIAA's right) to confront violators. I should have modd'ed you a troll instead of replying.

Re:Duplicity

[Arandir]

He wasn't referring to the author, but to the Free Software Community(tm) at large. The typical and average member of that community will consider a copyright violation of GNU software to be immoral, but a copyright violation of RIAA music to be perfectly fine.

Re:More and more...

[Xerithane]

well yes I download songs. it's legal too, just like taping from radio. it's not infringement.

You know, this is what I don't understand about a lot of people on here. It is infringement. It is not like taping from the radio. You are creating a full duplication of an un-edited copyrighted work that was released for the purpose of sale (not radio play) nor was the person who released it authorized to release it.

You do realize that radio stations pay royalty fees to play songs on the radio, right? Unless you are downloading and recording from a legal netradio station, you are infringing.

When on the opposite side of the fence....

[Sean80]

Uh oh, here I go. I honestly don't understand how the claims in this post are any different from those claimed by SCO.

I just presume that, given the audience that visits Slashdot, people will at least be smart enough to realise that they're now on the other side of the fence. Sure, maybe SCO are wrong. But maybe, just maybe, they believe they're in exactly this same position.

Re:When on the opposite side of the fence....

[nagora]

Since you can't be bothered to read the articles:

"One perfect example of this is Zebra, the advanced dynamic routing software package. By opening the firmware file directly, as well as by making queries through the makeshift ping interface mentioned earlier, we noticed that the zebra running on the WRT54G doesn't use the standard configuration file locations. This means that it must certainly be a modified binary." He also mentions that Linksys seems to have used a modified GCC to compile their software, "with a signature string of "GCC: (GNU) 3.0 20010422 (prerelease) with bcm4710a0 modifications"). That bcm4710 refers to the Broadcom chipset that this AP is actually made from."

So: Linksys openly say they use a GPL'd program. Investigation shows that the distributed program's actions have been changed. Linksys do not provide the source for these changes. They are in violation of the GPL.

Where does that fit into SCO's model of saying that something somewhere has been copied but they can't say what and they won't clarify if they put it there or prove that they owned it in the first place?

TWW

Re:When on the opposite side of the fence....

[dvdeug]

I honestly don't understand how the claims in this post are any different from those claimed by SCO.

We said you're violating our license on code you're clearly using here, here, and here. SCO says somehow we own the rights to the code you wrote, but we aren't going to tell you where. It's the whole truth and full disclosure thing.

Re:More and more...

[John+Hasler]

Who's this "we"? I've never downloaded a copy of a movie or song in my life.

To those developers

[nuggz]

But Broadcom would only have to distribute the source to those they distributed the binaries to.

Re:somewhat off topic, but...

[stipe42]

I haven't read the license itself, but my company just purchased 4 licenses for Advanced Server from RedHat. We paid RedHat to build us a cluster of 7 AS boxes. They put AS on all the boxes and we just had to specify which ones the support licenses would apply to.

Resources for hacking the Linksys ?

[SailFly]

Does anyone know of any projects that would allow me to "hack" my Linksys router. I would like to experiment with my own software using the existing hardware, and wonder if there are any projects that will help me get started.

I'm looking for tips about compiling, linking and flashing my own code into my Linksys router.

thanks!

Re:And the RIAA says...

Fair enough. If someone trading RIAA copyrighted music gets busted, they live with the consequences.

The objection to the RIAA and friends is not that they are enforcing their copyright, but that they are using a dragnet approach. A lot of people who do not trade restrictively licensed material are caught up by virtue of the DMCA. Those who want to write their own DVD player, those who want to remove anti-compeitive measures in DVDs (region coding), those who want to run Linux on games consoles, those who want to build a jukebox with their own music, and so on...

Re:Linksys people are such assholes

[Malc]

Instead of being so militant and overly-reactionary, why don't you learn a little patience? Let this play out. We've been through this with other companies (remember nVidia?). This is a commercial company with all its usual baggage - it takes time (unfortunately) to get these things straightened out.

Anyway, I'm very happy with my Linksys 802.11g equipment and will wait and see what happens.

Linksys WPC54G PCMCIA card

[JWhitlock]

Does any of this help with a Linux driver for the Linksys WPC54G PCMCIA card (or for that matter, the PCI card)? It's one of the reasons I still need Windows on my laptop.

Are there any good resources for the general strategy needed to make drivers for a card where the manufacturer isn't giving out any good information? I might be willing to work on some project to get this card working under Linux.

like with SCO -- prove it

[hankaholic]

It's cool to bash Linksys because some idiot with posting rights to O'Reillynet.com doesn't know enough to download the source code and check out the configure options, but SCO makes accusations and everybody flips out.

In both cases, I say, prove it. Prove that Linksys didn't build the source using their compiler (which they haven't given you a binary to, and so don't owe you source) and the original source code which the author of the article admitted was available for download, using configure flags to specify an alternate configuration file location.

Guess what? It's totally possible that Linksys is in full compliance with the GPL. This guy didn't bother to make sure that the code was in violation before crying foul and putting up a "Linksys sucks -- email them and ask for the modified source!" page.

I took two minutes to "apt-get source zebra", and look at this:

chet@bunny:~/tmp/zebra-0.93b$ ./configure --help | grep dir
--srcdir=DIR find the sources in DIR [configure dir or `..']
Installation directories:
Fine tuning of the installation directories:
--bindir=DIR user executables [EPREFIX/bin]
--sbindir=DIR system admin executables [EPREFIX/sbin]
--libexecdir=DIR program executables [EPREFIX/libexec]
--datadir=DIR read-only architecture-independent data [PREFIX/share]
--sysconfdir=DIR read-only single-machine data [PREFIX/etc]
--sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com]
--localstatedir=DIR modifiable single-machine data [PREFIX/var]
--libdir=DIR object code libraries [EPREFIX/lib]
--includedir=DIR C header files [PREFIX/include]
--oldincludedir=DIR C header files for non-gcc [/usr/include]
--infodir=DIR info documentation [PREFIX/info]
--mandir=DIR man documentation [PREFIX/man]
LDFLAGS linker flags, e.g. -L<lib dir> if you have libraries in a
nonstandard directory <lib dir>
CPPFLAGS C/C++ preprocessor flags, e.g. -I<include dir> if you have
headers in a nonstandard directory <include dir>
chet@bunny:~/tmp/zebra-0.93b$

There's nothing to see here, folks. There's no story here, because just like with the SCO stories, there is absolutely no substantiated evidence.

Congratulations, Michael. You have been trolled. Maybe if you'd read the article before posting it to the front page you'd have spared Linksys some bad publicity.

Re:More and more...

[Jedi+Alec]

actually, this is dependant on the laws of whatever country you happen to be in...if, like i thought it was, the gpl is global, then your argument is void.

Re:request?

[lynx_user_abroad]

Charging fees for it is possible and within the GPL restrictions, too, so even if source is made available, it may not be free as in beer.

You are mistaken about this.

You can charge what you will for verbatim (un-modified) copies of the source. but if you sell someone the binary, the source must either accompany the binary, or be offered "for a charge no more than your cost of physically performing source distribution".

What this means is that if I haven't purchased the binary (inside the router) I can't demand they give me the source. I have to negotiate for it; they can demand any price they want. But once I've bought the router, I can demand the source for the binaries. This effectively limits the amount they can charge for the source to the amount they can charge for the binary.

See Section 3 of the GPL (http://www.gnu.org/licenses/gpl.txt) Version 2, June 1991:

Re:somewhat off topic, but...

[acidtripp101]

But, here's the catch. The GPL never states that software bundled with GPL software has to be free of restrictions.

What redhat (and many other vendors for that matter) has done is programmed their own software, and liscenced THAT under something non-GPL.

Don't like it? Fine, then don't use RedHat. (No, really... don't use redhat, I've NEVER seen a decent redhat setup)

Re:May Allah smite them

[perly-king-69]

Troll?

Someone's lost their sense of humo(u)r

GPL loophole? No way!

[Sardonis]

So Linksys thinks that it can hide their proprietary sourcecode in a modified compiler? They are clearly wrong, quoteth the GPL:

For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable.

Their modified GCC is not 'normally distributed with the major components of the operating system'. So according to this clause it needs to be distributed (in source or binary form). But, since GCC is under the GPL the source of the modified GCC must be released.

QED.

Re:GPL loophole? No way!

[acidtripp101]

No... it doesn't.
Their version of GCC is for in-house use only. I'm willing to bet good money that the only changes that they made to GCC involve the specific archecture they are compiling onto, and while it'd be NICE for them to distribute it... it's by no means nessisary.

Re:GPL loophole? No way!

[Dogun]

Thought this up myself a short while ago.
They (Linksys) don't distribute the modified GCC, unfortunately. Search for it yourself, it ain't there.
Now, on the other hand, if you can get the company that makes the bcm4710a0 board (Broadcom?) to ship you some a sample board and the linux stuff associated with it, you're entitiled to the source of the modified GCC, which you are then free to feed back into the GCC tree.

Actually, I reccommend that someone try this. Who knows, they might ship allong the full source of the kernel, and the wireless drivers may have GPL stuff up top. Wouldn't that be cute?

Someone confirm the legality of my GCC statement though?

Re:GPL loophole? No way!

[Sardonis]

Let me clarify:

Their version of GCC is for in-house use only. I'm willing to bet good money that the only changes that they made to GCC involve the specific archecture they are compiling onto, and while it'd be NICE for them to distribute it... it's by no means nessisary.

The version of GCC is used to compile programs protected by the GPL, the license clearly states again all the stuff that is needed to recreate the binaries (with a special exemption for programs normally distributed as major components of the operating systems, like unmodified GCC), must be distributed.

So, if they want don't want to distribute their GCC, they should have used stock GCC. But now it's too late.

Re:GPL loophole? No way!

[i]

Their modified GCC is a *compilator*. That is NOT mentioned in you citation from GPL:

"For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable."

This GCC is not a "module it contains" and not "scripts used to control compilation". Or any other of the mentioned items.

QED ?

Re:GPL loophole? No way!

[Sardonis]

My fault, I only included the clarification of the "source code" requirement of the GPL. The requirement reads:

The source code for a work means the preferred form of the work for making modifications to it.

It is clear that I need their GCC additions to make modifications to the GPL covered parts of the Lynksys router.

If, on the contrary, I won't need it, then they don't need it also and they shouldn't have taken the 'risk' of having to distribute their modifications of GCC under the GPL.

Re:GPL loophole? No way!

[SuiteSisterMary]

Nonsense. They have to give it to you, in a standard format.

If this is C code, but uses a propriatary compiler, then they need only give you the C code. You can take that C code and re-write it to be compilable with a bog-standard gcc if you'd like.

When the build source was released, but would only compile under borland c compiler 4 or whatever, nobody shouted and screamed that a copy of said compiler should be included. Somebody had it re-written within a day, as I recall.

Re:GPL loophole? No way!

[pavera]

I disagree.
It is silly to think that if you modify GCC and then compile some software you have to redistribute GCC. That they would be required to release a compiler with an AP is silly.

Re:GPL loophole? No way!

[Sardonis]

They have to give it to you, in a standard format.

I agree, but they are may not be using a standard ANSI C compiler. Theire compiler may be rigged to insert extra proprietary code into the executable and thereby trample on my rights to modify the program.

I the GPL would allow to use modified versions of GCC in this way, the GPL will essentially be void (also as explained here: here. If you want to circumvent the GPL, and hoard a GPL'd program, all you need to do is put the changes to the program in your custom compiler instead of the program source. This practice is certainly against the spirit of the GPL and (as follows from my argument, but IANAL and I may be wrong, the use of proprietary compilers is certainly an interesting point) against the letter of the GPL. I would be interested in a statement from the FSF regarding this situation.

Re:GPL loophole? No way!

[SuiteSisterMary]

I would be interested in a statement from the FSF regarding this situation.

So would I.

Re:GPL loophole? No way!

[David_W]

Some others have basically said this, but I think you are wrong. Let's say you develop a program under Visual C++, a commercial product that is not distributed with the OS, and you use non-ANSI-compliant C, so it will only compile under VC++. Your statement seems to imply that any program written in this manner could not be released under the GPL, since there's no way to GPL VC++ (unless you are Microsoft, which you aren't, at least as far as I can tell :), and no other compiler would do the job. Now that doesn't sound right to me... does it to you?

Know your rights...

[chrystoph]

Know your rights well. Know where they stop even better -- you don't want to come off as a maniac claiming rights to that which isn't yours, but be sure that you know what rights are provided to you.

Wait, wait. If I claim rights that I don't have, won't that make it easier for me to get a job with the RIAA?

Non-Issue?

[NetFu]

Isn't this all a non-issue if the the guy who originally requested the GPL'd code wrote in his weblog that he got the location for it and it appears to have been there all along?

http://www.linksys.com/support/gpl.asp

I don't want to sound like one of the other broken records, but if Slashdot is more out of sync with reality than a company like Linksys (admittedly not large, but definitely not a small company), the quality of content here is really going downhill. I mean, the issue is resolved before I even get to read and reply to the article at the top of Slashdot???

Re:Non-Issue?

Maybe you just need to read the summary (or the article!) first. Linksys put UNMODIFIED sources on their site. This guy is claiming MODIFICATIONS that are not reflected in the offered source.

Congrats, you are guilty of your own accusation.

Modified GCC issues

[signe]

OK, so Linksys used a modified gcc to compile some of the GPL'd software on their AP. As noted, unless they put the modified gcc binaries on their AP as well, they don't have to distribute the source. But this raises an interesting point.

Say I create a modified compiler that recognizes some piece of code, or tag and replaces it with an "improved" piece of code. For example, it recognizes the code for a particular driver, like the tg3 driver in the Linux kernel, for one example, and inserts optimized compiled code in place of the actual code in the output binary, where this optimized code is actually a completely new driver, derived from the original GPL driver.

Now technically, I haven't broken the GPL if I distribute the output binary in a product but don't distribute the source for the optimized driver. The optimizations are present in gcc, not the source code, and I'm not distributing gcc. The changes in the output binary are just the way that the compiler I used "interprets" the code that was compiled. It does, of course, break the spirit of the GPL. Is there a way to address this, or is it a giant glaring loophole in the GNU Public License?

-Todd

Re:Modified GCC issues

[Sardonis]

This is a violation of the GPL, see my post.

Re:Modified GCC issues

[signe]

Excellent point. Thank you.

So it would seem that regardless of whether or not Linksys used the original source packages without modification, they need to release their modified GCC based on the evidence that it was used alone, given that it appears to contain optimizations specifically for the chipset in the Linksys AP.

-Todd

Re:Modified GCC issues

[hacker]

One more reason to NEVER use GPLed code for ANYTHING EVAR[sic]!

Oh yes, instead, use the BSD license, which gives Linksys full control of the source code you (or your community) has written (full control of their copy of your code, that is), make modifications to it, and release products with those modifications (without releasing source), so now NOBODY can take advantage of the updated code. Nice.

No thank you, the GPL protects against exavtly this type of abuse.

Re:Modified GCC issues

[Grotus]

In the case you are describing, the "preferred form" of the source is the one that produces the optimized driver. In other words, that code which was derived from the original GPL driver source.

The theoretical obfuscating compiler wouldn't need to be included, nor would its source. Just the source used to create the optimized driver. The steps needed to make the final binary in your scenario go like this:
1) modify GPL driver source
2) compile obfuscating compiler with modified source
3) use obfuscating compiler to compile vanilla source
4) distribute resulting binary and vanilla source

This scenario doesn't work because the vanilla source is no longer the "preferred form" of the source. In the view of the GPL steps 2 and 3 above merge into "compile modified source", so the source that needs to be distributed is that from step 1.

What that "preferred form" clause does is eliminate obfuscation tricks. What it doesn't do is open up the obfuscation technology. It just makes using the obfuscation technology pointless.

If Red Hat decided that it wanted to use Intel's compiler to compile its distribution, it would not be violating the GPL if it did not include either that compiler or the source for that compiler with its distribution.

Re:Modified GCC issues

[Kashif+Shaikh]

BUT the same analogy is if I have the original source called foo.c and produced foo-with-my-changes.c by passing the file through 'patch -p1 changes.diff'.

Whether extra code is added by GCC or patch, makes no difference in the outcome: you have extra code in the final binary for which you must provide the GPL'd source if the binary is distributed.

Re:request?

[bahamat]

If anybody bothered to RTFA...

He's basically making 2 claims.
1. Zebra uses non-standard file locations, so it must be modified.
2. GCC used to compile the system has been modified (binary signature is different).

However, I'm currious to what extent of moving files constitutes being "modified". Are these changes that can be made with "./config --target-dir=/someplace/else"? If so, then the claim is baseless because no modification of the source was necessary.

As for GCC, we can see that it was modified because the binary signature is different. Does this constitute a GPL violation? Possibly, I'm unclear what the intent of the GPL is in a situation like this. Basically, GCC was modified and used internally by LinkSys. If I modify GCC and don't distribute it to anyone other than me, do I have to put the changes out on a website (or anywhere)? No. Is it different for a corporate entity?

If binaries compiled with an undistributed modified GCC are distributed, does that then require the disclosure of the modifications to GCC? I think that the spirit of the GPL would have to say yes, but since IANAL, they may be perfectly within the law to keep it. It's exclusion may be just an oversight.

The last time a LinkSys issue came up, we discovered that it was just a matter of someone jumping the gun too quickly. I think that LinkSys is a smart company, and I think they respect the Linux community. I don't think they would shoot themselves in the foot with licencing issues. Let's all have a little patience and give them the benifit of the doubt until there are more facts than speculations, shall we?

GPL loophole?

[Migrant+Programmer]

What if you modify GCC for use with a particular project (based on GPL program Foo) in the following way:

When your new GCC reads in the code for Foo, it compiles it incorrectly so that it convenently produces a program with your desired changes. This could be done by constructing a lookup table with original Foo code lines corresponding to modified code lines.

The result: from the original GPL Foo source, you have your own custom binary. Upon distribution of this binary, you are bound by the GPL to give access to the source, i.e. the original GPL Foo source. Since you're not distributing your custom GCC binary, you don't need to give access to its source either.

I'm sorry if I just broke Linux. Tell me if I'm wrong!

Re:GPL loophole?

No lawyer, but a lookup table sounds suspiciously like you've turned the compiler into a kind of library.
In which case that compiler code would have to be made accessible too.

Re:GPL loophole?

[crosbie]

Yeah, if it doesn't already, the GPL needs to specify that the binary (or a 100% functional binary compatible equivalent) must be derivable from the source code in combination with a compiler/toolset (for which source code must be available, and this source code must produce the compiler/toolset (or functional equivalent) when used in conjunction with a standard compiler).

Tricky.

Re:GPL loophole?

[Vicegrip]

Basically you are saying this:
If I modify a GPL project so that it contains my none-standard code that can only be compiled by a modified version of gcc I am not distributing, am I in compliance with the GPL as long as I distribute my none-standard modified code?

The GPL states that:
The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable.

This limits the obfuscation tactics drastically since you must be distributing code you work on itself. Ultimately, you might be able to produce a system whereby the code you write is only understandable by your special compiler, but it will still be code that will be human-readable and follow a flow of programming logic.

This tactic will annoy people at large, but won't prevent the smart people from reproducing exactly what your code is doing... which will make the effort described rather pointless. Because, after all, if you are trying to do something worthwhile enough to expend the effort to do that code trickery, there will be smart people interested in seeing what you are doing. Also, since gcc itself is GPLed, you'll have to be making an error-free compiler all-by-yourself.

And, in the end, all of that so you can circumvent the intents of the author who was gracious enough to let you use their software for free.

Re:GPL loophole?

[aridhol]

Also, since gcc itself is GPLed, you'll have to be making an error-free compiler all-by-yourself.

Actually, the point of this discussion is that you wouldn't need to write your own compiler. Use GCC, but don't distribute your changed binaries. If you don't distribute the GCC binaries, you don't need to distribute the changed source.

Re:GPL loophole?

[Vicegrip]

Perhaps I didn't explain myself properly. I meant that you'd have to go to the trouble of producing an error-free version of gcc that compiled your none standard code properly. Code that you yourself develop and work on-- not some obfuscated version.

As I said, this might keep people at large from figuring out what what was done, but I'm not seeing how this could be valuable in keeping smart people from figuring out the program logic of the modified GPLed software.

Re:GPL loophole?

[nutbar]

Oh no! Now everyone's going to be spending their time hacking compilers to subvert the GPL instead of contributing!

But really, that probably won't happen for two reasons - 1, because it could probably still be argued that is changing the source; and 2, because it'd take a load of effort and anyone that would go to lengths such as those to subvert the GPL for a little "profit" is probably going out of business soon due to lack of productivity...

Re:GPL loophole?

[Vicegrip]

I originally thought he was suggesting some manner of pseudocode that his custom compiler would understand but no others would.

I guess what he's really talking about is having the compiler miss-parse the GPLed code on the fly as it compiles so that the modifications end up in the final binary produced.

I still think this circumvents the "preferred form of the work" clause in the GPL. That is, ultimately, in order to test and debug the code properly, the developer would have had to work with the original GPLed code and modify it. In the end then, how the binary form of that work is produced wouldn't matter, since it contains the code of the preferred form of the work.

Re:request?

[sfire]

As I've been stating and the other replier also stated zebra uses a configure script. --sysconfdir=DIR read-only single-machine data in DIR [PREFIX/etc] allows them to modify file locations, yet not modify the source. This means that the gpled source is all that needs to be downloaded, which is provided on that site.

Why go after just Linksys

I'm confused why everyone is attacking Linksys. There code is based off if not entirely from Broadcom. If you look at anyone who is using the 54G chipset they are all supplied the firmware from Broadcom. This is where all the Linux modification is likely to come from. The manufacturers (Linksys, Buffalo Tech, Belkin, etc.) probably do very little if anything in the Linux enviroment most of there work is probably setting up the firmware through there web pages not modifying Zebra and other GPL software.

This brings up an interesting question. If Linksys is supplied firmware from another company and this company provides a tool to create their own firmware without Linksys's knowledge that it is GPL'd code what is their responsibility in supplying said modified code.

Re:BSD

[Black+Jack+Hyde]

Why use something GPL'd when you can use *BSD that has little or no encumbarance like this?

Great question. My PHB is a big Linuxphile, and was not pleased when I built my latest project on a FreeBSD box. I politely pointed out the ongoing SCO badness and suggested we might wish to rethink our OS preferences for certain projects until a satisfactory resolution has been reached.

For this I'm sure I will be punished. But at least I won't be a defendant.

Jack

Just out of curiosity...

[Dogun]

If those wireless drivers are realy not GPL and only binary modules...
Then shouldn't the kernel be complaining that it is "tainted"? Cause if it's not, then either they've made mods to kernel 2.4.5, 2.4.5 is before the "tainted" complaint started, or the drivers themselves are saying "hey, look at me, I'm a GPL module!" MODULE_LICENSE("GPL") Right?

Someone should check this out, as it looks like linksys is not complying wholeheartedly with the GPL already, we might as well see if they really owe even more than it appears they do.

Re:Just out of curiosity...

[Dogun]

None of the modules contain the "license" tag. Oh well.

Re:OH NO! Stealing is wrong!

[Jearil]

Umm no...

Several things wrong with your argument. First off, as we've all heard, copyright violation is not stealing, it's copyright violation. What Linksys is being accused of is not following the licensing agreement set forth in the GPL, thereby ignoring the individual developer's copyrights that they have on those GPL'ed works.

Now as for your comment on MP3's and the negative view towards the RIAA that most /.ers have, I think you've missed the point completely on that issue. You may not have noticed, but most people here don't believe in violating the copyrights of musicians by illigally downloading MP3's. What we have a problem with however, is the RIAA's attempts to destroy legit P2P services that can be used to share legal MP3's (among other things). Also, the fact that they're attempting to take the law into their own hands (such as that attempt to being able to crack people's boxes if they suspected them of copying illegal music without a judge to intervene) seems to most to be a violation of our rights. The fact that the RIAA is sueing individuals also means that little guys that could actually be sharing only legal music could get caught up in the struggle and not be able to pay to get out of it through a lawsuit, and are forced to settle. We disagree with how the RIAA is acting, but most would just urge artists to use a different avenue instead of the RIAA rather than break the law.

The GPL was meant to allow the original authors some sort of payment without the use of actual money (eg, code that anyone else modified and released to the public). It's also meant to make it easier for people to see what's going on inside of these things and be able to make needed changes to suit the users need, and that right is protected by the copyright holder through his use of the GPL. How you can assume that it's the same as illegal filesharing, I have no idea.

respect

[pyrrho]

ok, this makes me sound like a hard line capitalist bastard rather than the gentle progressive philanthrope I really am... but businessmen don't think like that.

Statistically speaking businessmen are from the type that don't respect you because you are nice, or because you give them something for free... the have far more respect when you kick them in the teeth and tell them how it's going to be... because they will only use your stuff if they think it's useful, and if they use it after being put in line, that must be because it's useful.

It might turn off regular people to get hassled.

But hassling businesses that don't -obey- the GPL is absolutely necessarry part of getting business to adopt and take GPLed systems seriously.

Honestly, I don't think this way myself and have quit jobs rather than work with people I've had to abuse to get a fair deal from... but I've seen it again and again... many business people don't respect you until you beat the hell out of them.

Sort of like barroom brawlers.

GPL

[StarCat76]

I can't say that I'v read the GPL, but from reading these comments it seems that if you do not distribute something, you don't need to release the source code for the changes.
If that is correct, why could some corporation not take code licensed under the GPL, use a "compiler" that would replace the unmodified GPL'd code with their own modified code and then compile that? The code compiled would technically be the old, unmodified code, which the company would freely provide the source code for. The company wouldn't have to provide the code for their "compiler" since it wouldn't be distributed.
Net result? End of the GPL.
Any ideas on whether this would work?
-Neil

Re:GPL

[praxim]

I wouldn't think that would work- the end result is that you still modified the original source, you just went through hoops to do so.

Re:request?

[Locutus]

it's even worst then that. the guy is talking about the CONFIG file being in a different location. Gee, could it be a --config option be used to relocate the config file on startup?

This seems like someone is "pulling a SCO" here. How does the saying go? "There's nothing interesting here. Move along, move along."

LoB

GCC doesn't matter

[unsinged+int]

The GPL has no effect if you do not distribute the software. The GPL does not cover the output of the program. Therefore a modified but undistributed GCC does not require them to give you the source.

The source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable.

The only way I could see that falling under the GPL is if their source is essentially useless because only their unreleased compiler can compile it, to the extent that you couldn't change the code to work with an available compiler. Sounds pretty weak to me.

Re:GCC doesn't matter

[n.wegner]

>The GPL does not cover the output of the program.

I know MSVC++ puts lots of stub code from the MSVS distribution into every binary it links, so GCC might as well. If this code isn't shipped with the OS, then it isn't exempted from the clauses governing other sources. You just might end up with GPL output.

circumventing the GPL

[pyrrho]

your comment gave me a thought (eh, the magic of communicative language)... anyway.

What if someone modified the gcc to allow some new idiom/construct, creating a language C--... the modifications in the source rely on the new features. They release the binaries and the source, but no compiler and no documentation.

You would have uncompileable source code. Yike.

Weak point of the GPL

[RevMike]

This is a perfect example of one of the weaknesses of the GPL.

The GPL requires that anyone who publishes or distributes a GPL binary also make available (in a machine readable format normally used to exchange source code files) the source.

The intent is that the receiver of the GPL binary should be able to regenerate it from source, modify it, and generate enhanced versions.

By using a tool not generally available to build the source, the distributor has made it difficult for end users to enhance the software.

Hopefully the FSF will modify future versions of the GPL to require the following:

• The source code be supplied with clear documentation detailing the tools and their versions used to execute the build.
• Any "in-house" proprietary tools and proprietary patches of tools that materially affect the ability of others to replicate the build process must also be disclosed under a free and open license.
• If commercial proprietary software is used as a tool in said build, the distributor must not enter into any sort of contract, agreement, or other understanding with the tool vendor that prevents the user from acquiring those tools and using them to enhance the software.

I think this will generally cover the bases. Linux can be compiled with a proprietary compiler - usually one supplied for use with a specific chip set - but the distributor must enable their customers to replicate the builds.

Re:Weak point of the GPL

[glenstar]

Holy crap! If those modifications made it into the GPL I don't think any software company would even consider using it. Think about it... not only would they have to release their code (IP), but create detailed documents about build environments, in-house tools, etc, etc... Why not just close up shop? You would be giving your competitors a detailed blueprint for creating a product from which your company is trying to make a profit.

No thanks, the GPL is hard enough to sell as it is. Remember that fracas about using GPL'd Java packages? Holy shit! People were claiming that since technically the GPL'd Java code was linked at *runtime* that maybe the entire project would have to be GPL'd. Wow.

Give me a BSD or Apache license any day... licenses should not, in my opinion, have an almost religious ideology behind them.

You also said: By using a tool not generally available to build the source, the distributor has made it difficult for end users to enhance the software.

GPLers throw around that phrase a lot, "end users". The assumption is that an end user even knows what a compiler is. Most of them do not. For a true end user the GPL doesn't do or mean shit. I mean, come on, they have the "right" to modify their software... and most of them don't even know what a commandline is. That's very useful.

To the *developer*, the GPL is potentially another story. It's great to have access to code, to make changes, etc. But, let's keep that straight... the GPL is for the developer crowd and not the end user. It is not liberating the end user from anything at all.

Re:Weak point of the GPL

[RevMike]

not only would they have to release their code (IP), but create detailed documents about build environments, in-house tools, etc, etc... Why not just close up shop?

The point of the GPL is that others should be able to modify and extend the code published under GPL. Using odd patches or undocumented tools to obscure the build process defeats this purpose.

GPLers throw around that phrase a lot, "end users". The assumption is that an end user even knows what a compiler is. Most of them do not. For a true end user the GPL doesn't do or mean shit.

I used "end user" to mean the receiver of the software distribution. These are the people that the GPL is supposed to empower. I agree that end users usually are not developers who have the capability and/or interest to hack at this. The terminology is poor. Never the less, that is the party whose rights are protected by the GPL. Effectively, the GPL is written for developers, who happen to be the receivers (end users) of code published by someone else.

Give me a BSD or Apache license any day... licenses should not, in my opinion, have an almost religious ideology behind them.

I agree on this 100%. RMS/FSF have an ideological belief that all software should be free. They have a right to that belief, but I personnally disagree with them.

I prefer licenses that stake out a middle ground between proprietary and GPL: If I, as a member of a community, contribute code freely to that community I would like derivative code to also be freely available. However, I would prefer that the linking of open and proprietary code was allowed.

An advantage of this would be that hardware vendors would be in a better position to support Linux with drivers, but not have to surrender their IP rights to the contents of those drivers. More hardware support is good for the community overall. The vendors would make their own choices as to open or closed, depending on their evaluation of the loss of IP versus the cost of maintaining their own drivers.

Re:Weak point of the GPL

[Rinikusu]

Hrm, I just thought of a new "slogan"..
"I don't believe in God, why the hell should I believe in RMS?"

I may have found a new .sig.

Re:Weak point of the GPL

[pavon]

But, let's keep that straight... the GPL is for the developer crowd and not the end user. It is not liberating the end user from anything at all.

Actually, the user does gain some additional freedom, although not as much as the developer: the freedom to know that their favorite peice of software, is not going to be locked up. It is really frustrating when a company producing a superior product is put out of business by another producing crap, and the IP to the source goes down with the company. You can keep using the old software for a while, but eventually you will need additional features, and you are pretty much SOL, especially if the defunct software uses proprietary file formats.

This is one of the main reasons I was sold on open source - because I was sick of seeing good software and ideas dieing a premature death, while most of the stuff on the market seemed to be crap. When I found out that someone had found a way to develop high quality software without being at the mercy of business motives I was thrilled.

Re:More and more...

[God!+Awful+2]

"We" are complaining that they are not making the source freely available, it is very different. We are complaining that they are NOT shareing information with the community, they are complaining that we ARE sharing information with the community. The posts about MPAA/RIAA/DMCA violating our rights are in fact arguing the same thing as posts about companies no abiding by the GPL. "We" think that information should be free to be used by everyone and not burdened by restrictive silly licenses, copyrights, and patents.

Basically:

YOU are doing what you want.
THEY are doing what they want.
YOU think you are right and they are wrong (big surprise)
THE LAW says you are both wrong.
SO THERE!

-a

loophole opened....

[pyrrho]

news at eleven.

While I don't think linksys has done this, I think this thread has hit something substantial. This IS a loophole.

I don't see what would stop someone from creating a new builtin keyword for C/C++ "modification()" and using it throughout their code. If the code is on the compiler side, it's safe.

Re:loophole opened....

[anthony_dipierro]

See, I think a judge would interpret the term "script" to include the compiler, thus adhering to the spirit of the GPL. Since "script" isn't defined in the GPL, it seems such a definition would best fit within the intentions of the license.

Re:loophole opened....

[samhalliday]

even though i just pointed out to you in another posting that "compiler" is defined explicitly in that section of the GPL...

Re:loophole opened....

[anthony_dipierro]

Compiler is not defined explicitly in the GPL. Furthermore, the definition of compiler has nothing to do with the definition of script.

Re:BSD

[mrscott]

You wouldn't have been a defendant anyway. Your company would have been. If I were your boss, I'd probably be displeased to find that one of my people added an additional operating system to our support load without prior authorization as well. If you were trying to sway him, you might have considered going to him before you went off on your own and did something that you obviously knew he wouldn't appreciate.

They don't try to prevent dumping the flash.

[Ayanami+Rei]

::shrugs::

I see no problem there, no acceess restriction means no DMCA. Of course, just because they don't tell you how to do it doesn't mean you can't try.

It's even worse...

[Ayanami+Rei]

... when it's *BSD, and the ONLY thing the BSD guys want you to do is at least acknowledge where you get the OS from, and they still claim it's their propietary uber-cool OS (yeah right). Because "propiterary, secure, patented" sounds much more secure than "based on an common, well studied, stable BSD OS".

Christ.

Re:request?

[Slack3r78]

You may realize this, but I'll cover it before someone gets confused - the source does not have to be made available to "anybody who asks." It must be made available to those who receive a binary distribution of the software. Quite a bit of difference there.

Re:somewhat off topic, but...

[Lumpy]

your post is doomed to be modded down because you say something bad against redhat.

anyways, this is the exact reason I started migration away from redhat to Mandrake and Slackware for the Corperate office here.

Mandrake for the desktops, slack for the servers.

Redhat has been slipping in things that just dont taste right cince 8.0 and their tricks with 9.0 and Advanced server pushed me over that edge.

RedHat is doing nothing to help linux anymore. In the beginning they did, and I was behind them 100% with even owning stock...

Now it's time to walk away. they are not the company that they used to be, and therefore no longer have the potential that was the entire force behind their sucess to date.

Not GPL Violation-RTFC

[dnoyeb]

It appears that the posters assumed violation of the GPL was because the router used files from non-standard locations. Further, it appears that said file locations can be specified in a 'conf' file. Finally, it appears as a result of this that the claim of GPL violation by Linksys is in error.

Also, the claim that Broadcom may need to release their source also seems to be in error due to the fact that their modified GCC has not been publicly released, and the only one that can claim the right to examine said source code of the GCC modifications is Linksys.

RTFA-and the comments that follow...

Re:Not GPL Violation-RTFC

[Abalamahalamatandra]

If Broadcom is compiling the code themselves on Linksys' behalf, then it wouldn't be a violation. However, if they're making a developer's kit available to Linksys, then they most certainly are in violation of the GPL and must release the source.

I do agree with the first point, though - I haven't looked at the Zebra source, but if the only changes made were to config files, then there are no source mods to release. If they changed a #define in a source config file, though, even that should be reflected in their distribution.

Re:Not GPL Violation-RTFC

[|<amikaze]

The only people they would have to release the source to is LinkSys, unless they distribute this modified version of GCC to others.

Re:Not GPL Violation-RTFC

[koko775]

correct. are there really this many /.ers who haven't read the GPL? While still praising it? Sad. Everyone should RTFGPL before liking it. -_-

Re:Not GPL Violation-RTFC

3. You may copy and distribute the Program (or a work based on it,
under Section 2) in object code or executable form under the terms of
Sections 1 and 2 above provided that you also do one of the following:

a) Accompany it with the complete corresponding machine-readable
source code, which must be distributed under the terms of Sections
1 and 2 above on a medium customarily used for software interchange; or,

b) Accompany it with a written offer, valid for at least three
years, to give any third party, for a charge no more than your
cost of physically performing source distribution, a complete
machine-readable copy of the corresponding source code, to be
distributed under the terms of Sections 1 and 2 above on a medium
customarily used for software interchange; or,

c) Accompany it with the information you received as to the offer
to distribute corresponding source code. (This alternative is
allowed only for noncommercial distribution and only if you
received the program in object code or executable form with such
an offer, in accord with Subsection b above.)

See up there where it says "3rd party" Thats us dumbass, If so much as one person outside of the "Broadcom entity" has the program...

Are there others???

[josepha48]

I have to wonder if linksys is the only one doing this. I have a broadmax dsl modem that has built in pppoe and nat and some other interseting things and when I portscanned it with nmap its best guess was that it was running linux 2.4.x . I don't remember the exact kernel rev, but I thought it was interesting. The scan of course cannot be 100% accurate because it did not find any open ports, but it did make me wonder. How many other companies are using Linux to build their embeded devices and not telling anyone or not releasesing the source code?

Re:request?

[The+Real+Chrisjc]

Maybe they can put the source on to a blue disk or something, and only have it avaliable that way, and charge cost for the media (probably multiple thousands). Is there anything in the GPL which would allow them to do it this way?

Re:somewhat off topic, but...

Where do you think most of the latest XFree development is coming from? They've cleaned up XFree and made it some what decent.

Re:somewhat off topic, but...

[Em+Ellel]

Mandrake for the desktops, slack for the servers.

You do realize that Mandrake is a RedHat derivative?

But is hardware software?

[crosbie]

Are LinkSys actually distributing the software?

Perhaps they're just distributing the hardware (that happens to use the modified GPL components in its firmware, or embedded software)?

If the GPL only covers distribution of software and LinkSys are only providing hardware (the customer is explicitly not being provided with the software - the fact that software resides within the hardware might not constitute delivery since the purchaser is not supposed to access it) then LinkSys do not have to release source code.

If LinkSys say "Here are some drivers that we're supplying to you as part of the package", then maybe they would be supplying software, but it doesn't sound like that in this case.

The GPL FAQ explicitly states that GPL software (modded or not) may be privately used without obligation to disclose its source.

If the firmware is tantamount to private use then this would seem to put LinkSys in the clear. They can't help it if someone raids their premises or spies on their private files.

Yes it does

[hummassa]

the --sysconfdir=X string ends up in one of the .h files (config.h?) and it propagates thru in your binaries.

Re:Yes it does

[p3d0]

Nope. If the .h file is generated, then it is not source code, according to the definition in the GPL, because it is not the "preferred form of the work for making modifications to it".

Installed Linux user base

[zornorph]

Are these Linksys devices counted as part of the installed Linux user base when comparing to the number of Windows machines out there? Should they be?

Talk about licensing!

[Dr.+Smooth]

Nice that zebos.com is using an "evaluation only" copy of a Java applet on their homepage. I hope they put the $35 they saved to good use! :-P

Please remember the letter of the GPL

[photon317]

In a case like linksys, where let ssay they've made a change to iptables and used the modified iptables in a commercial product, they are not obligated to redistribute their changes to the public. They are only required to give the changed source code to actual customers who bought the commercial product, and only if they ask for it. However, they must give it to said customers under the terms of the GPL.

So the net result is, they are not required to put their iptables source code diffs up for public grabs under the GPL. However, if you purchase a product of theirs which contains the modified binaries, you have a right to demand the iptables source code diffs from them under the GPL, and once you receive your diffs, you have the legal right under the GPL to post them to the public yourself. Because a company like LinkSys should be able to see that a customer will eventually do this anyways, they generally just give it up to the public to begin with, but technically, they don't have to do it themselves. They can wait and see if any customers actually do it or not.

Wrong...

License is automatically revoked due to non-compliance. Therefore copyrighted works are being distributed without a license.

ergo - this is a copyright violation.

*Assuming of course that the GPL version of Zebra has indeed been used, and not the commmercial licensed version.

Re:request?

[shaitand]

Actually the company must include a notice in writing stating the source is there to request to begin with.

Re:request?

[shaitand]

Maybe so, but free software isn't free. That is my code that is powering their software. They didn't have to pay a dime for it, I wouldn't let them pay me in that form. When I released the software under the gpl it was with the understanding that I damn well wanted my payment in code if they made modifications to it.

The rights of the individuals out there who might purchase a router aren't the big issue. The big issue is the rights of those who wrote the code they are using.

Re:So much press because they're violating the lic

[shaitand]

The FSF works hard to keep these issues out of court. They go leaps and bounds out of their way to keep things out of court. They are the very reason there aren't any cases on the books. Just because a company changes things to comply and avoid bad PR doesn't mean you can't still sue them. If I distribute the binary for a year without notices of where to obtain the source then I've violated the gpl. It doesn't matter if I suddenly stop doing so because I get caught... I've already done the deed, and damages are still owed.

Keep Badgering and they will go away

[nurb432]

If you keep harassing them every other week about GPL this and GPL that, you are liable to have them tell you to f-off and go off to develop an in house firmware, charge more and we all loose.

Re:request?

[Dashing+Leech]

Perhaps I missed something, but you just demonstrated that they can charge for the source code even if you purchased the binary. They can charge what it costs them to distribute it. The message you quoted didn't say they could charge whatever they want, just that it wouldn't necessarily be "free as in beer". They are correct about that.

Re:BSD

[phriedom]

"If you were trying to sway him, you might have considered going to him before you went off on your own and did something that you obviously knew he wouldn't appreciate."

It is almost always easier to ask forgiveness than it is to ask permission. As it is, he got his way. If he had asked his boss first, he would not have.

That doesn't change the fact that he is wrong, it is just a reason to not ask first.

Nothing troubling about complying with copyright.

[jbn-o]

I'm concerned about the recent increase in GPL stories lately where companies that are embracing Linux are being carefully scrutinized. Maybe it's counterproductive to constantly play the hardline approach when Linux is finally starting to get decent drivers...

No, it's not bad at all. Anyone who distributes should be held liable for honoring the terms of the license under which they are given the permission to distribute. As Eben Moglen said, don't give up because we're a litle closer to the front of the bus (by settling for infringements and proprietary software). The goal is software freedom--the FSF wrote the GNU GPL to create a body of software that we could all share and modify freely so we can help make a better world. You don't need to worry about "chasing away companies" because it is their responsibility to comply with copyright law, just as it is the responsibility for those who distribute copies of songs to comply with copyright law. It is not your responsibility to look after Linksys' bottom line.

You should consider contributing to the FSF who handles a lot of GNU GPL infringement cases preventing them from going to court. I suspect that the terms of the GPL are simply unfamiliar to a lot of organizations who deal in GPL-covered works. This doesn't mean they're exempt from obeying the terms of the license, it just means they might need assistance in being compliant.

Just release ALL of the source

[fmaxwell]

What is Linksys thinking? If they release all of the source code for their routers, every geek in the world will buy their hardware with the intent of improving the firmware. I can envision people building VPNs using Linksys hardware and modified firmware. I can foresee changes that allow the Linksys routers to handle unusual configurations (mixture of static and dynamic IPs on the same WAN interface for example), advanced firewalling capabilities, enchanced logging, or perhaps even simple web page serving.

It's not like Linksys has some kind of monopoly on router firmware. SMC, Gigafast, Netgear, Belkin, D-Link, Trendware, Zyxel, Compex, Asante, Hawking, and probably a bunch of others that don't immediately come to mind all market consumer-grade routers and there is very little to distinguish one from the other. If Linksys would make the source available for their routers, they would have a tremendous edge. Every router that I've gotten my hands on is deficient in some major way (can't assign DHCP IP address by MAC, can't use mixed static & dynamic addresses on WAN, can't do MAC address restriction solely on the wireless portion, can't specify IP address of time server, DNS forwarding not supported, inadequate or missing logging, etc.). I'd love a community-supported, open source router for which advanced features were readily available with a simple firmware flash.

Re:request?

[lynx_user_abroad]

...they can charge for the source code even if you purchased the binary. They can charge what it costs them to distribute it.

From the purchasers side, I suppose this is correct. If I have to pay two cents to get it, then I've been charged a fee. From the suppliers side (which was my frame of mind) I suppose they could charge a million dollars for the source, if it actually cost them a million dollars to deliver the source. But in any case there would be no net profit for the supplier, so I wouldn't consider that to be "charging a fee".

But the supplier cannot "charge for the source", only for "what it costs them to distribute it."

It's like if I were to buy you a beer; it would be a "free beer" as far as your pocket book was concerned (I haven't been able to charge you anything), although you might still have to "pay for it" the following morning. ;-)

you might be right

[pyrrho]

but it'll be hard to know until it's tested.

OTOH, it would be a pain to have to ship every single compilation tool... maybe the GPL needs to be changed to handle this.

Consider one wrench in your theory though... what about GPLed code that uses a proprietary compiler... eg. all the projects that use the MS compiler for the Windows version. Can't ship that compiler, can you?!

Yike -- until further notice.

GPL doesn't require it.

[rdmiller3]

Does the GPL say they have to publish their source code???

Nope. Go read it.

The GPL allows for them to accompany their binaries with an "offer" to send you the source at no more than their cost to do so. For all practical purposes, merely including a copy of the GPL varbage and some sort of contact information for themselves completely meets those terms.

Use the contact information. Ask for the source. Be willing to pay duplication, shipping, and handling because they're not obligated to put it on the Internet. (Remember, the GPL was born in the days when you were expected to send your own blank tape and self-addressed return packaging.) If you send your request by registered mail and they don't respond in a timely manner then, maybe, you could have a case against them for license violation.

We made a similar decision when I was a developer at Merge Technologies, that we would not make any effort to "push" the source. Instead, we would wait for requests and answer them as needed. As far as I know, it has never been needed. Not many hobbyists buy medical imaging systems, I guess.

My guess is that Linksys people probably hoped that the demand for mucking about on their hardware platform would be even lower than the demand for Midori Linux, you know... something like two or three hundred requests, max. (Hey, who knew it would end up slated for the entire population of China?!? )

-Rick
(one of the original Midori developers)

Re:GPL doesn't require it.

[ehetzner]

While you seem mostly correct here you're a little bit misleading. From the GPL FAQ:

"Does the GPL allow me to charge a fee for
"downloading the program from my site?

"Yes. You can charge any fee you wish for
"distributing a copy of the program. If you
"distribute binaries by download, you must
"provide "equivalent access" to download the
"source--therefore, the fee to download source
"may not be greater than the fee to download the
"binary.

Not "at no more than their cost to do so". Also, while you're probably correct that the combination of the GPL and contact information is probably legally an "offer" to send the source, doing so seems to me that you are intenationally trying to hide the fact that somebody could get the source.

Even one more loophole here

[arth1]

Yes, that is a pretty big loophole.

Under GPL, no-one can prevent you from using a non-GPL compiler or linker, and modify or configure said development tools to do very specific things to the results when compiling, without changing the source itself.

Heck, you can be something as simple as using a *non-GPL* linker and LDFLAGS=-I../myproprietarycode

That way, you have NOT changed any GPL'ed source, and do not have to distribute any code changes with your resulting distributed binaries, cause there aren't any code changes to the GPLed source.

Please tell me I'm wrong, and exactly why.

Regards,
--
*Art

Re:More and more...

[Xerithane]

actually, this is dependant on the laws of whatever country you happen to be in...if, like i thought it was, the gpl is global, then your argument is void.

Find me a country that has adequate internet access along with an absence of copyright laws that allow you to download copyrighted music for free, and it's void.

Re:OH NO! Stealing is wrong!

[AndyMouse+GoHard]

How will this encourage open source development? In fact it's encouraging closed development - you remember that little thing at the top of the page which we call the story? This article is about *alleged* infringement.

Bill

Misc. notes

[rosewood]

Part 1:
When Microsoft's Bill Gates claimed recently that Microsoft IP had made its way into open source apps, I laughed -- a lot. Its so stupid, all one has to do is LOOK and Microsoft could very quickly and easily prove that their IP was used.

Is it just me or doesn't it make more sense to have everything open? If everything was open sourced you relied on your patents to cover things, you would never have to worry about IP theft because as soon as someone did it, you would know about it, and you could quickly and easily take them to court.

Im working on installing a sprinkler system and I was told that Hunter makes really good sprinkler heads and that as soon as the patent ran out, rainbird copied the design and had a model out the next season hot and ready to go. This is how competition is suposed to work. Rainbird didn't get sued by Hunter under the SMCA (S is for Sprinkler) or some shit!

Part 2:
However, with that said, I don't know if I like this "maybe its being done, so lets post a story on slashdot." Im sure there are a fair number of geeks that see this, dont have time to scope the comments and notes about how the inconsistancies are easily explained away, and will now look at linksys in a negative light.

The whole point of open source is to share that code and put it to use! If companies are going to have to deal with defending their use of open source, a time might come when they just don't want to use it anymore, lock it all down, and sue hackers like this under the DMCA.

Yes, it needs to be made clear that GPL violations are not going on but Im willing here to give linksys the benefit of the doubt and time.

Re:Misc. notes

[dublin]

If companies are going to have to deal with defending their use of open source, a time might come when they just don't want to use it anymore, lock it all down, and sue hackers like this under the DMCA.

Not only that, but perhaps they should sue libelous posters and owners of irresponsible discussion sites for the costs of dealing with false GPL violation allegations. :-)

That, and charge the real and actual cost of sorting out the license issues and providing the source and accompanying documentaiton of appropriate license for each component. This sort of charge is clearly allowed by the GPL, and could easily run into thousaands of dollars as a real and actual expense, chargeable to anyone acting as irresponsibly as the GPL crowd is here. There is no requirement that the cost to provide source be low, just that it cannot exceed the actual cost to provide it. If that cost were accurately accounted for, it would be quite expensive, particularly when a company is under GPL attack, and such things wind up tying up a half dozen people in meetings for a solid week to ensure that the right thing gets done to avoid further harassment.

Right now, the GPL is a one-way bludgeon against any company unwise enough to use GPL'ed code in a product. As this debacle proves, even if they do *nothing* wrong, the GPL bigots can still cost such a company serious money in lost productivity and PR damage (not to mention legal opinions) just by raising a bogus claim of "GPL Violation!" someplace like Slashdot, which seems to think itself immune from the responsibilities (for libel and the like) that other publishers must assume. The New York Times is (justifiably) excoriated for Jayson Blair's fabrications, and gets held to account and even apologizes. Why don't we ever see (or perhaps even expect?) similar accountability in webspace?

PPP 2.4.1 is NOT GPL!

[Poodle+Fang]

The license for PPP 2.4.1 is not the GPL. You can use and modify it without releasing the source. PPP is included in the base distribution of the *BSDs, so the license is BSD compatible.

Here is a copy of their license from one of the source files:

/*
* chap.c - Challenge Handshake Authentication Protocol.
*
* Copyright (c) 1993 The Australian National University.
* All rights reserved.
*
* Redistribution and use in source and binary forms are permitted
* provided that the above copyright notice and this paragraph are
* duplicated in all such forms and that any documentation,
* advertising materials, and other materials related to such
* distribution and use acknowledge that the software was developed
* by the Australian National University. The name of the University
* may not be used to endorse or promote products derived from this
* software without specific prior written permission.
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
* Copyright (c) 1991 Gregory M. Christy.
* All rights reserved.
*
* Redistribution and use in source and binary forms are permitted
* provided that the above copyright notice and this paragraph are
* duplicated in all such forms and that any documentation,
* advertising materials, and other materials related to such
* distribution and use acknowledge that the software was developed
* by Gregory M. Christy. The name of the author may not be used to
* endorse or promote products derived from this software without
* specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*/

Re:request?

[3dr]

No, I'm quite clear on it, actually.

Since the GPL has not been tested in court, it is still quite open to interpretation. When I said you can charge a "fee" for providing source to the binaries you have already provided, I was thinking exactly about the "cost of physically performing source distribution."

Since, again, it has not be tested/interpreted in court, that "cost" may very well include not only media and delivery/bandwidth fees, but time it takes somebody to do it. That's where it's open.

Re:request?

[lynx_user_abroad]

No, I'm quite clear on it, actually.

Then, I respectfully stand corrected.

Since the GPL has not been tested in court, it is still quite open to interpretation.

I've heard many people say this, and it always throws me. The GPL is not law; I don't understand how it would need to be "tested in court". As I understood it, the GPL is a private agreement which all parties agree to for mutual benefit. If a court were to find it unenforcable, it would not mean that (in this example) LinkSys would be free to use the code without distributing the source, but rather that LinkSys would no longer have a license to use the code. Short of finding copyright law itself (which HAS been tested in court) unenforcable, I can't imagine how court could find the GPL eggregious enough to warrant an illegal infringment of anyone's inalienable rights.

Re:request?

[3dr]

You know, I fully agree with you.

I bring up this horrible interpretation of the GPL simply because when it comes to licenses, it pays to think like a slimeball to see where holes may lie. Case in point is this copying fee. If a slimeball was to use GPL code in a binary distribution, the fees associated with distributing the source could, in theory, be priced high enough to discourage code distribution. By the GPL's wording, this is plausible.

This is also what would be tested in court -- the wording of what constitutes reasonable fees. Things other than laws are "tested in court". The SCO/IBM deal is a licensing issue between two private parties that, IIRC from the very very few reports on Slashdot, is now being wrung through the courts. Tested, if you will, but I digress.

Re:somewhat off topic, but...

[Lumpy]

do you realize that redhat cant come into my server room with their gestapo License agreement because I use mandrake?

I think the distro and the code is great, it's the complete fricking morons that are their lawyers and the executives that put in some of the offensive crud that I do not like.

Linux is a buy it once install it on 90,486,372 computers and then give it away to everyone for free. Not what they are turning Advanced Server into.

redhat in it's self is the most advanced Linux distro... but it's EULA is getting as offensive as Microsoft's and that is the reason we got away from microsoft in the first place.

Re:request?

[jericho4.0]

Anyone who has released _any_ code under the GPL has a stake in this.

p.s. Your opinions would matter more if you had the guts to log in, loser.

linksys firmware?

[MoFoQ]

You mean to say there are ppl who are ACTUALLY using Linksys stuff WITH Linksys firmware?

Hell, I modded mine so it would actually work for once.

Hell, Linksys can't write good, working code even if the code wrote itself.

Keep bashing them

They'll eventually grow sane and switch to BSD.

Not a GPL loophole.

[ChrisDolan]

From the GPL:

"The source code for a work means the preferred form of the work for making modifications to it"

My interpretation is that if you routinely need to change pieces of GCC to change your code, then the GCC source *is* your source and the GPL requires you to release it.

Re:somewhat off topic, but...

[Em+Ellel]

Yeah, but there is a difference between their mainstream distibution and advanced server distribution. The restriction only applies to non-GPL software in the Advanced Server/Workstation and to their support offerings, there is nothing like that in their main distribution.

Don't get me wrong, there are plenty of reasons to choose Mandrake or Debian or GenToo or for that matter even RedHat over others, I just did not understand the perticular reason you gave. You HAVE redhat software running in your server room, whether you admit it or not. And mandrake's license cannot be any less restrictive than redhat's since it is a derivate work from redhat's. (like it matters though they are both under the same license)

Now if you are comparing AS vs other distributions, that is a different matter. But like I said, that is their non-GPL software and has little to do with linux itself.

Distributing

[MrWa]

Does this really constitute distributing the changed code? Just "using" GPL code does not mean you have to provide the source code or any credit. Could Linksys not argue that you were never supposed to have access to the code at all (in source -or- binary form) and thus the code wasn't really distributed at all?

I don't know....

[Eminor]

They only have to release the source code if they are distributing the software. In this case, it is embedded in a product (firmware). I don't know how the GPL would be interpretted in this case (are they distibuting this software).

I would say that in this case a company should not have to release their source. I think it is quite petty to be making this into a big deal. They've adopted linux in their firmware. It's been modified to work with their hardware, so how are these modifications going to be useful to people who haven't bought their router?

I do agree that in most that when you distribute modified GPL software you should release the source, but in this case the software is hidden inside a product. The only thing obvious to the user is the FUNCTION of the firmware, not the architecture of the firmware. So are they really distributing GPL'd software? Not in the traditional way.

Re:request?

[Daengbo]

You can charge what you will for verbatim (un-modified) copies of the source. but if you sell someone the binary, the source must either accompany the binary, or be offered "for a charge no more than your cost of physically performing source distribution".
This condition must be accompanied by a written offer to the buyer or any third party.
What this means is that if I haven't purchased the binary (inside the router) I can't demand they give me the source. I have to negotiate for it; they can demand any price they want.
See the "any third party" clause above and revise your opinion, please. They chose option b), so they need to live by it.

That's not what it says

[leonbrooks]

Let's dwell on this phrase for a second (all bolding is mine):

Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange;

I just want to emphasise that point, the written offer (presumably binding) is to give "ANY THIRD PARTY" at all a copy of the source for the cost of copying it.

Re:That's not what it says

[Gleef]

If they chose option 3a, the written offer need not exist.

If they chose option 3b, then Broadcom would have to word the written offer so that anyone would be permitted to make use of it, not just Linksys. However, neither Broadcom nor Linksys is obligated to pass on this written offer to anyone unless they are also distributing the software to them. Broadcom can nether stop Linksys from redistributing, nor can they force them to redistribute.

Chances are, they chose 3a anyway, because the economics of the GPL have changed since it was written. Originally, 3a was easy but expensive, 3b was the hard but sometimes less expensive (3c was easy and cheap, but not always possible). 3a is still easy, but it's now cheap, cheaper than 3b. Since 3b is both hard (you have to have someone listening for and honoring requests for source), and more expensive, and risky too (there's nothing to stop a third party from picking option 3c, which will cost you staff and administration time for distributions you can't control or make a profit on), there's almost no incentive for people to use that option anymore.

Re:That's not what it says

[leonbrooks]

neither Broadcom nor Linksys is obligated to pass on this written offer to anyone unless they are also distributing the software to them. Broadcom can nether stop Linksys from redistributing, nor can they force them to redistribute.

Agree.

Distributing a router running said software == "distributing the software".

If fact...

[leonbrooks]

...if you used an old PROM with the binaries in it as a spacer to keep a circuit board away from a piece of metal inside the box, you would still be required to distribute the source. It would be appropriate, of course, to burn the source into another PROM and use that as a spacer in a different part of the box. (-:

Re:If fact...

[jbolden]

Yep :-) that would probably work for the GPL.

Re:More and more...

[radja]

In the netherlands it's not infringement.

Re:More and more...

[Jedi+Alec]

the Netherlands for example. Swiss law even allows the creation of copies for distribution to "family and close friends"

which GPLed software?

[koekepeer]

hey dominic,

i'm very curious which software of yours is threatened by GPL violation... but i suppose that's not publicly available information. abiword???

[OT]
by-the-way: there's an ambiguity in your CV (resume)

[qoute]
LibOLE2: A C library for reading and writing OLE2 streams, used by MSWord, Excel, Powerpoint, Visio, Corel, and others
[/quote]

OLE streams are being used by..., but the sentence suggests that LibOLE2 is being used by... Easiest (and ugliest) way around this is to split the sentence after 'streams'.

Re:which GPLed software?

[dominator]

Yeah, the resume is out of date, and I'm gainfully employed again. I'll update it eventually. Thanks, though.

As for the violated software, I'm not at liberty to divulge the accused party or the software in question. It's not AbiWord, though.

Dom

Re:request?

[lynx_user_abroad]

[the binary, when distributing under section 3b] must be accompanied by a written offer to the buyer or any third party.

They are clearly in violation of section 3. But they have several options to mitigate their violation. One option would be to include the source with the binary (3a) and another would be to include a "written offer" with the binary (3b). Only the 3b option opens them up to a liability to third parties.

See the "any third party" clause above and revise your opinion, please. They chose option b), so they need to live by it.

We don't know that they chose Option 3b, do we? I'm not familiar with the specifics of the LinkSys distribution. Did they include the written offer? If they did, then clearly "any third party" can claim against the offer. I was under the impression that they did not include a written offer, and did not include (the correct) machine readable source, so it's not clear which ommission they are guilty of. If they resolve this by, in effect saying "we forgot to include the written statement, here it is..." then they are relying on 3b, and any third party can claim. (They would also have to mail the "written offer" to everyone who bought their binary, to bring themselves into compliance.) If they resolve this by saying "we forgot to include the correct source, here it is..." then they have no 3rd party liability (but have to mail the source to everyone who bought their binary.)

In reality, they can probably (as their hoping) get away with just putting "the complete corresponding machine-readable source code" onto their web server, and honoring any third-party request for it. If they're nice about it, the free software community might just overlook this technical violation.

If they aren't, they might find themselves facing copyright violations, losing their license to sell their product, forced to recall it or any number of other "SCO-like" threats (but with real teeth behind them).

Re:request?

[blancolioni]

Read before commenting.

The word you may not have read is "Accompany." That is, accompany the binary distribution with this offer. Which is not the same as giving the source to any third party who asks.

Also, that is one of THREE options you have. If, for example, you just distribute with the source in the first place, you don't need to do this.

Finally, I really don't blame you for posting anonymously, because you're an idiot.

Repeat after me, "I am an individual"

[SiMac]

Not everyone is the same person. Perhaps he should realize this.

Re:Repeat after me, "I am an individual"

[Arandir]

You didn't get your membership card when you signed up for a Slashdot account, did you? Let me refresh you as to the rules regarding individuality:

1) RMS can do no wrong.

2) Bill Gates can do no right.

3) The correct name is "GNU/Linux".

4) Check in every morning for your whining orders.

Re:BSD

[Black+Jack+Hyde]

That doesn't change the fact that he is wrong

Your assumption is incorrect, as is that of the poster you responded to. I was asked to build a fax server. I was told there was no budget to do this beyond my time on the project and whatever hardware I could assemble.

My PHB assumed I would use Linux. There is no policy, formal, informal, or otherwise, specifying OS usage. PHB is a Linuxphile bordering on bigot. I was once a Linuxphile too, using Redhat distros, and finally decided I liked the BSD approach to the OS better. The pending SCO nonsense, which isn't going to go away nicely, also influenced my decision.

I also know my Corporate Masters, who aren't Linuxphiles at all, will cheerfully send around their hit squad from IT Auditing to make sure we the humble subsidiary weren't exposing them the stock option holders to any potential drop in portfolio value. I've lost that battle once already, and it wasn't pleasant.

Anyway, thanks for your opinions, but I'm a grumpy bastard who likes tweaking the boss. And I only do that when I believe I can justify my horrid behavior.

Jack

Oh, and yes, forgiveness is easier to get than permission. How do you think PHB got all of his Linux boxen in place?

Re:More and more...

[yarbo]

Sealand has no copyright laws

Re:BSD

[phriedom]

Well, days have passed so you will probably never see this, but what I meant was that you are wrong in thinking that using Linux can make you a defendant, IMHO and IANAL. If you just prefer *BSD, more power to ya, but there is no mechanism for SCO to sue users. Before that could happen, SCO would have to let Linux developers know where copyright infringement is occuring (if there really is any infringement that is) and that would allow Linux to be "cleaned" long before SCO could target users.

When it comes to copyright infringement, all developers and users need to do is a good-faith effort to comply with the law in order to avoid any penalties. The only people SCO can really get are people who might have (though I doubt it) claimed copyright over code they don't really own.

Add to all that the fact that SCO has either released the code itself by distributing Linux, or willfully violated the copyright all the hundreds of Linux writers and it becomes apparent that SCO is just issuing wild, unfounded threats.