Slashdot Mirror
Bell, SuperMicro Sued Over GPL
Markus Toth writes "The Software Freedom Law Center (SFLC) has filed two more copyright infringement lawsuits on behalf of the developers of the Linux-based BusyBox utility suite. The suits allege that Bell Microproducts and SuperMicro Computer each violated redistribution stipulations of the GNU General Public License (GPL).The Bell Microproducts suit pertains to the Hammer MyShare NAS (network-attached storage) appliance, which is sold by Bell's Hammer Storage division. I was the one who alerted the busybox developers about the GPL violation after providing a script for disassembling the firmware and instructions about mounting the contained initrd. As you see in my first post at the gpl-violations.org mailing lists where I posted all mails that I sent to and received from Hammer Storage, they refused to provide me the GPL sources several times. Looks like they will have to provide them soon; I will post any updates in the nas-central blog."
I assume someone had to go and evaluate the software for inclusion in the product. Is is that hard to whack a tarball onto a server and give out the link.
We hear so many of these large companies have problems with this. Why?
My little Linux and tech blog
For those that use this as a reason to NOT use the GPL...
What would have happened if they instead used a copy of WinNT4.0 without paying Microsoft? Microsoft would want blood, and would extract it via the BSA.
The creators of Busybox just want you to host the changes you've done to it. They wanted no money.
In other words: What would $proprietary_software_manufacturer do?
Good work, Mr. Toth.
The simple truth is that interstellar distances will not fit into the human imagination
- Douglas Adams
It's cheaper to use the "available" code when the executives in charge of the project cannot be bothered to familiarize themselves with the project AND stand to make a bonus the sooner it ships.
Are the files at the bottom of
http://www.hammer-storage.com/support/software_updates.asp
not the right stuff?
Is this really such a big thing? Surely they only have to mirror the sources from their original location unless they've made modifications?
Shouldn't time an effort be spent on finding the guys who modify the sources, and make a profit, rather than those who merely fail to mirror and honour the distribution agreement because they're lazy?
This reminds me of the Debian upstream/downstream problem that rears it's head up now and again: if the sources are freely available, does every man and his dog have to distribute the unmodified version if they merely make use of it downstream?!
Matt
I've never seen busybox on any of it and I generally buy a dozen or so servers per year (mostly from serversdirect.com).
If they're taking the piss I'll look out for an alternative for future purchases.
Nullius in verba
Can anyone shed any light on why companies repeatedly do this with Busybox?
I can sort of understand their motivation (if not their ethics/commercial sense!) if they've got a highly modified Lunix kernel where they've made extensive changes to the networking stack to enable their "unique" feature or similar, but why with Busybox? Surely the path of least resistance is just to make the tar ball available (or realise, you've stuffed up, and start making the offer and send any that ask the tarball to play catch-up). Are any of these guys really making proprietary improvements with amazing IP involved to Busybox? It seems an unlikely place to do it..
Maybe they've ported it to the latest tiniest CPU, but they still get a time to market advantage their (particularly versus producing Busybox like functionality from scratch!), but even that seems unlikely to be worth fighting hard when you'll quickly realise you'll lose.
Why go to the hassle?
I suspect that this probably boils down to default policies and a lack of understanding of the GPL more than anything, sadly. By default most companies would have a "We don't make available ANY of our IP unnecessarily" and that hasn't yet gelled with the GPL. No one wants to stand up and make the call that compiling Busybox didn't involved much of the companies IP, and releasing the source is an obligation.. The people involved with the IP aren't the same people that make the 'legal' calls and so companies come across with these silly positions..
--Q
The myshare source files are made available under various open source code licenses, including the GNU General Public License (GPL). Please review the license terms included with each download for the rights, obligations and restrictions associated with the open source file.
Installation instructions
title / description download posted release notes
Myshare Home v.1 GPL Source Code
47.6 MB 06/11/08
Myshare Home v.2 GPL Source Code
158.1 06/11/08
Myshare Office v.2 GPL Source Code
220.8 MB 06/11/08 Looks like they just got them up last week (apparently 5 months after the GPL-Violations post).
-Rick
"Most people in the U.S. wouldn't know they live in a tyrannical state if it walked up and grabbed their junk." - MyFirs
I didn't realize that the GPL allowed you to deny source code to someone on the basis of poor grammar or the use of a pseudonym. Oh wait...
Rule of Slashdot #0: You and people like you are not representative of the larger population. - A.C.
Besides which, the complaints about lawsuits typically have less to do with quantity and more to do with quality. Otherwise the discussion threads would be much shorter.
Fear that your competition will download it and leap-frog all "your" development "efforts" by using "your" code in their device.
I'm serious. If they UNDERSTOOD the process, they would ANNOUNCE that it was GPL'd and that anyone who wanted to could modify it or add features, etc.
Just like LinkSys found with their wireless routers.
No, you're not being pedantic, you're being wrong. To quote from the GPL v2, section 3b (which covers distribution of source for binaries which were distributed without accompanying source), the vendor must:
Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange;
Notice that the offer does not say the vendor must give only people who bought their product the source code. It says they must give any third party the code. Now, under section 3a the vendor only has to give the code to people who receive the product, but 3a pertains to the vendor distributing the source code with the product itself. If they don't include the source code with the binaries, 3a doesn't apply. And since it's not a non-commercial distribution, 3c doesn't apply either.
1. They know they're violating the GPL and just want him to get lost
2. They don't know what the GPL is, that they're using GPL'd products, that they don't read the GPL right, they don't understand who he is, why it's any of his business, why he thinks he's got any right to their products source code and so on.
In the latter case, good communication skills that presents your case in a serious, professional and understandable manner that makes them realize their error or at least begins a closer investigation of the issue may be an advantage. Besides, it looks to me like his legal skills are severely lacking: As you see in my first post at the gpl-violations.org mailing lists where I posted all mails that I sent to and received from Hammer Storage, they refused to provide me the GPL sources several times. Looks like they will have to provide them soon No, they do not. They can withdraw the product, pay any fines but they will never have to provide any source unless they want to. Personally I wish they'd take a more RIAA-ish approach, have each author sue for 150,000$ each. That should stop GPL violations really really quick.
Live today, because you never know what tomorrow brings
It's section 37, right below the part about defacing pictures of the poor, innocent GNU in its natural habitat.
I don't know if I would say it's reasonable, only that it is realistic. And I wouldn't say it's okay so long as they don't get called out on it. I would say that it is okay to prioritize risk management though.
A single kid making noise? The settlement cost would be less that the bandwidth bill for 6 months, and that is based on a really low likelihood of the kid getting out of his basement and pressing the issue.
A copyright holder with out an attorney? Not the biggest threat on the plate, but definitely something that is on the radar. Might be worth it to have a contingency plan in place so that if this treat grows the organization can deal with it quickly and effectively. No sense in blowing resources unnecessarily though.
A certified letter from an attorney demanding we correct our licensing deficiencies? Time to spin up that contingency plan!
A summons? Those files better be on the website before I have to explain to the CEO why we are being sued!
Again, just to make sure no one is going to confuse me for a GPL abusing bastard, in that case I would have ensured the GPL code was available on the website and have avoided the situation all together. I'm not saying this stuff is right, only that it is realistic, and that you will get a LOT further in the business world by writing respectfully than writing in SMS shorthand.
-Rick
"Most people in the U.S. wouldn't know they live in a tyrannical state if it walked up and grabbed their junk." - MyFirs
The GPL only restricts your freedom in a way similar to laws that prohibit slavery are restricting your freedom to take slaves. The GPL only takes away your freedom to take away the freedom of your users and the original authors of your code.
Dear Sir,
it came to my attention that your product XXX, which I purchased through YYY, uses software based on a licensed component ZZZ. The license (GPL) grants me, the user, the right to obtain a copy of the source, and places a specific legal burden onto your company to provide such a copy to users of your product for free, or for a nominal fee to cover copying and mailing. Please refer to ${URL} for specific terms.
As a user of your product, having been granted the right to obtain the source code, I wish to exercise this right. Would you be so kind to inform me how I can download, or otherwise access, the source code in question?
Thanks in advance,
${name}
${address}
${telephone}
Most tech support people will forward such an email to their manager, and the manager will send it to legal, where it will be reviewed, and a company lawyer will not dare to ignore an official, lawful request that is traceable, because they know that willful infringement is worse than ignorance, and now they know.
GNU more Mr. Nice Guy...
*Pulls on asbestos undies*
Chas - The one, the only.
THANK GOD!!!
"Hello, this is mindbender. Yes, mindbender. Send your code to me, to mindbender. I don't care if you are a mere outsourced csr, for I will post messages about you and write about you on the internet if you do not do what I, mindbender, wish. Yes, I could have contacted your corporate office and asked for your legal representation but instead I chose to explain GPL to someone whose database of responses is limited to the simplest queries. Do not fail to heed mindbender's threats, randomly chosen tech support person, for we want what we want and we want it now."
Signed,
gnu/mindbender
Argument A would get tossed out immediately based on copyright law. The law is very clear: code is copyrighted by it's author by default, and never enters the public domain except by the copyright term expiring or by an explicit written statement from the author committing the work to the public domain.
Argument B would get tossed out as a matter of law. A party who has standing to sue can contract with someone to represent them in the suit. That's what's happened here, the BusyBox authors have assigned SFLC as their legal representative when dealing with copyright-infringement matters. If you think the court's going to tell the BB authors that they can't have an attorney handle their case for them, I'm afraid you'll be in for a suprise.
The problem is that the law is settled. That's why companies are so quick to comply and settle fast in GPL-violation cases once they realize that the copyright holder really is prepared to take them to court.
Those who would give up liberty to obtain working drivers, deserve neither liberty nor working drivers.
Or, I can develop my own software, and maintain my competitive advantage over my competitor.
Anyone who produces products has to decide what is more valuable - being able to use free software from the community, or being able to keep your software secret. If all you are going to add to the software is something that anyone else could create without much effort (i.e., software is not your key differentiator) then open source is the way to go.
But if you're going to make a massive improvement to whatever software you might take, something that is going to cost you a lot of money to develop (and would thus cost a competitor lots of money to develop), it makes the most sense to keep it to yourself.
Put more simply, a product that is 90% open source software from the community and 10% improvement is probably best released as open software - you get 90% for the cost of 10%. But a product that would be 10% software from the community and 90% software you develop yourself, it makes more sense to also redo the 10%. Trading away 90% for 10% would just be a bad business decision.
paintball
Oh really? How? The terms of the GPL are very clear, and people keep getting sued because they persist making up their own rules instead of following the actual rules. The GPL is only effective because the risk of lawsuits is real.
Many companies are adopting OSS as a means of rolling out custom products faster. It is easier to use something that already exists rather than rebuilding it themselves. What invariably happens is that along the way, is that some engineer decides to make a modification to a package in order to make it fit their unique needs (usually without authorization from the legal dept). Next thing you know you have a product that is heavily dependent on some customized OSS package that was never supposed to be used in such a capacity. Now the company is forced to turn over software that they invested in and are exposed to risk of litigation because of a breakdown in the dev process.Oh, cry me a river! If your company can't get its act together, then it's best for everyone that your company's competitors---who actually do follow the rules---eat your lunch.
Now I am not saying that companies should be able to rape OSS projects for free development workIn effect, that's exactly what you are saying.
but there has to be a balance.Why? Between what extremes? What would be the impact?
I think the FSF and the Gnu people should work out some sort of process where corporate customizations can be evaluated for context and value of the original package. And maybe have a source review process where the OSS developer can review what was added without exposing trade secrets of the corporations trying to use the OSS.What? Who would do the evaluation? How do you judge "value"? Who is going to bear the cost of this process? Why are trade secrets being intermingled with GPL-covered code? What's would the BusyBox gain by doing this? What would society gain?
The FSF and the GNU people have worked a lot of things out. They created the rules that leveled the playing field for all of us. Those rules are codified in the GPL. You apparently don't like the rules, and whine when they are enforced.
I think it is insane to treat corporations as the enemy.Red Hat isn't the enemy. MySQL isn't the enemy. Ingres isn't the enemy. Google isn't the enemy. Microsoft is an enemy, but only because they have a history of trying to screw, well, everyone (and there's no credible reason to believe that they've stopped). The "enemies" are those who persist in acting selfishly to the detriment of all of us. If anything, I'd argue that the BusyBox developers have been too lenient: Linksys routers (to my knowledge, which is a bit out of date) still aren't shipped with copies of the GPL included.
OSS developers should be working with Corporations not suing them.They are. Many work for corporations. Many are corporations.
This is the sole reason I release all my code under BSD license. I want people to use my productsThen the BSD license is a good match for your goals. Good for you. Not everyone values fame as highly as you do. People who release software under the GPL generally do so either to spread the freedoms that the GPL provides, or because they want to modify and re-distribute software that is already covered by the GPL. I see no reason to prejudice the latter group by letting Bell, SuperMicro, or anyone else get a free pass.
Being a corporation has nothing to do with it.
http://outcampaign.org/