Slashdot Mirror
Maui X-Stream: GPL Violations, Lies, and Damn Lies
Jeremy writes "Drunkenbatman is at it again. This time he takes apart Maui X-Stream and all the who and whats that go along with it. Deconstructing Maui X-Stream has GPL Violations with reproducable proof (not done this myself), chat logs, and double talk from the CEO's and supposed authors of the software."
I thought it turned out that they were following the GPL by providing source.
The source may have been provided in a locked filing cabinet inside a disused toilet with a sign on the door saying "beward of the leopard", but it was made available.
It's already getting slow...
l og-archives/000534.html
http://www.drunkenblog.com.nyud.net:8090/drunkenb
Is it just me or do articles starting with copies of letters from lawyers always turn out to be good?
GPL violations seem to be getting more and more common. Take for instance eMule, where an eMule+ developer is knowingly breaking the GPL while working for a proprietary company called MetaCafe:c =72668 (login probably required)
http://forum.emule-project.net/index.php?showtopi
http://forums.metacafe.com/viewtopic.php?t=139
The worst part is probably that the eMule+ folks, who forked the eMule codebase and should be well aware of how the GPL works, are directly contributing to this violation.
This has happened multiple times, and the infringing company usually ends up posting the source.
The original MPlayer devellopers wanted to dual license MPlayer because they felt exactly the way you do after the MPlayer vs Kiss debacle. When it was discovered that Kiss had stolen GPL'ed code from MPlayer, they first flat out denied it, they even went as far as to imply that MPlayer had somehow stolen code from a KISS DVD-player. But in the end Kiss where forced to comply with the GPL and offer source downloads.
Try out fish, the friendly interactive shell.
Open source is so good so many companies claim it as their own in their products without credit. How tough is it to say "Built on Open Source with credits to...."? I know of dozens of "appliance like" devices that are like this. When you ask the vendor they say "we wrote it all" and just by the look and field you know Squid/BSD/OpenSSL/SSH are at minimum inside.
Make no mistake, the commercial software industry is the biggest pirate of code there is on the face of this planet. All developers routinely use google to search for code snipits and these programmers are from big companies like Oracle and IBM to little startups of all kinds. At least IBM acknowledges it's involvement and contributes to many like Linux.
Most companies should not be embarrassed, to me it is a selling point as no one company can do it all.
One un-named company actually had the gall to tell one of my managers they "Invented Spam Assassin". Needless to say I sufficiently set management straight by a few select web pages and suggested if they lie to us now what will the support be like?
Don't deal with companies that lie about the origins of their product.
GPL violations are a lot more common than most people think.
Just because it doesn't hit the mainstream media doesn't mean that thousands (yes, thousands of OSS projects out there are being actively violated by commercial enterprises). A few years ago I caught Sony doing this and reported about it (picked up by Slashdot here based on my account).
But that was relatively small potatoes to another GPL violation we've had to deal with. The CEO of a mobile company (who shall remain nameless, thousands know who he is) took our code, stripped our names and attribution out, removed the COPYING file (our copy of the GPL license), put his name all over it, and claimed he wrote it. He also waffled and lied over the years about which parts of our project he was and was not using. His stories changed back and forth (and I have all of the emails confirming these wishy-washy statements).
When we started seeing companies giving away binary versions of an application that looked suspisciously like ours (and I mean pixel-for-pixel identical) without any source, attribution or links back to the GPL, we started calling those companies and requesting the source for compliance. Since these companies had no idea who we were, they referred us back to the company they bought it from.. the original one who took our code from us outside of compliance with the GPL.
Then the threats started coming in... from the CEO of the company that originally took our source. My favorite quote from him:
We were appointed an amazing attorney by the FSF, and she represented us well. I even went to NYC to meet with this CEO with Wendy to discuss how they could bring themselves into compliance. The CEO insisted that "..the GPL is not a license, its subject to interpretation... it was never reviewed by real attorneys or tested in court", and then proceeded to tell me to fire my attorney, right in front of her, because he said she wasn't giving me correct information about the law. Yeah ok, except she TEACHES law, and this CEO does what again? Oh yeah, steals other people's products for his own profitous gain.
He continued to threaten us for contacting his "partners" (who were also not transferred the GPL when he sold them "his" product [using our code]). Of course his threats fell on deaf ears, since it is our duty to require compliance with our code no matter who uses it.
The case goes on now, 4+ years later, but some interesting facts have come to light and we may have some official corporate backing from someone he believes is a partner of his... this is FAR from over, and he has absolutely no idea what mountain of legal stress is heading his way.
Wendy has moved on to the EFF now, and we have some new legal contacts at the FSF to try persue this further, but they're busy with lots of other cases.
If anyone is interested in hearing more details, feel free to contact me. If you want to support our case against companies like this, please visit our donation page and contribute to help us fund more legal support (or just because your appreciate our work: Don't forget to check out our Plucker eye-candy page).
Its simple. Once violated, your rights to continue to use the GPL are revoked. This means every copy you allow to be downloaded, sold, or given away is now a US Copyright Violation, subject to $20k to $200k in penalties per-copy. Its easier to enforce if they filed their copyright with the US Copyright office (we did to fight just the same thing).
Most GPL violations settle out of court because the costs associated with going to court are enormous. Its hard to assess "damages" against a GPL project where the code is given away, copied, shared, downloaded, etc. for free.
In some cases, if the project taken by a commercial entity is used to "compete" with the free version (i.e. they claim they wrote it), it is also a "Lanhan Act" violation, or "False designation of origin".
It gets really ugly when the GPL is violated, but the good thing is that once violated, the GPL is no longer even an issue, its a clear-cut US Copyright violation.
"our boss did some more research, lurking on the community boards for free software. He was shocked by the attitude and venom caused when users noticed someone infringing the GPL. Most of the time the people who wrote the code weren't even involved in the discussion. He realised that if we made the slightest mistake under the terms of the GPL, even if it was only a perceived mistake, we'd have to spend the next 10 moonths dealing with these people."
So lemme get this straight: he actually _plans_ to break copyright law, and is shocked that people would not take to it kindly?
Would he prefer the way the BSA treats copyright violations with other software? Yeah, I don't think those would post flames on a board. They'd just show up for an audit and sue his pants off. Very professionally and without any flaming or venom involved.
Also it seems to me like there aren't many ways to make just "the slightest mistake" or "only a perceived mistake" under the GPL. Either you publish your own source code under GPL too, or you don't. I don't think it's possible to get flamed or "spend the next 10 months dealing with these people" if you did publish your code.
And if someone did post a bullshit thread, you just point them to the FTP or HTTP URL where they can get the code, and that's the end of it there and then. Hardly takes 10 months to cut and paste an URL.
It seems to me like all the flames I've seen so far on this subject were on stuff that was a _very_ clear case of GPL violation. I.e., people who hadn't released any code, and/or outright lied about using GPLed code at all. There's nothing "slight" or "perceived" about it.
So your boss's problem is...? Was he planning to be in that category, or? Lemme guess... He wanted to just "slightly", "mistakenly" forget to comply with the GPL, right? I.e., again, copyright law violation.
"Stop the hysteria, people. You're harming open source!"
I'm not even too pro-open source, yet I fail to see how this is harming anything. That it stops some people from breaking the license? I hardly consider _that_ to be any harm.
Look, as I've said before, I'm not even really pro-GPL, but like any other license it's a case of "take it or leave it". You get someone's code, there is a license to observe and a price to pay for it. In this case, the price is _your_ code. If you can't pay the price, don't use the product. It's that simple.
It's not even about GPL. I think the same about any other software and any other license. And especially for people making a living from software, I find it _lame_ when then they go and steal someone else's software. Whether it's by working with pirated copies of Visual Studio or breaking the GPL, I find it inherently abhorrent that someone would show so little respect for the very field they work in.
So again, the damage is...? That it caused someone to think twice about theft? I hardly think that stopping theft ammounts to causing harm.
A polar bear is a cartesian bear after a coordinate transform.
I'm the owner of Tliquest.net, and me and the drunkenblog guy collaborated on this issue for some time now. Most of my research on the tliquest site had to be pulled due to legal threats (I don't have any legal support at this time), but he could handle being sued. About the Java player, there has been lots of speculation on what they have used. I'll post my research log right here, so you can see what still needs to be found (if we need to; unless MXS somehow comes clean):
From primary archive,
http://www.tliquest.net/mxs
There are 20 supposed mirrors of my site, and I'll find out where they are soon.
---------
Listing of projects that VX30 has taken code from:
XviD 0.9.2 (all VX30 versions use this Xvid version)
Media Player Classic (VX30 live also uses MPC's webserver)
LAME (old 2004 version used version 3.93)
Possibly Filezilla (found a whole bunch of error messages from it)
Nero Freeware Advanced Audio (AAC) Decoder
Liba52
Ogg Vorbis code (it contains libVorbis, but that is under a BSD license; they haven't given credit, so it's a violation)
but - the vorbis streaming code seems to be part of another non-Xiph app
What I still don't know:
-origination of Xvid encoder frontend they used for the original VX30 and later versions
-origination of audio/video streamer server they used
-origination of Java-based decoder client
-which ones of these make up the Live Server app
-which app the threaded Ogg Vorbis code is from
---------
-eventhorizon
#Secret Windows Source Code, in MS C% - if (uptime >= "24 hours") then bsod() else print "Windows License Violation!"