Slashdot Mirror
Kernel Modules that Lie About Their Licenses
jon787 writes "An email to LKML about the Linuxant's HSF Modem drivers lying to the kernel about their license has prompted some interesting replies. Lots of talk about how to effectively blacklist these kind of things; a patch is here. One of the more interesting is this one. Linus as always has his $0.02."
You make it sound like he's just a figurehead now. I would expect him to say something, and I would expect slashdot to not trivialize it.
Anyway, I suspect that rather than blacklist bad people, I'd much preferto have the module tags be done as counted strings instead. It should be easy enough to do by just having the macro prepend a sizeof(xxxx)" thing or something.
Great idea, for this hack, anyway. Problem is, they'll come up with something else next time. I think this one really is up to the lawyers, unfortunately.
Modules should not lie about their licenses. Fine.
BUT... the linux kernel developers need to get over their fanaticism about open-source drivers. There are many reasons companies cannot or will not make their driver source public. For wireless cards, the FCC effectively prohibits it. For video cards and others, much of the value of the card is in fact in the driver and companies have a right to keep that under wraps.
Part of every attempt to legislate (which the kernel's interrogation of drivers is) should include the question "how will people cheat, and how can we stop this". Otherwise this kind of game is inevitable.
(And if the answer to the question is: "people will cheat and we can't stop them", then there is little point in playing legislator.)
Ceci n'est pas une signature
All those C string functions are todays source of plague. Even though I'm not Miguel de Icaza it's obvious that we should move to something new.
Actually, I buy hardware based on how well it does the job, how well it performs, how reliable it is. The firmware could be written in elbonian pictograms for all i care, and i would hope that most people buying IT hardware do the same thing.
If you can't find it in your heart to accept binary drivers, maybe computers aren't for you ;) j/k
Why did they even bother with this silly (if not cunning) trick in the first place? I mean, OK, no one loves the "kernel tainted" message, but at the end of the day, is it really that much of a deal that it needs to be circumvented?
I think a more appropriate way of handling things would be have a message explaining _why_ the tainted message is coming up, and why they can't GPL the driver. Work with the system, not against it.
-Erwos
Plausible conjecture should not be misrepresented as proof positive.
Has anyone ever gotten the modem in the TiBook to work with that driver? I've struggled with it a number of times (using YDL) and everyone on the lists or IRC just said, "Yeah, didn't work for me, either."
What I'm listening to now on Pandora...
It strikes me that alot of the same people so rabidly against DRM when used by big companies for the media they produce, are now demanding that linux include what can be seen as it's own DRM to prevent people from running unauthorized non-GPL kernel code.
If /. has no respect for other people's choice in licenses and cheers people ignoring the license, then it must also cheer on people breaking the license in Linux. You can't have it both ways.
As for your assertion, drivers can be non-OSS and still work perfectly, and OEM's aren't forced to make their stuff OSS - just ask NVIDIA if you don't believe me. Therefore, you're posting a strawman there...
The linuxant cheat isn't a problem because of the source code being closed, it is a problem because it pretends to be open-source when it is not, failing to warn whoever installs it.
Quo usque tandem abutere, Nimbus, patientia nostra?
It is a problem with the company lying to the kernel
Yes, but the kernel is not a person, right? In fact lying to hardware/software is a well-accepted practice for interoperability, emulation and fair use. If we want it to be illegal, we might as well defend DMCA.
Suppose that Lexmark made a printer that looked for a certain string in a ROM on an ink cartridge. Let's say the string was "The manufacturer of this cartridge agrees to the terms of the ELL (Evil Lexmark License)." If the string is present, the printer works great; if the string is not present, the printer has undesirable behavior of some kind.
Further suppose you want to make an ink cartridge for your Lexmark printer, and thus for the purposes of optimum interoperability, you imbed into the ROM: "The manufacturer of this cartridge agrees to the terms of the ELL (Evil Lexmark License).\0Just kidding. Of course I don't REALLY agree to the Evil Lexmark License, because after all, IT'S EVIL!! It even has \"Evil\" right there in the name, what more proof do you need?!? Sheesh, people!"
Are you bound to the ELL?
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
The hell you say. A Cisco router is just a CPU and some RAM with a few IO ports thrown in. Its the IOS firmware and software that makes it do its thing.
"Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
Here's why:
If Office 2003 started asking the Win32 API - areYouReallyMicrosoftWindows(). Then MS Windows would return true...
What would Wine get to return?
Moneyed corporations, non-working 'poor' and criminal prisoners are turning productive citizens into tax-slaves.
The problem with the compatibility argument is that it's wrong. The primary purpose of the license string is to track whether the kernel has loaded a closed-source module. Many kernel hackers choose to ignore bug reports from systems that have loaded closed-source modules since there's a very good chance that the bug is in code that they can't access and fix. But failing to export a GPL compatible license string doesn't have any effect on the kernel's ability to load and run a module, so there's no compatibility reason to export a dishonest description of the module's license.
There's no point in questioning authority if you aren't going to listen to the answers.
That's a ridiculous statement. The firmware IS the router. Without the firmware, the router is a few of off-the-shelf ethernet chips and a processor. The only difference between many different products is the firmware.
When you buy a router, you're buying the function of routing. That's nearly 100% implemented in the firmware (for consumer-level routers, probably IS 100%). The hardware is just there to support the firmware's function.
...but I sit here wondering how many of the people with their panties in a bunch over this (excepting Linus, of course) have a hard drive full of MP3's of dubious origin?
This ain't flamebait, but a rather trenchant commentary on the hypocrisy that I see.
firmware should not be a core component of a hardware company
Firmware can be valuable intellectual property just like any other hardware/software. If a company chooses to keep it closed, that is their decision. If you don't like it, don't buy that piece of hardware. Unfortunately, you'll probably find a small selection, at least today.
If a company finds a drop in sales due to keeping closed source, they'll change their business model to be competitive. If on the other hand most people don't care, they haven't given away their 'secrets' while still supporting customer usage.
That would be SO linux!
So have a complex and developer hostle system of certification, not for quality testing, but for nothing more than license conformity.
But aside from that, this entire kernel checking licenses thing is insane. Can Linux go any further out of its way to make sure it is never adopted by hardware companies?
Question: Are there any non-communist distros out there? (or is it even possible) Where the kernel is patched to prevent this sort of stupidity and where binary drivers are hosted in the distros updates, you know, a USEABLE distro?
And with the DMCA firmly in place, it will be illegal to hack YOUR hardware.
Jeez, I used to think I might be a little paranoid, but not any more...
My beliefs do not require that you agree with them.
Since the module reports that it is GPL, why doesn't every one start asking for the source code. Maybe they will be annoyed enough to fix the software (assuming they claim typo or some such) maybe they actually want to GPL the whole thing? :)
Important differences between the case you cite and this one:
1. That's a trademark, this is copyright. Very different.
2. There is no real reason why they _have_ to have "GPL" at the start there. Their code will work without it, it will just cause a message to the effect that there are non-GPL drivers loaded to be displayed.
3. In the case you site it _is_ the console's integral code that displays the trademark. In this case it is the module code in question that includes the text "GPL", followed by a string termination character, in a space reserved for the module's license.
OTOH, I would note that the letters GPL do not in themselves constitue a license grant; they are merely an abbreviation that is usually used to refer to a specific license. In this case, however, they could just as easily stand for "Greg's Private License" (under which you don't get any rights whatsoever).
I prefer to develop my modules under the revised BSD license, so that others can port them to the BSDs without running into licensing issues. However, Linux will mark the kernel as tainted when a BSD-licensed module is inserted. So I mark them as Dual GPL/BSD, so that they can be loaded without complaints, although I really don't want to release them under GPL, as that would pose a risk that others add code under GPL that could then not be used in the BSDs.
They could do so anyway. BSD-licensed code can be relicensed to GPL-licensed code.
May we never see th
No - GPL is a copyright license, which is exactly what the parent to your post was saying. Open-sourcing source code does not remove copyright protections (ie GPL).
You get certain kernel data structures. No GPL, no special data. That's what the problem is (LinuxAnt wants GPL-only data, but they aren't GPL).
:)
LinuxAnt is really screwed here, as their drivers obviously won't work anymore
My other car is first.
You pay a price in the market.
Agreed, in theory. But the solution they use here is worse, no? Because now, instead of unhappy users, you have ticked off kernel developers. And they have no reason to support you, your users, your business model, anything. They now start talking about blacklisting you and your drivers and your children from the kernel in any way whatsoever. So now, instead of having stuff that worked but didn't get free support, you have stuff that won't work because the community has decided that they hate you and want to see you and your crappy hardware to burn in hell.
Not a good plan, it seems to me.
- Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
Seriously, why do I care about this at all?
I have a kernel. I have a device. With out said driver the kernel is useless to me.
So the driver is closed and propitiatory, as long as it works with my kernel why should I care. ( all religious OSS arguments aside.. I'm taking for a *real* reason )
The alternative seems to be no driver, and the kernel becomes a useless lump of code. We cant demand that companies that produce hardware support anything they don't want too, be happy they at least give us closed drivers... 5 years ago they didnt even do that, unless it was for a Microsoft kernel.
---- Booth was a patriot ----
These people wanted $15 for a Linux driver, with no guarantees of free upgrades in the event of a kernel update.
I just went and bought a serial port external modem for $13 (shipped). Works like a charm.
There are a huge number of yeast infections in this county. Probably because we're downriver from the bread factory.
It's not just a political issue, but I guess if you have political issues with operating systems, that's a conveniently ignorant view to take of the situation. This driver is surreptitiously loading itself as non-GPL code while telling us that it is GPL. This effects the way Linux hackers treat bug reports that are tainted with this module. This is accomplished by loading that "GPL" flag and enabling helpers that prevent bugs reports from being flagged as tainted.
Therefore, not only does it complicate bug reports, it complicates bug reports by loading pieces of code that it's not allowed to. I'd say that makes it malware, rather than a political issue.
Alito: A vote for Alito is a punch in the eye to put that bitch back in her place!
EXPORT_SYMBOL_GPL() means: "if you use this symbol, then your driver is inequivocably a derivative work of the kernel".
Why? Because there are some ways of writing device drivers that make the drivers *not* be a derivative work of the kernel. P.ex., the NTFS driver distributed by Microsoft, NTFS.DLL, is not a derivative work of the kernel, but might, by way of (GPL'd) glue code, be load in the addressing space of the kernel and linked to it.
MODULE_LICENSE("Other license") means: "this module is constructed in a way that makes it a non-derivative of the kernel; you can modprobe it, and as it's not derivative, the GPL does not apply to it; don't allow it to see those symbols that would make it derivative";
MODULE_LICENSE("GPL") means: "the license of this module is GPL, please do the linking for me to the symbols that will make me a derivative work of the kernel", while
MODULE_LICENSE("GPL\0but not really") means: "I'm a fucking liar, and I want to roll the dice without paying the price (I want to be a non-GPL-licensed derivative of the kernel)."
Got it?
It's better to be the foot on the boot than the face on the pavement. ~~ tkx Kadin2048
Personally, I don't see the problem with using binary only drivers.
Neither do the kernel developers; the -great-great-etc-grandparent's assertion that they actively refuse to allow all things closed source was a straw man. All the kernel developers want to be able to do is have the kernel note when it is running a closed-source driver, so that they can easily filter out bug reports that would require them to have access to sources they don't have. They don't want to get blamed for problems caused by someone else's code whom they can't do anything about. Who in the hell can fault them for that?
But then its MY choice, not the kernel nazis. I thought that is what Linux was all about, Free as in speech, not as in beer.
It is your choice. The "kernel nazis" are in whole hearted agreement. They just want to be able to mark kernel dumps from kernels they can't fix. Their choice. Comprende?
In which case, the bug should also manifest itself if the modem wasn't loaded, so why lie about the module licence?.
What companies are doing if they lie in the module licence is using the linux developers as 1st line support - someone looks at the problem in a so-called "clean" kernel, tracks it down to one bolted on "black box" and refer the user to the supplier. Result, developer wastes time locating non-related bugs, which I believe is the reason the "tainted" message came into being in the first place
It's still a pretty good reason, though, to have your driver lie to the kernel. Maybe, just maybe, you're sure your driver is ok, and don't want its closed-ness to get in the way of people getting bug reports for completely different parts of the kernel.
No, it's not a valid reason at all. If you're sure you're driver is okay, a kernel bug should still be there if your driver is absent. If it's not, maybe, just maybe, the bug is with the module, and by lying to the kernel you're just wasting everyones time.
Exigo spamos et dona ferentes
If the GPL were for users or developers, everyone would be thanking this company for providing drivers that did not exist.
Nonsense... The GPL is for everyone who values their freedom.
The GPL is used by many developers who distribute the fruits of their effort for nothing beyond the expectation that anyone who finds their work useful enough to build their own products upon will provide said products under the same license. Even if those products are sold for profit, the derivative work should be as Free to those who purchase it as was the original work. From that perspective, the GPL is absolutely for developers.
Similarly, many users choose to purchase and use GPL products because they know that this license protects their rights to use and customize their software for their own purposes, in perpetuity. The GPL is absolutely for users.
Is that really the case? I thought their response was that they didn't want multiple warnings issued when one should suffice.
... YOUR MONEY
Doing these things honestly and functionally isn't all that difficult.
For instance, my company makes a sweet little device that, among other things, has a bunch of FPGAs (Field Programmable Gate Arrays). There is some language (I have never seen) that creates, via a source file (I will never possess) and a compiler (we license for a nut), to create a byte-stream (I have sitting around in a file) that gives the FPGAs their personality.
When my boss came in and started whining about the GPL I pointed out that the three modules were GPL-able and that distributing them under the GPL was about as "wanton with our intellectual property" as sunday school.
The drivers are just not that interesting. From one (the one that loads the FPGA images) you could learn how to copy a byte string into a single register. e.g. "for (int counter = 0; counter image_size; ++counter) { *FPGA_Personality_Register = image_buffer[counter]; }"
Oh yea, there is a lot of boiler-plate around this, and I actually do that inside a fpgaflash_write() etc. But this is *not* rocket science.
In point of fact, virtually all of the "Intellectual Property Issues" people have with respect to software are, frankly, crap.
A bunch of people doing a lot of truely marginal work have created a mythology of value. Somehow the way _*THEY*_ increment an integer is so much more fascinating than the way the rest of us do it. "But Boss," they say, "if everybody out there figures out that we put *our* serial uart at 0x2df instead of 0x2f0 then nobody will need us any more."
Bull.
If you provide a good product at a reasonable rate then people will pay you for it.
Every year I spend $20 to $50 to pay my taxes with one or another tax prepration software product. I do this *despite* the fact that all the forms and things are there and (obfuscated 8-) open source. (And I actually buy the software instead of pirate it, since to steal software when that is how I make my living would be hypocritical.)
The only people who have to worry about Open Source are the people who make crappy software.
Trust me, nobody wants your job. Nobody wants sneak in and rewrite comercial drivers *IF* *THEY* *WORK*. Nobody cares about your "proprietary register mapping" *IF* *IT* *WORKS*. The people who are going to make a nockoff of your board are just going to trace out your hardware if they want to clone it, and its is going to take them how long to disassemble your Windows driver to make their compatable device?
Gee, if they want to compete, they could just make their clone to one of the already-existing drivers they have source too anyway.
There is *NOTHING* *OF* *VALUE* in your drivers. Really. Get over yourselves and start harvesting all that free money by making a product and having the OS community improve your products' drivers for free.
It boggles the mind that people like nVidia and ATI want to keep their drivers closed when their real value is in the chipsets themselves. Everybody knows how Direct-X and OpenGL is going to present the data at that level. Why do they even *care* if someone knows that the data buffers are reformatted and their addresses are crammed into a doorbell register at a particular address. Do they think we can't possibly fathom the concept of laying out data and putting addresses into doorbell registers? Do they expect us to be supprised when it turns out that the eight hardware rendering pipelines they brag about on the box are backed up by eight separate linked lists (or whatever) in the driver?
And you just know that on the flip side, there is someone at each of these companies trying to outsource the driver development even as the first team of idiots are jealously garding their source code.
Back to the example, all the "value" in our product is in the complex and subtle control of state *below* the driver in the hardware, and in the complex and robust interractions of the applications and protocols
Innocent people shouldn't be forced to pay for inferior software development.
--"Code Complete" Microsoft Press