Slashdot Mirror
Sony Rootkit Allegedly Contains LGPL Software
Deaths Hand writes "According to this Dutch article the Sony DRM software (or rootkit, if you may prefer) contains code from the LAME MP3 encoder project, which is licensed under the LGPL. However, the source code has not also been distrbuted, hence breaching the license. Here is an english translation of the page." So apparently Sony violates your privacy to create a backdoor onto your machine using code that violates an Open Source license. This story just keeps getting stranger.
now I feel more and more justified for not buying any music until the music industry stops suing their customers.
I read about this story days ago. I was hoping it wouldn't get lost. In a way this is even bigger than the root-kit story. You've got to love the irony of stealing code to create a DRM infested ripper!
If someone says he and his monkey have nothing to hide, they almost certainly do.
I believe the LGPL explicitly allows binary redistribution. Howerever, it may still require attribution, and that did not happen in this case. Way to go to break copyright law to prevent others from doing the same. Especially since the LGPL goes a long way towards uses such as this.
Fleur de Sel
Its beautiful. I've always thought that the corporate war on their customers over intellectual property would turn when someone went too far. All of a sudden the main stream media would wake up and finally get it. Well, now its happened. The media is all over the story and Sony, bless their hollow little heads, just keep digging. I'm sure I'm not the only one who was shocked but not suprised at the news Sony or Level 4 have broken the LGPL. They are staggering around like a pummled prizefighter, bleeding on everything. There's going to be more blood before this is over. Besides the $billion or so it will cost Sony to clean up the mess, others will have some 'splainin to do. Like the anti-virus companies, like Microsoft, like the other music companies.
You have to redistribute source of these libraries and enough hooks/API so anyone could replace them with whatever they like in your program. So either link dynamically (and include just the lib sources) or if you link statically, include source of the libraries and .o objects of your binary so they can be re-linked.
Anagram("United States of America") == "Dine out, taste a Mac, fries"
While I'm not concerned about wether it's legal or not (Sony will argue that same 'fair use' clause that they're trying to demolish), I think one of the major differences here is that Viruses and Spyware don't serve legitimate purposes.
Lame, on the other hand, is used in all kinds of software and by all kinds of people for legitimate reasons. If you're scanning for and disabling the engine on someones work PC for instance, you can end up crippling a musicians recording studio that they use for their own work, or breaking someones home video studio or something.
Legal, yes, but totally irresponsible all the same.
The fact that sony has chosen to violate a license agreement is entirely consistent with the motion picture and music industry standard operating procedures. The only rights they acknowledge are their own. For someone else to assert their rights, would be considered meerly cheeky. Look at the Buchwald case, record industry and movie industry accounting practices.
In short if you look at this from the perspective that these people feel that they own YOUR right to enjoy entertainment, it all becomes very consistent.
...not its CDs. They have done more to damage their image and profits with this story than they would have saved by installing its spyware.
I also feel sorry for the poor chap who buys Ricky Martin, Neil Diamond or Celine Dion CDs, I really do.
Sony should have some kind of disclaimer about installing its bad software, maybe a 'Spyware Advisory' sticker? It is only fair.
He who knows best knows how little he knows. - Thomas Jefferson
First of all it seems that there is more than just LAME in there: http://hack.fi/~muzzy/sony-drm/
Second of all, am I the only one who finds it ironic that a DRM program designed to protect someone's copyrighted information is itself infringing on someone's copyright? I guess if Sony wants to fight those evil copyright violators they should start by putting themselves in jail.
IANAL, but judging from the RIAA's press releases when they sue grannies and kids, it's per copy and per work. So let's do the math. 20CD * 1 million copies each * $150,000/copy = $3 trillion dollars. That's if there's only 1 work on each copy. If they also infringed on several other projects, then you would have to multiply the damages accordingly.
Why would Sony include LAME (or parts of it) in with this rootkit? LAME is just a mp3 encoder.
Unless Sony wanted high quality mp3's made from the CD (which I seriously doubt for some strange reason), I don't get why they would put it in there.
It isn't like LAME has any DRM itself. Far from that.
Anyone have any ideas?
Hmm I can't imagine why Sony wouldn't want to deliver their Rootkit back to the open-source community... Let's look at it this way, Sony broke the law by distributing the rootkit at 'DRM software' then they apparently broke the law again by not redistributing their source that they modified from an LGPL project to make the rootkit. I know this is wrong, but I am glad that they didn't give back to the open-source community on this one. I mean, source code to make a rootkit that could infect all the Windows systems out there being freely distributed under the LGPL is enough to make me sick. A worm has already been written without the source code. Just imagine how many rootkit varients would be floating out there if this were open source. Yikes!
"It is either a tremendous faux pas on Sony's part, or there was some intentional act here to make this as reprehensible as possible."
IF the allegations are true, then I expect that Sony have actually been doing this kind of thing for years and getting away with it. Only NOW are people taking a closer look at Sony's code to see exactly how deep this seam of faeces runs.
My other processor is big-endian.
If anything, the rootkit makers are responsable of the LGPL violation (if that's proved). Saying Sony is off the hook because they licensed the rootkit from a third party is like saying Smith & Wesson is the responsable if i pick a gun and shoot someone.
If they choose XCP knowing how it works (and what it would do), they're guilty. If they choose it unknowingly, they're incompetent. They're responsable either way.
I'll try that one when the RIAA call
Oh sure I have 10G of unlicensed mp3s, but I've never listened to them.
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
Is ignorance a defence, for instance if Sony said "We didn't know it had unlicensed code!", how would that affect things? It depends on your contracts wether this is a defence or not. If I'm an unsuspecting customer that goes into a shop and buys a copy of Microsoft Word I doubt that I can be hold liable if there is an unlicenced piece of code in there hidden. If I develop In-House and a programmer includes unlicenced code I might be liable. In the case of Sony it depends on what the contracts say, but I doubt that Sony would be liable if they just bought the complete software and customized it to their needs.
"But I didn't know my Internet connection was being used by my son to download Sony BMG artists' songs!"
"I'm sorry sir but you're the owner. You owe $500,000 in damages."
They don't allow the "but I didn't know" explanation. Why should they be allowed to use it? I say try to nail them. They've done far worse to others.
So is the Slashdot crowd going to complain and moan about Sony being a servant of the devil, and then happily go to Best Buy and get ther shiny new PS3?
Suppose the case settles for 10% and the lawyers take 90%. That leaves $750 per CD-ROM for the mpg123 developers. Now think about how many CD-ROMs have been produced.
Oh, what I'd give to have Sony infringe my open source project! The mpg123 developers are some lucky bastards for sure. I need to learn how to write Windows multimedia software instead of just Linux system software.
don't forget the jailtime the beloved attorney general is pushing for copyright infringement...
Not that it lessens their tresspass, but Sony is apparently pulling the "infected" CDs:y /2005-11-14-sony-cds_x.htm [usatoday.com]
http://www.usatoday.com/tech/news/computersecurit
Are they also pulling all of the infected PCs in for free repairs?
No? Then let's not help these wankers by helping to spread their desperate PR pieces.
So it appears I can violate anything and everything as long as there's a subcontractor that does all the dirty work? Interesting.
Here's the link to comments of LAME developer tt at Slashdot Japan.
When Interware violation incident occurs,I feel like as if my own son/doughter were raped by them.But I soon realized I can't have enough power to change the situation.I prefer coding,listening music,cooking to legal action.
Similar comment was written on Journal entry.
tt also comments on tables,as more hint for searching copyleft infringement seeking;t16_5l[]@table.c & enwindow[]@newmdct.c
The sort of asshat who would write this thing in the first place?
Carousel is a lie!
To my knowledge, there is no fair use right that covers distribution in any form except for first sale, which doesn't apply here and only arguably applies to digital distribution at all.
why does someone who doesn't get the joke get modded to insightful?
I am seeing two issues here that are becoming clearer in the Open Source arena. One is that when there is a violation, there is not currently anyone willing to spend the huge dollars needed to litigate the issue. With Comercialware, there has always been someone with fairly deep pockets to pay an attorney to pursue the violators in court. Who is that going to be in the Open Source community? Who is making money on this stuf so that they can pay the expense of litigation when necessary? Is the 'free' trajectory shooting itself in the foot that way?
Another interesting point I see is that someone, sooner or later is going to challenge the legality of Open Source under the 'free' standard and litigate that it is tantamount to price fixing, i.e. antitrust. How long before someone challenges that the contractual language that forces someone to provide code at no cost is the same as being forced to sell it at an inflated price. The price is still fixed, whether at zero or at some other number.
These are a couple of major challenges that await open source. I hope someone gets their ducks in a row before these things come to fruition. Open Source has driven the industry in a very good direction. I would hate to see it fall because it can't support itself, financially, when and where it is needed. Justice is NOT free, in fact the costs are enormous to obtain justice. Somehow that has to be worked into the Open SOurce equation in a way that works for us all or the likes of Sony are going to kill it off.
Double-edged swords cut both ways. If the anti-virus people had access to the source code, then they would be able to block its propagation quite easily.
Je fume. Tu fumes. Nous fûmes!
The people who own copyrights in lame need to go after Sony for $160K/cd that has been shipped. Perhaps they can set up a call center where Sony can call in to "settle".
Yes, I'm serious. It's time to turn this shit back around on these bastards.
Do you have ESP?
Hmm....hot grits in Natalie Portman's pants.....
"never attribute to malice that which can easily be explained by stupidity"
Isn't the minimum way to comply with the GPL's (and I assume also the LGPL's) source code distribution terms to make the source code available upon request? (IE you don't necessarily have to distribute source to those users who don't want it.) So has anybody tried requesting? It's worth a shot. I don't think we've ever had open source DRM crap before.
Have you ever wondered How to Take Over
Any of you LAME developers reading? Please PLEASE! don't settle!
Just once, I'd like to see a major corporation wiped off the face of the earth because it violated the law. It would send a nice message to the other megacorporations. If you're going to use the law as a weapon against us, we can use it right back.
So please, talk to the EFF. I'll donate whatever I can to the legal fund.
Give me Classic Slashdot or give me death!
Whoooooosh!
Our copyright law has literally been written by lawyers employed by the publishing industry (and then out idiot congressmen pass it generally exactly as drafted). Thus copyright law is evil as hell if it is actually enforced.
In particular copyright infringment is "strict liability". You have an afirmative duty not to infringe copyright, and if you do infringe copyright then you are guilty no matter how accidental or innocent it may have been. Assuming thier rootkit does indeed contain infringing code, Sony is legally liable no matter where they got it and even if they had no idea it was in there.
However there is a clause in copyright law that if the defendant proves in court that he is an "innocent infringer" then the jude may reduce the monetary damages.
Also Sony might be able to sue the rootkit authors to recoup any damages they had to pay for copyright infringment. But that would be a completely independant legal issue and an entirely different court case.
And quite signifigantly, the complaining GPL copyright holder can likely get a court order for all of the infringing CDs to be DESTROYED.
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
Wow, that's some of the most tortured reasoning I've ever seen.
The gap between Sony's actions and those required by the LGPL are so huge, and the differences are essential. On one hand, we have a copyright restriction which generally acts like a Kantian categorical imperative: it demands that you act in such a way that perpetuates the very conditions by which you were able to obtain it in the first place. It is enforced by trust first and foremost.
In Sony's case, we have restrictions on how many times you can copy it from one medium to another. It is not a categorical imperative: musicians have historically borrowed from each other to produce music all the time, and many contemporary musicians cut their teeth via sampling and other appropriation techniques (see Paul Miller's "Rhythm Science.") Sony is enforcing a contradictory license by installing software which disables your hardware and compromises the security of your computer. The open-source redistribution requirement of the LGPL increases the security of your computer.
Yea, but if First4Internet goes bankrupt, they are off the hook, and Sony is stuck with it. Indemnification is only as good as the company behind it.
The gcc runtime libraries have "special exceptions" to the GPL? Doesn't this essentially mean that that gcc libraries aren't covered under GPL but rather under their own license that's more BSD-like?
-- "I never gave these stories much credence." - HAL 9000
This is the problem with the viral nature of the GPL and even the LGPL licenses and is why you should really consider using BSD licensed software in your DRM rootkits in the future. Screw the FSF!
There is a psychology term called "projection" which is very important here. In this case and in the case you can sum it up as the rule that those who complain loudest about copyright violations are likely to be violating other peoples' copyrights.
LedgerSMB: Open source Accounting/ERP
I mean, what asshat would grab some open source code and not adhere to the license?
The same asshat who writes software that violates the property and privacy rights of paying customers.
I don't see why this is so confusing to people.
You can charge whatever you want for a GPL'd program. You can charge a million dollars if you want to. You don't have to offer your GPL'd program for free download. You just have to offer the source to anyone who gets your binary, and not restrict their rights to alter or redistribute. That's it.
All's true that is mistrusted
GPL source is not a gift.
cat