Slashdot Mirror
Embedded Device Manufacturers Ignoring GPL
swillden writes "Iain Barker and some other Linux Kernel Mailing List readers have discovered that several manufacturers of DVD players based on the Sigma Designs EM8500 chipset are distributing Linux, both in the devices and as binary-only firmware upgrades, but not providing source. Apparently, Sigma Designs provides its customers with a copy of the kernel as part of a chipset SDK, and those customers are making and selling devices without complying with the terms of the GPL. It's not clear if this is because Sigma didn't tell its customers about the GPL and their obligations, or if they're all ignoring it on their own. Maybe they've all bought licenses from SCO and therefore don't have to comply with the GPL? The LKML post contains a list of some of the infringers."
One driver for Sigma chips was made long ago. I wonder if they use that one too. Since Sigma provides shit for Linux
Signature Pro version 1.13.2-3 release 83.5 beta3try7 after-breakfast edition
Great now we can get some DVD code and keys, hopefully if they have integrated it enough, sweet. Kiss my ass MPAA, not so hot now are we?
This comment does not represent the views or opinions of the user.
someone needs to strat a fund to sue violaters of the GPL. And the money collected can be distributated to needy projects for new hardware, bandwidth, and publicity (to increase the general populations awareness of where good software really comes from).
The GPL is non-intuitive, and does not have any real precident. Because of this, it is widely misunderstood. When somone says free software or open source, they will assume that it is completely free, not GPL. Everyone has been selling OSS as free software, when it is explicitly not. There are obligations involved that must be followed.
Lots of people ask for tons of money for a privilege we let people have without charge. The least they can do is comply with the terms of the license.Bruce
Bruce Perens.
Cisco got trapped this way, too. And they can turn around and sue those far-east folks, if it's worth their time.
I am an expert witness in one such case.
Bruce
Bruce Perens.
you must provide source.
And these companies are thinking, "... or else what? A bunch of college kids are going to sue us? Not bloody likely." The GPL is a nice idea, but without some weight behind it, it's only a very simple, largely unenforceable gentlemen's promise, which doesn't mean shit when the bottom line is at stake. My guess is that there's all kinds of GPL'ed stuff out there without complying, but the fact is, most people will never know. GPL is a nice, quaint, friendly idea, but completely and totally unrealistic.
This is what *BSD is for. It works just as well as Linux, better in my opinion (hey zealots, keyword is opinion), and has a truly free license -- one where you can redistribute in both source and binary form. I suggest Linksys, Broadcom, Google, and whoever else is under fire from FSF and EFF to use NetBSD (great for embedded devices) instead of Linux.
Fortress of Insanity
[snip from GPL]
/. opinion is on this.
2. You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions:
a) You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change.
b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License.
c) If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the most ordinary way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this License. (Exception: if the Program itself is interactive but does not normally print such an announcement, your work based on the Program is not required to print an announcement.)
[end snip]
So does this then mean that if I install Linux on my computer, and then sell or give my computer away I must provide extensive notification of the Linux installation? Including documentation at each place I may have edited the code, and some form of the Linux kernel source in cases were I do not have the kernel source installed?
I can see how distributing firmware upgrades constitutes distributing software, and is thus firmly within the preview of the GPL. However, I'm having a harder time understanding how imbedded hardware applications constitutes a software distribution. If the hardware running the GPLd software can not under normal operation be accessed by an end user does it still constitute software distribution? The manufacturer does seem to be getting some benefit from the use of the GPLd software. However, if I use an online service that uses a modified Linux on internal hardware are they required also to provide me with their source? Where is the line? That the hardware is physically in my possession? What if I rent or lease equipment? This seems like a very slippery slope for the proliferation of GPLd software.
I'm not proposing an opinion I'm just curious what the
exactly.
the more maddening part is that Sigma is so violently anti-open source that they flat our refuse to release code to use their em8500 chipset. we had to reverse engineer the em8300 and 8400 chipset but so fgar we have discovered that they intentionally changed things to be radically different from the 8400 to thwart open source driver efforts. and all communication with the company about information has resulted in hostility towards a open linux driver.
Yes they have a binary driver available. it is completely a useless piece of junk.
Sigma designs is a hostile company. their attitude towards open source and linux in general is appaling enough, this is another stab in the back of every OSS developer.
I think his terminology was incorrect. I think what he was saying is that it's a stock linux kernel with non-GPL'd kernel drivers.
Yes, that's exactly what I had in mind - thanks. Take a stock kernel, write your own drivers specific to your widget, and release a binary.
In this case the kernel would be GPL, but stock. You can get it anywhere. Your drivers would be non-GPL. They're your own business. Aren't they?
I'm asking because I work in the embedded field, and recently talked my engineering team into Linux for our next target. And this is the development path we intend to follow. We aren't modifying anything, we're using stock kernels and adding our drivers in.
I hope Bruce keeps reading this thread. I'm not trolling - honest! I'd really like to not wind up on "the list".
Weaselmancer
Weaselmancer
rediculous.
From the GPL:
Note that anyone who distributes the executable is still obligated to provide the source, regardless of any changes they may or may not have made. Not only that, but they must also provide scripts used to compile and install the executable.
This whole issue came up because someone wanted to modify their DVD player. Apparently having access to kernel.org wasn't sufficient.
To redistribute back to the rest of the people who have made modifications to Linux the changes they have made.
Not at all. The point of the GPL is not redistribution, but protection. You need to know what modifications are being applied so that, if you use it, you know you are not running malicious code. Many think it is about knowledge, but a public knowledge isn't necessarily a good thing. It limits advancement because a secret can be a good tool if used properly. But GPL doesn't have a central governing body to be held repsonsible, like a major company does. You trust that Novell won't put malicous code in a service pack, so we don't deman that they make it public. The Open Source community doesn't have such trust, so we self-check with the GPL. It isn't about increasing/limiting profits or knowledge, it is about limiting damage.
Thanks,
Bruce
Here is the section: So it would appear that while a company wouldn't have to distribute the source code with their binaries they would have to have a written offer regarding how you can obtain the source (option b).
If someone works with Linux he has to know about the GPL, simple as that. A former employer of mine worked with the EM8400 and I wrote an application that used it. And we knew about the GPL and planned to release the sources when the product was to be released.
Unfortunately our company went insolvent so it's quite easy to say that we would have released the offending sources ;-) But the point is we worked with Linux and thus knew we had to deal with the GPL. I think anyone who professionally works with Linux has to know the GPL.
But many companies seem to ignore the GPL and just hope they won't get caught. It can be very hard to convince your managers that you are forced to republish any modified GPL'ed programs. In my experience the engineers/programmers know the GPL very well and tell their managers about it but those just don't want to hear. They are not comfortable with giving anything out to the public, even when it's about non-critical stuff or like in this case work of others with a license that forces you to release that particular code. They seem to ignore the fact that only the stuff that your employees wrote is the only thing you really have a right to and that you don't need to release that.
On the other hand Sigma could be telling their customers more about the GPL and what their customers have to publish and what they can keep. But I don't think it's Sigma's fault when their customers don't comply with the GPL.
While I am sure that there are numerous manufacturers out there that are blatantly violating the GPL in their use and distribution of Linux, that may not be the case with these manufacturers.
The GPL states that those that distribute GPLed software must provide the source to the recipients of the distributions upon request. That does NOT mean that they have to make the source available on their website. It means that people you receive the ditribution, in the form of the DVD player, must receive the source upon request. No one else is entitled to the source, only those that have received the distribution. It is even legal for them to refuse requests for the source from those who have not been distributed to, as in people who do not own the DVD players. This strict interpretation breaks down when these manufacturers make the software freely downloadable from their website in the form of firmware upgrades but, even in this case, the GPL does not require the distributor to make the source available on the website. They can still require formal requests before providiing the source.
Now, what the LKML does not say is, if the people concerned have made a formal request or not. It states that they examined the web site but there is no requirement for the DVD manucaturer to post the source on their website.
Like I said in the begining, they may be in violation of the GPL but there is insufficient evidence in the LKML posting to prove that. Remember that it is only a courtesy when distibutors make the sources available to all on their website. The GPL does not require them to do so at any time.
I think it's time to set a few examples and sue a few of these companies for the $150K per infringement statutory damage that goes along with wilful copyright violation for commercial gain.
They might have problems reading licenses, but I'm sure that will get the message across.
Would also put an end to the doubts about the enforcability of the GPL that some ppl seem to suffer from.
Has anyone been able to get the source from Watchguard? I've never been able to find sources from them. As for the written offer, I've never seen that either unless it is hidden away on their included CD-ROM.
Well Boies is certainly wrong but he is not insane, just exceptionally greedy and prepared to make an argument he must know is shit. I was really pleased to hear that Boies is defending Conrad Black in his embezzlement case.
The source code availability issue is somewhat odd, it is from a pre-Internet age. There is no difficulty in getting hold of Linux source. The issue to argue over would be any modifications of Linux. If Linux is so good it should not be necessary to modify the kernel to run embedded. It is not clear that there isa modification here, a layered app is not a modifocation.
The other weak point if someone were to bring a case is standing. The only party with the right to bring a suit would be the copyright holder or holders. That is why RMS is keen on people signing over the copyrights of free software to the Richard Stallman Ego Enhancement Foundation, so that future generations can enjoy LiGNUx as it was meant to be known.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
Redhat, IBM, AT&T, Stelias Computing Inc., Turbolinux Inc., Los Alamos National Laboratory, Carnegie-Mellon University, Tacit Networks Inc, Mountain View Data Inc., Cluster File Systems Inc., Axis Communications AB, Transmeta Corporation, Caldera Deutschland GmbH (now SCO), Procom Technology Inc., Conectiva Inc. Qualcomm Inc., Montavista Software Inc., Madge Networks Ltd., Fore Systems Inc., ATecoM GmbH, Sun Microsystems, Telford Tools Inc., Free Software Foundation, ITConsult-Pro Co., Farsite Communications Ltd., Sangoma Technologies Inc., Intel Corporation, SysKonnect, United States Government, Fujitsu Laboratories Ltd., Digital Equipment Corporation (now HP), Silicon Graphics Inc. (now SGI), Silicon Integrated Systems Corporation, PJD Weichmann & SWS Bern, Digi International, D-Link Corporation, DAVICOM Semiconductor Inc., MIPS Technologies Inc., Lucent Technologies Inc., RedCreek Communications Inc.Texas Instruments, University of California, Inside Out Networks Inc., Innosys Inc., Keyspan, Precision Insigth Inc., Va Linux Systems Inc, Broadcom, Hewlett Packard, ARM Ltd., The Victoria University of Manchester, SpellCaster Telecommunications Inc., Eicon Technology Corporation, Cytronics & Melware, QLogic, Perceptive Solutions, Mylex Corporation, LSI Logic Corporation, Compaq Computer Corporation (now HP), Tekram Technology, Seagate, Adaptec Inc., Creative Labs Inc.... Ok, I'm bored now, so that's all I can be bothered entering. Try a "grep -r -i copyright ." in your /usr/src/linux, and probably '(c)' as well.
Does that look like college kids to you?
Now, a lot of these companies are small, but quite a few of them are Fortune 500 companies too. There's your weight.
A lot of the above companies own copyrights on specific drivers only, so they may or may not apply in specific configurations, but many key contributors, such as IBM, SGI, Redhat, HP, Novell (SuSE) have their stuff all over the place in the kernel, and have money to go after you when it's their interest to protect their IP.
Is in compliance, or at least appear to be.
Maybe. That zip file contains a kernel and busybox, but it doesn't look like it contains any drivers for the EM8500 DVD Decoder, which means that if you built the source and loaded it into your KISS player, it would no longer play DVDs. It also includes a binary, "linux.bin", which appears to be the actual kernel binary, but it's not clear if that contains the EM8500 driver binaries.
Whether or not they can exclude that driver (and potentially other parts of the software as well) without violating the GPL is hard to say. If it's a purely userspace driver, they're fine. If it's a kernel module... thing get much stickier. Linux has a history of tolerating binary-only kernel modules, but that only holds under certain assumptions, which may not be met here.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
Cisco didn't challenge it after acquiring Linksys, who use Linux in their routers and switches. After speaking with FSF legal counsel, Cisco put up all of the source.
The company I work for has fairly deep contacts at Cisco. Believe me, they weren't concerned about bad PR. It was a legally wise decision.
The FSF has challenged many, many incidents of GPL violation. Every company challenged has chosen to settle out of court.
I suspect you don't work with GPL'd code, have never dealt with companies that do, and have actually never been involved in systems development at all.
Whoa, I wasn't aware of that.
What if, say, a consultant uses GPL code as the basis for code developed for a customer. He gives the customer the executable and said offer for source code.
Now if I, as a third party, simply know of the existence of that deal, having nothing else to do with it, I can go ask for the source code?
Is there a way for the customer to keep the derived code for himself, if he does not wish to distribute it? (I understand that if he does distribute it, it must be under the terms of the GPL.)
We wouldn't even be having this discussion
if the manufactures were using a BSD licensed
system. These GPL compliance demands are just
another reason for these manufactures to use
BSD products in the future.
If the customer wish to keep the modified version for himself, wouldn't it be possible for him to contract the modification out as a work for hire (or whatever the copyright term is), so that he and not the consultant owns added material as far as copyright is concerned? Then no distribution has taken place, and the GPL is not in play (as far as the modified version is concerned, the original was of cause still obtained and modified under the permission of the GPL).
The source code is definitely not complete. The binary firmware they are shipping has its executables linked against uclibc and it contains the udhcpc program. Both uclibc and udhcpc are GPL and are not included in the source distribution.
There are also three binary kernel modules that are not included in the source version. This practice is at least debatable.
The latest binary kernel from KISS also contains some strings (e.g. 'JASPER ide controller activated') that are not present in the distributed source, while the otherwise very similar binary that comes with the source appears to have been created from exactly that source.
What you want them to do is to allow them to use their software as if it were BSD licensed. What the companies are doing is stealing software, and then selling it to other people. They have every right, and futhermore a duty, to make noise about this. The "price" of GPLed software is to release the source, and you need to "pay" to use software they didn't write for commercial products. Sorry.
Oh well. I guess respecting the author's rights is unimportant next to making sure they use "anything but Windows," eh?
Well, I'm no Bruce Perens (I'm no lawyer either), but if I recall the GPL correctly, the 3 year limitation applies to written offers only; I don't think courts see offers displayed on screen the same way. And if I recall correctly, thats the only one that expires. The gpl covers this quite well, so you might take yourself a half day and work through the meaning of the GPL. Especially since this code is 10 years old (apparently if you don't specify a version, any version may be applied, though figuring out if you actually provided a liscence file or not may be difficult).
But this is largely irrelevant; you own the copyright. The GPL applies to people you distribute to. I suppose you could sue yourself for infringement, but you hold the copyright, and can do whatever you see fit with it, including releasing it to others under the GPL. And moreover, as a person you don't have much to offer people who want to sue you. Usually people are looking for the source code. They can't sue that out of you if its gone. Since the code is gone, you're not providing access to GPL'd code.
I Browse at +4 Flamebait
Open Source Sysadmin
After purchasing a Rio Karma, I started to poke around it abit. Guess what? It too is running linux, and the source is not made available from the Rio website (or on its CD)
If we take your example of a company producing computer animation, then there's a flaw in your argument. The company is in the business of using computer animation software to produce movies. How many OS or imaging software programmers do you need for this work, relative the number of 3D-imaging specialists (maya, photoshop, lightwave, [insert generic any-license animation product here])? You wouldn't need very many above the standard IT-support infrastructure.
But they *do* have plenty of software developers on-staff, because they don't just use the stock tools. Every big CG house uses lots of custom, in-house software.
Extra developers, the potential for delayed production schedules as features are waited on
If you've read any of the recent interviews with some of the lead engineers at, e.g., Pixar, they highly value the fact that if they are having some problem with their OS or software, they don't have to wait on someone else to fix it, because they can do it themselves. The reason they like to be able to do it themselves is precisely it because it *keeps* them on schedule. If they run into some software limitation, do you think it will be _faster_ to call up their software vendor and ask them to produce a fix?
"Well, Bob, all of my engineers are tied up right now on other projects. Since you're such an important customer to us, I'll break someone loose and get them looking at it ASAP. I think we should be able to give you an estimate in about a week."
"A week?!?! We go into post-production next week and we need a couple of days to get this segment rendered! We have to have this fixed by tomorrow!"
"I'm sorry, Bob, but that's the best we can do. We're already up to our elbows in some other urgent enhancements for other customers, you know. As soon as we get the estimate to you, we can draw up a contract for the work. We'll rush this one through -- shouldn't take more than two or three days for the attornies to go over it. Then our guys can get the work done, then a few more days for QA and you'll be set! Call it three weeks from today for delivery, if the problem is as easy to fix as you say it is."
"But, my lead engineer says he could fix it in a day!"
"Well, Bob, you know we can't do that. Gotta protect our IP and all; I'm sure you guys understand that."
And, frankly, that's far better service than you're actually likely to get. If you're dealing with a really big software house, like Microsoft, you'll get your bug fixed or your enhancement added when the next release comes out. If you're lucky.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
Linux is used because it is popular. Sort of like how Britney Spears sells a lot of albums. Popularity != Quality
Another company violating the GPL is Easy Networks. They're selling binaries for busybox - along with modified versions of rdesktop, syslinux and Linux itself - in a software package called EasyRDP. They have refused to supply source code as required by the GPL. They're also unjustifiably rude to anybody who requests the source code.
More info here. Ivo reckons the company has shutdown but I have my suspicions they've just gone offline and are still selling the product via traditional channels.
One of the things that really got me excited about having a TiVo (direct tv tivo) was when I was reading the manual (3 days before the installer was due, of course) and ran across the GPL in the back of the book. Oddly enough, that was just about the only thing I found of substance in the manual.
Nice to see that some companies are able to adhead to the rules AND make some money at the same time.
Good judgment comes from experience, and a lot of that comes from bad judgment.
Actually, according to the GPL, the source code must be available for anyone who wants it... however, if they didn't modify the kernel, it would be quite sufficient to say "this product uses the RedHat 7.2 kernel, source is available at the RedHat site (www.redhat.com)".
If their *application* code is running with no kernel mods (the kernel mods, being integrated with other GPL code would be "infected" with the GPL and would need to be open sourced), then their own application code could be on what whatever license they wanted and would *not* need to be GPL'd or made available.
Personally, they would have been far better off using NetBSD, under the BSD license. It supports at least as many architectures as Linux, and is far more easily ported to new ones. Plus it has the advantage of allowing them to keep things under wraps (ok, such as the CSS keys, which are useless since it can be cracked anyways... but perhaps other code such as licensed code from Dolby or something for the sound)...
Anyone out there who has used an F5 load balancer or a Nokia firewall has used BSD. They are welcome to make their own tweaks to the OS and distribute it w/o opening up thier mods. This has bought them a market edge for a few years, and they do contribute to finding bugs in the codebase, etc. They contribute to a more stable/secure product, while still keeping their own product 'proprietary'.
> kernel if they are including it in hardware they
> are selling there is no compulsion to release
> their drivers - just like nVidia, [...]
wrong.
distributing a binary-only driver by itself is a completely different thing to distributing hardware plus kernel plus binary driver as one product.
while the former is a grey-area (there are compelling arguments both for and against the legality of that), the latter is explicitly covered in the GPL.
to quote from section 3 of the GPL:
(emphasis added)
it is that last qualifier that is significant here. if you distribute any GPL-linked or derived binary *WITH* any GPL-licensed code then *ALL* of the code must be released under the terms of the GPL.