Slashdot Mirror
Maui X-Stream: GPL Violations, Lies, and Damn Lies
Jeremy writes "Drunkenbatman is at it again. This time he takes apart Maui X-Stream and all the who and whats that go along with it. Deconstructing Maui X-Stream has GPL Violations with reproducable proof (not done this myself), chat logs, and double talk from the CEO's and supposed authors of the software."
I thought it turned out that they were following the GPL by providing source.
The source may have been provided in a locked filing cabinet inside a disused toilet with a sign on the door saying "beward of the leopard", but it was made available.
It's already getting slow...
l og-archives/000534.html
http://www.drunkenblog.com.nyud.net:8090/drunkenb
I believe Arben. He just seems like such a trustworthy, honest person.
Just kidding obviously. I read through this last night (skipped a few parts here and there), but wow, talk about talking out your asshole! I can't wait to see if Maui X-Stream launches any lawsuits against drunkenbatman (or anyone else). Should be entertainment on the level of the SCO fiasco if it happens.
I'll turn into a supernova and burn up everything. Well I'll turn into a black little hole and you'll turn into string.
Is it just me or do articles starting with copies of letters from lawyers always turn out to be good?
This smacks of that Phantom/HardOCP thing. As long as their lawsuit is "pending" or they're persuing "legal options," their customers (are there any? ok, fine, potential customers) will think this guy is lying. They're just trying to put off the unavoidable death of their pathetic company.
You, sir, are a troll. From the horse's (or, more appropriately, goat's) mouth (aka the GPL FAQ):
Does the GPL allow me to sell copies of the program for money?
Yes, the GPL allows everyone to do this. The right to sell copies is part of the definition of free software. Except in one special situation, there is no limit on what price you can charge. (The one exception is the required written offer to provide source code that must accompany binary-only release.)
Q: Does the GPL allow me to charge a fee for downloading the program from my site?
Yes. You can charge any fee you wish for distributing a copy of the program. If you distribute binaries by download, you must provide "equivalent access" to download the source--therefore, the fee to download source may not be greater than the fee to download the binary.
Does the GPL allow me to develop a modified version under a nondisclosure agreement?
Yes. For instance, you can accept a contract to develop changes and agree not to release your changes until the client says ok. This is permitted because in this case no GPL-covered code is being distributed under an NDA.
You can also release your changes to the client under the GPL, but agree not to release them to anyone else unless the client says ok. In this case, too, no GPL-covered code is being distributed under an NDA, or under any additional restrictions.
The GPL would give the client the right to redistribute your version. In this scenario, the client will probably choose not to exercise that right, but does have the right.
Just
This was a unusually well written, well-based article with a lot of good facts. The proof is overwhelming and is clearly accurate. Maui X-Stream, Inc. really got their pants pulled down like they deserve.
9/11: Never forget it was a false-flag operation
That's why this keeps happening.
If I do this, and get caught...so what? What's the penalty? Exactly who is going to prosecute?
What if this CEO came right out and said "Yup, copied the whole damn thing from Sourceforge. What are you going to do about it?" What happens next?
PS: Not trolling, genuinely curious. All the focus seems to be on "Is the GPL enforcable", not "Who shall enforce it". And IMHO, both are important.
Weaselmancer
rediculous.
GPL violations seem to be getting more and more common. Take for instance eMule, where an eMule+ developer is knowingly breaking the GPL while working for a proprietary company called MetaCafe:c =72668 (login probably required)
http://forum.emule-project.net/index.php?showtopi
http://forums.metacafe.com/viewtopic.php?t=139
The worst part is probably that the eMule+ folks, who forked the eMule codebase and should be well aware of how the GPL works, are directly contributing to this violation.
If they want to sue this man for slander , well then they can also sue me for libel. From what i have just read it is fairly aparent that the *cough* makers*cough*/gpl-violaters of chery OS have done it again and are trying to abuse the gpl once more .
.Anyone buying your products should realise this and realise that they are funding an organisation with no ethics and a dubious reputation . .
..... .
To MXS
To me your company (MXS) is nothing but a bunch of liers and plagerists
If i am wrong and your honest(which i doubt) then i apoligise but from what ive seen today just shows more evidence that you should be taken to court for this
Your Sincerly
Fidel-catsro(A.K.A G.T.K)
If they want to take Drunkenbatman to court then i say we all join in and acuse them and see who far they get trying to take us all to court
I havn't had time to fully read overevery last bit of his findings (fairly lengthy read and rather well done) but from what i have seen it looks like they didn't learn the first time.
The only things certain in war are Propaganda and Death. You can never be sure which is which though
Got him, yes, piss off, you're out!
Does it go on forever?
Dear drunkenbatman:
It has come to my attention that you have acknowledged the giant pink elephant in the room. As you neither asked for nor received permission to acknowledge my client's said pink elephant nor to publish any information describing or defining said pink elephant, I believe you have willfully infringed my client's rights under 17 B.S. Section 1 and could be liable for statutory damages as high as $99,(many zeros) as set forth in Section 1234 therein.
I demand that you immediately cease acknowledging the pink elephant and that you deliver to me, if applicable all pictures, descriptions, and big steaming turds you have unlawfully made notice of.
If I have not received an affirmative response from you by 1 second prior to you reading this, indicating that you have fully complied with these requirements, I shall take further action against you.
Very truly yours,
Arden & Jim
While your answer is correct, you don't seem to have addressed the OP's (OT's?) argument, which is that he's supposedly required to release the source code including his changes. This is only true if they were selling their modified versions to other people. Since they were in no way (that was mentioned) selling compiled binaries or modified versions of anything, they are under no obligation to publish those changes.
In short, feel free to do whatever you want with GPL'd code in house, just be sure you're ready to give all those changes back to the community if you decide to sell the product you made with it.
I'll turn into a supernova and burn up everything. Well I'll turn into a black little hole and you'll turn into string.
This whole subterfuge around CherryOS never was needed. If MXS understood the GPL, they CAN sell the code along with some NON-GPL'd code. That's perfectly legal. What isn't is what they did. They DID not distribute the code. They completely did where they got it from (and not that well) and never acknowledged the PearPC project at all. The fact that he's closing down proves he just doesn't understand. All he had to do was release source. THAT'S IT! End of story. He had to release the PearPC code and any modifications he made to the GPL'd parts. He could have still had his front end be closed.
Gorkman
Open source is so good so many companies claim it as their own in their products without credit. How tough is it to say "Built on Open Source with credits to...."? I know of dozens of "appliance like" devices that are like this. When you ask the vendor they say "we wrote it all" and just by the look and field you know Squid/BSD/OpenSSL/SSH are at minimum inside.
Make no mistake, the commercial software industry is the biggest pirate of code there is on the face of this planet. All developers routinely use google to search for code snipits and these programmers are from big companies like Oracle and IBM to little startups of all kinds. At least IBM acknowledges it's involvement and contributes to many like Linux.
Most companies should not be embarrassed, to me it is a selling point as no one company can do it all.
One un-named company actually had the gall to tell one of my managers they "Invented Spam Assassin". Needless to say I sufficiently set management straight by a few select web pages and suggested if they lie to us now what will the support be like?
Don't deal with companies that lie about the origins of their product.
GPL violations are a lot more common than most people think.
Just because it doesn't hit the mainstream media doesn't mean that thousands (yes, thousands of OSS projects out there are being actively violated by commercial enterprises). A few years ago I caught Sony doing this and reported about it (picked up by Slashdot here based on my account).
But that was relatively small potatoes to another GPL violation we've had to deal with. The CEO of a mobile company (who shall remain nameless, thousands know who he is) took our code, stripped our names and attribution out, removed the COPYING file (our copy of the GPL license), put his name all over it, and claimed he wrote it. He also waffled and lied over the years about which parts of our project he was and was not using. His stories changed back and forth (and I have all of the emails confirming these wishy-washy statements).
When we started seeing companies giving away binary versions of an application that looked suspisciously like ours (and I mean pixel-for-pixel identical) without any source, attribution or links back to the GPL, we started calling those companies and requesting the source for compliance. Since these companies had no idea who we were, they referred us back to the company they bought it from.. the original one who took our code from us outside of compliance with the GPL.
Then the threats started coming in... from the CEO of the company that originally took our source. My favorite quote from him:
We were appointed an amazing attorney by the FSF, and she represented us well. I even went to NYC to meet with this CEO with Wendy to discuss how they could bring themselves into compliance. The CEO insisted that "..the GPL is not a license, its subject to interpretation... it was never reviewed by real attorneys or tested in court", and then proceeded to tell me to fire my attorney, right in front of her, because he said she wasn't giving me correct information about the law. Yeah ok, except she TEACHES law, and this CEO does what again? Oh yeah, steals other people's products for his own profitous gain.
He continued to threaten us for contacting his "partners" (who were also not transferred the GPL when he sold them "his" product [using our code]). Of course his threats fell on deaf ears, since it is our duty to require compliance with our code no matter who uses it.
The case goes on now, 4+ years later, but some interesting facts have come to light and we may have some official corporate backing from someone he believes is a partner of his... this is FAR from over, and he has absolutely no idea what mountain of legal stress is heading his way.
Wendy has moved on to the EFF now, and we have some new legal contacts at the FSF to try persue this further, but they're busy with lots of other cases.
If anyone is interested in hearing more details, feel free to contact me. If you want to support our case against companies like this, please visit our donation page and contribute to help us fund more legal support (or just because your appreciate our work: Don't forget to check out our Plucker eye-candy page).
He realised that if we made the slightest mistake under the terms of the GPL,
If you use GPL code, admit it, and release it.
It's pretty simple, there is no reason to make mistakes.
You're harming open source!
I prefer the term helping.
If people who don't want to follow the intent of the GPL are scared to use it GOOD.
We don't need to waste time and energy enforcing the GPL. Better to have those who would violate it not bother from the start. It's better for us, it's better for them.
Does the GPL require that source code of modified versions be posted to the public?
The GPL does not require you to release your modified version. You are free to make modifications and use them privately, without ever releasing them. This applies to organizations (including companies), too; an organization can make a modified version and use it internally without ever releasing it outside the organization. But if you release the modified version to the public in some way, the GPL requires you to make the modified source code available to the program's users, under the GPL. Thus, the GPL gives permission to release the modified program in certain ways, and not in other ways; but the decision of whether to release it is up to you.
What does this "written offer valid for any third party" mean? Does that mean everyone in the world can get the source to any GPL'ed program no matter what?
"Valid for any third party" means that anyone who has the offer is entitled to take you up on it. If you commercially distribute binaries not accompanied with source code, the GPL says you must provide a written offer to distribute the source code later. When users non-commercially redistribute the binaries they received from you, they must pass along a copy of this written offer. This means that people who did not get the binaries directly from you can still receive copies of the source code, along with the written offer. The reason we require the offer to be valid for any third party is so that people who receive the binaries indirectly in that way can order the source code from you.
The GPL says that modified versions, if released, must be "licensed ... to all third parties." Who are these third parties? ,p>
Section 2 says that modified versions you distribute must be licensed to all third parties under the GPL. "All third parties" means absolutely everyone--but this does not require you to *do* anything physically for them. It only means they have a license from you, under the GPL, for your version.
We are the 198 proof..
"our boss did some more research, lurking on the community boards for free software. He was shocked by the attitude and venom caused when users noticed someone infringing the GPL. Most of the time the people who wrote the code weren't even involved in the discussion. He realised that if we made the slightest mistake under the terms of the GPL, even if it was only a perceived mistake, we'd have to spend the next 10 moonths dealing with these people."
So lemme get this straight: he actually _plans_ to break copyright law, and is shocked that people would not take to it kindly?
Would he prefer the way the BSA treats copyright violations with other software? Yeah, I don't think those would post flames on a board. They'd just show up for an audit and sue his pants off. Very professionally and without any flaming or venom involved.
Also it seems to me like there aren't many ways to make just "the slightest mistake" or "only a perceived mistake" under the GPL. Either you publish your own source code under GPL too, or you don't. I don't think it's possible to get flamed or "spend the next 10 months dealing with these people" if you did publish your code.
And if someone did post a bullshit thread, you just point them to the FTP or HTTP URL where they can get the code, and that's the end of it there and then. Hardly takes 10 months to cut and paste an URL.
It seems to me like all the flames I've seen so far on this subject were on stuff that was a _very_ clear case of GPL violation. I.e., people who hadn't released any code, and/or outright lied about using GPLed code at all. There's nothing "slight" or "perceived" about it.
So your boss's problem is...? Was he planning to be in that category, or? Lemme guess... He wanted to just "slightly", "mistakenly" forget to comply with the GPL, right? I.e., again, copyright law violation.
"Stop the hysteria, people. You're harming open source!"
I'm not even too pro-open source, yet I fail to see how this is harming anything. That it stops some people from breaking the license? I hardly consider _that_ to be any harm.
Look, as I've said before, I'm not even really pro-GPL, but like any other license it's a case of "take it or leave it". You get someone's code, there is a license to observe and a price to pay for it. In this case, the price is _your_ code. If you can't pay the price, don't use the product. It's that simple.
It's not even about GPL. I think the same about any other software and any other license. And especially for people making a living from software, I find it _lame_ when then they go and steal someone else's software. Whether it's by working with pirated copies of Visual Studio or breaking the GPL, I find it inherently abhorrent that someone would show so little respect for the very field they work in.
So again, the damage is...? That it caused someone to think twice about theft? I hardly think that stopping theft ammounts to causing harm.
A polar bear is a cartesian bear after a coordinate transform.
Well, that would explain why Robin's been in the shower all day muttering "won't come off... so dirty..."
Read my blog.
Stealing code and claiming it's yours is quite different from downloading a song and listening to it.
By downloading the song and listening to it you are not claiming you wrote it, sang it, or even bought it.
Now, if you go out and sell said song at ANY price - there is the violation of the download.
Most people who feel filesharing of songs is ok - also feel as if it's promotion for the artist. I download rather infrequently - but MANY MANY of my friends buy music based on what they hear in my car and I also go to concerts and promote iTunes downloads on my website!
Yell & scream & rant & rave... it's no use... you need a shaaaave ~ Bugs Bunny
It's these companies that sneak around like weenie-waggers and wave their cartoonie lawyers instead when they get caught that get the flames.
One line blog. I hear that they're called Twitters now.
I was the main analyst behind the application/binary analysis in the article - about 1/5 of the way down you'll see my first credit:
:)
"Ryan Thoryk (aka EventHorizon), a Unix and Network Specialist in Illinois, is the one who put all of the hard work into peeking around the original VX30 binaries"
Yay - finally my hard work is getting mindshare
-eventhorizon
#Secret Windows Source Code, in MS C% - if (uptime >= "24 hours") then bsod() else print "Windows License Violation!"
You are assuming that the people that writes GPL code and defend it also illegaly downloads music and movies.
How can you support that?
again, great article and all, but wouldn't it have been just quicker to list the open source projects that haven't been ripped off by MXS?
perhaps they are not the same persons!
All the hand-wringing over "GPL violations" seems a tad hypocritcal when coming from a community (e.g., the "Slashdot" crowd) that supports "free-as-in-beer" music piracy and chortles at Microsoft's tribulations with software pirates.
:
Right, let's see if we can't deal with this tired old shit once and for all.
Imagine 2 groups of Slashdot readers - A & B.
Group A supports music piracy
Group B is against GPL violations
While these 2 groups may coincide to some extent, they do not completely coincide. There are members of Group B that are not also members of Group A. Your statment does not allow this possibility. It is therefore retarded.
Second point - there is a difference between a)making an unauthorised copy of a CD and b) making an unauthorised copy of a CD, claiming that you produced it and then selling it on (i.e what Maui X-Stream are doing). Your statement makes no allowance for this possibility. It is therefore retarded on a second count.
Therefore I contend that you are
a) Retarded
b) Trolling
And as such, I suggest that you:
a) Seek remedial education
b) Go fuck yourself
OK, let's ignore the GPL thing completely... say I make a product which I put months/years/etc of work into. Now, if some people copy my product without permission for personal use I might be annoyed. If businesses start using it without permission I'd be more annoyed.
However, if somebody copies my program, removes my name from it, and claims that they made it without giving me any credit whatsoever, I'd be royally pissed off.
I'm don't really support movie/music downloading (neither do I support *AA political lobbying though), but the downloaders aren't taking the latest N-Sync CD and trying to resell it while claiming that they produced it under the band name "Synced Up"
I'm the owner of Tliquest.net, and me and the drunkenblog guy collaborated on this issue for some time now. Most of my research on the tliquest site had to be pulled due to legal threats (I don't have any legal support at this time), but he could handle being sued. About the Java player, there has been lots of speculation on what they have used. I'll post my research log right here, so you can see what still needs to be found (if we need to; unless MXS somehow comes clean):
From primary archive,
http://www.tliquest.net/mxs
There are 20 supposed mirrors of my site, and I'll find out where they are soon.
---------
Listing of projects that VX30 has taken code from:
XviD 0.9.2 (all VX30 versions use this Xvid version)
Media Player Classic (VX30 live also uses MPC's webserver)
LAME (old 2004 version used version 3.93)
Possibly Filezilla (found a whole bunch of error messages from it)
Nero Freeware Advanced Audio (AAC) Decoder
Liba52
Ogg Vorbis code (it contains libVorbis, but that is under a BSD license; they haven't given credit, so it's a violation)
but - the vorbis streaming code seems to be part of another non-Xiph app
What I still don't know:
-origination of Xvid encoder frontend they used for the original VX30 and later versions
-origination of audio/video streamer server they used
-origination of Java-based decoder client
-which ones of these make up the Live Server app
-which app the threaded Ogg Vorbis code is from
---------
-eventhorizon
#Secret Windows Source Code, in MS C% - if (uptime >= "24 hours") then bsod() else print "Windows License Violation!"