Slashdot Mirror
Sony Rootkit Allegedly Contains LGPL Software
Deaths Hand writes "According to this Dutch article the Sony DRM software (or rootkit, if you may prefer) contains code from the LAME MP3 encoder project, which is licensed under the LGPL. However, the source code has not also been distrbuted, hence breaching the license. Here is an english translation of the page." So apparently Sony violates your privacy to create a backdoor onto your machine using code that violates an Open Source license. This story just keeps getting stranger.
Doesn't the LGPL permit this?
now I feel more and more justified for not buying any music until the music industry stops suing their customers.
I read about this story days ago. I was hoping it wouldn't get lost. In a way this is even bigger than the root-kit story. You've got to love the irony of stealing code to create a DRM infested ripper!
If someone says he and his monkey have nothing to hide, they almost certainly do.
I believe the LGPL explicitly allows binary redistribution. Howerever, it may still require attribution, and that did not happen in this case. Way to go to break copyright law to prevent others from doing the same. Especially since the LGPL goes a long way towards uses such as this.
Fleur de Sel
1. Install rootkit that contains licensed code without telling users 2. ???? 3. Profit!
The best argument against democracy is a five-minute conversation with the average voter.
- Winston Churchill
I will admit I haven't read the license, but I could have sworn that I have no obligation to distribute the source of software I write using LGPL-licensed libraries. I thought I could freely distribute software using them them for any purpose even if I was distributing binaries only of my proprietary software.
In fact, I thought that was the whole difference between the GPL and LGPL.
Did I get this wrong, or is this a non-story?
D
IANAL, but I think this is no-case. The code isn't included as executable, but as metadata usable in identifying LAME. Same as antivirus vendors shouldn't be kept liable for installing millions of viruses and copyrighted code from multiple spyware programs, just because the antivirus contains sniplets of the original code used in identifying the threats. They don't link the code against the program, but include pieces of it as non-executable data for the database. It's fair use. Same as you'd sue Google for copyright infringement because they include a sniplet of text from your website in their search results, or a thumbnail of your copyrighted image in image search.
Anagram("United States of America") == "Dine out, taste a Mac, fries"
Someone should send a takedown notice to the Sony corporation.
Is someone at SONY some highly cynical form of humor to defend his/her position AGAINST DRM, or is this just plain stupidity slowly turning into the worst PR nightmare ever to hit the japanese giant?
Whatever it is I love it!
On second thought this might also just prove that a LOT of commercial software illegaly contains (L)GPLed code illegaly and just the ones that (due to extensive media attention) get scrutinised al lot, end up getting caught.
hmmmm...
J.
That being said, from what I've read it appears that the Sony DRM code may be looking for LAME on the system (to block it from working on their 'protected' stuff) but doesn't appear to actually contain LAME code.
PHEM - party like it's 1997-2003!
There's even more space dust on the book!
There are no loopholes. It's either legal or it's not.
However, the source code has not also been distrbuted, hence breaching the license
Uhh... Probably not going to say something popular here, but wouldn't it only violate the LGPL if they had made changes to the code and then not made those changes available?
If they just linked against it as a library, well, the LGPL exists for exactly that reason.
Not to say that I find it all that unlikely that Sony did in fact make changes (adding some other DRM, beyond the rootkit itself - Though even that, they could theoretically have done without modifying the Lame code itself), but this seems all too much like exactly what we fault SCO for.
"You used our code! Give us your changes!" "We didn't make any changes..." "Well give us the code and prove it!"
It's like a nerds wet dream. First you have an over-zealous company sabotage it's own customer's machines. Now, it turns out they are violating the very copyright laws they are trying to defend with their crapware. What next? Perhaps they'll claim they own the code in question and try to relicense it for $699, even though we all know they'll want to charge $666 for it.
After calming me down with some orange slices and some fetal spooning, E.T. revealed to me his singular purpose.
Just minutes before heading over to Slashdot I read this which concludes that while Sony's software does contain some of the LAME tables, it doesn't seem to use them.
I heard this several days agao and after I stopped laughing my butt off, I actually thought about it. It is likely doing string compares to find software that DRM is somehow allowed to break on your system, you know, to protect you from the bought and payed for content. If they really used GPL'ed, or in this case LGPL'ed, code there is going to be some spanking needed for this company. I don't think that LAME is likely to be in the software except as a detection string, however.
On the otherhand, I would love to see RMS do his thing. He's got the legalesse mojo, baby.
According to the report I read, the Sony rootkit doesn't contain any of the code from the LAME libraries, just a couple of tables. No-one seems to be quite sure why they'd do this - the two popular theories seem to be that either it's a cockup (they didn't really mean to include the tables) or it's part of some LAME-detection system. The evidence is probably on the side of the former given that the tables don't actually seem to be used at any point.
This probably is copyrightable data, but it appears to be use on a par with that occurring in spyware detection, as reported in the last news item.
Disclaimer: I'm not the techiest person in the world - if I've made a mistake please tell me.
For the love of God, please learn to spell "ridiculous"!!!
As I understand it, you still need to distribute the source code. From the license:
You may copy and distribute the Library (or a portion or derivative of it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange.
If they'd gone Open Source from the start with their rootkit, the community could have contributed bug fixes and improvements. Even their competitors could have gotten involved, resulting in a truely powerful bug-free rootkit for use by everyone.
One line blog. I hear that they're called Twitters now.
Its beautiful. I've always thought that the corporate war on their customers over intellectual property would turn when someone went too far. All of a sudden the main stream media would wake up and finally get it. Well, now its happened. The media is all over the story and Sony, bless their hollow little heads, just keep digging. I'm sure I'm not the only one who was shocked but not suprised at the news Sony or Level 4 have broken the LGPL. They are staggering around like a pummled prizefighter, bleeding on everything. There's going to be more blood before this is over. Besides the $billion or so it will cost Sony to clean up the mess, others will have some 'splainin to do. Like the anti-virus companies, like Microsoft, like the other music companies.
This story first came out on a list I read over a week ago. I'm pretty sure it's actually the media player, not the rootkit, that contains the LAME code.
I knew something was up when I saw that Aibo perched at my keyboard when I woke up this morning.
Next thing you know, they'll be after our precious bodily fluids.
The GO.EXE doesn't appear to contain LAME code even though it has been linked against it, however at least ECDPlayerControl.ocx on the CD (packed in XCP.DAT, installed along DRM) does contain code from LAME. It also uses Id3lib and mpglib, without attribution or any licenses shipped along. I spotted bladeenc dll there as well.
Check the bottom of my research page for info, http://hack.fi/~muzzy/sony-drm/
There's not much there at the moment but I'll be adding information as soon as everything can be properly confirmed and evidence gathered.
-- Matti Nikki
files are not software.
We had a sony digital camera at work, and , of course, someone lost the software.
So, I figure, go to sony.com, enter the model number, pull up a page with a download link, and voila, broadband to the rescue
Not happening
It took me and another geek 30 minutes to find the download link
So, maybe Sony is just stupid and inept. After all, look at the trinitron monitors, with that horizontal wire ~ 1/3 of the way from the bottom; look at the software they distribute with their early model DVD players (the sony software would not work with their own player - I had to download something from sateira)....
Not to mention Viao - how on earth can you expect a brand to be successfull if you can tspell or pronounce it (merkur anyone ?)
Next thing you know they'll buy SCO.
"Open the pod by doors, Hal" > "I'm afraid I can't do that, Dave" sudo "Open the pod bay doors, Hal" > alright
If you statically link in LGPL code (i.e. part of the binary), then the whole thing must be LGPL.
.o files (also the closed ones). AFAIK, Loki did this for statically linked, closed-source, SDL-based games.
Not necessarily. The only requirement is that the end-user can recreate the end result by modifying the LGPL part. This can also be met by distibuting statically linked binaries and all
Apparently there are still enough people who don't understant the (L)GPL. The LGPL was created to allow poeple to use code from GPL applications as long as they only use it as a library. Which frees them from the need of redistributing their *own* code. Even with the GPL you are NOT required to distribute the code along with the binary. The only abligation that you have is to make it available upon request. But this is not the same. Even under the GPL I would be perfectly ok if I distribute a linux system, without giving MY customers the sourceode, as long as they don't ask for it. If my client is happy, why bother? And of course, then I would only have to give the sourcecode to MY clients and not everybody else as well.
- Sony rootkit eats kittens?
- Sony rootkit throws momma from the train?
- Sony rootkit spawns Darth Vader?
- Sony rootkit deflates tires of soccer moms?
- Sony rootkit steals cookies from girl scouts?
- Sony rootkit cheats at final exams?
- Sony rootkit pours hot grits down Natalie Portman's pants?
yes, even music can be seen as software
It could be. You'd be wrong, but it could be.
While I'm not concerned about wether it's legal or not (Sony will argue that same 'fair use' clause that they're trying to demolish), I think one of the major differences here is that Viruses and Spyware don't serve legitimate purposes.
Lame, on the other hand, is used in all kinds of software and by all kinds of people for legitimate reasons. If you're scanning for and disabling the engine on someones work PC for instance, you can end up crippling a musicians recording studio that they use for their own work, or breaking someones home video studio or something.
Legal, yes, but totally irresponsible all the same.
"1. Install rootkit that contains licensed code without telling users 2. ???? 3. Profit!"
2. Release new Playstation!
What happens when you try to play a DRMed CD in a non-windows computer? Does is just play or is it not even recognised as a CD? I never had a chance to try, I just don't care much for the titles they have to offer. If this rootkit is meant to prevent people from ripping CDs but only works on one platform, they can't possibly think this is gonna work, right?
Can someone explain this to me?
Thanks
Isn't the company to blame the one that made the rootkit for Sony? It is some OEM stuff.
I can imagine Sony doens't know much about this at all. Sure, they are the ones legally responsible -- but ultimately, they'll just sue the rootkit makers if this ever costs them a dime (unless they indemnified the other guys).
http://www.thebricktestament.com/the_law/when_to_
Why isn't this labled as "Sony"? I decided to look for all articles about their great evils, only to realize that this wasn't among them.
So it is not only LPGL, but also the more strict GPL. This is of coarse all meaningless if nobody from the mpg123 project steps out and tells sony to go with the license.
It's important to remember that "copy-right infringemnt" != "stealing", and if people on /. can't keep this straight, how can anyone expect Joe Public to keep it straight?
This is as much a PR battle as a legal battle, and any succesful commercial organisation knows a thing or two about marketing/spin. And obviously judging by the crap they _sell_ (read push-on-consumers) as music and art, the *AA's must be succesful marketers.
If you think imaginary property and real property are the same, when does your house become public domain?
Baz
[1] in some lawyers opinion.... see http://en.wikipedia.org/wiki/LAME for info.
CD: The Bad Plus, Suspicious Activity: The empire strikes backwards
The fact that sony has chosen to violate a license agreement is entirely consistent with the motion picture and music industry standard operating procedures. The only rights they acknowledge are their own. For someone else to assert their rights, would be considered meerly cheeky. Look at the Buchwald case, record industry and movie industry accounting practices.
In short if you look at this from the perspective that these people feel that they own YOUR right to enjoy entertainment, it all becomes very consistent.
<sarcasm>Thus explaining why every single open source project includes the full GCC source tree with it?</sarcasm>
The GNU General Public License and the GNU Lesser General Public License have an operating system exemption. The exact wording of the exemption in both licenses is as follows:
True, the corner cases of this exemption have not been tested in a court of law, especially in conjunction with the "mere aggregation" exemption.
...not its CDs. They have done more to damage their image and profits with this story than they would have saved by installing its spyware.
I also feel sorry for the poor chap who buys Ricky Martin, Neil Diamond or Celine Dion CDs, I really do.
Sony should have some kind of disclaimer about installing its bad software, maybe a 'Spyware Advisory' sticker? It is only fair.
He who knows best knows how little he knows. - Thomas Jefferson
Sony have knowingly distributed an unknown number of copies of this file. I believe this allows the LAME authors to claim statuory damages of between $250 and $150 000 per infrignement.
Anyone know what an "infringement" is in this case? Is it a single copy or a single work?
I'm sure I'm about to be proved wrong on this but....
The strings just look to be a part of a search function for various LAME versions on the users computer,
and both programmes contain an array with the highly original title of "largetbl".
"Large Table" for those non programmers amongst us.
I'd like to see a bit more evidence before I cry foul.
What I find interesting. Why the Sony Rootkit is looking for LAME in the first place?
Does it alter or break LAME in in some way if LAME is found ??
This is all so ridiculous. It's not like Sony even asks the user if they want this crap installed. Where would they even put the copyright notice? Of all the underhanded nonsense...
Laws do not persuade just because they threaten. --Seneca
That only concerns GO.EXE, and while the analysis is correct for that executable, I checked for LAME references against every binary in the compressed XCP.DAT file after I managed to unpack it (thanks to freedom-to-tinker.com guys for providing description of the format). Turns out, there's more binaries including references to LAME, and this time there's actually code that uses the data as well. And not just LAME, there's also Id3lib included in one dll, and bladeenc and mpglib distributed along with the DRM. All of this is LGPL, it's code, and it's being used.
-- Matti Nikki
Regarding GO.EXE, it's a cockup. I've posted a few other posts here explaining the real situation. LAME along with some other LGPL code is being used in other binaries on the DRM, I couldn't initially find them since they're compressed in XCP.DAT on the cd but they get installed on the system.
-- Matti Nikki
Sony hired someone to stop people doing the dirty with their cds. What happened was they got someone (or some company) who either dont have ethics or morals, or are just plain dumb and gave sony exactly what they wanted. And now sony are paying the price.
- http://www.milkme.co.uk
Posted on Thursday, November 10 @ 11:44:47 CET by brenno
GNU / GPL (Copyleft) The spyware that Sony installs on the computers of music fans does not even seem to be correct in terms of copyright law.
It turns out that the rootkit contains pieces of code that are identical to LAME, an open source mp3-encoder, and thereby breach the license.
This software is licensed under the so called Lesser Gnu Public License (LGPL). According to this license Sony must comply with a couple of demands. Amongst others, they have to indicate in a copyright notice that they make use of the software. The company must also deliver the source code to the open-source libraries or otherwise make these available. And finally, they must deliver or otherwise make available the in between form between source code and executable code, the so called objectfiles, with which others can make comparable software.Sony complied with non of these demands, but delivered just an executable program. A computerexpert, whose name is known by the redaction, discovered that the cd "Get Right With The Man" by "Van Zant" contains strings from the library version.c of Lame. This can be conluded from the string: "http://www.mp3dev.org/", "0.90", "LAME3.95", "3.95", "3.95 ".
But the expert has more proof. For example, the executable program go.exe contains a so called array largetbl. This is a part used in the module tables.c of libmp3lame.
This discovery can have far-stretching consequences for the music giant, who claims only to protect copyrights. Previously, judges in Germany already forced various companies to release source code to the public and to deliver the goods necessary for compiling. It is also possible to demand financial compensation for damages.
Meanwhile, Other details are also becoming clear. The Electronic Frontier Foundation complains that the spyware makes the legal listening to the music on iPods impossble. The organisation is busy making a list of cds containing the hidden software and publishes this on her website.
Various calls to SonyBMG remained unanswered despite promises to call back.
The more I think about it, it really smells of dissention from within.
Either that or it looks to me like this is a mix of business people not understanding their market, customers, or technology and sloppy code work. I mean, what asshat would grab some open source code and not adhere to the license? It is either a tremendous faux pas on Sony's part, or there was some intentional act here to make this as reprehensible as possible.
Sort of like watching the music industry test the waters on this sort of thing and finding them extremely chilly.
This article has recently been linked from Slashdot. Please keep an eye on the page history for errors or vandalism.
http://bash.org/?577451
....and don't mention the countless fuzzy bunnies that died in the animal testing phase of Barbara Streisand's latest release.
When the people fear their government, there is tyranny; when the government fears the people, there is liberty.
Too bad. I've certainly wanted to be able to execute a lot of the music that's published today.
One line blog. I hear that they're called Twitters now.
First of all it seems that there is more than just LAME in there: http://hack.fi/~muzzy/sony-drm/
Second of all, am I the only one who finds it ironic that a DRM program designed to protect someone's copyrighted information is itself infringing on someone's copyright? I guess if Sony wants to fight those evil copyright violators they should start by putting themselves in jail.
... However, the source code has not also been
distrbuted, hence breaching the license. Here is an english translation of the page....
sigh,Why would Sony include LAME (or parts of it) in with this rootkit? LAME is just a mp3 encoder.
Unless Sony wanted high quality mp3's made from the CD (which I seriously doubt for some strange reason), I don't get why they would put it in there.
It isn't like LAME has any DRM itself. Far from that.
Anyone have any ideas?
Maybe it was planned to upload the source later through their backdoor.
FYI. BoingBoing have compiled a comprehensive timeline of events surrounding this: http://www.boingboing.net/2005/11/14/sony_anticust omer_te.html
Incite ICT - IT Support London
I know it causes me significant pain ...
I talk about stuff.
If it is necessary to reverse-engineer something thus breaking Sony's EULA in order to prove that Sony themselves broke the LGPL by including LAME MP3 code without the accompanying source... who is in the wrong?
If you hack into a website to prove that the company is storing customer details against the Data Protection Act (or whatever applies), are you suddenly in the right?
I mean really folks, this is just the way Sony does business...they care not for any but the pot of gold. I have had many run ins with the company from the PIC-2000 to the rootkit...I think they will pay dearly for rootkiting millions of unsuspecting customers. They deserve the ame treatment any other hacker would get if caught and charged.
i love my trinitron
good picture and an extremely high resolution for the price
Sony may claim to be looking for LAME. If so, they are using copyrighted samples to do it.
Since Sony already argues against fair use of samples, one need only supply the court
with Sony's own arguments against fair use.
Just a small comment on your comment:
Mods please avoid modding up the grandparent.
I think your comment (your GP) is still interesting although it may not be accurate, why?, if you see [your]parent comment, correcting you, you can see the poster did not quoted what he was correcting.
I stumble very often with these kind of comments, someone posted a comment which it has lots of replies, the replies are answering back to it and are modded 3 or 4, but the original post is at 1 or less, so I can not see it (as I always read at 2).
I think the mod system should give an +1 interesting when the post has some high (+4, +5) interesting/insighful modded replies.
Ubuntu is an African word meaning 'I can't configure Debian'
1. It seems that Sony has not actually included any executable code from LAME, only some data, which is likely used as a signature, to determine if you have LAME installed and are using it to rip MP3s. This is likely fair use, not wholesale copyright violation, as far as LAME and the LGPL are concerned.
So the interesting question is: what does the rootkit do when it detects LAME on your hard drive? Does it disable or corrupt LAME? Does it phone home? Does it automatically initiate an RIAA lawsuit?
*This* is what I think the next Sony class-action lawsuit should be about. I doubt there is enough grounds to get them on an LGPL copyright infringement suit.
2. Muzzy points out that the Sony uninstaller installs a "safe for scripting" Active-X control with remotely exploitable entry points for rebooting your machine and possibly for installing arbitrary code on your machine. More fuel for the tasty class action suits that are starting up.
3. Sony has done so many evil things with the rootkit fiasco (and we haven't discovered them all yet); the outrage is spreading, and it may lead to a major backlash against the whole industry practice of distributing corrupted CDs in the name of DRM. Here's hoping for a brighter tomorrow.
Doug Moen.
I have written a truly remarkable program which this sig is too small to contain.
So, maybe Sony is just stupid and inept. After all, look at the trinitron monitors, with that horizontal wire ~ 1/3 of the way from the bottom;
There's also a wire 1/3 of the way from the top, and those wires are there for a VERY SPECIFIC REASON: To adjust your monitor settings, like convergence of electron beams, for a razor-sharp image, AND realigning your monitor and adjusting it for every individual resolution that you run (sometimes Trinitron monitors will put an image slightly off-screen when switching resolutions, using those wires, you can re-align the image to a proper position, and save those changes.)
I happen to own a 21" Trinitron monitor, and I've had to reset things many times. Those wires come in VERY handy.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
I had an overwhelming feeling that BMG will be Spun from Sony.
Disclaimer: I'm a Sony employee, and I strongly disapprove of the rootkit DRM stuff in a completely unofficial not-representative-of-the-company way ;)
But it's worth mentioning at this point that Sony didn't develop the software in question here - the XCP software was developed by First4Internet.
Not being a lawyer, or particularly knowledgable about (L)GPL terms, who could be held liable when a piece of software is developed by one party, but distributed by another? Is ignorance a defence, for instance if Sony said "We didn't know it had unlicensed code!", how would that affect things?
Game dev and music blog
ren lame $sys$lame
In Soviet Russia, music listens to YOU!!!!
In China, only old people buy Sony CDs.
1. Hide Rootkit in Music CD
2. Violate LGPL
3. ???
4. PROFIT!
Does anyone know if this new DRM included on the new Natalie Portman CD "Hot Petrified Grits"?
OK, which ones did I miss?
Take a look at $sys$License.txt .. err... wait
Remember that disseminating false information about a company is libel, so for those of you getting ready to create webpages that list the included code, you'd better make sure your evidence and assumptions are accurate. Otherwise, you might be setting yourselves up for a nice fat lawsuit by Sony, reminiscent of Maui-X. Wouldn't that be ironic?
Isn't the LAME encoder an MP3 encoder that still needs to be licensed from Thompson? And, if you are going to get the license from Thompson, why use the LAME encoder instead of the nice licensed one?
While I can understand a bunch of patent-adverse geeks using an unlicensed encoder, it is really difficult to understand Sony doing this. This actually sounds like it all came from First 4 Internet.
How incredibly lame are these guys?
When I was 7, I played VIC20 software tapes on my tape deck. It was really fun, it was the first electronic music I heard indeed.
Later I remember I played .exe files in some kind of wave editor. It was cool, but not as cool as VIC20 tapes. I used it for some kind of electronic-noise project I had when I was in high school, I think.
-- Patent no.123456: A way to personalize
If this LGPL'd code is so lame, why does anyone care about it in the first place? :)
It's important to remember that "copy-right infringemnt" != "stealing", and if people on /. can't keep this straight, how can anyone expect Joe Public to keep it straight?
Software is not a service, its a product.
Someone owes me $300 for back rent when they lived with me. They did not "steal" anything from me, but he believes he owes me the money and I sure do.
Obtaining a software product that is commercially available and using it as if you had paid for it is pretty damn close to stealing. I guess staying in a hotel without using any electricity or water and not paying is not stealing, but its still not right.
Killing someone could be misconstrued into stealing their life. Walking out on a bill at a restaurant is not considered stealing I guess, even though it is in part stealing.
What difference does it make?
Stealing a CD from wal-mart is not going to put them under, and neither is copying a CD that your friend bought from wal-mart. So, in order to avoid copy-right infringement, why not just steal the disk from wal-mart instead? Who cares?
The loosest version of the definition of stealing is to take a product without permission and using it just as if you paid for it.
Now taking Linux and mucking with it and then selling it w/o the proper attribution or source, is copyright-infringement. But nobody lost a sale here. Taking a copy of MS Office without paying for it and using it for yourself, is much closer to stealing than copyright infringement. Making other copies of it and selling it at a lower cost than the retail value is something entirely different.
No, copyright infringement is not stealing, but its certainly close enough. Kinda like the difference between identity infringement and identity theft.
Not that it lessens their tresspass, but Sony is apparently pulling the "infected" CDs:y /2005-11-14-sony-cds_x.htm
http://www.usatoday.com/tech/news/computersecurit
Jerry
http://www.cyvin.org/
That's outdated. mpglib was relicensed under LGPL some years ago already, check www.mpg123.de
-- Matti Nikki
Enough with the "we're not stealing, we're sharing" argument. Here's the definition of stealing from the New Oxford Dictionary: take (another person's property) without permission or legal right and without intending to return it. The record companies are money-hungry beasts & they do overcharge for their wares, but "sharing music == stealing". The only argument here is that some people feel justified in stealing the property because the cost to obtain it legally is too high. That feeling doesn't obviate the fact that taking songs we didn't obtain from an authorized source is stealing.
The other argument, that the music industry foists crap on us doesn't hold either. If the products were so undesireable, nobody would be stealing them! So, be honest with yourself and others. If you really think it's crap or overpriced... DON'T BUY OR STEAL IT! That sends the loudest message to a vendor. Stealing just makes them feel that their product is desired, but they are being ripped off. Imagine if nobody stole music anymore, or bought it from the record companies... they would be forced to either sell better stuff, or lower prices to make their products desireable.
Just wait...
After watching them destroy fan bases in their online games like Star Wars Galaxies and Everquest, I can't wait to see what insane ideas they come up next. This DRM thing isn't surprising after watching their 'great ideas' destroy Lucas Arts and SOE's games, let alone the people that were wrapped up in them.
Should we try to guess what new features Sony is working on FOR THE CONSUMER?
Maybe when you plug in your new PS3, if you don't accept the EULA, it instantly shocks you to death.
Or Maybe they have a new online game for the PS3 that is filled with subliminal marketing to sell Sony products that failed in the marketplace.
And in the process, they will use as much open source code as possible, and then claim they invented it and go on to claim ownership of BSD and Linux. LOL
Ok, had to be a bit silly today, but Sony lately is acting like a chicken with its head cut off and don't know how to regain whatever it is they have lost or think they might lose (i.e. XBox 360 might have them scared) I know World of Warcraft made them go 'oh crap' and destroy virtually all of their online games that were once what the industry looked to for quality and consistency. So much for consistency, and you can guess the quality part.
Consumers don't care about record labels, they care about the acts. The fact that any particular artist is on Sony isn't going to bother at least 90% of the buying public. They don't even look, and why should they?
Having opposed the idea that sampling is fair use, Sony doesn't have a leg to stand on. The code was included. It really doesn't matter if the code runs or just sits there. Copyright law is about copying, not running.
How is the Sony DRM worse than other such ones? There's quite a few distributors and quite a few CDs with similar copy-protection mechanism (installs to harddrive vithout user consent, adds self to autostart, hides from process list, breaks CD drivers etc), but none gets as much bad publicity as the SONY one. What "feature" makes the Sony rootkit so evil that it's all over the net while the others remain relatively unheard of?
Anagram("United States of America") == "Dine out, taste a Mac, fries"
Now, let me get this straight. Copyright violations hold up to $150,000 fine for each occurrence, right? This is what "RIAA" and the record labels have been threatening 12 yr olds in court with for the past few years.
The SONY rootkit was installed on how many computers? Am I correct here...in that the LAME project should potentially be able to sue SONY corp $150,000 for each violation. (Sounds like LAME might become the best funded open source project!)
Or do our laws only apply to the powerful? the rich? the mega-company? And if that is the case WHY should I give a damn about infringing on copyrights if they don't protect me as well?
Copyright law doesn't even mention executable code. The tables count.
Look, some free software developers are going to retire now. At what, $75000 per CD-ROM (thanks to Sony's lobbying efforts), the LAME developers just got rich.
Even if the case settles for 10% and the lawyers take 90% of that, the LAME developers make off with millions.
A perfectly good opportunity for more Sony-bashing, and quotes like "This sort of thing makes copyright infringement morally acceptable and in some states totally legal", and you morons come along with your lawyer-speak and analogies, arguing over mere technicalities. I've got news for you - Joe Desktop doesn't care whether his rootkit binary is linked against LGPL work: he just wants his rootkit to just work. Until the open-source rootkit community gets its act together you can forget any ideas you may have about linux desktop malware adoption.
So anyway... Sony sure sucks, huh?
The rage exhibited by Sony, Apple and other Corporations and their "Trade" (no trade) associations to monpolize and control what and how we consumers live and act should be a growing concern to everyone.
This has to be just the tip of the iceberg - "we" likely only learn about 2% of these devious efforts. It's only laughable when "we" learn about how these corporations themselves are breaking all kinds of agreements, all kinds of laws - are in fact the biggest crooks. But the biggest problem is the number of apologists there are lurking amongst "us" - trying to spin away the obvious.
I was at the house of a hollywood movie mogul this weekend - who is always complaining about copied movie DVDs being sold around town. Sunday evening he showed me the new Bose box he just bought for his black and red iPod. He said someone from his last movie crew sent him the iPod with 500 songs on it. There was no hestitation in playing copied songs on the iPod! Anyone who has hing around crews on movie productions knows where those songs came from.
So is the Slashdot crowd going to complain and moan about Sony being a servant of the devil, and then happily go to Best Buy and get ther shiny new PS3?
Price fixing :
v ariable_pricing/
http://www.channelregister.co.uk/2005/11/15/sony_
Sony in internet 'price-rigging' rumpus
Ramps up wholesale cost to UK e-tailers
Sony and other manufacturers have been accused of asking online retailers for 10-15 per cent more for wholesale electronic goods than they charge their traditional counterparts, The Times reports.
Online retailers have naturally cried foul and will meet today to decide whether to "name and shame" the guilty parties. Sony already faces Office of Fair Trading (OFT) and European Commission examination of its pricing strategy.
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
Suppose the case settles for 10% and the lawyers take 90%. That leaves $750 per CD-ROM for the mpg123 developers. Now think about how many CD-ROMs have been produced.
Oh, what I'd give to have Sony infringe my open source project! The mpg123 developers are some lucky bastards for sure. I need to learn how to write Windows multimedia software instead of just Linux system software.
It could be. You'd be wrong, but it could be.
True, but I could see some patent attorney in court arguing that it is.
Paul Birsch (44) 0207 384 7500
Leave a message on his ansafone & he "will" get back to you with a complete explanation.
Honest!
So what, another license violation that no one will do anything about. I've not heard of any legal fallout from any of the numerous license violations Slashdot has reported on. At this point you have to wonder why the license exists at all. If it's never enforced it may as well not.
I thinking more of a firing squad at dawn.
One line blog. I hear that they're called Twitters now.
The magic words are "take property" and "without intending to return it". When I copy something (which is a technical necessity on electronic data systems, you'd have to actively destroy the original to "just move" it) I cannot "take", let alone "return" the original thing.
Let me illustrate:
If I came to your house (without doing any damage), carrying a portable photocopier, and copied a book from your shelf (without even leaving a fingerprint on it), then left again. Did I just steal the book from you? Or am I guilty of trespassing (your house) and copyright infringement (the books copyright owner)?
I'm not arguing "sharing" music is legal under all circumstances (though there are more cases than the Recording Industry wants everyone to believe), but it is not "stealing". The correct term is "copyright infringement" and in legal debates precise choice of words is essential.
I'd guess that improper use of (L)GPL code is pretty wide-spread. It's only been discovered in this case because of the intense scrutiny on Sony's DRM system. I bet there are plenty of other cases out there that haven't been picked up because nobody's bothered to scrutinize the executables.
Here's the link to comments of LAME developer tt at Slashdot Japan.
When Interware violation incident occurs,I feel like as if my own son/doughter were raped by them.But I soon realized I can't have enough power to change the situation.I prefer coding,listening music,cooking to legal action.
Similar comment was written on Journal entry.
tt also comments on tables,as more hint for searching copyleft infringement seeking;t16_5l[]@table.c & enwindow[]@newmdct.c
Note the words "may be". Copyright law is funny. Using things that are necessary to interoperate (e.g. simple definitions of constants and function prototypes) is not a problem from a copyright perspective (c.f. "scenes a faire"). If there's only one way to express an idea (e.g. "errno.h", which maps POSIX specified numbers to POSIX specified constant names), it's called "merger" and is not subject to copyright.
Now, if the header file contains substantial code in its own right, either in the form of code that compiles or just macros, it's possible that a case might be made that the resultant object file might be considered a derived work (though note that the other source code is expressly not).
Indeed, there might be a case to be made that dynamic linking doesn't create a derived work, and that would make the GPL legally equivalent to the LGPL. But no one's tried to make that case in a court yet.
PHEM - party like it's 1997-2003!
Give me a seat on the board, 30% of Sony's stock, a hundred million dollars, and a few hundred million dollars for my lawyers.
Good enough? No? How about one hundred billion dollars?
I love how Sony lobbied Congress to make the statutory damages so ludicrously high.
Yes, indeed. Some nice folks posted up and down the Sony stories a few days ago about it, and the nice mods rated them up.
I am probably only one of hundreds who have this on their info page:
"
Inoshiro's Recent Submissions
Title Datestamp
Sony spyware in breach of LGPL. 15:35 11th November, 2005 Rejected "
By now, there should be some real followup info. Is the EFF going to sue? No one knew what was going on there last week. I hope they've finalized a plan of action this week!
--
Internet Explorer (n): Another bug -- that is, a feature that can't be turned off -- in Windows.
"to a website" WRONG WRONG WRONG.
t eWithSourceOnInternete AndBinaryOnDifferentSites
.spec file, or the dev-src equivalant.
If Sony don't provide the source they must make THE source available to all third parties for at least 3 years.
This is an obligation they must fulfil.
http://www.gnu.org/licenses/gpl-faq.html#Distribu
http://www.gnu.org/licenses/gpl-faq.html#TOCSourc
Merely pointing to "a website" or "the website we got it from" is not enough.
You have to make-sure-it-stays-there. And thats not enough.
You also have to let people request it by mail charging only a minimal fee.
You have to track your releases and make sure you keep the source of each release seperately so you can give people the source to the version they had.
Too many people consider only casually the obligation that the GPL puts on them. GPL is not an easy way out.
It's easy to receive GPL software because the burden is on the distributor, but you must understand and fulfil the burden when you are the distributor.
With most commercial software you pay some money before you receive it but you still have to follow the license guidelines.
Is it too often for me to say again that too many people distibute binary packages to open source software and distribute the source they compile to make the binary package but do not distribute the source to making the binary package; i.e. the
Sam
blog.sam.liddicott.com
For those of you who think I am wrong because I am quoting from the GPL faq and not an LGPL faq, read the LGPL:
http://www.gnu.org/licenses/lgpl
clause 4 of the LGPL contains the requirements I described.
Sam
blog.sam.liddicott.com
I am seeing two issues here that are becoming clearer in the Open Source arena. One is that when there is a violation, there is not currently anyone willing to spend the huge dollars needed to litigate the issue. With Comercialware, there has always been someone with fairly deep pockets to pay an attorney to pursue the violators in court. Who is that going to be in the Open Source community? Who is making money on this stuf so that they can pay the expense of litigation when necessary? Is the 'free' trajectory shooting itself in the foot that way?
Another interesting point I see is that someone, sooner or later is going to challenge the legality of Open Source under the 'free' standard and litigate that it is tantamount to price fixing, i.e. antitrust. How long before someone challenges that the contractual language that forces someone to provide code at no cost is the same as being forced to sell it at an inflated price. The price is still fixed, whether at zero or at some other number.
These are a couple of major challenges that await open source. I hope someone gets their ducks in a row before these things come to fruition. Open Source has driven the industry in a very good direction. I would hate to see it fall because it can't support itself, financially, when and where it is needed. Justice is NOT free, in fact the costs are enormous to obtain justice. Somehow that has to be worked into the Open SOurce equation in a way that works for us all or the likes of Sony are going to kill it off.
The thing that people don't seem to realize is that if the GPL doesn't hold any water (and it may not), then the whole thing just collapses back to plain old copyright law. In that case, they can't copy and sell the code at all without permission from the writer.
If I write a book and release it on the internet for everybody to download for free, you still can't copy and sell it without my permission. The fact that the code is offered for free doesn't mean that the writer has given up his rights to the work. In fact it is the GPL that gives people the right to copy and sell the work, if they follow the rules outlined in it. Breaking the GPL means you don't have permission to copy and sell the works at all. It is the GPL itself that makes it legal for people to copy and sell GPLed work. Without the GPL it's just plain ol' copyright infringement.
If you want a vision of the future, imagine a youtube comments section scrolling - forever.
The people who own copyrights in lame need to go after Sony for $160K/cd that has been shipped. Perhaps they can set up a call center where Sony can call in to "settle".
Yes, I'm serious. It's time to turn this shit back around on these bastards.
Do you have ESP?
> Obtaining a software product that is commercially available and using it
> as if you had paid for it is pretty damn close to stealing. I guess staying
> in a hotel without using any electricity or water and not paying is not
> stealing, but its still not right.
When trying to take the "moral high ground", try not to be such a lying sack of sh*t.
All the examples you try to cite actually include consuming physical resources of the owner for a time. This is something that copyright infringement does not do. Trying to associate one with the other is highly dishonest and is as morally bankrupt as genuine shoplifting. It is even worse since you're also indulging in moral pomposity.
You are cloning the ware, as if you could hammer out a copy of this years Lamborghini in metal shop. This is in no way comparable to conventiional larceny that has been a common law crime since the beginning of time.
It's more like counterfeiting, making fake Levi's and whatnot.
Use of the item doesn't require any sort of deprivation of the owner, not even deprivation that might be inconsequential to them.
Copyright infringement is nowhere near stealing.
Also, copyright is not a natural property right. It never has been. It's simply an inducement to encourage creative people to be creative.
The ultimate point is to have another Illiad or Beowulf, not to create new classes of criminals and robber barons.
A Pirate and a Puritan look the same on a balance sheet.
And this is the kind of shit you do when you're against a larger company that has absolutely no "morals", either. Business is war. The only thing that Microsoft has done differently is they haven't got caught. Or, when they almost got caught, they bought ("lobbied") all the right senators to make sure justice was done.
Sony got caught, and it's their own fucking fault just like it was Standard Oil's and AT&T's. Kill, cheat, lie, steal, sabotage, infiltrate, deceive. Just don't get caught.
I say make an example out of them, to make it a lesson to all the other would-be-caughters out there.
This seems like a pretty good GPL test case. The irony of copyright infringement being used to develop a copyright protecting program would likely go over will with the court!
If you want a vision of the future, imagine a youtube comments section scrolling - forever.
Isn't the minimum way to comply with the GPL's (and I assume also the LGPL's) source code distribution terms to make the source code available upon request? (IE you don't necessarily have to distribute source to those users who don't want it.) So has anybody tried requesting? It's worth a shot. I don't think we've ever had open source DRM crap before.
Have you ever wondered How to Take Over
Some people posited that it was an LGPL violation, while others thought that this was included only as binary signatures of the software that the DRM process was supposed to monitor. You know, how anti-spyware programs have definition files that let it recognize spyware, this DRM software presumably has definition files of ripping software to look for. That seems more likely to me.
Somebody needs to modify the worm that takes advantage of the rootkit so that it will : A) distribute Sony's copyrighted music and b) distribute the DRM code with the LGPL violation in it.
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
Since it's become a fundamental part of the operating system (try to delete it if you don't believe me :P), then there's no obligation, right? ^^;
You say software is not a service but a product.
Isn't Miscrosoft considering offering future versions of MS Office as a subscription-based service via web clients? I could be wrong but I thought I read that somewhere. If they are, would this not make the software a service and not a product the customer actually owns?
I think the the distinction is murky. Can you make the distinction clearer to me?
-- Posted from my parent's basement
I wonder if the programmers who had to make this in the first place might have done that on purpose. Can't do anything to stop the big company but slip in a few pieces of viral code....
This is the code should still be controlled religion. If you want to copy somebody else's work and use it for your own ends, should they not have any say over the process? If you want to avoid the "viral LGPL", stop copying other people's code. It's silly to think that you should be able to do whatever you like with somebody else's work without respecting their restrictions. Have you heard the saying: "Don't look a gift horse in the mouth"? You're getting the code for free (you didn't have to pay for it or write it yourself), so play by the rules of the giver or don't accept the gift. This really isn't that difficult.
If you want a vision of the future, imagine a youtube comments section scrolling - forever.
let's not forget that the rootkit would have to distribute the source code with it!
...hmmmm Nah.
Hmmm I wonder...
$sys$rootkit.cpp
$sys$rootkit.h
$sys$drm.cpp
$sys$drm.h
$sys$lgpl.txt
&sys&/rootkit/sources
Since LAME violates several mp3 patents, besides the obvious LGPL violations (if they are distributing LaME, which is disputed) Sony is violating several more people's rights. LAME is ONLY available for non-commercial, educational use. This would be a glaring violation (hence the reason that few distros ship (especially free ones) with mp3 support (legally)).
Of course distributing all of Windows would be copyright infringement. So would distributing entire copies of books - or entire copies of LAME for that matter.
Fair use covers taking small snippets of something for various uses. Aruging that you can't duplicate an entire work says nothing about whether a particular use of a small snippet is fair use.
New price fixing allegations
When I am king, you will be first against the wall.
I guess it is one of the more ironic (and we could just as easily contract that to "moronic") features of present business proctice that insists that the corporations that sell the crappiest muzack are the same ones that are most vigorous in suing their potential customers.
There should be a lesson there, I suppose, but some folks are slow learners.
Microsoft(!) declared Sony's XCP software to be malware, and said they'd remove it in the forthcoming December update of the Malicious Software Removal Tool, as it violated "objective criteria". Check out the MS Anti-Malware team's blog for more fun.
<obligatory> And I submitted this yesterday, but apparently the editors didn't think it was worth mentioning, instead going for a dubious LGPL angle that was debunked in at least two previous discussions. <sigh/> </obligatory>
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
Use of the item doesn't require any sort of deprivation of the owner, not even deprivation that might be inconsequential to them.
Copyright infringement is nowhere near stealing.
But it is very damn close. Would everybody copyright infringing on Doom III instead of buying it or everybody taking a copy off of the shelf do anything different to ID Software? Would it deprive them of jobs and money? Yes it would.
In one of my examples, taking off without paying at a restaurant. That is not semantically called "stealing", but it is more technically "stealing" than copyright infringement of software.
I'm sorry, but who the fuck cares about "copyright infringement"? That means nothing to most people, and it sounds like its making someone uncomfortable at the most.
Identity infringement sounds stupid. Identity theft, although it might not be theft in any sense of the law, just sounds better in writing and speaking.
My point was and is that sometimes theft is not called theft when it is (leaving a restaurant) or simply isn't as in identity theft.
I'm a hedonist, my moral philosophy is to do whatever the fuck you want so long as you get away with it. I'm against stealing of software or infringing on the intellectual property owners rights or whatever you want to call it because you simply cannot get away with it. If that were universally or beyond some threshold to make software a profitable business, everybody looses.
So, is it stealing if nobody notices the item missing? I don't know how much money I have in my wallet right now. Around $50 plus or minus. Someone could take a 5, 10, or 20 and I would have no idea. Regardless, if I catch you in my wallet, you better be bigger and/or better armed than me. If I'm feeling particular feisty, that might not matter. If at all possible, you will not get away with it.
Value is just that. If people stop valuing software and "steal" it, then it will only hurt people like me in the end because I'm in the business. I value software. I use free and commercial software. I feel as though I am doing myself a disservice by "use better word than steal"ing software.
I once heard that someone once said that if someone rips off something inexpensive like a pack of gum or something, then their integrity is worth less than the cost of a pack of gum. There is some saying that goes like "It not that you lied to me that bothers me, its the fact that I can no longer trust you that bothers me".
Does any of this make sense? Is your mom's basement still OK for you?
No, in a legal sense it is not "stealing". But objectively it is.
I cannot tell you how many times I have found commercial software using source from open source projects. Most of the time the product has just had the front end altered, but the application is the exact same project from sourceforge.net. I have alerted many many open source developers and every time they thank me for the notification, but they are also helpless to persue the offending party.
IANAL...but most of these Copyright lawsuits are based around compensation for damages. If software is LGPL, then the amount of monentary damages would be close to zero. The software is free, as long as you use it for x purpose and include y source code.
If they broke the LGPL, there may be another set of rules to follow.
Who knows, maybe Sony got permission from the original authors of these binaries for this purpose (HA!).
Either way, I'm scared that these guys are operating above the law, and would bend a court to thier every whim. Exciting times.
Let's be clear here: I'm not making legal definitions; law makers did, and they decided that the act of copying software w/o permission was called "infringement" as opposed to theft. They did this since they are not the same thing. They also decided that "murder" was not simply "life theft", as it is not simply a form of theft.
The points I made were neither to condone copy-right infringement or the breaking of any law, nor did I say anything about whether the *AA's are evil, or right, or wrong, nor offer any other such opinion. Let's stretch your analogy until all law breaks down to X-theft as the only remaining legal term.
so, we already have murder==Life theft, let's do some more:
Kidnapping==Freedom Theft.
Speeding==FastLane Theft
Assault causing bodily harm==Epidermis Theft
c'mon! together we can re-write the laws so everything is theft..!
Legal definitions are important, and I think we all know that a rose-by-any-other-name is in fact no longer a rose. 'Digital Rights Management' is a corp-speak way of saying 'Digital Rights Restrictions', but try selling that as a feature on your MP3 player. There's a reason that the words 'piracy' and 'theft' are used by those that own copyrights. These words are far stronger, and conjure mental images of wrong-doing that the correct legal words never can.
It's Orwellian to allow others to redefine how and what you think by using newspeak.
ps: :)
[quote]Walking out on a bill at a restaurant is not considered stealing I guess, even though it is in part stealing.[/quote] uhm... I'm pretty sure you'd in fact get charged for theft if you walked out on a restaurant bill... but hey, IANAL...
If you think imaginary property and real property are the same, when does your house become public domain?
> Did I just steal the book from you? Or am I guilty of trespassing (your house) and copyright infringement (the books copyright owner)?
wtf? This is why most of us sit back and laugh at you adolescents reaching for justifications for your p2p crimes. By the way, thanks for the definition of stealing from the Modern Clintonian Dictionary...
What you conveniently fail to point out is the fact that you STOLE from the author of that book, not to mention committing a few other crimes (against MY property) along the way. If you don't understand that you just stole $25 from that author by copying his book instead of purchasing it, you fail to see many things I suppose. Oh, the irony. I guess in that sense, by your very own logic you illustrate the "marijuanna use leads to hard drug use" theory. A crook is a crook. Give 'em an inch and they'll take a mile...
The thing that pisses me right the fuck off is, where's the justice for this? Sony has committed heinous acts against the computing world and everyone is just like, "Damn, they suck a lot. Oh well, let's argue about the GPL license they may or may not have violated." Aren't we missing the point of the whole thing?
Sony date-raped computers and NO ONE SEEMS TO CARE TO DO ANYTHING ABOUT IT!
How can this be prevented in the future? Is there ANYTHING we can do against companies that shit all over their customers? Just imaging what would happen to a company like Pepsi or Coca-Cola if they stared serving their delicious colas laced with Hepatitus B.
The Sony DRM rootkit will re-write your hard drive. Not only that, but it will scramble any disks that are even close to your computer. It will recalibrate your refrigerator's coolness setting so all your ice cream goes melty. It will demagnetize the strips on all your credit cards, screw up the tracking on your television and use subspace field harmonics to scratch any CD's you try to play.
It will give your ex-girlfriend your new phone number. It will mix Kool-aid into your fishtank. It will drink all your beer and leave its socks out on the coffee table when there's company coming over. It will put a dead kitten in the back pocket of your good suit pants and hide your car keys when you are late for work.
The Sony DRM rootkit will make you fall in love with a penguin. It will give you nightmares about circus midgets. It will pour sugar in your gas tank and shave off both your eyebrows while dating your girlfriend behind your back and billing the dinner and hotel room to your Discover card.
It will seduce your grandmother. It does not matter if she is dead, such is the power of The Sony DRM rootkit, it reaches out beyond the grave to sully those things we hold most dear.
It moves your car randomly around parking lots so you can't find it. It will kick your dog. It will leave libidinous messages on your boss's voice mail in your voice! It is insidious and subtle. It is dangerous and terrifying to behold. It is also a rather interesting shade of mauve.
The Sony DRM rootkit will give you Dutch Elm disease. It will leave the toilet seat up. It will make a batch of Methanphedime in your bathtub and then leave bacon cooking on the stove while it goes out to chase gradeschoolers with your new snowblower.
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
actually ... in some cases you dont need to use the header file of the library :D
... there are a lot of libraries out there that can be used this way :)
.exe's on that cdrom, i will still get my music ...
man dlopen
man dlsym
there you go
---
as for sony, what did you do with the poor dude that invented the idea to install silently drm software into user computers and thereby fgging the user computers up? concrete boots & the ocean ?
luckily my ubuntu box won't care if you have zillion
I'd tell you the chances of this story being a dupe, but you wouldn't like it.
But it is very damn close. Would everybody copyright infringing on Doom III instead of buying it or everybody taking a copy off of the shelf do anything different to ID Software? Would it deprive them of jobs and money? Yes it would.
My wife wanted a car. We bought a used Toyota because of it's reliability and she liked the style. I guess in doing so we've deprived Detroit of jobs and money. We deprived the financiers of extra gravy because the vehicle wasn't new. We deprived the State of more licencing tax for the same reason. We're depriving the insurers since our premiums are lower.
If I remember correctly they were asking for $20.000 in copyright violations from single unemployed parent with income around $30.000 a year. According to the latest report (according to annual report filed at nasdaq) sales and operating revenues for sony was $66,912mil for last year, so they sould be made to pay two thirds of that, which would equal to
$44,608 mil.
Only fair, no?
Fair use generally covers your own taking of part of a copyrighted work, you don't often here of a fair use defense in cases of commercial mass distribution.
That would be how many thousands of dollars per infringment (cd)? If the open source copyright holders pull their horns in on this, they are nuts.
Engadget story
This gives new meaning to the words:
"Its a sony."
Sorry,
But this is perfectly aligned with Sony's other actions. Look at the Blu-ray spec, or the myriad of crap they've put on music CD's in the past. All that has happened here is that they've been encouraged by lack of penalties to extend their intrusion into user's rights. They got caught is all.
as in you haven't examined it for yourself?
Heh, they should just issue a release, "Look, we can only fire the guy responsible for this once."
I suppose the analog would be reading an audio file as a set of x86 instructions. I do have the feeling that your computer would crash upon "executing" such a file.
It's very common in commerical software licensing deals -- the licensor indemnifies the licensee for any breach of patent, copyright, etc... meaning it's highly likely that First4Internet has probably indemnified Sony in this case, and would be the eventual victims of any GPL-wielding lynch mob!
Serious design flaw in Sony's web based uninstaller : http://www.freedom-to-tinker.com/?p=927
Which means someone can legally release a script that changes Sony's DRM to allow LAME? Or, even change those lines of code to send the whole program entirely?
Looks like sony is also Engaging in price-fixing to keep customers from buying their equipment on-line.
...that which can be adequately explained by stupidity.
~ Aero
Probably not a bad idea - poke 'em in the eye: http://wired-vig.wired.com/news/digiwood/0,1412,69 559,00.html?tw=wn_story_top5/
MCI The URL - send it to your friends and family...
IANAL, but I think that the issue of corner cases are really iffy on these cases and could well vary from juristiction to juristiction. The key issue is not what is permitted but what the limits are to the concept of derivative works. Does linking imply derivation? Does it? Why or why not?
I would tend to think that mere linking in absense of other substantive derivative aspects might well be insufficient at least in juristictions requiring something like the Gates test (abstraction, filtration, comparison). In these cases, I would think that the header files would be required to be filtered out as unprotectable for the reason that a) they are required for interoperability and b) they are not in themselves substantively expressive outside those areas required for interoperability. In other words, if I write a module for compilers to support, I don't know, raw compiling of Python code, and I choose to make this available for the GCC among other compilers, the fact that it can be linked against the GCC might not be sufficient to require that it be covered by the GPL and the fact that a small amount of literal copying (as *required* for interoperability) takes place would not change that, I would think.
LedgerSMB: Open source Accounting/ERP
I'll never understand why you can mod someone "Redundant" if they're only the first-fifth poster and said something original, or when you can mod someone "Overrated" when said message was never even rated in the first place. Way to go with the logical moderations, Slashdot!
Not to pee on the parade here, but didn't sony license this software from another manufacturer? Almost all corporate software license agreements have "hold harmless" clauses and copyright indemnification, so you are probably talking about the scum sucking author's being guilty here, not the scum sucking record company.
Who needs a reason?
Can you believe it? Plastic.person did all this. He picked me off the street, strapped my arms and legs down in the trollmobile's passenger seat, and just wouldn't stop fondling my cock'n'balls.
They definately were red flag touches. the goddamn referee he had in the back seat kept on raising up this red flag every time he touched my junk but did Plastic.person care? NO WAY! He just kept on doing it. I couldn't believe what the fuck was going on, indeed. I pleaded with Mr. person but to no avail. I told Zonk would not approve of such a smelly man touching an underage kid like me (at the time I was 13) without at least compensating me for the trauma and the use of my body as his own personal plaything.
This got to him, worrying about his image. He continued to fondle me, all the while ignoring the referee's red flags. Then he drove the trollmobile to my house and *ejected the seat I was in*! It was amazing. But surprisingly, after I woke up the next morning, my bank account had $1.50 in it! Can you believe it?
Ummm, does anyone know how many programmers (also know as copyright holders) have code in LAME?
You really think any of them are going to step forward? Frauenhofer owns patents on just about Everything That Is MP3. So pursuing a case against Sony for violating LAME's copyright would only expose yourself to a patent-infringement lawsuit from Frauenhofer.
I used to always think a license meant what it says, not what the hordes of Slashdot children wishes it did. Please people, GO READ THE FRIGGING LGPL!
The LGPL does not require you to distribute the source code, it only requires you to give the source code to a user who asks for it. Including the source code with the software is only one of several means to accomplish this. Has any legal user of the software asked Sony for the source code? Anyone? I thought not...
It's not that I think Sony is innocent. Hardly! But that's no excuse for hundreds of Slashdot posters to be whining about licnese terms that don't even exist.
A Government Is a Body of People, Usually Notably Ungoverned
Because if you don;'t distribute the source with the binary then YOU have to make the SAME source available to all 3rd parties for 3 years.
And how are you going to do that when the project author changes the version available on sourceforge so that the version you used isn't available anymore?
The only admin-low way to abide by the GPL is to distribute the source WITH the binary. Anything else puts a severe admin burden on the redistributor, esp. if you start shipping multiple versions of the library over time.
Sam
blog.sam.liddicott.com
And the soon to be told story -SCO alleges they've been unable to identify the infrining code IBM improperly put into Linux because they have poor taste in music, and as a result all pertinent files have been hidden by Sony's rootkit. As a result, SCO has been forced to ask for a 6 month extension for discovery and has requested that IBM and Sony turn over all the files SCO doesn't know about.
wow. get a grip...
:)
Grip now firmly applied. Good suggestion.
there's so many irrelevant points in your post, I can't begin to discuss each one separately.
Now, that my grip is applied, I'm confused why any sane person would discuss the irrelevant points.
Giraffes have long necks and never infringe on copyrights. Discuss!
It's Orwellian to allow others to redefine how and what you think by using newspeak.
ps:
[quote]Walking out on a bill at a restaurant is not considered stealing I guess, even though it is in part stealing.[/quote] uhm... I'm pretty sure you'd in fact get charged for theft if you walked out on a restaurant bill... but hey, IANAL...
My whole irrelevant point was that I'm trying to say that, yes, in the literal strict meaning of the word theft and copyright infringement are not theft. Neither is identity theft. Walking out of a restaurant is not talked about as theft, but its closer to theft than copyright infringement, but the term "theft" and "stealing" are more commonly used for copyright infringement on commercial software, movies and music than it is used when leaving a restaurant without paying.
I did not make any of this up.
I will say that also according to the lawsuits going around, I would personally rather be charged with theft vs copyright infringement. If I were to run out of a store with a CD not much would happen if caught. If I were to "share" the same CD on the internet, it looks a bit nastier.
I have stolen things before, I have infringed on copyright before. Does that make me cooler now?
I guess its a losing battle, but I would like to end the infringement vs theft thing. Its stupid. No, they are not literally or legally the same, but pretty damn close.
I don't "infringe upon copyrighted software" because I'm selfish. I want there to be a software industry with quality supported software, and not just hacked together stuff by CS students before they go to collect unemployment.
Its just easier to say I don't steal software. But apparently it really makes people feel better to infringe on copyrights and face those lawsuits and/or criminal cases than those of theft which is not theft, but you end up in the same place.
No. Everybody with any basic concept of theft and copyright infringement know they are not literally the same, but in written and informal speaking, they are.
Even people that blatantly "infringe on copyrights" consider themselves thieves. Ever hear of http://thepiratebay.org/ Pirates are known as people that steal stuff off of boats. Not infringe on their copyrights.
The words will be inseparable as long as I can tell. Its no big deal.
DBS: Don't buy Sony.
Many, or most, people who call themselves marketers believe that marketing must be adversarial to be effective.
I wonder whose sink-the-company idea it was to include rootkit software.
This researcher has probed the caching on DNS servers to see how many requests are made for the www addressed used by the rootkit. He's gone a generated some nice geospatial plots of the results. The West is burning!
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
Is anybody else just awestruck by the delicious irony of Sony violating a licensing/ distribution agreement in an effort to prevent folks from violating theirs? This has the potential to venture into Greek tragedy territory before it's all over, folks.
You know you've hit rock bottom when even the Bush Administration has enough politcal clout to condemn your actions. Sony'd be better off if they were using this stuff to actively spy on users. That way, they could spin it as some kind of Patriot Act double-secret probationary counter-terrorism measure to prevent Al Queda pirating their content and funneling the black market proceeds to imbedded cells worldwide. That they didn't dub their root kit "the Freedom patch" was truly an opportunity missed.
"I'm sure you've been waiting for updates that prove what we're talking about. Here it comes. I want to talk about the file ECDPlayerControl.ocx which the fanstastic muzzy found yesterday while I had nothing better to do than to listen to my pillow. It uses LAME code (and code from at least one other LGPL library)."
You rootkit Sony!
The world is so mixed up these days.
fast as fast can be. you'll never catch me.
http://www.andrewbird.net/
He rules! [On Righteous Babe.]
Q: What did the comedian say to the crowd?
A: If I knew, this joke would be funny.
So i think i'm headed out to the store to buy a couple cd's that contain this XPC rootkit crap, and hope I can get some sweet class action cash. Not that i'd ever be caught dead listening to the music, but maybe i could give them to a friend, and have them sue me for ruining their computer and valuable ($100,000,000) work. Then i can sue Sony because their cd cost me $100,000,000......fu#ck, someone just give me money.
You call it excessive, I call it ambitious.
...since Sony says over 2 million disks containing the rootkit have been sold, that puts them under the gun for roughly U.S. $150 billion in damages :)
Perhaps the copyright owners could offer to settle: have Sony repay all of the people who have been extorted for money because of filesharing (double for damages), set up a legal defense for other file-sharers and promise to stop all such activities in the future. That would only run them about $100-$200 million, so it would be quite a deal.
(posted also at p2pnet)
Kythe
Nikki suspected that LAME reference on some weeks ago http://hack.fi/~muzzy/sony-drm/.
That was mentioned at least 2.11.2005e nts.
http://www.digitoday.fi/tekijanoikeus/?p=102#comm
You have to make-sure-it-stays-there. And thats not enough.
You also have to let people request it by mail charging only a minimal fee.
These are DISJUNCTIVE positions. You only need to do one, not all of them.
Saying "we have used unmodified versions of the LGPL library XY, and that you can obtain them from the website of the project which was at __url__ as of __date__"
*IS* sufficient. The automatic requirement to redistribute the LGPLed code is not included anywhere in the LGPL code. Were it, it would say that you must redistribute the source code for the LGPL project if you release binaries.
This is not the case. If you haven't made any changes to the LGPL code, then there is no reason to redistribute the source code, and there is no REQUIREMENT either.
I am unamerican, and proud of it!
You're a cute furry animal?
We don't know how deep the taint goes. If we find out the Sony music CDs don't infect the PS3 with the rootkit, we'll know there was some collusion between the different branches of the company. Then we can return our PS3s for repair, further increasing Sony's expenses and hurting their launch.
So everybody wins. Right?
Oh. Not Sony. Right. But that's good.
Q: What did the comedian say to the crowd?
A: If I knew, this joke would be funny.
Could individuals who bought these CDs sue Sony for not including the LGPL source? Imagine a beowulf cluster of such lawsuits.
Sshhh! Frauenhofer actually needs to slip a check or two under LAME's door before the two can walk into the sunset happily ever after. Half of something (esp. from $ONY) is a whole lot more than all of nothing, and lawyers aren't exactly free either.
And since you brought up the MP3 "ownership", wouldn't it be poetic justice if $ONY's rootkit was repurposed to benevolently convert all the world's MP3's into OGG's before setting up a BT tracker... :-)
"But your honor, it was designed to screw our customers, not us!"
Should invading one's peaceful neighbours be opposed, or rewarded with trade deals?
We stole your code to prevent people from stealing our product.
Who says the music industry's not just a bunch of scumbag thieves?
But patent damages aren't quite so insane as copyright damages. Willful infringement is something like 3 times the amount they would have paid. If they win against Sony (which they probably wouldn't, but we can dream), they'll have enough to cover the cost of a licence for everyone who might have downloaded a copy of LAME. And that's only if the judge disagrees that source code is merely a description rather than an implementation.
"An employee could accidentally (or purposefully) make the switch w/o realizing the effects"
It doesn't work that way.
Unless the employee has been given authority to make the change in license then it has no effect.
For example, if an employee of Sony took Red Hat, and inclued in mp3's of a Sony CD with the distribution, that doesn't force Sony Music to GPL the music. That would simply be unauthorized reproduction of the song and there would never be a valid permission for distribution.
Same is true of software.
As to your other point, there is no imperitive to use any GPL or LGPL software in anything! Write it yourself or pay the author of the program money to release it to you in a special license. That's always a possibility. You can simultaneously release your copyrighted work in GPL, LGPL, BSD, etc to different people.
You were mistaken. Which is odd, since memory shouldn't be a problem for you
So many people are ready to assume that Sony didn't realize the destructiveness of the Sony rootkit.
However, that ignores that the rootkit is merely one more example of the abusive Sony culture, in my opinion.
For example, I bought a Sony laptop that came with a $150 Sony rebate. It took 18 months to get Sony to pay.
All three Sony laptops that we bought failed seriously. I can think of other examples, but I need to continue working now.
If copyright prevents programs from including enough of other programs to detect them, how can antivirus and antispyware exist? If sony is indeed not running the code but is only using it to detect the presence of LAME, we have to give them the same fair use that we would expect any antivirus or antispyware would have. It would be far worse if copyright was allowed to extend that far, it is likely nobody would be allowed to detect something like Sony's rootkit.
That's the copyright statement (or near enough -- I'm not in the presence of my CD collection at the moment) on every Ani disc I own. She's awesome. Particularly recommend the album she did with Utah Phillips, especially for anyone who's woken up to the fact that corporate media are constantly rewriting history, even of things that happened within living memory.
(She's also one hell of a guitarist.)
Need a UNIX/Linux/network guru in the Boulde
When Woody Guthrie was singing hillbilly songs on a little Los Angeles radio station in the late 1930s, he used to mail out a small mimeographed songbook to listeners who wanted the words to his songs, On the bottom of one page appeared the following:
Or, at least, it's a pretty tricky situation.
;-)
There's a possibility of word spreading, somehow, that Sony used an Open Source program to compromise its customers' computers. How many people will understand what Lame is for?
In order to counteract the bad press, it may become necessary to pursue a case against Sony. Pity the software product for which the case must be pursued is one whose legal status is dubious when distributed in binary form.
Thankfully the makers of Lame have been very careful with their legal position (here's their links page) but it's a pity this is the software that could take the (L)GPL to court.
Don't get me wrong - Lame's a great MP3 encoder. Or not
bladeenc dll is illegal in the US.
Wonder who in Sony obtained it. Maybe time to arrest someone with an anti terrorism law.
To remind everyone what that asswipe Orrin Hatch said about copyright infringement:
"There's no excuse for anyone violating copyright laws,"
"I assumed blithely that there were no elves out there in the darkness"
Only the open source developers (of mpg123, etc.) stand to win absurdly high per-CD statuatory damages.
People buying CDs get to do the class-action thing instead. There, only the lawyers get rich. Everyone else gets something lame (arrrgh...), like a $2 coupon good toward the purchase of a Sony CD-ROM. Unclaimed awards probably go to "purchase" Sony's least wanted CD-ROMs for inner-city schools. The end result is still useful as a deterrant for Sony and others, but nothing to get all excited about.
If you want a piece of the big money, try to find a mpg123 developer who doesn't want to bother with the lawsuit. If you find such a person, ask him to assign copyright to you. You'll need it in writing, and somebody needs to register the copyright. Be sure to ask a lawyer if offering payment is good or bad; it may come up in the courtroom. Perhaps something non-monetary would be wise, like what the FSF does.
That summary didn't come out right. It should probably say something like "Sony violates LGPL copyrights to protect their own"
Sony has reached a new level of evil.
Does the FSF provide legal backing for projects under their license? Would the EFF help? Also, didn't Red Hat put aside a pool of money during the SCO flap to help OSS developers with litigation? Can that be used for this?
I don't have any mod points, but someone please mod the parent up so he reaches +4.
Similar to their lawsuits, Sony needs to be sued 10,000 USD for every instance of this violation. Lets define instance as every CD with the unlicensed [stolen] code!
So this boils down to Sony ignoring the access control (LGPL) in place on the LAME library and commits theft of someone else's Intelletual Property in order to construct their DRM code?
If this isn't the most blatent case of a pot calling a kettle black. They should be sued under the DMCA for each CD they have sold in the US market.
It would seem this is no longer a civil matter but a criminal matter. Will this be taken as a case by the FBI?
-l
According to the US Copyright Office, the key parameters to be evaluated are:
1. the purpose and character of the use, including whether such use is of commercial nature or is for nonprofit educational purposes;
2. the nature of the copyrighted work;
3. amount and substantiality of the portion used in relation to the copyrighted work as a whole; and
4. the effect of the use upon the potential market for or value of the copyrighted work.
Going down the list:
1. Sony is clearly using the copied LAME code for a commercial purpose.
2. Obviously, both LAME and the rootkit are software. It's unclear how this affects the evaluation.
3. Remains to be seen, but there seems to be enough evidence for discovery to begin.
4. Almost any plausible answer to the original question "What does the rootkit do when it detects LAME?" constitutes a direct assault upon "the potential market for or value of" LAME. On this point, Sony is big-red-capital-Superman-S screwed.
/. If the government wants us to respect the law, it should set a better example.
Oh you fools, their computers should be seized NOW as part of discovery. The evidence is being removed.
Steve Jackson Games.
Hmmm, I wonder why Sony didn't do that.
Sam
blog.sam.liddicott.com