Slashdot Mirror


Kernel Modules that Lie About Their Licenses

jon787 writes "An email to LKML about the Linuxant's HSF Modem drivers lying to the kernel about their license has prompted some interesting replies. Lots of talk about how to effectively blacklist these kind of things; a patch is here. One of the more interesting is this one. Linus as always has his $0.02."

31 of 587 comments (clear)

  1. Of course Linus has something to say. by Anonymous Coward · · Score: 5, Insightful

    You make it sound like he's just a figurehead now. I would expect him to say something, and I would expect slashdot to not trivialize it.

  2. Squashing... by jargoone · · Score: 5, Insightful

    Anyway, I suspect that rather than blacklist bad people, I'd much preferto have the module tags be done as counted strings instead. It should be easy enough to do by just having the macro prepend a sizeof(xxxx)" thing or something.

    Great idea, for this hack, anyway. Problem is, they'll come up with something else next time. I think this one really is up to the lawyers, unfortunately.

  3. Get over it by Anonymous Coward · · Score: 4, Insightful

    Modules should not lie about their licenses. Fine.

    BUT... the linux kernel developers need to get over their fanaticism about open-source drivers. There are many reasons companies cannot or will not make their driver source public. For wireless cards, the FCC effectively prohibits it. For video cards and others, much of the value of the card is in fact in the driver and companies have a right to keep that under wraps.

    1. Re:Get over it by Lussarn · · Score: 3, Insightful

      Linux is an open source system, you should be able to run a fully usable linux system using nothing but open source components.

      That is a hard requirement for Linux success, in the past, now, and in the future.

      For example if 3D desktops becomes the standard open source 3D driver will need to be developed, if the gfx companies don't like that we need to take our money someplace else.

      For the record I do run nvidia binary driver today.

    2. Re:Get over it by MartinG · · Score: 4, Insightful

      For wireless cards, the FCC effectively prohibits it.

      No, the FCC says the card cannot do certain things. Putting these restrictions in the drivers of each individual OS is not a good plan. The restrictions belong in the firmware. This is a safer way to ensure FCC compliance at the same time as allowing open source drivers.

      The linux kernel developers need to get over their fanaticism about open-source drivers.

      Who the hell are you to tell the kernel developers what they should care about? The kernel is licensed and written the way it is because the developers want it like that. If 3rd parties aren't prepared to play along, then they don't have to release linux drivers. They can't have it both ways.

      --
      -- MartinG To mail me: echo kewyjlcxyzvjfxbqwh | tr bcefhjklqvwxyz .@adgimnoprstu
    3. Re:Get over it by Unknown+Lamer · · Score: 3, Insightful

      The Free Software movement was started my RMS because the spooler for the new Xerox printer installed at the AI Lab did not come with source code. It had a tendency to jam and not tell the user before he walked across the campus to retrieve his job. The old printer did this (IIRC) but RMS had the source and was able to notify the user (actually, all of the users with print jobs in the queue) so that the printer could be unjammed before a trip was wasted.

      Accepting non-free drivers is giving up your freedom. Personally, I use GNU/Linux because I am freed from the whims of the developer. If you wish to be a slave again please return to Windows or the Mac OS while the rest of us continue to use our Free Software.

      The driver argument is foolish anyway. If you really must keep things secret (e.g. wireless cards) then move more things into the firmware and make the driver more simplistic (e.g. only allow the driver for the 802.11 card choose the channel to broadcast over instead of the exact frequency).

      It's funny how you want to give in to non-free drivers when they are essentially the reason GNU/Linux exists in the first place.

      --

      HAL 7000, fewer features than the HAL 9000, but just as homicidal!
    4. Re:Get over it by westlake · · Score: 4, Insightful
      Accepting non-free drivers is giving up your freedom. ... If you wish to be a slave again please return to Windows or the Mac

      Freedom means diffrent things to different people, but for most of us, I suspect, freedom is not ultimately defined by anything so trivial as access to the source code for a video driver.

      I am freed from the whims of the developer

      Then we can safely assume you are a master coder whose word is law in GNU/Linux?

    5. Re:Get over it by MenTaLguY · · Score: 4, Insightful

      This isn't fantacism, it's pragmatism.

      Regardless of why it was proposed, the reason Linus finally accepted the MODULE_LICENSE stuff was that everyone was wasting a LOT of time trying to track down bugs that ended up being caused caused by binary-only drivers.

      The effect of MODULE_LICENSE is mostly just to mark the kernel as "tainted" -- its internal state affected by code which isn't available for the kernel developers to consult when debugging.

      This shows up in crash dumps, so if someone posts dump of a crash in which binary drivers were involved, the kernel developers know upfront not to bother (the bug has "crossed the county line", so to speak).

      Linuxant's excuse is that the tainted message was too confusing for users (they don't appear to have any qualms about wasting kernel developer time).

      Of course Linuxant's proprietary code which they can't let anyone see is pristine and perfect, and could never, ever be the cause of a bug...

      --

      DNA just wants to be free...
  4. Poor processes by heironymouscoward · · Score: 3, Insightful

    Part of every attempt to legislate (which the kernel's interrogation of drivers is) should include the question "how will people cheat, and how can we stop this". Otherwise this kind of game is inevitable.

    (And if the answer to the question is: "people will cheat and we can't stop them", then there is little point in playing legislator.)

    --
    Ceci n'est pas une signature
  5. Creative null character? by News+for+nerds · · Score: 3, Insightful

    All those C string functions are todays source of plague. Even though I'm not Miguel de Icaza it's obvious that we should move to something new.

  6. Re:Can't get over it by REBloomfield · · Score: 4, Insightful

    Actually, I buy hardware based on how well it does the job, how well it performs, how reliable it is. The firmware could be written in elbonian pictograms for all i care, and i would hope that most people buying IT hardware do the same thing.

  7. Re:Can't get over it by dave420 · · Score: 3, Insightful
    Without the firmware, that router of yours would cease working. Whether you know it or not, every purchase of hardware you buy for your computer is dependent HEAVILY on the firmware. It's the same with drivers, and owing to the fact it's easier and cheaper to change something in sofware than hardware, more and more will be done in drivers/firmware, which means this will get even more common.

    If you can't find it in your heart to accept binary drivers, maybe computers aren't for you ;) j/k

  8. But why? by Erwos · · Score: 5, Insightful

    Why did they even bother with this silly (if not cunning) trick in the first place? I mean, OK, no one loves the "kernel tainted" message, but at the end of the day, is it really that much of a deal that it needs to be circumvented?

    I think a more appropriate way of handling things would be have a message explaining _why_ the tainted message is coming up, and why they can't GPL the driver. Work with the system, not against it.

    -Erwos

    --
    Plausible conjecture should not be misrepresented as proof positive.
  9. So what's it going to be? by Anonymous Coward · · Score: 4, Insightful
    People are circumventing the almighty GPL! Is /. going to complain and be hypocritical by cheering on other circumventing techniques like PlayFair, DeCSS, and other DRM removers?

    If /. has no respect for other people's choice in licenses and cheers people ignoring the license, then it must also cheer on people breaking the license in Linux. You can't have it both ways.

    1. Re:So what's it going to be? by JabberWokky · · Score: 3, Insightful
      Is /. going to complain and be hypocritical by cheering on other circumventing techniques like PlayFair, DeCSS, and other DRM removers?

      There's no reason you need to do this. The kernel happily loads any license. They are lying for the sake of misleading users. There's nothing to circumvent. This is like Pizza Hut advertising that they are giving out Free Pizza, and then cutting off the edge of the coupon that says "$15 per pie charge". There is no technical reason for this; this is simply lying to the end users.

      --
      Evan

      --
      "$30 for the One True Ring. $10 each additional ring!" -- JRR "Bob" Tolkien
  10. Excuse me, but... by iamacat · · Score: 4, Insightful

    It is a problem with the company lying to the kernel

    Yes, but the kernel is not a person, right? In fact lying to hardware/software is a well-accepted practice for interoperability, emulation and fair use. If we want it to be illegal, we might as well defend DMCA.

  11. Thought experiment by Sloppy · · Score: 5, Insightful
    Just to play Gates' advocate... reverse the players and see if people still see the situation the same way.

    Suppose that Lexmark made a printer that looked for a certain string in a ROM on an ink cartridge. Let's say the string was "The manufacturer of this cartridge agrees to the terms of the ELL (Evil Lexmark License)." If the string is present, the printer works great; if the string is not present, the printer has undesirable behavior of some kind.

    Further suppose you want to make an ink cartridge for your Lexmark printer, and thus for the purposes of optimum interoperability, you imbed into the ROM: "The manufacturer of this cartridge agrees to the terms of the ELL (Evil Lexmark License).\0Just kidding. Of course I don't REALLY agree to the Evil Lexmark License, because after all, IT'S EVIL!! It even has \"Evil\" right there in the name, what more proof do you need?!? Sheesh, people!"

    Are you bound to the ELL?

    --
    As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
    1. Re:Thought experiment by nacturation · · Score: 5, Insightful

      Or suppose that a website doesn't work in Mozilla unless you have Mozilla identify itself as Internet Explorer.

      --
      Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
    2. Re:Thought experiment by Anonymous Coward · · Score: 4, Insightful

      > If the string is present, the printer works
      > great; if the string is not present, the printer
      > has undesirable behavior of some kind.

      But there is where you analogy breaks down. If all the printer did was log in it's memory somewhere that a non-lexmark ink cart had been used so they could void your warranty for any printhead damage there would be no objection. But printers refuse to print without the secret knock and linux will load a module without the GPL tag.

    3. Re:Thought experiment by 10101001+10101001 · · Score: 4, Insightful

      So, the shoe is on the other foot. And copyright can be twisted to advantage the user (GPL). That doesn't mean every license is a good license.

      The fact is, the kernel doesn't arbitarily malfunction when it's tainted. Instead, the taintedness is a great sign to tell the user that they really need to go to the original authors for help since no one else is able to properly debug their proper (and of course, two different modules from two different companies which each taint the kernel creates a problem which no single entity can resolve). Faking the string to not cause taintedness helps no one (in the short term it might help the company, but it might not in the long run; people might pay support money to get bugs fixed in one tainted module). Faking a string in a printer cartridge helps the user to get cheaper ink. It also helps create competition (always a good thing).

      Ironically, Lexmark's cases against various clone ink cartridge makers might decide the result of this same type of deception. Faking a string to make some program behave the way you want might be unhelpful and possibly unethical (by misleading users into believing they're using only GPLed code or wasting developers time on problems they can't solve thanks to code they can't see), but it's hard to see how it could be made illegal. Now getting such companies for false advertising...

      --
      Eurohacker European paranoia, gun rights, and h
    4. Re:Thought experiment by frost22 · · Score: 3, Insightful

      ahem ... call me stupid - but isn't this exactly the other way round ? Internet Exporer claiming itself to be mozilla ?

      I seem to remember this from the early days of IE....

      --
      ...and here I stand, with all my lore, poor fool, no wiser than before.
  12. Re:Can't get over it by Kenja · · Score: 5, Insightful
    " I buy a router/etc for the hardware, not for the companies excellent firmware."

    The hell you say. A Cisco router is just a CPU and some RAM with a few IO ports thrown in. Its the IOS firmware and software that makes it do its thing.

    --

    "Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
  13. Lying should be OK... by zulux · · Score: 5, Insightful

    Here's why:

    If Office 2003 started asking the Win32 API - areYouReallyMicrosoftWindows(). Then MS Windows would return true...

    What would Wine get to return?

    --

    Moneyed corporations, non-working 'poor' and criminal prisoners are turning productive citizens into tax-slaves.

  14. Re:Good Luck by rgmoore · · Score: 5, Insightful

    The problem with the compatibility argument is that it's wrong. The primary purpose of the license string is to track whether the kernel has loaded a closed-source module. Many kernel hackers choose to ignore bug reports from systems that have loaded closed-source modules since there's a very good chance that the bug is in code that they can't access and fix. But failing to export a GPL compatible license string doesn't have any effect on the kernel's ability to load and run a module, so there's no compatibility reason to export a dishonest description of the module's license.

    --

    There's no point in questioning authority if you aren't going to listen to the answers.

  15. Re:Can't get over it by jridley · · Score: 3, Insightful

    That's a ridiculous statement. The firmware IS the router. Without the firmware, the router is a few of off-the-shelf ethernet chips and a processor. The only difference between many different products is the firmware.

    When you buy a router, you're buying the function of routing. That's nearly 100% implemented in the firmware (for consumer-level routers, probably IS 100%). The hardware is just there to support the firmware's function.

  16. ObDMCA reference by gosand · · Score: 3, Insightful
    It's the same with drivers, and owing to the fact it's easier and cheaper to change something in sofware than hardware, more and more will be done in drivers/firmware, which means this will get even more common.

    And with the DMCA firmly in place, it will be illegal to hack YOUR hardware.

    Jeez, I used to think I might be a little paranoid, but not any more...

    --

    My beliefs do not require that you agree with them.

  17. Re:Good Luck by julesh · · Score: 4, Insightful

    Important differences between the case you cite and this one:

    1. That's a trademark, this is copyright. Very different.
    2. There is no real reason why they _have_ to have "GPL" at the start there. Their code will work without it, it will just cause a message to the effect that there are non-GPL drivers loaded to be displayed.
    3. In the case you site it _is_ the console's integral code that displays the trademark. In this case it is the module code in question that includes the text "GPL", followed by a string termination character, in a space reserved for the module's license.

    OTOH, I would note that the letters GPL do not in themselves constitue a license grant; they are merely an abbreviation that is usually used to refer to a specific license. In this case, however, they could just as easily stand for "Greg's Private License" (under which you don't get any rights whatsoever).

  18. Re:/0 is like a period, it ends the statement. by jrockway · · Score: 4, Insightful

    You get certain kernel data structures. No GPL, no special data. That's what the problem is (LinuxAnt wants GPL-only data, but they aren't GPL).

    LinuxAnt is really screwed here, as their drivers obviously won't work anymore :)

    --
    My other car is first.
  19. Re:Good Luck by the_mad_poster · · Score: 3, Insightful

    It's not just a political issue, but I guess if you have political issues with operating systems, that's a conveniently ignorant view to take of the situation. This driver is surreptitiously loading itself as non-GPL code while telling us that it is GPL. This effects the way Linux hackers treat bug reports that are tainted with this module. This is accomplished by loading that "GPL" flag and enabling helpers that prevent bugs reports from being flagged as tainted.

    Therefore, not only does it complicate bug reports, it complicates bug reports by loading pieces of code that it's not allowed to. I'd say that makes it malware, rather than a political issue.

    --
    Alito: A vote for Alito is a punch in the eye to put that bitch back in her place!
  20. Re:Why do i care? by dinivin · · Score: 3, Insightful

    The problem is that it doesn't always work with your kernel. If the binary driver causes a problem with the kernel, the kernel developers have no way of tracking down the bug since they don't have access to that code. That is the point of having binary modules taint the kernel. How would you like to receive bug reports for someone elses software and not realize that it's someone elses bug?

    Dinivin

  21. Re:Can't get over it by Senjutsu · · Score: 5, Insightful

    Personally, I don't see the problem with using binary only drivers.

    Neither do the kernel developers; the -great-great-etc-grandparent's assertion that they actively refuse to allow all things closed source was a straw man. All the kernel developers want to be able to do is have the kernel note when it is running a closed-source driver, so that they can easily filter out bug reports that would require them to have access to sources they don't have. They don't want to get blamed for problems caused by someone else's code whom they can't do anything about. Who in the hell can fault them for that?

    But then its MY choice, not the kernel nazis. I thought that is what Linux was all about, Free as in speech, not as in beer.

    It is your choice. The "kernel nazis" are in whole hearted agreement. They just want to be able to mark kernel dumps from kernels they can't fix. Their choice. Comprende?