Slashdot Mirror
Exploitation of Open Source VoIP
n8twj writes " With John 'Maddog' Hall pointing out that Open Source VoIP will be bigger than Linux ever has been. How can we be sure that un-ethical companies will not try to steal code that is covered under the GPL and try to pass it off as their own? Recently, I have become aware that SysMaster has been redistrbuting a version of the Asterisk PBX written by Mark Spencer from Digium and many others. SysMaster claims that they wrote everything in-house, while they have surely done their own development, they are using Asterisk to power their product line without following the rules. In terms of full disclosure, my company also provides Asterisk-based solutions, however we have fully embraced Asterisk and gladly contribute back to the GPL."
Is this a serious question or an attempt to discredit a competitor?
Powered by onion juice.
This one company (NuFone) making an accusation about a competitor (SysMaster).
Where's the evidence? Or did slashdot just post this without checking?
Oh, wait... this is slashdot...
When the company starts to gain financially at the expense of a competitor it will be sued by the competitor for breaching the GPL. The competitor will get backing in this from open source organizations.
It is a little absurd for us to all think that open sources licenses won't get abused to some extent. But, for every quality open source based product that tries to "rip off" the developers (if that can be considered possible in open source) there will be several following the rules who will be glad to keep them in check and sue them into oblivion.
Please follow this advice: gather what details you can & notify whoever holds the copyright on the GPLed software you believe is being abused.
This will be modded down, but .... When someone could potentially violate the GPL, they call for their head, but will vehnemently defend their right to download movies via p2p networks.
Is it possible they are using Asterisk? yeah I dont see why not Asterisk is a Great Product, but like mySQL, Asterisk does offer a commercial NON-GPL license.
It could be possible that they paid for a NON-GPL'd Version that they used as a base.
In all honesty,if you code for free, and expect the business world to live in your nirvana, you get everything you deserve.
The government needs to be keeping tabs on this, or at the very least making inquiries when complaints are launched.
Why? Because open source licenses protect the public good.
In fact, I suggest that FSF and others lobby the government to have open source licenses registeres with an agency. Any software released under a registered license will have that license protected by the government. The simple establishment of the rules should scare most out of eploitation.
IALs can work out the details.
It looks like the Asterisk mailing list is already aware of this.
Irritable, left-wing and possibly humorous bumper stickers and t-shirts
I don't see GPL violations becoming a big problem. First of all, the loss to the open source community from abuses of the GPL is mainly the lack of contributions. That is partially balanced out by the fact that the company in question is at least not using some proprietary solution. Second, the problem is self-limiting: if a company gets to be large enough, someone is going to notice the GPL violation and the company will likely settle the resulting legal action quickly.
For BSD-licensed software (are there any BSD VoIP solutions?), companies are even welcome to use the software and make it proprietary. Proponents of BSD probably believe that it's better to have companies use open-source derived software even if they don't give back than to lose more companies to proprietary vendors. (Personally, I think it needs to be looked at on a case-by-case basis.)
If the copyright holder doesn't know what to do, direct them to this story for now.
Someone should really setup a site which helps handle GPL violations by directing copyright holders to the right legal people & offers advice for how to handle violations. A database or wiki could also be setup to record alleged GPL violations & how they were resolved. IIRC, the mplayer project keeps some information on GPL violations on their website. Many were resolved & their site records this.
I'd be happy to help with such a project with my time and content.
it takes no time at all to contact the copyright holder in most cases. It is also better if they fight their own battles, especially in court. It would benefit both the copyright holder and you if you team up to handle the violation. You can share legal expenses, public relations duties, etc.
NuFone contributes alot back to the Asterisk developement. They also do not claim to have written their "product" themselves.
I really shouldn't have used someone else's email address for this account.
Nufone is a service provider not an equipment vendor. They are not direct competitors. Nufone is one of the leading supporters of Asterisk development and they have contributed greatly to the opensource development effort.
(Check the Asterisk Mailing lists)
endorsement and condemnation, I'm gonna shill a bit. /. land needing VOIP to PSTN gateway with billing might contact my buddies at broadriver.com. 404 area code only, but reasonable prices for intra/inter lata, LD, and international. If you have a business overseas and would like an Atlanta GA phone number for USA sales, it's a hell of a deal.
Anyone out there in
Now I'm the grandest Tiger in the Jungle!
Maybe I am just ignorant in the issue, but I am curious.. What advantage is gained by companies using OS software and not contributing back?
I am not saying that everyone that uses OS software should be working on contributions. It certainly doesn't hurt the OS community.. But you seem to have a tone that there is some benefit from companies using OS software without giving back.
Unless I am missing something, that leaves the software right where it started.. And while it doesn't hurt it, it doesn't seem to help it either.
--- "End Of Line" - MCP
In terms of full disclosure, my company also provides Asterisk-based solutions, however we have fully embraced Asterisk and gladly contribute back to the GPL.
but I think the GPL is pretty full and doesn't need any more contributions at this time.
creation science book
think about the netfilter and reactos cases...
And this will increase with time, with companies not caring for licenses just to make more profit...
The internet community should care and take such cases to the courts. netfilter has been successfull with this in Germany.
And this matters how exactly?
They're still competing businesses. It is in their interests to slashdot their competitor and give them a bad name.
i work for a networking bluechip, and here they have been working in a project to clean their code (or code coming from OEM's) from any GPL-kind of code; and if that's not possible they will be marking the code clearly for public as an open source code. the legal department have been pushing this so hard!
"Evil thrives when good men do nothing"
Actually it's in their interest that their competitors play by the same rules that NuFone plays by. SysMaster is not doing that.
I really shouldn't have used someone else's email address for this account.
Do what the Business Software Alliance does. Encourage disgruntled employees to be anonymous whistle-blowers. A nonprofit can set up a clearing house which receives evidence and even pays out rewards for verified infringements.
With enough money, they can also take out radio ads similar to the ominous BSA warnings that get played here in Chicago once a year.
In a macro-sense, it helps the concept of open source by undermining money going to other closed source competitors.
Whether or not company A gets money for their open source product, company B selling a closed source product doesn't get any money to further market to other companies when companies X Y and Z use company A's product.
It's a very long-term view, but one could make that argument.
creation science book
Doesn't the EFF fight Open Source piracy?
...to uncover those in breach of the GPL.
GrokCheat, anyone?
Sean Ellis
Follow OfQuack's antics on Twitter.
Last I heard the entire point of open source code was using the code and redistributing it. As long as their product is open source and GPL'd as well, who cares? If they can use an OS project to aid the creation of a new OS project, I say more power to them.
- Asterisk is dependant upon Linux
- Massive Asterisk growth = massive LINUX growth
- Less any dedicated standalone jobbies
- So an explosive growth in ASTERISK would = an explosive growth in LINUX PLUS you would have Telecoms developers their eyes to the world of LINUX - and become new users.
Really a classic case of the "Cart before the horse"!!!HYPE etc - someone needs funding for something. sounds very MLM
The evidence is gleaned from viewing the "strings" output of a SysMaster executable. You find such gems as
Of course, this evidence was compiled by NuFone (a contributer to Asterisk), so you can choose to disbelieve it if you want. But if you want to verify its veracity on your own and post your results, I'm sure that would be OK.
"With sufficient thrust, pigs fly just fine. However, this is not necessarily a good idea...."
RFC 1925
GET JOHNNY COCHRAN
Since Digium also sells non-GPL'd copies of the work in question, they have a strong economic incentive to force these guys to either pay up for their non-GPL license or go GPL.
Put out your torches, save them for another day.
1) Digium *does* license Asterisk (as we distribute it, no additional features) outside of GPL and we *do* have commercial licensees already.
2) Digium appreciates the community keeping a watchful eye on other products in the marketplace which may be in violation of Asterisk's licensing terms. Please feel free to contact us directly if you have any concerns or questions.
3) I do not wish to comment specifically about Sysmaster's relationship with Digium at this time other than to say we are in contact with them.
Thank you again for all of your support in the community.
Mark
This post written under Gentoo-linux with an SCO IP license.
This will be modded redundant, but .... When someone could point out a hypocrisy within the /. crowd, but instead misses the mark, they are mocked to absurdity.
Y'know, you blow up one sun and suddenly everyone expects you to walk on water.
there is a nice link that shows it and it was in the original posting
I prefer the "u" in honour as it seems to be missing these days.
How can we be sure that un-ethical companies will not try to steal code that is covered under the GPL
Easy - just keep backups. That way, if somebody steals your code, you still have it.
Oh... wait. Did you mean copyright infringement and not theft? When the RIAA and MPAA start talking about those nasty thieves, people are quick to point out that copyright infringement is not theft.
Double-standards stink. When somebody infringes upon the GPL, it's not theft, so don't exaggerate your grievance or accuse the other party of crimes they didn't commit. It just makes you look like a whiny liar and doesn't help your case.
It is astounding given how much attention copyright gets here on slashdot that people still Don't Get It.
Yeah, I propose calling it "copyright" and setting up a US Copyright Office to enforce it.
The USCO does not enforce copyright. It registers copyrights.
There are no US Copyright Office boogeymen in black who run around arresting people either. If I steal your work, it is entirely your responsibility, in civil court (not criminal) to sue me and recover damages.
Further, copyrighting your code with the GPL license DOES NOT entitle you to expect the Free Software Foundation to go around suing people for you. They'll politely give you some suggestions on who to talk to and maybe a little basic advice, but that's it.
So many people don't get it- they whine about their code being stolen, but then don't do anything about it. As a result, corporations are fearless in violating the GPL license as has been proven again and again. The GPL license, as a result, is quickly becoming irrelevant.
When SCO claims Linus and others stole code, Linus and others need to sue them for liable(or slander, I forget). When Linksys fails to follow the GPL and steals code, the people who wrote the code need to immediately send them a cease and desist, and if they fail to comply, sue them to FORCE them to cease.
In this case, the Asterix developers need to pay a lawyer to file suit against the offending company, seek evidence by court order (if they are using GPL code, it'll be very easy to prove once you're in the door with a court search order), and if they find evidence, hammer them into the ground.
This is in bold because people need to wake up and get a clue. YOU NEED TO START BACKING UP THE GPL WITH LAWSUITS OR IT WILL BECOME COMPLETELY IRRELEVANT AND UNENFORCEABLE.
Please help metamoderate.
Start a covert GPL enforcement militia group that goes around and, uh, takes care of GPL violators. The world will know that you do NOT steal GPL code, and then everything will be ok.
in case you wish to read the source
I am putting myself to the fullest possible use, which is all I can think that any conscious entity can ever hope to do.
He may be right in accusing them, but he may be wrong. Many concluded without proofs he is wrong, that's not better than him concluding this company is violating GPL rules without disclosed proofs.
Achille Talon
Hop!
Say there's a telco that uses Asterisk (or some similar software).
And let's suppose they distribute their products/boxes with just an OS that downloads the (GPL-based) code from the telco's data center when the owner boots the box.
In this situation they do not (re)distribute the GPL-based code so they're not obliged to give you the source code. (Of course Asterisk may have a non-GPL license for commercial use but most other GPL apps don't.)
To get around GPL restrictions h/w manufacturers should make the critical part of the code downloadable from the Net during boot-up procedure.
Slashdot definitely needs a DNRTFL mod ( Did Not Read The Fucking Article )
Pain is merely failure leaving the body
"This is in bold because people need to wake up and get a clue. YOU NEED TO START BACKING UP THE GPL WITH LAWSUITS OR IT WILL BECOME COMPLETELY IRRELEVANT AND UNENFORCEABLE."
Like how the RIAA, MPAA, EULAs, Book publishers, Artists, etc, etc, etc do with their copyrighted material?
Are they just *using* the product, or have they made proprietary modifications to it? If the former, they are not violating anything. Redistributing an *unmodified* copy of a GPLd program is not restricted.
Thanks for the heads up. Instead of spending money on lawyers to make us both broke, we are negotiating with Sysmaster to get them to buy a commercial license.
Saying Java is nice because it works on all OS's is like saying that anal sex is nice because it works on all genders.
Asterisk is dependant upon Linux
/usr/portsr /local| An Open Source PBX and telephony toolkit|/usr/ports/net/asterisk/pkg-descr|sobomax@ FreeBSD.org|net|expat-1.95.7 gettext-0.13.1_1 gmake-3.80_2 libgnugetopt-1.2 libiconv-1.9.1_3 libogg-1.1,3 mysql-client-4.0.18_1 openh323-1.12.0_3 openldap-client-2.1.30 pwlib-1.5.0_4 speex-1.0.3_1,1|libgnugetopt-1.2 libogg-1.1,3 mysql-client-4.0.18_1 openldap-client-2.1.30 speex-1.0.3_1,1|http://www.asteriskpbx.com
$ cd
$ grep ^aster INDEX
asterisk-0.7.2|/usr/ports/net/asterisk|/us
$ uname
FreeBSD
$
Take two companies in the same field, company A who cheats and company B who plays by the rules.
Company A succeeds because it has more options than Company B and manages to kill off Company B. Company A begins to grow and starts to worry about liability so they start finding alternatives to outright cheating.
Company A become legitimate but the damage is done. They are now the market leader. Since Company A doesn't have scruples is has no qualms about ethically grey tactics like presenting Company B's failure is presented as proof that it's important to stick with the market leader and not risk on a new competitor, Company C. If Company C does manage to grow, Company A, being the market leader, can alway purchase Company C or practise exclusionary licensing with resellers or excusionary shelf space agreements with outlets.
Lady and gentlemen, Company A is Microsoft and countless other scrupleless companies out there. Granted open source is finally bringing back some competition into the market and there's some hope that it can keep Microsoft from taking over everything in the next 10 years, but 30 years of vendor lock-in could have been avoided if society held Microsoft and other companies to high ethical standards.
It's in everyone's best interest for all of us to play fair.
At my company we use open source projects such as BIND (for an ENUM / DNS based call routing directory) around the edges of our VoiceXML / VOIP IVR hosting service, but not in our core platform.
Originally we did use early open source VOIP projects such as OpenH323. OpenH323 was great, but it needed to be replaced as we moved to SIP and required reliability beyond what OpenH323 offered.
Asterisk is in a similar place - it is a great project that has seen some great early success in voip. I have heard that Vonage, for example, uses it in their voicemail system. I also use it at home and we have several projects at work in the research phase that incorporate it.
Asterisk is not reliable enough for our production environment today - reboots every few weeks to few months are common. As a project it is similar to where Linux was 5+ years ago - plenty of momentum but not quite ready for mission critical use. I have no doubt Asterisk will become as pervasive and reliable as Linux and other leading open source projects have though. Asterisk is an extremely flexible, easy to work with project; and the people involved are also easy to work with and know telephony very well.
Someone already called you on it:9 632&c id=10812976
http://linux.slashdot.org/comments.pl?sid=12
Here's proof for a different project:
http://www.feyrer.de/g4u/g4l.html
All the strings prove is that they're using something based on Astrisk. It could be that they've liscenced the entire software suite a different way from the copyright holder.
If anyone's to blame, it might be Digium for not building and enforcing a branding on their non-GPL'd customers. If a company is using Digium software, it's in Digium's best interests to require some form of advertisement on the product reguarding that, similar to Intel Inside. It protects their clients, builds brand, and if the brand is strong enough, gives a statement of quality.
I Browse at +4 Flamebait
Open Source Sysadmin
You put out your code, people will use it.. Its a fact of life..
If you are concerned about it being 'stolen', then dont release it..
It may not be 'right' to take code when its under the GVL, but dont be suprised when it happens..
---- Booth was a patriot ----
By the way, there's a huge difference between music 'stealing' and code 'stealing'. The musician actually misses out on income. As far as I can tell, the code authors in this situation (and others) have not.
The simplest way is to use a BSD license and not worry about it. There are plenty of ways to make money off of GPL'ed code without violating GPL that if money is your concern, GPL isn't going to stop people anyway, so might as well just let anyone use it for whatever they want and be done with it.
Evidence:
http://www.sineapps.com/news.php?rssid=311
BKW posts details of SysMaster's GPL violation
http://www.sineapps.com/news.php?rssid=313
JerJer posts details of string output
http://www.sineapps.com/news.php?rssid=314
Mark Spencer responds to claims
http://www.sineapps.com/news.php?rssid=316
Digium agrees to let SysMaster just pay back licencing fees because they are their biggest customer.
-={ Security does not exist - give up }=-
Doesn't the BSD license allow free use of the code without requiring the resulting product be licensed under the same license?
If so, isn't it completely legal to use BSD code in a GPL product and the resulting work is GPL'd?
The applicable license would be the result of where you obtained the code...so if you got it from BSD, you follow that license, if you got it from the GPL'd product, you follow that license....right?
Someone correct me if I misunderstand this.
Mod points are pointless when you browse at -1.
Except that the article (very short article, you can do it), explicitly states that the company claims to have developed the whole thing in house, and not to be using Asterisk under any license at all.
If they did have a legitimate commercial license, don't you suppose they would want to quickly clear the whole thing up by saying so as soon as allegations came out?
What is the robbing of a bank, compared to the founding of a bank? -- Bertolt Brecht
If you knowingly ignore a copyright violation, you are considered to have waived your copyright. As soon as a copyright holder becomes aware of the violation, they have to do something about it.
What is the robbing of a bank, compared to the founding of a bank? -- Bertolt Brecht
What's wrong with these people? The punctuation in the article is so seriously fubar, it's not even funny.
IDA:http://www.datarescue.com/ + http://www.sabre-security.com/BinDiff
http://www.datarescue.com/IDA + http://www.sabre-security.com/BinDiff (sorry, messed it up on the first attempt)
Copyright isn't waived that way; neither are patents (though one may lose the ability to enforce them in specific cases, the patent itself isn't going to be lost due to submerging it).
Hey, Bill's house isn't too far away.
Let's light it up and make smores while we reminisce about the early days of GPL and Microsoft saying the Internet was not a viable venture.
You don't have to worry about this happening for voip. I've written highly scalable voip servers that are now deployed by several large carriers and cable companies.
The open source voip code is unusable. It may work if you're hacking something together for you house (as geeks are wont to do). But believe me. I looked into every voip package there was (open source, closed source, in-house, etc). The open source was horrible.
So, quit stressing about someone stealing it.
"Yea right, when Slashdot speaks in one voice is when I turn to another site for commentary."
You mean like when all the "anti-copyright" posts get moderated up, and all the "pro-copyright" posts get moderated down. Technically it isn't speaking with one voice. Effectively it is however. That's why people are against censorship. Technically you can sit home and write all you want. Effectively no one hears you unless they go out of their way to do so. Something they don't have to do for the "preferred" argument.
That in this case, the competitor is also a significant contributor to the GPL'ed code. Therefore, the competitor's contributed code is at stake as well, giving them a standing to sue.
"It's a very tangled subsystem." --Windows kernel guru
I've worked with several people that sell telephone services. It isn't pretty. It's a classic case of something that is good for all people. This type of technology would allow rice farmers in north korea to talk directly to researchers at Stanford at little cost. But there is a problem, and it has nothing to do with VOIP.
There is a sub-set of "Wise-Guys" that provide people with VOIP technology and make a fine living from it. It is true that these "Wise-Guys" provide a service, but they do NOT give back for the knowledge that they have barrowed from.
To resolve this issue of abusers of open source, just answer peoples questions about open source. Openess is the hated torch in coperate obscurity.
Arrange the subroutines and coroutines in nontrivial ways with subtle dependencies that can easily be detected through reverse engineering (chasing the flow control graphs of an executable and looking for tell tale watermark patterns.) This would require a closed source knock off to do a lot of rewriting (and if they have the expertise and time to do this, they have more than enough time to write their own 'good enough' implementation from scratch.)
How exactly one does this would the a fruitful research subject for the open source community.
(I recall something similar being done with instruction selection in a86 so that the author could detect commercial binaries produced by unregistered copies of a86.)
John_Chalisque
In other words... Digium sold them a licence but they're not supposed to tell anyone.