Slashdot Mirror

← Back to Stories (view on slashdot.org)

Is Showmypc.com an Open Source Pretender?

Posted by ryuzaki0 on from the show-us-the-source dept.

shaitand writes "When looking for a remote support application that penetrates firewalls and can be initiated by my clients with a couple of clicks, I came across Showmypc.com. It was a standalone executable but looked like it would work and best of all it was open source. The only thing I didn't like was the interface, so I went to check out the Sourceforge page. I noticed a substantial problem: CVS is empty and the source on the download page is for the 2.6 version. The version of the executable is 3.53. I mailed the developers that they needed to distribute their modified SSH client and VNC source to be in compliance with the GPL license. They said they didn't modify those programs and ignored my request for the current source code. So I ask again, if this is a GPL'ed application; where is the source?"

36 of 323 comments (clear)

  1. no source in CVS now by xonicx · · Score: 3, Informative

    CVS http://showmypcssh.cvs.sourceforge.net/showmypcssh / is empty.

  2. Re:Uuuuu... by mini+me · · Score: 5, Informative

    If I use a GPL software and modify it, "I'm not obligated" to release my modifications.

    You are if you distribute a binary version with your modifications.
  3. No source needed by JanneM · · Score: 4, Informative

    They don't need to give public or cost-free access to the source. All that is required is that they give the source to their customers, for a reasonable copy and distribution fee, if they ask for it.

    And as for VNC and friends, well, if they didn't change that code they don't need to give you the source either.

    --
    Trust the Computer. The Computer is your friend.
    1. Re:No source needed by Eskarel · · Score: 2, Informative
      They need to give the source to anyone they distribute to(assuming the program is actually GPL) who asks. If they distribute free to everyone, then anyone who asks for it has to be given the source, that's the whole point of the license.

      If they distribute it to their customers only and one of their customers gives it to you, then you can ask the customer for the source and they have to provide it to you.

      If they've release a piece of software under the GPL then they have to do this(they can close future versions of the product and stop distributing the gpl'd versions, but as far as I can determine you can't ungpl something you've already distributed as gpl). They also have to do this if any of the software they've modified or linked to is GPL(exceptions for lesser GPL).

      That said, I can't find anywhere on their website where they actually say they're GPL, only that they're open source, so if the license for plink ssh and myvnc is a BSD license they could probably claim to be releasing the product under a BSD license now and simply not give you the source.

    2. Re:No source needed by Anonymous Coward · · Score: 1, Informative

      If the source does not come with the binary, the offer must be to give "any third party" the source. The offer can not be limited to recipients of the binary or the offer. It is a real mystery why so many GPL licensees choose not to include the source with the binary, even though that means they have to keep the version of the source available for at least three years and give it to anyone who asks. They could just put it on the installation CD and be done with it.

    3. Re:No source needed by shaitand · · Score: 2, Informative

      'But the OP isn't a customer. He has not been given a binary of the system by anybody. GPL or not, he simply has no right to the source as things stand. He can get the source in one of two ways: he can become a customer by buying a binary, or he can ask one of their existing customers to give or sell him a binary. Only at that point does he actually have a right to get the source code (for a fee if needed) as well.'

      They distribute the binaries for free on the website. You can go download one now and be entitled to the source.

    4. Re:No source needed by Anonymous Coward · · Score: 1, Informative

      And as for VNC and friends, well, if they didn't change that code they don't need to give you the source either.

      Read the GPL. That only applies if it's non-commercial distribution.

    5. Re:No source needed by 42forty-two42 · · Score: 1, Informative

      If they didn't modify the source, they must pass on the written offer to provide source code they received, provided they're distributing the binary noncommercially. For commercial uses, or if they don't (or can't) pass on said written offer, then they must provide source code, even if it is unmodified. Of course, they need only provide source to people they give the binary to (including free demos or whatever).

    6. Re:No source needed by vondo · · Score: 2, Informative

      And as for VNC and friends, well, if they didn't change that code they don't need to give you the source either.

      Simply not true. If you distribute GPL'd code, you have to distribute the source (in a manner prescribed by the GPL). Whether you modified it or not does not matter one bit and if you offer your product for download, you have to host the source on your own servers. A link to the source code at some other location is NOT good enough.

      There have been smaller linux distributions that get burned over this, but it is the rule under the license.

  4. Re:Off-topic, but... by m2943 · · Score: 4, Informative

    Ah, another piece of commercial, proprietary software derived from VNC.

    https://www.copilot.com/press/faq/

    Here's a serious question: has Fog Creek ever given anything back to the open source community?

  5. Who are you? by QuantumG · · Score: 2, Informative

    I mailed the developers that they needed to distribute their modified SSH client and VNC source to be in compliance with the GPL license. Uhhh, dude, you're not the copyright holder, who have no right to say what they "need" to do. Find the copyright holder, tell them, if they want to do something about it, they will. Otherwise, suck it up.

    --
    How we know is more important than what we know.
  6. Re:Why not? by Alaria+Phrozen · · Score: 2, Informative

    Yes, VNC is GPL. Hence the whole issue.

    "VNC was originally developed at AT&T. The original VNC source code and many modern derivatives are open source under the GNU General Public License." http://en.wikipedia.org/wiki/VNC

  7. Re:Why not? by courtarro · · Score: 3, Informative

    Good point about OpenSSH, but VNC is indeed GPL.

  8. Re:Why not? by Anonymous Coward · · Score: 5, Informative

    OpenSSH is BSD-licensed. VNC is a protocol. RealVNC is a commercial product of RealVNC Ltd and can be licensed for inclusion in third party products. It is not open source software.

  9. Re:It's probably because by MLease · · Score: 3, Informative

    You would see a message upon logging in stating that you have 5 mod points, which expire in 3 days from the time you get them. You may not have been around long enough to get mod points yet; if you go here, you'll get more info on moderation (scroll down the page a bit to get to the moderation parts).

    -Mike

    --
    I'm sorry; I don't know what I was thinking!
  10. Re:/. isn't where you report this by QuantumG · · Score: 2, Informative

    http://www.gnu.org/licenses/gpl-violation.html

    There ya go.

    --
    How we know is more important than what we know.
  11. Re:It's probably because by rts008 · · Score: 2, Informative

    MLease is giving you the straight info. The moderating guidelines spell it out pretty well (MLease's link), and will give you a good idea what to do.

    You will see in each post (when you have mod points) a window with a drop-down menu with the choices available (-1 Troll; +1, Informative, etc.). It will show up near where you are used to seeing the 'Reply to This' link. If you want to mod that post, select from the window and go on. At the very bottom of the page will be a 'Moderate' button. Just click on that button to 'apply the mods' you made-if you forget this, your mods won't take effect. Pretty intuitive when you actually see it.

    As for #2, you could use : '-1, overrated' as a safe starting point. I do get your point about having some mod category updates though, but overall, /. does pretty good IMHO.

    --
    Down With Slashdot BETA!!! I've been around the corner and seen the oliphant; you can only abuse me from your perspecti
  12. Re:Why not? by DustyShadow · · Score: 4, Informative

    From http://www.gnu.org/licenses/gpl-faq.html#Developer Violate

    "Is the developer of a GPL-covered program bound by the GPL? Could the developer's actions ever be a violation of the GPL?

    Strictly speaking, the GPL is a license from the developer for others to use, distribute and change the program. The developer itself is not bound by it, so no matter what the developer does, this is not a "violation" of the GPL.

    However, if the developer does something that would violate the GPL if done by someone else, the developer will surely lose moral standing in the community."

  13. UltraVNC + tightvnc by bluefrogcs · · Score: 2, Informative

    Create a distributable exe via http://www.uvnc.com/addons/singleclick.html You can set it for connection ports, etc .. all you need after that is any vnc that is running in listener mode. client runs the exe that was created, connects to the listener machine and displays the remote desk. Client closes exe at teh end of the session and session is teminated and can't be reinitiated from the listener end. Goes through firewalls, routers, etc .. Total cost = 0 .. No additional login info needed .. I used to have my clients config vnc server and make connections that way, this is much easier and more secure for them.

  14. Re:They may be fully compliant... by QuantumG · · Score: 4, Informative
    Ya know. In the GPLv3 that's no longer the case:

    You may convey a covered work in object code form under the terms of sections 4 and 5, provided that you also convey the machine-readable Corresponding Source under the terms of this License, in one of these ways:
      a) Convey the object code in, or embodied in, a physical product (including a physical distribution medium), accompanied by the Corresponding Source fixed on a durable physical medium customarily used for software interchange.
      b) Convey the object code in, or embodied in, a physical product (including a physical distribution medium), accompanied by a written offer, valid for at least three years and valid for as long as you offer spare parts or customer support for that product model, to give anyone who possesses the object code either (1) a copy of the Corresponding Source for all the software in the product that is covered by this License, on a durable physical medium customarily used for software interchange, for a price no more than your reasonable cost of physically performing this conveying of source, or (2) access to copy the Corresponding Source from a network server at no charge. Which got me thinking.. maybe that was the intent in the first place.. If you go read the relevant section of the GPLv2:

    You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following:
      a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or,
      b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, See that "medium customarily used for software interchange" bit? I'm pretty sure that a court would interpret that as "send me a CD-ROM please", not "you can get it from this URL".

    Of course, that means any distribution of object code, even with corresponding source code, that wasn't on physical medium would have been against the GPL.. and I doubt that was the intent.

    BTW, under the GPLv3 the appropriate clause for network distribution of object code forms is:

    d) Convey the object code by offering access from a designated place (gratis or for a charge), and offer equivalent access to the Corresponding Source in the same way through the same place at no further charge. You need not require recipients to copy the Corresponding Source along with the object code. If the place to copy the object code is a network server, the Corresponding Source may be on a different server (operated by you or a third party) that supports equivalent copying facilities, provided you maintain clear directions next to the object code saying where to find the Corresponding Source. Regardless of what server hosts the Corresponding Source, you remain obligated to ensure that it is available for as long as needed to satisfy these requirements. Or the peer-to-peer option of (e).

    Which is one of the many reasons why the GPLv3 is so necessary. Things that were "adequate" in GPLv2 are just not today, as technology keeps moving forward.

    --
    How we know is more important than what we know.
  15. Re:/. isn't where you report this by shaitand · · Score: 5, Informative

    Thank you I actually wasn't aware of that. Whether they are technically violating the license is beside the point, they are distributing what they claim is an open source GPL'd application and not providing the source. Companies falsely claiming to be participating in order to gain the good will of the community should be exposed to that community. Slashdot is a rather convenient outlet to get through to a rather big chunk of it.

  16. Re:You missed the obvious joke... by ajs · · Score: 4, Informative

    Right on their front page: "It started as an open source Desktop Sharing and Remote PC access project..."

    And then what happened?

    And if what they claim (that they use, but haven't modified vnc/openssh) then there's no problem here, and no, as per their Web site, it isn't open source.

    Slashdot really is scraping the "slow news day barrel" this week.
  17. Re:Off-topic, but... by vico · · Score: 4, Informative

    Ah, another piece of commercial, proprietary software derived from VNC.

    And this is wrong how, seeing as they provide the source?

    Here's a serious question: has Fog Creek ever given anything back to the open source community?

    The source isn't enough for you?
  18. Re:Why not? by sumdumass · · Score: 2, Informative

    Lets reword that a little.

    If the developer makes use of ANY GPL code that the developer doesn't already own the copyright to, they must remain bound by the license.

    I knew what you were getting at but it took me a couple seconds to stop second guessing it.

  19. UltraVNC by jon287 · · Score: 3, Informative

    UltraVNC and UltraVNC "single click" can do just what you want, is greatly customizable, and completely free.

    --
    To boldly use to and too two times and get it right too! They're not gonna believe their eyes when they see it there!
  20. Re:You missed the obvious joke... by nxsty · · Score: 2, Informative

    And if what they claim (that they use, but haven't modified vnc/openssh) then there's no problem here, and no, as per their Web site, it isn't open source. I don't know about BSD code or other licenses but if they're using GPL code they need to make the sources available, whether they've modified them or not. They can't just refer to the original distributor since they're distributing it themselves.
  21. Re:Why not? by Anonymous Coward · · Score: 2, Informative

    You are confusing VNC and RealVNC, which is not derived from the original VNC GPLed code.

  22. Re:Off-topic, but... by NickFitz · · Score: 5, Informative

    And from the unpaid, or underpaid, work of interns

    Yes, all they got was:

    • Weekly stipend of $750
    • Free housing in an area dorm (usually with private rooms)
    • Free gym membership
    • Free MetroCard (gets you on any bus or subway in New York)
    • Free soft drinks
    • Free lunches
    • Free weekly social events. 2005 events included attending a Yankees game, a boat trip around Manhattan, walking tours, museum trips, two Broadway shows, a movie opening, and parties.

    Doesn't seem that shabby...

    --
    Using HTML in email is like putting sound effects on your phone calls. Just say <strong>no</strong>.
  23. Re:It's probably because by WombatDeath · · Score: 2, Informative

    If you have all that new-fangled Ajaxy stuff enabled (checkbox at top of page) the moderation happens immediately, which is very handy.

  24. Use the Wayback Machine by kentrel · · Score: 1, Informative

    The site now says "based on open source products". If you look at the old versions of the site they all say "an open source remote PC access implementation". Seems they were deliberately misleading people to me, and now they've just changed it. Check it out

  25. sourceforge requires sources in their conditions. by leuk_he · · Score: 2, Informative

    No..

    sourceforge REQUIRES you upload the source. This is a sourceforge requirement, and is independent of the gpl.

    Just create a support ticket on sourceforge and in some weeks(in my expierience) that project is either closed or the source is put in the file release system.

  26. Comment removed by account_deleted · · Score: 3, Informative

    Comment removed based on user account deletion

  27. Re:You missed the obvious joke... by psykocrime · · Score: 2, Informative
    Why?

    Because the GPL requires it. See http://www.gnu.org/licenses/gpl-faq.html#UnchangedJustBinary and read the
    next 4 or 5 entries.

    Providing a legitimate link to source is just as good. Otherwise, they could be in for chewing up valuable bandwidth and transfer charges.

    It's not "just as good" to provide a link to a site you don't control or have some sort of agreement in place with. From the GPL FAQ:


    The GPL says you must offer access to copy the source code "from the same place"; that is, next to the binaries. However, if you make arrangements with another site to keep the necessary source code available, and put a link or cross-reference to the source code next to the binaries, we think that qualifies as "from the same place".


    Note, however, that it is not enough to find some site that happens to have the appropriate source code today, and tell people to look there. Tomorrow that site may have deleted that source code, or simply replaced it with a newer version of the same program. Then you would no longer be complying with the GPL requirements. To make a reasonable effort to comply, you need to make a positive arrangement with the other site, and thus ensure that the source will be available there for as long as you keep the binaries available.

    --
    // TODO: Insert Cool Sig
  28. Re:Off-topic, but... by shaitand · · Score: 2, Informative

    'That seems awfully like you are claiming a violation of the license.'

    Actually its UltraVNC and RealVNC both, and the versions they used are GPL'd. So yes, I told THE DEVELOPERS they were violating the license. I told SLASHDOT they were failing to provide source for their own so-called GPL'd application.

    'I would love to know why you think open source means GPL.'

    The GPL is an open source license and the one they are claiming their program is licensed under.

  29. Re:FOSSie outrage machine by Anonymous Coward · · Score: 1, Informative
    You don't see Darth Cheney setting up a charitable organization.

    The Cheneys donated 78% of their 2005 income to charity. That includes all of their Haliburton stock options and book royalties. GW Bush and his wife average about 12% every year. The Clintons average about 9% and the Gores about 5%. In fact, in 1997 the Gores gave a grand total of $353 dollars to charity. That's not a typo. Three hundred and fifty eight dollars, less than two tenths of a percent of their income.

    Barack Obama made a big deal of his charitable giving, but failed to mention this is a recent development for him that's utterly transparent. In 2002, the year before he declared his candidacy the Obama household income was $259,399 (in the top 2%). That year they donated just $1,050 to charity, or 0.4%. The national average was 2.2% that year.

    http://online.wsj.com/article/SB117686685252673734.html?mod=opinion_main_commentaries

  30. Re:UltraVNC: 1) Repeater, 2) NAT-to-NAT 3) UVNC SC by devilspgd · · Score: 1, Informative

    It's crazy to use closed-source remote software, in my opinion. They say, in effect, "You can trust us, none of our employees built in a back door. Really. You can trust us also that our company hasn't been sold recently, or changed policies without notifying customers." Is open-source software any safer? Sure -- Except that you need someone sufficiently competent and skilled reading the source.

    How many open source products do you use? How many have you read end to end? How many do you understand well enough to re-implement any random portion of the code, and without referring to any comments?

    Do you understand the math behind encryption and signing well enough to eyeball a typo (intentional or otherwise)?

    If the answer to any of the above is negative, you are just as safe with closed source.
    --
    Give a man a fish, he'll eat for a day, but teach a man to phish...