Slashdot Mirror

← Back to Stories (view on slashdot.org)

Is Showmypc.com an Open Source Pretender?

Posted by ryuzaki0 on from the show-us-the-source dept.

shaitand writes "When looking for a remote support application that penetrates firewalls and can be initiated by my clients with a couple of clicks, I came across Showmypc.com. It was a standalone executable but looked like it would work and best of all it was open source. The only thing I didn't like was the interface, so I went to check out the Sourceforge page. I noticed a substantial problem: CVS is empty and the source on the download page is for the 2.6 version. The version of the executable is 3.53. I mailed the developers that they needed to distribute their modified SSH client and VNC source to be in compliance with the GPL license. They said they didn't modify those programs and ignored my request for the current source code. So I ask again, if this is a GPL'ed application; where is the source?"

37 of 323 comments (clear)

  1. You missed the obvious joke... by Anonymous Coward · · Score: 5, Funny

    "Where's ShowMySource.com?"

    1. Re:You missed the obvious joke... by Divebus · · Score: 4, Interesting
      Right on their front page: "It started as an open source Desktop Sharing and Remote PC access project..."

      And then what happened?

      --

      Most of the stuff on /. won't survive first contact with facts.
    2. Re:You missed the obvious joke... by ajs · · Score: 4, Informative

      Right on their front page: "It started as an open source Desktop Sharing and Remote PC access project..."

      And then what happened?

      And if what they claim (that they use, but haven't modified vnc/openssh) then there's no problem here, and no, as per their Web site, it isn't open source.

      Slashdot really is scraping the "slow news day barrel" this week.
    3. Re:You missed the obvious joke... by Mr2cents · · Score: 3, Insightful

      OpenSSH is not GPL but BSD licensed so there is no problem IMO. I haven't checked for VNC (sorry, I'm just too lazy). And besides, GPL is all about distribution, not about modification; if I modify a GPL program and keep it to myself, there is no problem. There is no way you can force me to give up the changes. But if I distribute it, I have to supply the source code with my modifications.

      So did the guy receive binaries of GPL-based software? If that's the case, he can demand the source. If not, he just wasted our precious time.

      --
      "It's too bad that stupidity isn't painful." - Anton LaVey
  2. REport em by Anonymous Coward · · Score: 3, Interesting

    did you report them to SourceForge?

  3. Why not? by Frosty+Piss · · Score: 5, Insightful

    CVS is empty and the source on the download page is for the 2.6 version. The version of the executable is 3.53

    If it's original work, can't the copyright holder decide to close the source? If it doesn't contain anyone else's work that happens to be GPLd, I don't see a problem here.

    Need more info...

    --
    If you want news from today, you have to come back tomorrow.
    1. Re:Why not? by Skreems · · Score: 3, Insightful

      If it's original work, can't the copyright holder decide to close the source? If it doesn't contain anyone else's work that happens to be GPLd, I don't see a problem here.
      True. But Sourceforge only provides hosting for OSS projects. If they're hosting their binary downloads for the new version on their own site with their own non-Sourceforge hosting, they're fine.
      --
      Slashdot needs a "-1, Wrong" moderation option.
      The Urban Hippie
    2. Re:Why not? by courtarro · · Score: 5, Insightful

      That would be true if the code were unmodified versions of GPL'd code, but glancing through the two helper EXEs (spcplink.exe and spcwinv.exe) reveals quite a few references that look like they might be directly pulled from VNC or OpenSSH. Interestingly enough, these two helper apps are written in Visual C++, while the main app is written in VB6.

      Now that I look closer, I notice that spcwinv.exe is actually referred to as "VNC Server Free Edition for Win32", and the copyright is "Copyright © RealVNC Ltd. 2002-2005", yet the strings within the file have been modified to refer to it as a ShowMyPC product. I'd say that's a dead giveaway.

    3. Re:Why not? by courtarro · · Score: 3, Informative

      Good point about OpenSSH, but VNC is indeed GPL.

    4. Re:Why not? by Anonymous Coward · · Score: 5, Informative

      OpenSSH is BSD-licensed. VNC is a protocol. RealVNC is a commercial product of RealVNC Ltd and can be licensed for inclusion in third party products. It is not open source software.

    5. Re:Why not? by DustyShadow · · Score: 4, Informative

      From http://www.gnu.org/licenses/gpl-faq.html#Developer Violate

      "Is the developer of a GPL-covered program bound by the GPL? Could the developer's actions ever be a violation of the GPL?

      Strictly speaking, the GPL is a license from the developer for others to use, distribute and change the program. The developer itself is not bound by it, so no matter what the developer does, this is not a "violation" of the GPL.

      However, if the developer does something that would violate the GPL if done by someone else, the developer will surely lose moral standing in the community."

    6. Re:Why not? by Skreems · · Score: 3, Interesting

      That doesn't seem true at all. Plenty of OSS programs out there release a GPL version for non-commercial uses, and a pay version under a proprietary and for-pay licensing scheme. That would definitely violate the GPL if they didn't own the copyrights on the code, but they're not "losing moral standing in the community" just because they found a way to finance their project.

      --
      Slashdot needs a "-1, Wrong" moderation option.
      The Urban Hippie
  4. no source in CVS now by xonicx · · Score: 3, Informative

    CVS http://showmypcssh.cvs.sourceforge.net/showmypcssh / is empty.

  5. Use this without source code? by courtarro · · Score: 5, Insightful

    Whereas GotoMyPC is a serious business with a vested interest in keeping users' machines secure, this site has no such commitments, and as such it seems like a pretty bad idea to use it without being able to check the source code. Potential GPL violations aside, a significant reason that we need the source is to confirm that it does what they say it does. Without it, who knows what backdoors they could be offering; it's especially concerning since it's specifically designed to penetrate firewalls. Beware!

    1. Re:Use this without source code? by shaitand · · Score: 3, Insightful

      'The same thing can be said about any piece of software. At some point you have to take the risk that your machine might be exposed.'

      Or... you could just use open source software.

    2. Re:Use this without source code? by root-a-begger · · Score: 3, Insightful

      GoToMyPC did not start as a closed source product from Citrix. It started as a closed source product from Expertcity. Expertcity was an unknown and yet people found reasons to trust it and the company grew enough that Citrix acquired it.

      In short, The parent comments are pure FUD which can be applied to just about any closed source start-up...And this assumes you automatically trust closed-source software from a large company. This also assumes if it were open source that people have reviewed it in enough detail to be trusted...or that you would completely review the open source and its mods before using the product...highly doubtful.

      There may be reasons not to trust any new product. However, broad based FUD slams are counter productive.

      In an earlier post on this article, I reference my new product http://www.shellshadow.com/ which is different tech from ShowMyPc, but may suffer from similar FUD attacks. I don't worry too much about these attacks. I'll just do my best to host a trustworthy service and build from there. I have to assume ShowMyPc intends to do the same.

      trust is a big topic...
      Jon

  6. It's probably because by FUD+spreader · · Score: 3, Funny

    this program contains code that they don't want you to see, because they are a shell company for microsoft that is simply using the VNC platform to spy on people so they can report back to the government.

    --
    If you feel like the government is watching you, they're not. They're watching everyone! Stop BIG BROTHER!
    1. Re:It's probably because by wamerocity · · Score: 3, Funny

      You know I've been on slashdot for a few months now, and it is posts like that make me wish, 1; I had mod points (I've never been given mod points, so I wouldn't even know how to recognize it. Help?) and 2. that there was a "-1 Enough already" mod

      --
      "Thank you for using Stop-n-Drop, America's favorite suicide booth since 2008"
    2. Re:It's probably because by MLease · · Score: 3, Informative

      You would see a message upon logging in stating that you have 5 mod points, which expire in 3 days from the time you get them. You may not have been around long enough to get mod points yet; if you go here, you'll get more info on moderation (scroll down the page a bit to get to the moderation parts).

      -Mike

      --
      I'm sorry; I don't know what I was thinking!
    3. Re:It's probably because by Marcos+Eliziario · · Score: 4, Funny

      I seriously considered modding you down as offtopic just for the fun of it, but it would be anonymous and definitely not fun. But few things could be better as a practical joke than modding down someone discussing slashdot moderation :-)

      --
      Your ad could be here!
  7. Re:Uuuuu... by mini+me · · Score: 5, Informative

    If I use a GPL software and modify it, "I'm not obligated" to release my modifications.

    You are if you distribute a binary version with your modifications.
  8. No source needed by JanneM · · Score: 4, Informative

    They don't need to give public or cost-free access to the source. All that is required is that they give the source to their customers, for a reasonable copy and distribution fee, if they ask for it.

    And as for VNC and friends, well, if they didn't change that code they don't need to give you the source either.

    --
    Trust the Computer. The Computer is your friend.
  9. They may be fully compliant... by BobandMax · · Score: 4, Insightful

    ...because the GPL only requires that an offer of source code be distributed along with the application. Have you purchased a copy of their commercial offering?

    Please read the following from gnu.org's FAQ:

    QUOTE

    If I distribute GPL'd software for a fee, am I required to also make it available to the public without a charge?

    No. However, if someone pays your fee and gets a copy, the GPL gives them the freedom to release it to the public, with or without a fee. For example, someone could pay your fee, and then put her copy on a web site for the general public.

    UNQUOTE

    --

    "Computers are useless. They can only give you answers."
    -- Pablo Picasso
    1. Re:They may be fully compliant... by QuantumG · · Score: 4, Informative
      Ya know. In the GPLv3 that's no longer the case:

      You may convey a covered work in object code form under the terms of sections 4 and 5, provided that you also convey the machine-readable Corresponding Source under the terms of this License, in one of these ways:
        a) Convey the object code in, or embodied in, a physical product (including a physical distribution medium), accompanied by the Corresponding Source fixed on a durable physical medium customarily used for software interchange.
        b) Convey the object code in, or embodied in, a physical product (including a physical distribution medium), accompanied by a written offer, valid for at least three years and valid for as long as you offer spare parts or customer support for that product model, to give anyone who possesses the object code either (1) a copy of the Corresponding Source for all the software in the product that is covered by this License, on a durable physical medium customarily used for software interchange, for a price no more than your reasonable cost of physically performing this conveying of source, or (2) access to copy the Corresponding Source from a network server at no charge. Which got me thinking.. maybe that was the intent in the first place.. If you go read the relevant section of the GPLv2:

      You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following:
        a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or,
        b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, See that "medium customarily used for software interchange" bit? I'm pretty sure that a court would interpret that as "send me a CD-ROM please", not "you can get it from this URL".

      Of course, that means any distribution of object code, even with corresponding source code, that wasn't on physical medium would have been against the GPL.. and I doubt that was the intent.

      BTW, under the GPLv3 the appropriate clause for network distribution of object code forms is:

      d) Convey the object code by offering access from a designated place (gratis or for a charge), and offer equivalent access to the Corresponding Source in the same way through the same place at no further charge. You need not require recipients to copy the Corresponding Source along with the object code. If the place to copy the object code is a network server, the Corresponding Source may be on a different server (operated by you or a third party) that supports equivalent copying facilities, provided you maintain clear directions next to the object code saying where to find the Corresponding Source. Regardless of what server hosts the Corresponding Source, you remain obligated to ensure that it is available for as long as needed to satisfy these requirements. Or the peer-to-peer option of (e).

      Which is one of the many reasons why the GPLv3 is so necessary. Things that were "adequate" in GPLv2 are just not today, as technology keeps moving forward.

      --
      How we know is more important than what we know.
  10. Re:Off-topic, but... by m2943 · · Score: 4, Informative

    Ah, another piece of commercial, proprietary software derived from VNC.

    https://www.copilot.com/press/faq/

    Here's a serious question: has Fog Creek ever given anything back to the open source community?

  11. /. isn't where you report this by UbuntuDupe · · Score: 5, Insightful

    I'm *pretty* sure there's an established procedure for reporting GPL violations, and I'm *pretty* sure submitting a /. story griping about your experience with that software ain't it.

    --
    Apology to Ubuntu forum.
    1. Re:/. isn't where you report this by shaitand · · Score: 5, Informative

      Thank you I actually wasn't aware of that. Whether they are technically violating the license is beside the point, they are distributing what they claim is an open source GPL'd application and not providing the source. Companies falsely claiming to be participating in order to gain the good will of the community should be exposed to that community. Slashdot is a rather convenient outlet to get through to a rather big chunk of it.

  12. Why is this front page news? by Retalin · · Score: 3, Insightful

    This is flame bait... this is not news and it's definately not the proper way to report a GPL violation. Are we really hurting for news submissions?

    --
    Regards, Ryan McAdams
    1. Re:Why is this front page news? by Quiet_Desperation · · Score: 3, Funny

      It was this or the announcement of Barbie Horse Adventures 2: The Gates Of Slaughter. Take your pick.

  13. Re:Off-topic, but... by Anonymous Coward · · Score: 3, Interesting

    Ah, another piece of commercial, proprietary software derived from VNC.
    ...And from the unpaid, or underpaid, work of interns acquired through spamming. From the FAQ:

    How long did Fog Creek Copilot take to write?
    The three programming interns wrote the beta version of Fog Creek Copilot in under two months.

    [...]

    How were the four interns selected for this project?
    Internship postings were made to the Fog Creek software website, www.FogCreek.com as well as to CEO Joel Spolsky's blog, www.JoelonSoftware.com. Fog Creek Software also mailed applications to hundreds of students at top universities. The posts sought out those enrolled in a four year academic institution with preference to those between Junior and Senior year with top grades, a track record of success, top notch computer programming skills for the Software Development Interns, and coursework in marketing or business experience as well as programming experience for the Software Marketing Intern. 800 students from top universities applied and 4 were chosen.

    From the FAQ. (emphasis added).
  14. The main page has been updated... by shaitand · · Score: 4, Insightful

    They removed the link to the sourceforge page.

  15. Re:Off-topic, but... by vico · · Score: 4, Informative

    Ah, another piece of commercial, proprietary software derived from VNC.

    And this is wrong how, seeing as they provide the source?

    Here's a serious question: has Fog Creek ever given anything back to the open source community?

    The source isn't enough for you?
  16. Re:Off-topic, but... by Jugalator · · Score: 3, Insightful

    Ah, another piece of commercial, proprietary software derived from VNC.

    Commercial. Proprietary. Yes, the magic words that get some people's blood to boil. You wield them well.

    Here's a serious question: has Fog Creek ever given anything back to the open source community?

    My question would be why you care? In case their VNC core comes from licensed software allowing a commercial derivate as a binary, there is no problem. I believe AT&T's core was GPL'ed so that would raise some questions, but it's possible that by "VNC core" they mean some VNC-compatible derivate with a compatible license. In that case, the devs of that core also specifically intended use of it like this, being more open than just for OSS devs to use. Yes, there is a "more open" than that. And those developers don't have an issue with this, and maybe just you not wanting to see a 100% free use of their code. And if it doesn't follow the license, there's a breach of license, and then that would indeed be bad.

    But this is clearly an issue of whether licenses are followed, not about a company doing "good" or "bad". If they follow the license of the developers -- that is using the software like they specifically intended others to use it -- they are per definition doing good. At least unless if you disagree with how their VNC core devs chose their license.

    If there's something I get annoyed about, it's not about companies properly using licenses, but people like you who try to impose a personal code of ethics on companies who only use the code the way the original devs intended it to.
    --
    Beware: In C++, your friends can see your privates!
  17. UltraVNC by jon287 · · Score: 3, Informative

    UltraVNC and UltraVNC "single click" can do just what you want, is greatly customizable, and completely free.

    --
    To boldly use to and too two times and get it right too! They're not gonna believe their eyes when they see it there!
  18. Re:Off-topic, but... by Anonymous Coward · · Score: 3, Insightful

    Don't you dare complain about doing the minimum. If you want more than that, write your own license and start to use it instead of the GPL.

  19. Re:Off-topic, but... by NickFitz · · Score: 5, Informative

    And from the unpaid, or underpaid, work of interns

    Yes, all they got was:

    • Weekly stipend of $750
    • Free housing in an area dorm (usually with private rooms)
    • Free gym membership
    • Free MetroCard (gets you on any bus or subway in New York)
    • Free soft drinks
    • Free lunches
    • Free weekly social events. 2005 events included attending a Yankees game, a boat trip around Manhattan, walking tours, museum trips, two Broadway shows, a movie opening, and parties.

    Doesn't seem that shabby...

    --
    Using HTML in email is like putting sound effects on your phone calls. Just say <strong>no</strong>.
  20. Comment removed by account_deleted · · Score: 3, Informative

    Comment removed based on user account deletion