Slashdot Mirror
Sony Rootkit Allegedly Contains LGPL Software
Deaths Hand writes "According to this Dutch article the Sony DRM software (or rootkit, if you may prefer) contains code from the LAME MP3 encoder project, which is licensed under the LGPL. However, the source code has not also been distrbuted, hence breaching the license. Here is an english translation of the page." So apparently Sony violates your privacy to create a backdoor onto your machine using code that violates an Open Source license. This story just keeps getting stranger.
now I feel more and more justified for not buying any music until the music industry stops suing their customers.
I read about this story days ago. I was hoping it wouldn't get lost. In a way this is even bigger than the root-kit story. You've got to love the irony of stealing code to create a DRM infested ripper!
If someone says he and his monkey have nothing to hide, they almost certainly do.
Its beautiful. I've always thought that the corporate war on their customers over intellectual property would turn when someone went too far. All of a sudden the main stream media would wake up and finally get it. Well, now its happened. The media is all over the story and Sony, bless their hollow little heads, just keep digging. I'm sure I'm not the only one who was shocked but not suprised at the news Sony or Level 4 have broken the LGPL. They are staggering around like a pummled prizefighter, bleeding on everything. There's going to be more blood before this is over. Besides the $billion or so it will cost Sony to clean up the mess, others will have some 'splainin to do. Like the anti-virus companies, like Microsoft, like the other music companies.
You have to redistribute source of these libraries and enough hooks/API so anyone could replace them with whatever they like in your program. So either link dynamically (and include just the lib sources) or if you link statically, include source of the libraries and .o objects of your binary so they can be re-linked.
Anagram("United States of America") == "Dine out, taste a Mac, fries"
...not its CDs. They have done more to damage their image and profits with this story than they would have saved by installing its spyware.
I also feel sorry for the poor chap who buys Ricky Martin, Neil Diamond or Celine Dion CDs, I really do.
Sony should have some kind of disclaimer about installing its bad software, maybe a 'Spyware Advisory' sticker? It is only fair.
He who knows best knows how little he knows. - Thomas Jefferson
First of all it seems that there is more than just LAME in there: http://hack.fi/~muzzy/sony-drm/
Second of all, am I the only one who finds it ironic that a DRM program designed to protect someone's copyrighted information is itself infringing on someone's copyright? I guess if Sony wants to fight those evil copyright violators they should start by putting themselves in jail.
IANAL, but judging from the RIAA's press releases when they sue grannies and kids, it's per copy and per work. So let's do the math. 20CD * 1 million copies each * $150,000/copy = $3 trillion dollars. That's if there's only 1 work on each copy. If they also infringed on several other projects, then you would have to multiply the damages accordingly.
"It is either a tremendous faux pas on Sony's part, or there was some intentional act here to make this as reprehensible as possible."
IF the allegations are true, then I expect that Sony have actually been doing this kind of thing for years and getting away with it. Only NOW are people taking a closer look at Sony's code to see exactly how deep this seam of faeces runs.
My other processor is big-endian.
I'll try that one when the RIAA call
Oh sure I have 10G of unlicensed mp3s, but I've never listened to them.
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
"But I didn't know my Internet connection was being used by my son to download Sony BMG artists' songs!"
"I'm sorry sir but you're the owner. You owe $500,000 in damages."
They don't allow the "but I didn't know" explanation. Why should they be allowed to use it? I say try to nail them. They've done far worse to others.
So is the Slashdot crowd going to complain and moan about Sony being a servant of the devil, and then happily go to Best Buy and get ther shiny new PS3?
Suppose the case settles for 10% and the lawyers take 90%. That leaves $750 per CD-ROM for the mpg123 developers. Now think about how many CD-ROMs have been produced.
Oh, what I'd give to have Sony infringe my open source project! The mpg123 developers are some lucky bastards for sure. I need to learn how to write Windows multimedia software instead of just Linux system software.
Not that it lessens their tresspass, but Sony is apparently pulling the "infected" CDs:y /2005-11-14-sony-cds_x.htm [usatoday.com]
http://www.usatoday.com/tech/news/computersecurit
Are they also pulling all of the infected PCs in for free repairs?
No? Then let's not help these wankers by helping to spread their desperate PR pieces.
Here's the link to comments of LAME developer tt at Slashdot Japan.
When Interware violation incident occurs,I feel like as if my own son/doughter were raped by them.But I soon realized I can't have enough power to change the situation.I prefer coding,listening music,cooking to legal action.
Similar comment was written on Journal entry.
tt also comments on tables,as more hint for searching copyleft infringement seeking;t16_5l[]@table.c & enwindow[]@newmdct.c
forget it, my last comment I mean ...
... why should *I* distribute code that can be downloaded from sourceforge? Or other GNU distributing sites for that matter.
I see that modern versions of LGPL want that the source of the library is included with the distributed binary.
Another reason not to use LGPL code
angel'o'sphere
Cost free eBook I read (by iBook/Kobo/Amazon/ObookO/Gutenberg etc.): "The Green Odyssey" by Philip Jose Farmer.
To my knowledge, there is no fair use right that covers distribution in any form except for first sale, which doesn't apply here and only arguably applies to digital distribution at all.
I am seeing two issues here that are becoming clearer in the Open Source arena. One is that when there is a violation, there is not currently anyone willing to spend the huge dollars needed to litigate the issue. With Comercialware, there has always been someone with fairly deep pockets to pay an attorney to pursue the violators in court. Who is that going to be in the Open Source community? Who is making money on this stuf so that they can pay the expense of litigation when necessary? Is the 'free' trajectory shooting itself in the foot that way?
Another interesting point I see is that someone, sooner or later is going to challenge the legality of Open Source under the 'free' standard and litigate that it is tantamount to price fixing, i.e. antitrust. How long before someone challenges that the contractual language that forces someone to provide code at no cost is the same as being forced to sell it at an inflated price. The price is still fixed, whether at zero or at some other number.
These are a couple of major challenges that await open source. I hope someone gets their ducks in a row before these things come to fruition. Open Source has driven the industry in a very good direction. I would hate to see it fall because it can't support itself, financially, when and where it is needed. Justice is NOT free, in fact the costs are enormous to obtain justice. Somehow that has to be worked into the Open SOurce equation in a way that works for us all or the likes of Sony are going to kill it off.
Isn't the minimum way to comply with the GPL's (and I assume also the LGPL's) source code distribution terms to make the source code available upon request? (IE you don't necessarily have to distribute source to those users who don't want it.) So has anybody tried requesting? It's worth a shot. I don't think we've ever had open source DRM crap before.
Have you ever wondered How to Take Over
Any of you LAME developers reading? Please PLEASE! don't settle!
Just once, I'd like to see a major corporation wiped off the face of the earth because it violated the law. It would send a nice message to the other megacorporations. If you're going to use the law as a weapon against us, we can use it right back.
So please, talk to the EFF. I'll donate whatever I can to the legal fund.
Give me Classic Slashdot or give me death!
Our copyright law has literally been written by lawyers employed by the publishing industry (and then out idiot congressmen pass it generally exactly as drafted). Thus copyright law is evil as hell if it is actually enforced.
In particular copyright infringment is "strict liability". You have an afirmative duty not to infringe copyright, and if you do infringe copyright then you are guilty no matter how accidental or innocent it may have been. Assuming thier rootkit does indeed contain infringing code, Sony is legally liable no matter where they got it and even if they had no idea it was in there.
However there is a clause in copyright law that if the defendant proves in court that he is an "innocent infringer" then the jude may reduce the monetary damages.
Also Sony might be able to sue the rootkit authors to recoup any damages they had to pay for copyright infringment. But that would be a completely independant legal issue and an entirely different court case.
And quite signifigantly, the complaining GPL copyright holder can likely get a court order for all of the infringing CDs to be DESTROYED.
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.