Slashdot Mirror

← Back to Stories (view on slashdot.org)

GPL Violations On Windows Go Unnoticed?

Posted by kdawson on from the not-in-my-back-yard dept.

Scott_F writes "I recently reviewed several commercial, closed-source slideshow authoring packages for Windows and came across an alarming trend. Several of the packages I installed included GPL and LGPL software without any mention of the GPL, much less source code. For example, DVD Photo Slideshow (www.dvd-photo-slideshow.com) included mkisofs, cdrdao, dvdauthor, spumux, id3lib, lame, mpeg2enc, and mplex (all of which are GPL or LGPL). The company tried to hide this by wrapping them all in DLLs. There are other violations in other packages as well. Based on my testing of other software, it seems that use of GPL software in commercial Windows applications is on the rise. My question is how much are GPL violations in the Windows world being pursued? Does the FSF or EFF follow up on these if the platform is not GPL? How aware is the community of this trend?" This new method of detecting GPL violations could help here.

12 of 445 comments (clear)

  1. Misleading summary by CogDissident · · Score: 4, Interesting

    So, its a software violation on windows, but really its just one program thats not terribly popular that happens to have broken the GPL. I really don't think this is a "windows specific" issue at all. They can, and likely do, violate the GPL on linux or mac all the time. Infact, said company sells software for the iPod.

  2. Windows devs don't know much about GPL by Shados · · Score: 4, Interesting

    I used to work for a very large (not software) company (somewhere in fortune 20) that was using GPL stuff left and right without complying to the terms and redistributing.

    I personaly don't care much for the GPL, but I do care for complying with licenses and copyright, so I mentionned it to them. Their answer was "GPwhat? No, its free code people give away on the net!". My reply was a long explaination of the difference between "free to do whatever" and the GPL, and even repeating several time, I'd literaly get the same answer: "But...its free! What conditions could there be?".

    Eventually I got through by explaining to a project manager, who essentially said that the day someone asks for the source, we'll give it, and that will be that. I still don't think they realised what it meant considering the amount of trade secrets that were in the code, but...

  3. Rentacoder & others by drspliff · · Score: 3, Interesting

    I've noticed that on a lot of the rentacoder style sites where people are asking for clones of this or that or just a general program (e.g. I want a DVD writing application), in order for developers to remain profitable they cannot write everything from scratch - like Nero and others have have done (just an example).

    On a few occasions when I used to freelance, I've warned people that in order to deliver something on time they'd need to buy-in external components, and to deliver something on budget they'd need to use existing GPL/LGPL or BSD licensed components along with some suggestions and a full rundown of the licensing requirements.

    In response to atleast one of these I was just told to strip the copyright from a GPL component and hide it in the application.

    The problem isn't really in the violations themselfs, but in the commercial commodity software ecosystem (mostly Windows) where people build up software portfolios as fast as possible for the lowest cost just to try and get market share (and profit). In this desparate effort to get products to market most are just a re-branded combination of existing software, which usually end up violating source code licenses.

    Basically when consumers start caring about ethical software the industry will start changing. Until then we still have a problem :)

  4. Re:fsf is a fair weather friend by DragonWriter · · Score: 2, Interesting

    If I'm not going to hold my own copyright, why not just specifically disavow copyright and let it enrich everybody via the public domain?


    Works for SQLite.

    This is the root of my problem with GNU in general: why show everybody how you achieved and developed a certain technological capability, without letting people actually use that method?


    The GPL (conceptually); lets people use the software freely, but requires that they "pay" you if the change and distribute the software. Now, they don't pay in money, they pay by doing something you want, that is, making their own changes available under the same terms you've made your work available.

    There are licenses (BSD/MIT style licenses) that provide more freedom to modify and distribute than the GPL, and there is always the option of the public domain.

    Prior to the dominance of the internet, I would say that a major advantage of the GPL was that, given the more limited routes many users had of getting software and information about software, letting people wrap "open" software up inside a commercial blob, whether modified or not, without source would substantially reduce the ability of people to know that the source was available and find it and use it themselves. I don't think that's as true now, though.
  5. Hardware devices using Linux as the firmware OS. by Anonymous Coward · · Score: 2, Interesting

    Brett,

    I cannot give out my name, but a huge, giant US electronics and appliances corporation (a brand name that everyone has known for well over a century) is using Linux as the core OS and firmware in at least a couple of the products they sell... these products came from a smaller company they bought rather than developed themselves. The people running this division have no intention whatsoever of complying with the GPL and are probably right now trying to "sanitize" the identifying characteristics of their Linux firmware to hide the fact that it is indeed Linux. The devices used to even spell out the Linux banner at bootup time on the text consoles, and state it plainly in the management screens when you telnetted into them, and I saw this personally the last time I had my hands on a couple of these products. I tried to tell these people they are violating the GPL and asked them for the source code. They refused and claimed their lawyers told them Linux was the same as public domain and they could do whatever they pleased with it. This parent corporation is so freakin' huge that their legal staff is about as powerful as MS's or IBM's, or maybe even bigger. How would the FSF even begin to take on these guys?

  6. patent and GPL? by pruss · · Score: 3, Interesting

    I wonder if they have the proper mpeg-2 visual patent licenses for mpeg2enc. They may be caught in a bind. If they obtain the patent licenses for mpeg2 encoding, then they may be violating the GPL since they are not allowing their users to pass the patent licenses on (they can't allow that, as the mpeg2 encoding license won't allow them to allow them that). And if they don't obtain the patent licenses, they're likely to get sued. Since I suspect they're more likely to get sued by someone with money for good lawyers for patent violation than for GPL violation, they may be making a shrewd--though immoral and illegal--decision to pay for the patent licenses but to violate the GPL.

    Or they're just careless.

  7. Re:GPL or LGPL? by Mattintosh · · Score: 1, Interesting

    DLL's aren't a gray area. DLL's are dynamically linked libraries. They're also shared libraries. That means that they have to stand on their own in the OS (they "plug-in" to a loader framework, then stay resident until their memory space is needed for something else). Any app can use any DLL present on the system, and when compiling, this requires only a few hooks to be placed in the code (hooks into the loader framework, not the DLL, thus no GPL violation).

    This means that DLL's are basically a separate app from the app that calls them. They have their own memory space, even (because they're shared and can outlive any app that uses them). Thus, GPL is not violated and does not foist itself upon the main app. The libraries likely underwent changes to make them valid DLL's, and those changes would certainly be covered by the GPL. But the main app is not. Period. It's quite cut-and-dried.

  8. Re:Well.. by Soruk · · Score: 2, Interesting

    If this software package is a GUI glue program that just executes the GPL'd binaries (and the GPL'd bits are stand-alone executables in the application's area) then it may be a case that the glue app isn't violating the GPL even if it's closed source, provided the company gives the source code to the GPL'd components upon request. If one program called another made the caller a derivative of the callee, that would raise some interesting issues concerning starting GPL'd apps in Windows from Windows Explorer (and its shortcuts facility).

    Of course, if the GPL'd bits were subsumed into one big binary which did all the functionality then of course this would be a GPL violation.

    --
    -- Soruk
  9. Comment removed by account_deleted · · Score: 4, Interesting

    Comment removed based on user account deletion

  10. This is incredibly common by Anonymous Coward · · Score: 2, Interesting

    I am the former lead developer of the program BinDiff, which compares the contents of two executables without access to their source code. It's usually used for security purposes, to compare a security-patched DLL with its pre-patched equivalent in order to find the vulnerabilities. We also used it to detect code theft.

    I am still unsure of the legal ramifications of naming names, so I'll be general: GPL violations are incredibly common on Windows, especially in application domains such as CD and DVD rippers. DVDx and CDex get ripped off like there's no tomorrow. Literally every commercial DVD ripping software that I investigated was stealing from DVDx.

    As far as what to do about it, I recieved conflicting advice from the lawyers that I contacted. It is possible that the company has licensed the source code from the open-source developers and does not want to disclose that fact, so announcing it publicly isn't necessarily a good idea. I've also been informed that the company still retains all rights on whatever code that they actually wrote (even if it's just glue), despite the virality of the GPL.

    I guess that your best bet is to contact the leader(s) of the project anonymously and inform them of your discovery. This is not possible in DVDx's case, as the author has disappeared. There's also the GPL-violations mailing list.

  11. Re:Clarifying copyrights by Maxo-Texas · · Score: 2, Interesting

    Sort of.

    I often see the intent of GPL as "we prefer that there were not copyright laws but if you insist there are then you have to obey them with regard to this code".

    I don't see why people get so worked up about it. I mean just write the 500mb of video and audio codecs yourself or else obey the terms for using the code.

    --
    She was like chocolate when she drank... semi-sweet at first and then increasingly bitter.
  12. Re:Clarifying copyrights by radish · · Score: 3, Interesting

    I often see the intent of GPL as "we prefer that there were not copyright laws but if you insist there are then you have to obey them with regard to this code".


    Then I think you see a different intent than most people. What you are describing is much closer to BSD - here's the code, do what you like with it but just don't claim it's yours. The GPL makes use of copyright to ensure that you can only do certain things with the code - most notably that you must share the source of any modifications you make. Note that if copyright law didn't exist I could still quite happily give you a binary but keep the source to myself, which is now what the GPL wants.

    --

    ---- Den ene knappen er powerknapp, den andre er Bender voice knapp "Bite My Shiny Metal Ass"