How To Fight International OSS License Violations?

sirshannon asks: "Frans Bouma's LLBLGen is a free, open source code generator that he licensed under the BSD license so that anyone could use it in any way, as long as they gave him some credit. Now Codease has released a product that apparently uses his code for 90% of the functionality but doesn't bother to attribute it to him. Frans lives in The Netherlands, Codease is in Singapore. What is the correct way to pursue this?"

Buy a plane ticket

[lrdviperscorpian]

Buy a plane ticket and pack a baseball bat. wuss

Re:Buy a plane ticket

[bsharitt]

You can borrow my black helicopter and sniper team, but only for the weekend.

What is the correct way to pursue this?

vigilante justice.

Re:What is the correct way to pursue this?

Post it on slashdot and have users post comments on CodeAse's webform.

sue the users

[trouser]

oh sorry, I thought you said SCO

Ask your lawyer!

[Feztaa]

Jeebus, is it that hard to figure out?

Re:Ask your lawyer!

[ThisIsFred]

Some random family attorney most likely knows nothing about IP, much less IP in Singapore.

Hold up...

[linuxkrn]

Posted @ 3/3/2004 12:11 PM

As a last resort I yesterday asked them why they didn't simply obey the license terms and suddenly they were willing to do so. I've mailed what I wanted them to do (adding a single line to the about box, as stated in the license) however haven't heared since. I'll try mailing them later today again.

Looks like they may have changed their minds. Might want to hold off on the witch hunt... then again why they are so much fun. :)

Don't bother

[alienw]

Fighting a BSD license violation is pointless because you are unlikely to win any money. Perhaps you should license your program under the (L)GPL next time, then you would actually have a case.

Re:Don't bother

[cbiffle]

You're probably trolling, but my radar is off today.

Considering that, to date, the BSD license is the only one of the two that has been tested in a court of law, I don't really understand your point.

(I'm referring to the AT&T/USL code settlement of the 90s.)

I suspect this guy's entire problem is that he's using the old advertising-clause BSD license, and Codease probably assumed when he said 'BSD' he meant 'modern BSD.' Were it a modern BSD license, they could use his code without attribution.

Since they've since started to acquiesce to his demands, I suspect they may have finally read his license and realized their mistake.

Re:Don't bother

[eht]

How could he magically demand money under the (L)GPL anymore than he could under a BSD2 license, the topic doesn't state this, but it's not under the old style BSD advertising clause license, nor the MIT style BSD license, this is the 2 clause BSD license (which I've never seen anyone use, but that's besides the point) and at this moment they're not obeying all cluases of the license, specifically the attribution cluase.

"2) Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution."

Copyright violation is copyright violation, whether it is music, software, or source code.

Re:Don't bother

[alienw]

Actually, I think you are trolling. Most licenses have not been "tested" in a court of law, and they don't need to be "tested" to be perfectly good. In fact, a license that has never been disputed is probably stronger than one that has been challenged in court. I don't see too many people saying that Microsoft's EULA is unenforceable, because it clearly is. That license imposes many more restrictions on end-users than the GPL or any free software license does, so it would be much more vulnerable. Yet nobody challenged it so far.

Besides, the AT&T case had nothing to do with the BSD license and everything to do with the fact that AT&T failed to properly register its copyrights (a procedure that's no longer necessary).

Re:Don't bother

[alienw]

Good luck proving actual damages because of such a violation. After all, the author would not see one extra penny if they fully complied with the license. You might get some punitive damages, but even that's unlikely. The GPL imposes more restrictions and you could argue that the violations were more serious and caused actual damages. IANAL of course.

Re:Don't bother

[merdark]

Actually, I think you are trolling. Most licenses have not been "tested" in a court of law, and they don't need to be "tested" to be perfectly good.

You're awfully quick to jump on the *trolling* bandwagon there. It's true that licenses don't always need to be tested to be fine. Most licenses are very similar to things the court has dealt with before and hence there is no need to 'test' them. Also, well worded licenses can be good. But that doesn't mean that having a license be 'tested' isn't better.

In fact, a license that has never been disputed is probably stronger than one that has been challenged in court.

Now THAT's some conclusion! Care to give some reason why that statement isn't just a shovelfull from the dung pile?

I don't see too many people saying that Microsoft's EULA is unenforceable, because it clearly is.

And here we see your ignorance. Shrink wrap EULA's are probably one of the most grey areas of the law. No, one's never been challenged yet, but none have been enforced yet either. And EULA's are broken A LOT. Many people think that EULA's are not valid at all.

This is about the WORST example to attempt to prove your point that you could have chosen! And here is proof that you picked a bad example

http://lwn.net/2000/features/ncm-dvd.php3

And the DeCSS guy won by the way. Twice.

Re:Don't bother

[merdark]

The GPL imposes more restrictions and you could argue that the violations were more serious and caused actual damages.

How? If they fully complied with the license a GPL author would also not see one extra penny. The code that needs to be released is *public*, i.e. it's not attributed *to* the original author and hence it's fishy if it can even be considered some form of payment.

Also, another alternative might have been that they would not touch the GPL code at all, in which case GPL author also gets no extra penny.

It might be a little easier to prove damages with the GPL, but I think you're reaching.

Re:Don't bother

[mirabilos]

Not exactly - the University counter-sued AT&T
because they violated the BSD licence in some
files they have taken from BSD to SYSV.

In the end, AT&T had to retain the original
licence, and agreed to licence a few of the
UNIX(R) files to BSD under a BSD-alike licence.

Re:Don't bother

BSD license is the only one of the two that has been tested in a court of law

As far as I know, nobody in the AT&T case tried to argue that the BSD licence was invalid. Furthermore, the case was settled without a judgement.

It's certainly the case that UC never really enforced the "advertising clause".

Re:Don't bother

That's not what our company's lawyers believe. While commerical products like the Linux kernel are off-limits, we coders have basically full-reign of anything on sourceforge or freshmeat. Copyright is really the law of the jungle, and if there's no economic damages, the bottom line is that you can wipe your ass with the GPL. Sorry. (However, we haven't yet "stolen" anything more than a couple small routines, usually because the defect ratio is too high.)

Re:Don't bother

[eht]

What damages? Copyright violation in and of itself is illegal in most countries that have agreed to international copyright law. Depending on where the copyright was violated, in this case Singapore, it may either be a slap on the wrist or it may be a many thousand dollar fine, usually per violation.

Re:Don't bother

[ThisIsFred]

I don't see too many people saying that Microsoft's EULA is unenforceable, because it clearly is.

What?

There are some parts of the MS EULA that seem perfectly fine to me, but some of their products... Well, there's no way it would be legal. I'm primarly thinking the clause that dictates the operating system cannot be separated from the PC. An installed operating system is not embedded software, so the EULA clearly violates fair use rights under current copyright law.

Re:Don't bother

[alienw]

Care to give some reason why that statement isn't just a shovelfull from the dung pile?

Nobody will try disputing an obviously bulletproof contract. It's a waste of time, and you aren't going to win. OTOH, if a contract is poorly worded, there might be disputes as to meanings and it would see the inside of a courtroom much more often.

An example: you steal my GPL program and incorporate it into a proprietary program. I catch you doing that. Are you going to want to go to court, dispute the lawfulness of the GPL, and face large fines in the process, or would you rather settle on the spot?

Re:Don't bother

[merdark]

Nobody will try disputing an obviously bulletproof contract.

So then the GPL isn't obviously bulletproof? Seems SCO is disputing it. My point being, that licenses are not tested for a variety of reasons, and not always because they are 'good'. The GPL is probably a fine license and likely the courts will reflect that, but you're generalizations are still wrong.

Many licenses are not tested because
A) they are not used on anything important
B) they have been violated but nobody knows
C) it's not worth going to court if it's easy to settle (many GPL violations are solved this way).
D) they are not enforced so nobody challenges them

Microsoft's EULA's would be a mix of C and D probably.

Re:Don't bother

[alienw]

SCO is not disputing the GPL. They may be saying nasty things about it, but so what? A dispute over a license can take place in just one place -- a court. So far, they have sued IBM for an alleged contract violation, Autozone for an alleged copyright violation involving Unixware code, and DaimlerChrysler for a contract violation. Don't see the GPL involved anywhere.

The same way regular copyright violations...

[Via_Patrino]

I don't care about BSD but as the title says OSS in general:
Just threat it like a regular copyright violation case:
1 - mail them
2 - if it don't work publicize, mail FSF (if that's the case)
3 - hire a lawyer in that country or an international lawyer company

If your code is under GPL, FSF may provide you some legal help, but if it's BSD or an unkown licence you're probably sol.

I've seen BSD violations myself, then I looked around for the BSD community in my country to tell them about it, but no signal of such community.

As I didn't care very much about the violator (it was non-profit) or the original author (not a friendly guy in the first place), I let that untouched.

Come on, you (BSD developers) want your name publicized (no matter what else is done with the code). How much community motivation (outside of the BSD developers field) has that cause?

Re:The same way regular copyright violations...

[KDan]

Good luck with that. This is southeast Asia you're talking about. They don't know what copyright means around there!

Not to mention their mastery of all things to do with online fraud... :-P

Daniel

Re:The same way regular copyright violations...

Yeah, since everyone knows people in Singapore are exactly like people in the rest of southeast Asia. They look the same, they speak the same (gibberish), they must be the same, right? Fucking moron.

Re:The same way regular copyright violations...

[PerryMason]

Nice generalisation.

Fact of the matter is that Singapore became a contracting party of the Berne Union in 1998 and so is bound by the same basic standard of copyright as the good ole US (or even Switzerland) and they're bound by the TRIPS agreement too.

So we've established that the right is enforceable in Singapore. The question then becomes are there any barriers to actually enforcing that right? Well Singapore used to be a former British colony with a common law system so you've got pretty much the same chance of enforcement there as in any common law country (UK, Canada, Australia etc). Up until just a few years ago the highest court of appeal for Singapore was England's Privy Council so with any case potentially going there for the final decision, the nature of Singapore's law has been influenced greatly by any legal developments in the UK and the nature of legal proceedings is substantially the same.

While you might have been one of the first countries to sign the convention, don't knock the latecomers! I might begin to think that you're sig might apply to the Swiss instead of Americans.

Re:The same way regular copyright violations...

If your code is under GPL, FSF may provide you some legal help

No, they might provide advice, but they won't provide legal help. They are very specific about this. They only get involved when they hold the copyrights. This is why contributions to GNU projects have to have the copyrights assigned to the FSF.

Re:The same way regular copyright violations...

[KDan]

I was referring more to a general attitude than to the legal system. My friend operates a successful internet business (in the UK, I might add) and regularly gets fraud attempts from south-east asian countries, including singapore. About 90% of the fraud comes from that region of the world, so recently he's taken to simply blocking the whole lot - the lost business is cheaper than the time and expense of pursuing the fraud. Given this, and the general climate of "pirated CDs/movies widely available in shops", how likely do you think a lonely GPL developer is to be able to enforce his rights?

Daniel

Misplaced blame

[drsmithy]

This apparently is the downside of releasing software under the BSD license: there are always lazy people around which just grab your hard work and act as if they spend 3 months of programming the stuff, because they didn't.

No, it isn't a downside at all, because they're not following the BSD licence terms. If they were, they *wouldn't* be able to "grab your work and act as if they spent 3 months programming". The only reason you're "losing out" is because the other party hasn't followed the rules - it's got nothing to do with the licence itself (assuming you knew the implications of released something under it in the first place).

*Exactly* the same thing could happen with GPLed code (and has - Linksys).

EULA

[Via_Patrino]

I don't see too many people saying that Microsoft's EULA is unenforceable, because it clearly is.

I don't know how often you've been reading slashdot but I see a lot of people complaining if EULA is enforceable because it's at least a strange contract: you pay for a product, take it to your home or whatever, and after that you agree with a contract.

Their argument is: when you buy a copy and take it out of the store, our relation with the owner is over.
He agreed to sell you that copy and you got the product. No contracts signed, no contracts to be reclaimed, it's now your copy and you can do whatever you want with it (under the general law of course).

Naw man....

RTFBlurb. It's Singapore, they use fresh bamboo cane's. Best of all you can pick them up duty free growing outside the airport or even outside their corporate offices.

An enemy who think my enemies are enemies...

are useful pawns.

Phase 1: Spread the rumor that the company in Singapore is really an American company with secret connections to the CIA, or so said your wife's cousin who installed their phone system, on Islamic sites.
Phase 2: ???
Phase 3: Boom!

Re:EULA for BSD's of GPLs

[H4x0r+Jim+Duggan]

The goal of the EULA is to give MS total control - so it's drafted to give the user as few rights as possible, making sure that grey areas will fall in MS's favour if a court case arises, and be completely unreadable to the layman. The EULA is so different to the GPL & BSD that they would share very little in terms of enforcement.

As for the lack of the GPL court case, read Eben Moglens (very good, short) essay Enforcing the GNU GPL.

Also remember that as of W32-XP, you're relationship with MS is not over once you leave the shop - you register either by phone or online when you install the system. The registration number you send to MS is a unique ID for your computer which is generated from a combination of various hardware serial numbers. Every time you use MS Windows Update, a list of all programs (by all vendors) that you have installed on your system is sent to MS. Two backdoor accounts have been found in MS IIS, both have "NSA" in the username. (and those are just the proven sneaky activities of MS software.) Your relationship with the shopkeeper is over - but your relationship with MS is just beginning ;-)

Possible steps

[dtfinch]

1) Send them an email. (done?)
2) Send more emails, make phone calls. (done?)
3) Complain on Slashdot. ...Done
4) Send postal mail.
5) Litigate.

Here's some contact info from their whois.

Codease.com contact:
Gary, Zheng sales@invenmanager.com
200 Jalan Sultan
#20-03 Textile Centre
Sg, Sg 199018
SG
90467520

Invenmanager.com contact:
CAMSOLUTION
Sales, Sales sales@invenmanager.com
21B St Michaels Road
Singapore, Singapore
SG
65-63960575

Re:Possible steps

90467520 is a mobile phone number which you can call by prefixing it with +65. Have a chat with Gary :)

Yeah I knew the BSD implications :)

[Otis_INF]

I'm Frans Bouma and I wrote LLBLGen and I deliberately chose the BSD license because I don't care if someone could use the code for their own product and sell it or whatever. The core of this issue is indeed that they didn't follow the rules of the license I released the code under. This is what hurts: your work is not acknowledged.

What's annoying is that even when you release the code under a very non-strict license (BSD2 has 2 simple rules, 1 applies to the binary version of the work) people think they can even ignore that single, simple rule. This isn't the first time this happens with the code though, although this time it is so extremely obvious (.NET has nice decompilers so you can peek into the code very easily). It's so obvious because their code is non-hungarian coding style and my code in LLBLGen is written in hungarian coding style (which is uncommon in .NET code, because MS wants you to use a different style, ala Java). So all kinds of weird prefixed names are preserved in the compiled version of CodeAse and which makes the CodeAse code easily comparable with the compiled version of LLBLGen 1.x and the sourcecode.

I admit, with the GPL it wouldn't have been any different: people are still able to rip the code and use it as if it is theirs, however with the GPL you have one difference: if the license violation gets out when it is a GPL violation, there are more people who will know this because the FSF / GPL movement will make sure everybody knows it. But I'm glad someone mailed /. :)

The latest news is that there is no news: I haven't heard back from them, after they (him?) said it was acceptable to follow the BSD license after all and after I then replied that it would be ok if they added a Based on LLBLGen 1.x Copyright Solutions Design line to the about box.

Mail out a parcel bomb....

Cheap and efficient.

Contact your local terrorist organisation for more info.

Go talk to the FSF.

[Spudley]

You really need to talk to the FSF, because they will have the resources and the knowledge to help you.

Re:Go talk to the FSF.

[Dionysus]

Why would FSF help someone who didn't use the (L)GPL?

It's not about money,

[Otis_INF]

It's about not obeying the license. I want my code being acknowledged as the code the application of CodeAse is build on, a very large portion of the code is mine, it is licensed under a simple license so all they have to do is follow indeed the line you quoted :)

I chose this BSD variant because it was restrictive enough so people who would build a new tool based on it would have to produce the copyright but still would be able to sell it eventually.

If it was about money, I shouldn't have had it released as sourcecode in the first place, I think. :) I released the source so others could modify it to meet their requirements, and if they distributed it in binary form, the BSD license would ensure the binary form would show the copyright notice... (in an ideal world that is ;))

Such as...?

[Half-pint+HAL]

...human-powered distributed denial of service attack? (Slashdotting, to me and you....)

To those who'd say, "Who cares?"

[Talonius]

It's BSD, Frans meant for it to be usable by others.
It's GPL but not assigned to the FSF, you'll never get any help.

I wager that open source developers, when combined under the banners of all open source licenses, become one of the largest special interest groups in the technological community.

As a SIG we wield considerable power; consider the power such groups hold in the United States Congress. Consider - would you want your name to villified online for stealing code when it is common to search the Internet for an applicant's name now? What about those companies that practice peer interviews prior to hiring?

Companies are likely to want to minimize their legal exposure as well. If your boss or shareholders know that someone has stolen code and that a controversy surrounds that code, there is a good chance the code thief will suffer from a lost job.

But these things can only happen if we act in concert; as a unified group that is capable of taking action and responsible for the actions it takes. Someone here posted that vigilante justice was the answer and in a way it is. The rule of governments are held only because the entire population does not rise up against them. Mob rule. In our situation we'll find little help for the common developer whose license has been violated... except from ourselves.

Slashdot, kuro5hin, Groklaw... these are three shining examples of what we can do as a community.

How to get punative damages

[samjam]

If its all your own work or if you have the co-operation of all authors you simply also offer commercial licensing at high rates. Then you have demonstratable loss.

I wrote a multi-threading library for Delphi 1.0 (16 bit windows) and by accident released some early source with it.

I later found another company having based a product on this.

The licensing terms explicitly granted "after the fact" licensing at very high rates.

I didn't cash in because an employee had taken the code without their knowledge and they weren't making much money anyway, and they had since wrapped it with a Delphi 2.0 threading-api compatable wrapper, so we cross-licensed and left it at that.

Sam

Learn your lesson next time

[duffbeer703]

If you don't want people to profit from your work, don't release it as BSD.

If you are so vain that you are willing to spend thousands of dollars to sue to have your name placed on something, have fun.

Re:Learn your lesson next time

[endx7]

If you don't want people to profit from your work, don't release it as BSD.

That's not the issue. The issue is they didn't follow the terms of his license, which has nothing to do with profit (the GPL's terms have nothing to with profit also for that matter).

If you are so vain that you are willing to spend thousands of dollars to sue to have your name placed on something, have fun.

He wrote it in the first place, so why shouldn't he deserve some recognition?

Re:Learn your lesson next time

He certainly deserves recognition since he wrote it. CodeAse also needs to be honest and open about the fact that there is an open source project that they used code from. Their customers shouldn't have to spend time to search through the millions of possible open source projects to find the duplicate and realize that they could have used a free version. They should have a choice. If they feel that the additional 10% difference in features is worth paying for, then they will.

Re:Learn your lesson next time

[duffbeer703]

The issue is that because you gave your software away, you really have no recource to enforce complance.

Your options are:
1. Ask the vendor to comply with the license.
2. Sue the vendor to force him to comply.
3. Raise hell with the user community.

Option 1 has been done already, and the vendor simply ignored the complaint.

Option 3 is probally doable, but it takes time & money to get the word out, especially since we're not talking about software that everybody is using.

Option 2 will work, but will cost a fortune. Say you take the guy to court and the court rules against the offending vendor.

What is the remedy? Put this dudes name on the software. He incurred no financial loss, so he's unlikely to get a signifigant financial reward.

And lawyers don't work for free.

Re:Learn your lesson next time

you have absolutely no idea what you are talking about do you?

swing and a miss

Ask your diplomats.

[Joseph+Vigneau]

In addition to finding a lawyer with international and/or IP experience, I would also recommend writing to the embassies in both countries, asking for a course of action. There are most likely trade agreements between the two countries that can help enforce the licensing terms. Someone else here mentioned that both countries are part of the Berne Union and TRIPS...

IANAL.

It has been solved!

[Otis_INF]

CodeAse has updated the tool so it now shows the correct copyright in the about box and in the documentation. :)

Thanks for all the support!

Leading Expert on Open Source

There's a tech lawyer in Singapore who is a leading expert on Open Source and other stuff. His name is Tan Min-Liang and he's been consulted on most of the Open Source conferences in Asia. You can google him and his email's min.liang.tan@rajahtann.com

MOD PARENT

this is the Author of the software

good to hear its working out ok, shame you had to pro-active but then "trust" seems to be a dirty word in buisness these days.

Re:EULA for BSD's of GPLs

Also remember that as of W32-XP, you're relationship with MS is not over once you leave the shop - you register either by phone or online when you install the system. The registration number you send to MS is a unique ID for your computer which is generated from a combination of various hardware serial numbers. Every time you use MS Windows Update, a list of all programs (by all vendors) that you have installed on your system is sent to MS. Two backdoor accounts have been found in MS IIS, both have "NSA" in the username. (and those are just the proven sneaky activities of MS software.)

Proof? or is this just a bunch of tin-foil? It's easy to just type conspiracy theory but frequently hard to back it up.

About the NSA thing, do you think that the NSA is so stupid to include unencrypted strings containing "NSA" in an executable or resource file?

Every time you use MS Windows Update, a list of all programs (by all vendors) that you have installed on your system is sent to MS.

This alone would be SO obvious to a sniffer (and is contrary to what MS has published) that it would have caused a huge uproar by now (unless, of course, MS is using all that money (probably gotten through shady deals with aliens) to squelch it /rolleyes).