Slashdot Mirror
Bell, SuperMicro Sued Over GPL
Markus Toth writes "The Software Freedom Law Center (SFLC) has filed two more copyright infringement lawsuits on behalf of the developers of the Linux-based BusyBox utility suite. The suits allege that Bell Microproducts and SuperMicro Computer each violated redistribution stipulations of the GNU General Public License (GPL).The Bell Microproducts suit pertains to the Hammer MyShare NAS (network-attached storage) appliance, which is sold by Bell's Hammer Storage division. I was the one who alerted the busybox developers about the GPL violation after providing a script for disassembling the firmware and instructions about mounting the contained initrd. As you see in my first post at the gpl-violations.org mailing lists where I posted all mails that I sent to and received from Hammer Storage, they refused to provide me the GPL sources several times. Looks like they will have to provide them soon; I will post any updates in the nas-central blog."
I assume someone had to go and evaluate the software for inclusion in the product. Is is that hard to whack a tarball onto a server and give out the link.
We hear so many of these large companies have problems with this. Why?
My little Linux and tech blog
For those that use this as a reason to NOT use the GPL...
What would have happened if they instead used a copy of WinNT4.0 without paying Microsoft? Microsoft would want blood, and would extract it via the BSA.
The creators of Busybox just want you to host the changes you've done to it. They wanted no money.
In other words: What would $proprietary_software_manufacturer do?
Good work, Mr. Toth.
The simple truth is that interstellar distances will not fit into the human imagination
- Douglas Adams
It's cheaper to use the "available" code when the executives in charge of the project cannot be bothered to familiarize themselves with the project AND stand to make a bonus the sooner it ships.
Are the files at the bottom of
http://www.hammer-storage.com/support/software_updates.asp
not the right stuff?
I caught them, yes I did... Good job mate.
If someone sent me a demand for code in poor grammar with some cheesy pseudonym, I would probably blow them off as well.
Now maybe if Markus has written a halfway compelling email, he would have received a more informative response. But when you send a jumble of words that fails to reach the 6th grade reading level to someone who has other priorities, it shouldn't come as a surprise that you get blown off.
Of course, if I were distributing a project based in part on GPL code, I would make darn sure to have the GPL'd code available for people to download with out hassling me or the engineers.
-Rick
"Most people in the U.S. wouldn't know they live in a tyrannical state if it walked up and grabbed their junk." - MyFirs
Is this really such a big thing? Surely they only have to mirror the sources from their original location unless they've made modifications?
Shouldn't time an effort be spent on finding the guys who modify the sources, and make a profit, rather than those who merely fail to mirror and honour the distribution agreement because they're lazy?
This reminds me of the Debian upstream/downstream problem that rears it's head up now and again: if the sources are freely available, does every man and his dog have to distribute the unmodified version if they merely make use of it downstream?!
Matt
I've never seen busybox on any of it and I generally buy a dozen or so servers per year (mostly from serversdirect.com).
If they're taking the piss I'll look out for an alternative for future purchases.
Nullius in verba
Can anyone shed any light on why companies repeatedly do this with Busybox?
I can sort of understand their motivation (if not their ethics/commercial sense!) if they've got a highly modified Lunix kernel where they've made extensive changes to the networking stack to enable their "unique" feature or similar, but why with Busybox? Surely the path of least resistance is just to make the tar ball available (or realise, you've stuffed up, and start making the offer and send any that ask the tarball to play catch-up). Are any of these guys really making proprietary improvements with amazing IP involved to Busybox? It seems an unlikely place to do it..
Maybe they've ported it to the latest tiniest CPU, but they still get a time to market advantage their (particularly versus producing Busybox like functionality from scratch!), but even that seems unlikely to be worth fighting hard when you'll quickly realise you'll lose.
Why go to the hassle?
I suspect that this probably boils down to default policies and a lack of understanding of the GPL more than anything, sadly. By default most companies would have a "We don't make available ANY of our IP unnecessarily" and that hasn't yet gelled with the GPL. No one wants to stand up and make the call that compiling Busybox didn't involved much of the companies IP, and releasing the source is an obligation.. The people involved with the IP aren't the same people that make the 'legal' calls and so companies come across with these silly positions..
--Q
The myshare source files are made available under various open source code licenses, including the GNU General Public License (GPL). Please review the license terms included with each download for the rights, obligations and restrictions associated with the open source file.
Installation instructions
title / description download posted release notes
Myshare Home v.1 GPL Source Code
47.6 MB 06/11/08
Myshare Home v.2 GPL Source Code
158.1 06/11/08
Myshare Office v.2 GPL Source Code
220.8 MB 06/11/08 Looks like they just got them up last week (apparently 5 months after the GPL-Violations post).
-Rick
"Most people in the U.S. wouldn't know they live in a tyrannical state if it walked up and grabbed their junk." - MyFirs
Besides which, the complaints about lawsuits typically have less to do with quantity and more to do with quality. Otherwise the discussion threads would be much shorter.
As I understand the GPL V2, unless Mr. Toth has actually purchased the products in question the vendor is under no obligation to distribute the source to him.
Refusing to send source to a valid owner is definitely a violation, of course, but if you sell a device that contains GPL code I don't think you are required to give the source to the public at large, just people who bought your product and then request said source.
Yes, I'm being pedantic, but lawyers are worse.
Soko
"Depression is merely anger without enthusiasm." - Anonymous
Growing up tattling was always frowned upon, however in cases like this .. it should be brought forward. But also if it news worthy .... you would expect you wouldn't have to try and toot your own horn, someone else would have posted the story for you.
Fear that your competition will download it and leap-frog all "your" development "efforts" by using "your" code in their device.
I'm serious. If they UNDERSTOOD the process, they would ANNOUNCE that it was GPL'd and that anyone who wanted to could modify it or add features, etc.
Just like LinkSys found with their wireless routers.
Hammertime!
c++;
...not really. Commercial companies that use and contribute to open source projects are just opening themselves up to litigation due to GPL and copyright violations. Hopefully they'll learn that using closed, proprietary designs is the safest way to go.
Interesting reading. Its made more so by some of the comments put up about a review of a book about a GPL script.
http://books.slashdot.org/books/08/06/11/1345255.shtml
"I'm supposed to BUY this?"
"there's a whole parasitical industry built up around it..... It's amazing the number of people that do, indeed, expect you to pay for Joomla stuff."
"Buy it scan it torrent it done"
Its seems like there is great confusion amoung GPL die hards as to what part to pay for... the freedom or the beer....
Come on, supermicro produced the source, but the SFLC is suing because they didn't include the scripts used to compile the source.
Pretty lame lawsuit.
Very true. But out of the hundreds of anonymous threats of action that an organization may field in a month, how are we to identify those that are real threats from those that are just simple saber rattling?
The fastest way to determine threats is to look at the amount of energy someone put into developing their threat. If someone writes a very clear email, with a strong, yet respectful tone, and cites specific license violations, and put some obvious effort into doing so, they are with all likelihood better educated, more motivated, and present a much higher threat to the organization. If someone throws a random pile of characters, words and a link to a license into an email that would make almost any spell checker pop up a message box that says, "Warning, if you send this you will look like an idiot!" it means to me that they aren't willing to spend enough time on the issue to run a spell checker, so they likely aren't willing to spend enough time on the issue to do much else.
If we took threats like Markus' seriously, lawyers would start sending out letters in crayon that read "u bad give $$$" so that they could get back to the golf courses sooner.
To skip to my real problem here... I loathe lawyers. Had Markus not been an idiot and Mr. Vang not been a douche, the lawyers could have been left out of it.
-Rick
"Most people in the U.S. wouldn't know they live in a tyrannical state if it walked up and grabbed their junk." - MyFirs
I think I have just come up with a new business plan:
... a hacker's dream!
1. Create Linux-based device.
2. Sell without providing source (PROFIT).
3. Wait until GPL violation is discovered.
4. Wait until outcry over GPL violation ensues (PUBLICITY).
5. Provide source code.
6. Linux-based device, with source code
7. ???
8. PROFIT!!!
Please correct me if I got my facts wrong.
I mean, if you got a lot of money, and you are infringing on the terms of the GPL license, why not just go for broke and get the whole dang thing tossed out of court? Right now, a lot of GPL cases are being settled behind the scenes but no one has ever really made a fantastic push to just gut the license.
Right off the wheel, if they were infringing, they could argue that:
a) Putting something into GPL is the same as putting it into the public domain because there is no control over distribution and no economic damages associated with infringement. Does Bells use of GPL code actually cause economic harm to the developers, and the answer is arguably no.
b) Third parties cannot file or sue on behalf of GPL'd items because they do not suffer economic loss. Basically, this would mean that in order to bring a GPL case, the authors of the GPL code would actually have to file the complaint.
Point a would basically render the GPL useless, and point b would at least make it impractical to enforce.
Seriously. why not just get the law settled?
This is my sig.
The GPL only restricts your freedom in a way similar to laws that prohibit slavery are restricting your freedom to take slaves. The GPL only takes away your freedom to take away the freedom of your users and the original authors of your code.
GNU more Mr. Nice Guy...
*Pulls on asbestos undies*
Chas - The one, the only.
THANK GOD!!!
What about all this guff about the appliccability of an EULA with commercial software? What about the fuzzy DRM or activation of software (XP was said to be given a crack to remove activation when people at the time complained about it, so that people would accept activation. We may find out if they do this, but what's the legal jig if they don't?).
The only place where GPL is "fuzzy" is where it gets bundled or where it gets a derivative. And that's ENTIRELY your legal definition of laws defined to cover books and music (which are inherently Open Source) being stretched to cover binary software (which is Closed).
Fix your laws.
That's certainly preferable from a business standpoint, but far fewer people are going to be willing to contribute under than license, which leads to inferior products in general. There's a reason these companies don't use a BSD OS.
I would agree whole heartedly with you. Setting up a process up front with the GPL code is the best option. But if you are Joe-Blow the middle manager, and you are not intimately familiar with the GPL, and you get a poorly written email like that, what would you do?
;) How many times have we all harped on our not-so-technical friends and co-workers about clicking on links from unknown senders?
Heck, if it were one of my non-IT coworkers/managers I would hope that they would delete it. Poor grammar/spelling, check. Unknown sender, check. Vague legal threat, check. Link to an unfamiliar domain, check. Must be a phishing email, delete it.
As for promotions based on a person's incompetence, there is a theory to it, the Peter Principle. You'll get some of that everywhere.
-Rick
"Most people in the U.S. wouldn't know they live in a tyrannical state if it walked up and grabbed their junk." - MyFirs
...which is sold by Bell's Hammer Storage division...
I think the Screwdriver Storage Facility in my garage sounds more impressive.
You're required to provide sources upon request only to those you've distributed binaries to. You're not required to put them on the net, you can charge a reasonable handling fee, and you're not required to provide them to third parties.
So you'd be well within your rights to say, "Send $25 and the UPC from the box and I'll mail you a disk, or you can go download it from sunsite."
Those who would give up liberty to obtain working drivers, deserve neither liberty nor working drivers.
...One idiot manager forgetting to put code up. One asshole GPL guy. Suddenly you have a lawsuit... I seem to remember noting that letters were sent requiring compliance, and failure to respond to them was the trigger for the lawsuit. These guys ain't the RIAA, BSA, etc who blast their way in demanding restitution, they're blokes who've seen their code used and when politely reminded the users of their requirements have had no response.Mind you, if I was ever to find any of my code turn up in something like Windows, you can bet that I would instantly fire a lawsuit against Microsoft instead of negotiation - only because of their hypocrasy: they come down hard (via the BSA) on infringers so they shouldn't expect any leniency from me.
Sounds like "Busybodies for Busybox" strikes again!
We should all join the BfB.
As a software engineer, I understand the importance of adhering to and enforcing a software license, however these constant lawsuits are eventually going to cripple the free software movement. Before I am tared and feathered, let me explain. Many companies are adopting OSS as a means of rolling out custom products faster. It is easier to use something that already exists rather than rebuilding it themselves. The problem is that as we all know, many OSS projects tend to be buggy or lacking in some obscure feature. What invariably happens is that along the way, is that some engineer decides to make a modification to a package in order to make it fit their unique needs (usually without authorization from the legal dept). Next thing you know you have a product that is heavily dependent on some customized OSS package that was never supposed to be used in such a capacity. Now the company is forced to turn over software that they invested in and are exposed to risk of litigation because of a breakdown in the dev process. Now I am not saying that companies should be able to rape OSS projects for free development work but there has to be a balance. I think the FSF and the Gnu people should work out some sort of process where corporate customizations can be evaluated for context and value of the original package. And maybe have a source review process where the OSS developer can review what was added without exposing trade secrets of the corporations trying to use the OSS. I think it is insane to treat corporations as the enemy. OSS developers should be working with Corporations not suing them. This is the sole reason I release all my code under BSD license. I want people to use my products not sit and wonder about whether I have released my software as a trap for a future lawsuit. This whole OSS litigation process reminds me so much of patent trolling it is scary.
a) They can still license their code under something other than the GPL for a price, so if you just take it you're depriving them of that.
b) True, but the SFLC can offer to represent the authors pro-bono, which I imagine is what's happening.
Obviously, YANAL.
What ultimately happened with Actiontec/Verizon? Did they release source for the FiOS routers?
For years I had heard claims and counterclaims regarding whether you only had to give source to customers who had the binaries. Your post seems to clear this up well - it's not already being distributed with source code and if it's commercially sold you must give the source code to anyone who asks (not just those who bought the binaries).
Am I the only one who, while browsing ones slashdot RSS-feeds, keeps reading that Bell and SuperMario where sued by the GPL?
Or, I can develop my own software, and maintain my competitive advantage over my competitor.
Anyone who produces products has to decide what is more valuable - being able to use free software from the community, or being able to keep your software secret. If all you are going to add to the software is something that anyone else could create without much effort (i.e., software is not your key differentiator) then open source is the way to go.
But if you're going to make a massive improvement to whatever software you might take, something that is going to cost you a lot of money to develop (and would thus cost a competitor lots of money to develop), it makes the most sense to keep it to yourself.
Put more simply, a product that is 90% open source software from the community and 10% improvement is probably best released as open software - you get 90% for the cost of 10%. But a product that would be 10% software from the community and 90% software you develop yourself, it makes more sense to also redo the 10%. Trading away 90% for 10% would just be a bad business decision.
paintball
Because 99% of them get away with it. I've seen gpl'd code used all over the place, mostly not entire apps but big sections of cut and pasted code that is then compiled and linked in to some larger, proprietary app. Happens far, far more often than you'd think.
That's fine as long as it's not distributed.
Ah, hell, a big Novell muckity-muck was telling people to do this the other day (trying to get away with redistributing anyway). Novell, how we hate thee.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
New tactic to skirt the GPL: Comply with nothing but the BusyBox license. Put up BusyBox on your FTP site and buy a year until GPLViolations gets a new group to cooperate.
I know, they're not that smart, so GPLViolations will continue to enjoy success. But the point is nobody else seems to be enforcing the license.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
From the GPLv2 preamble:
Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things.Most people who buy hardware from Linksys (and various other distributors GPL-covered code) never find out about the freedoms they're afforded by the GPL. When are we going to see enforcement of section 1 of GPLv2? It reads:
1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of the Program a copy of this License along with the Program.http://outcampaign.org/
Oh really? How? The terms of the GPL are very clear, and people keep getting sued because they persist making up their own rules instead of following the actual rules. The GPL is only effective because the risk of lawsuits is real.
Many companies are adopting OSS as a means of rolling out custom products faster. It is easier to use something that already exists rather than rebuilding it themselves. What invariably happens is that along the way, is that some engineer decides to make a modification to a package in order to make it fit their unique needs (usually without authorization from the legal dept). Next thing you know you have a product that is heavily dependent on some customized OSS package that was never supposed to be used in such a capacity. Now the company is forced to turn over software that they invested in and are exposed to risk of litigation because of a breakdown in the dev process.Oh, cry me a river! If your company can't get its act together, then it's best for everyone that your company's competitors---who actually do follow the rules---eat your lunch.
Now I am not saying that companies should be able to rape OSS projects for free development workIn effect, that's exactly what you are saying.
but there has to be a balance.Why? Between what extremes? What would be the impact?
I think the FSF and the Gnu people should work out some sort of process where corporate customizations can be evaluated for context and value of the original package. And maybe have a source review process where the OSS developer can review what was added without exposing trade secrets of the corporations trying to use the OSS.What? Who would do the evaluation? How do you judge "value"? Who is going to bear the cost of this process? Why are trade secrets being intermingled with GPL-covered code? What's would the BusyBox gain by doing this? What would society gain?
The FSF and the GNU people have worked a lot of things out. They created the rules that leveled the playing field for all of us. Those rules are codified in the GPL. You apparently don't like the rules, and whine when they are enforced.
I think it is insane to treat corporations as the enemy.Red Hat isn't the enemy. MySQL isn't the enemy. Ingres isn't the enemy. Google isn't the enemy. Microsoft is an enemy, but only because they have a history of trying to screw, well, everyone (and there's no credible reason to believe that they've stopped). The "enemies" are those who persist in acting selfishly to the detriment of all of us. If anything, I'd argue that the BusyBox developers have been too lenient: Linksys routers (to my knowledge, which is a bit out of date) still aren't shipped with copies of the GPL included.
OSS developers should be working with Corporations not suing them.They are. Many work for corporations. Many are corporations.
This is the sole reason I release all my code under BSD license. I want people to use my productsThen the BSD license is a good match for your goals. Good for you. Not everyone values fame as highly as you do. People who release software under the GPL generally do so either to spread the freedoms that the GPL provides, or because they want to modify and re-distribute software that is already covered by the GPL. I see no reason to prejudice the latter group by letting Bell, SuperMicro, or anyone else get a free pass.
Being a corporation has nothing to do with it.
http://outcampaign.org/
The week the MyShare was released. I also notified the gpl-violations. They (gpl violations, I never heard back from the busybox guys) were too busy suing other companies to follow up until November of 2007 I guess :)
:P
Yes, I want a cookie
The GPL, DMCA and EULAs all have one thing in common: the use of government granted copyrights to dictate what the user can or cannot do with the software they have legally aquirred. In a just world I should be able to give a copy of the software to a friend, with or without the source code.
GPL: License to sue
Don't blame me, I didn't vote for either of them!
Some associates of mine and I are working on establishing a "Certified GPL-Free" label for hardware and software products that will allow vendors to freely sell their products without encumbrances. Our certification process is long, but very thorough, and the (12 patents pending) software we are writing is very good at heuristically detecting GPL code infections right down to the assembly level. We even had someone take some GPL code and attempt to obfuscate it, and our software tagged it as a possible GPL match, due to the fact that it knows several obfuscation methods and can recognize them. We were very happy with that result.
Right now, we have several very major hardware vendors lined up to have their devices certified. We expect the label to be visible on product packaging starting in the third quarter of 2009 in the US and one to two quarters thereafter in the EU. There will be a marketing launch on the web and in trade journals in the 4th quarter of 2008. Certification will cost approximately $25-50K, depending, and will include up to $1MIL in coverage to pay legal fees to fight a supposed GPL infection. Vendors will also be capable of self-certifying if they purchase our system for on-site use and have annual process checkups and training by our team.
We're all very excited about it. Keep an eye out for it.
This is why businesses are still so scared of the GPL - people keep trying to enforce it.
Property is theft.
The people who wrote it are always complaining about there being too many lawsuits, yet they engage in the same activity that they critisize.
The above argument is not valid because the word "they" is used twice but each use of the work does not refer to the same set of people. To be valid you would need to show that the SAME PERSON is performing both actions. To do that you would have to use a proper name. The problem here is that you are judging a large group by the actions of a small subset of the group and there can be many small subsets.
It's like saying "Americans are for both low taxes and higher government service. No not at all. for the most part it's poor Americans who hant bigger handouts and rich Americans who don't want to pay for handouts. Different sub-groups.
to the underused things under said unclean undergarments :-)
It's better to be the foot on the boot than the face on the pavement. ~~ tkx Kadin2048