Slashdot Mirror
Embedded Device Manufacturers Ignoring GPL
swillden writes "Iain Barker and some other Linux Kernel Mailing List readers have discovered that several manufacturers of DVD players based on the Sigma Designs EM8500 chipset are distributing Linux, both in the devices and as binary-only firmware upgrades, but not providing source. Apparently, Sigma Designs provides its customers with a copy of the kernel as part of a chipset SDK, and those customers are making and selling devices without complying with the terms of the GPL. It's not clear if this is because Sigma didn't tell its customers about the GPL and their obligations, or if they're all ignoring it on their own. Maybe they've all bought licenses from SCO and therefore don't have to comply with the GPL? The LKML post contains a list of some of the infringers."
Great now we can get some DVD code and keys, hopefully if they have integrated it enough, sweet. Kiss my ass MPAA, not so hot now are we?
This comment does not represent the views or opinions of the user.
Lots of people ask for tons of money for a privilege we let people have without charge. The least they can do is comply with the terms of the license.Bruce
Bruce Perens.
Cisco got trapped this way, too. And they can turn around and sue those far-east folks, if it's worth their time.
I am an expert witness in one such case.
Bruce
Bruce Perens.
[snip from GPL]
/. opinion is on this.
2. You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions:
a) You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change.
b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License.
c) If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the most ordinary way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this License. (Exception: if the Program itself is interactive but does not normally print such an announcement, your work based on the Program is not required to print an announcement.)
[end snip]
So does this then mean that if I install Linux on my computer, and then sell or give my computer away I must provide extensive notification of the Linux installation? Including documentation at each place I may have edited the code, and some form of the Linux kernel source in cases were I do not have the kernel source installed?
I can see how distributing firmware upgrades constitutes distributing software, and is thus firmly within the preview of the GPL. However, I'm having a harder time understanding how imbedded hardware applications constitutes a software distribution. If the hardware running the GPLd software can not under normal operation be accessed by an end user does it still constitute software distribution? The manufacturer does seem to be getting some benefit from the use of the GPLd software. However, if I use an online service that uses a modified Linux on internal hardware are they required also to provide me with their source? Where is the line? That the hardware is physically in my possession? What if I rent or lease equipment? This seems like a very slippery slope for the proliferation of GPLd software.
I'm not proposing an opinion I'm just curious what the
exactly.
the more maddening part is that Sigma is so violently anti-open source that they flat our refuse to release code to use their em8500 chipset. we had to reverse engineer the em8300 and 8400 chipset but so fgar we have discovered that they intentionally changed things to be radically different from the 8400 to thwart open source driver efforts. and all communication with the company about information has resulted in hostility towards a open linux driver.
Yes they have a binary driver available. it is completely a useless piece of junk.
Sigma designs is a hostile company. their attitude towards open source and linux in general is appaling enough, this is another stab in the back of every OSS developer.
I think his terminology was incorrect. I think what he was saying is that it's a stock linux kernel with non-GPL'd kernel drivers.
Yes, that's exactly what I had in mind - thanks. Take a stock kernel, write your own drivers specific to your widget, and release a binary.
In this case the kernel would be GPL, but stock. You can get it anywhere. Your drivers would be non-GPL. They're your own business. Aren't they?
I'm asking because I work in the embedded field, and recently talked my engineering team into Linux for our next target. And this is the development path we intend to follow. We aren't modifying anything, we're using stock kernels and adding our drivers in.
I hope Bruce keeps reading this thread. I'm not trolling - honest! I'd really like to not wind up on "the list".
Weaselmancer
Weaselmancer
rediculous.
If someone works with Linux he has to know about the GPL, simple as that. A former employer of mine worked with the EM8400 and I wrote an application that used it. And we knew about the GPL and planned to release the sources when the product was to be released.
Unfortunately our company went insolvent so it's quite easy to say that we would have released the offending sources ;-) But the point is we worked with Linux and thus knew we had to deal with the GPL. I think anyone who professionally works with Linux has to know the GPL.
But many companies seem to ignore the GPL and just hope they won't get caught. It can be very hard to convince your managers that you are forced to republish any modified GPL'ed programs. In my experience the engineers/programmers know the GPL very well and tell their managers about it but those just don't want to hear. They are not comfortable with giving anything out to the public, even when it's about non-critical stuff or like in this case work of others with a license that forces you to release that particular code. They seem to ignore the fact that only the stuff that your employees wrote is the only thing you really have a right to and that you don't need to release that.
On the other hand Sigma could be telling their customers more about the GPL and what their customers have to publish and what they can keep. But I don't think it's Sigma's fault when their customers don't comply with the GPL.
While I am sure that there are numerous manufacturers out there that are blatantly violating the GPL in their use and distribution of Linux, that may not be the case with these manufacturers.
The GPL states that those that distribute GPLed software must provide the source to the recipients of the distributions upon request. That does NOT mean that they have to make the source available on their website. It means that people you receive the ditribution, in the form of the DVD player, must receive the source upon request. No one else is entitled to the source, only those that have received the distribution. It is even legal for them to refuse requests for the source from those who have not been distributed to, as in people who do not own the DVD players. This strict interpretation breaks down when these manufacturers make the software freely downloadable from their website in the form of firmware upgrades but, even in this case, the GPL does not require the distributor to make the source available on the website. They can still require formal requests before providiing the source.
Now, what the LKML does not say is, if the people concerned have made a formal request or not. It states that they examined the web site but there is no requirement for the DVD manucaturer to post the source on their website.
Like I said in the begining, they may be in violation of the GPL but there is insufficient evidence in the LKML posting to prove that. Remember that it is only a courtesy when distibutors make the sources available to all on their website. The GPL does not require them to do so at any time.
Has anyone been able to get the source from Watchguard? I've never been able to find sources from them. As for the written offer, I've never seen that either unless it is hidden away on their included CD-ROM.
Redhat, IBM, AT&T, Stelias Computing Inc., Turbolinux Inc., Los Alamos National Laboratory, Carnegie-Mellon University, Tacit Networks Inc, Mountain View Data Inc., Cluster File Systems Inc., Axis Communications AB, Transmeta Corporation, Caldera Deutschland GmbH (now SCO), Procom Technology Inc., Conectiva Inc. Qualcomm Inc., Montavista Software Inc., Madge Networks Ltd., Fore Systems Inc., ATecoM GmbH, Sun Microsystems, Telford Tools Inc., Free Software Foundation, ITConsult-Pro Co., Farsite Communications Ltd., Sangoma Technologies Inc., Intel Corporation, SysKonnect, United States Government, Fujitsu Laboratories Ltd., Digital Equipment Corporation (now HP), Silicon Graphics Inc. (now SGI), Silicon Integrated Systems Corporation, PJD Weichmann & SWS Bern, Digi International, D-Link Corporation, DAVICOM Semiconductor Inc., MIPS Technologies Inc., Lucent Technologies Inc., RedCreek Communications Inc.Texas Instruments, University of California, Inside Out Networks Inc., Innosys Inc., Keyspan, Precision Insigth Inc., Va Linux Systems Inc, Broadcom, Hewlett Packard, ARM Ltd., The Victoria University of Manchester, SpellCaster Telecommunications Inc., Eicon Technology Corporation, Cytronics & Melware, QLogic, Perceptive Solutions, Mylex Corporation, LSI Logic Corporation, Compaq Computer Corporation (now HP), Tekram Technology, Seagate, Adaptec Inc., Creative Labs Inc.... Ok, I'm bored now, so that's all I can be bothered entering. Try a "grep -r -i copyright ." in your /usr/src/linux, and probably '(c)' as well.
Does that look like college kids to you?
Now, a lot of these companies are small, but quite a few of them are Fortune 500 companies too. There's your weight.
A lot of the above companies own copyrights on specific drivers only, so they may or may not apply in specific configurations, but many key contributors, such as IBM, SGI, Redhat, HP, Novell (SuSE) have their stuff all over the place in the kernel, and have money to go after you when it's their interest to protect their IP.
Is in compliance, or at least appear to be.
Maybe. That zip file contains a kernel and busybox, but it doesn't look like it contains any drivers for the EM8500 DVD Decoder, which means that if you built the source and loaded it into your KISS player, it would no longer play DVDs. It also includes a binary, "linux.bin", which appears to be the actual kernel binary, but it's not clear if that contains the EM8500 driver binaries.
Whether or not they can exclude that driver (and potentially other parts of the software as well) without violating the GPL is hard to say. If it's a purely userspace driver, they're fine. If it's a kernel module... thing get much stickier. Linux has a history of tolerating binary-only kernel modules, but that only holds under certain assumptions, which may not be met here.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
Cisco didn't challenge it after acquiring Linksys, who use Linux in their routers and switches. After speaking with FSF legal counsel, Cisco put up all of the source.
The company I work for has fairly deep contacts at Cisco. Believe me, they weren't concerned about bad PR. It was a legally wise decision.
The FSF has challenged many, many incidents of GPL violation. Every company challenged has chosen to settle out of court.
I suspect you don't work with GPL'd code, have never dealt with companies that do, and have actually never been involved in systems development at all.
Whoa, I wasn't aware of that.
What if, say, a consultant uses GPL code as the basis for code developed for a customer. He gives the customer the executable and said offer for source code.
Now if I, as a third party, simply know of the existence of that deal, having nothing else to do with it, I can go ask for the source code?
Is there a way for the customer to keep the derived code for himself, if he does not wish to distribute it? (I understand that if he does distribute it, it must be under the terms of the GPL.)
If the customer wish to keep the modified version for himself, wouldn't it be possible for him to contract the modification out as a work for hire (or whatever the copyright term is), so that he and not the consultant owns added material as far as copyright is concerned? Then no distribution has taken place, and the GPL is not in play (as far as the modified version is concerned, the original was of cause still obtained and modified under the permission of the GPL).
What you want them to do is to allow them to use their software as if it were BSD licensed. What the companies are doing is stealing software, and then selling it to other people. They have every right, and futhermore a duty, to make noise about this. The "price" of GPLed software is to release the source, and you need to "pay" to use software they didn't write for commercial products. Sorry.
Oh well. I guess respecting the author's rights is unimportant next to making sure they use "anything but Windows," eh?
One of the things that really got me excited about having a TiVo (direct tv tivo) was when I was reading the manual (3 days before the installer was due, of course) and ran across the GPL in the back of the book. Oddly enough, that was just about the only thing I found of substance in the manual.
Nice to see that some companies are able to adhead to the rules AND make some money at the same time.
Good judgment comes from experience, and a lot of that comes from bad judgment.