Slashdot Mirror
FSF Files Suit Against Cisco For GPL Violations
Brett Smith writes "This morning the Free Software Foundation filed suit against Cisco for violations of the GPL and LGPL. There's a blog post with background about the case. The full complaint is available too." The short version, as excerpted by reader byolinux, is that "in the course of distributing various products under the Linksys brand Cisco has violated the licenses of many programs on which the FSF holds copyright, including GCC, binutils, and the GNU C Library. In doing so, Cisco has denied its users their right to share and modify the software."
I've worked at Cisco, and the general attitude among many (not all) is that they don't care about GPL violations. Linux is used as it's the fastest path to get the products out.
The reason why this will be unsettling to Cisco is because some of the products have integrated key IOS files in order to retain backwards compatibility. Which means that those files now fall under the GPL. And the only way to integrate them is to use various Linux API's. That is, key files are derived works from the GPL. From the bootstrap code on up.
But, since these files are key to IOS as well, one could take the view that IOS is now under the GPL.
One could try to maintain that those files need to be dual-licensed. However, though some hold that to be valid, I don't believe such a dual license has ever been held up in court. So that might get interesting if the FSF wanted to push it. In any case, it could be a useful bargaining chip.
In any case, those files don't have the appropriate copyrights stating how they are licensed.
The amusing part here is that this has come about mostly because of Cisco's dedication to using as much H1-B/L1 labor as possible. It's been those guys who have mostly (not entirely) done this work in order to get things done quickly. And believe me, protestations about the licensing have been ignored completely when they've been raised. Hack-it-in quickly and damn the lawyers has been the attitude.
It's very amusing to see that Cisco's use of cheap labor has come back to bite them in a way that has the potential to cost them more money than if they had done things in the right fashion originally.
I always wonder that myself.. though I am not familiar with "small" bsd distributions, I am certain they are out there..
Michael J. Ryan - tracker1.info
The problem is that a corporation is made up of people, and individual people can easily make the mistake of using the wrong code. If you hire some intern who writes something that uses gccor other GPL code, there might not be anybody who notices and realizes what's going on. I see it as very easy to get GPL'd code into a large project if you don't have the right people with the right knowledge in place to prevent it. IMHO, this may be especially true since I could see the developers of the firmware being either electrical engineers who would rather be doing the hardware or treated as an afterthought to the people who do the hardware, much like programmers treat sales. Sure, they're required for the product, but it's not like they're the important part or anything.
On the other hand, the FSF said they tried to work with Cisco and the negotiations outside of court fell through, so who knows? At the very least Cisco's guilty of not heeding the warnings after they were given. They probably aren't guilty of doing this maliciously (at least not at first), but they're definitely guilty of not rectifying their mistake.
Don't buy a linksys, but do buy one of the ones with similar hardware.
When I bought my Asus WL-500g Premium it shipped with the complete modified linux source in a folder on the CD that contained the usual windows-crapware you seem to get with every product these days (you know, the outdated copy of acrobat reader, some documentation wrapped in a shiny executable and such).
I did install OpenWRT on it, and I'm very happy with the result. I'm also happy with Asus for actually shipping the source, but I never did write them a line and told them. Maybe I should.
c++;
yeah - probably true.
Part of this was a chain reaction. Linksys was a low end router company and they adopted Linux to save money on development. As such, they had no need to cripple their routers to not compete against their high end brand, since they didn't have one. Unfortunately for Cisco, who bought them, they do have a high end brand, and releasing the source for their low end brand that people have tuned to outperform their high end routers (with overclocking and mods) is not really in their best interest (illegal, yes, in best interest, no).
Personally, I think they were gambling as long as possible that the FSF wouldn't file a suit.
Yes, it could be a misunderstanding. Especially when FSF has spent five years communicating with Cisco trying to resolve the issue peacefully. If there's a misunderstanding, the people at Cisco need to get some working brains...
This could send the wrong message. If you Use bootleg proprietary software and make a lot of money from it you will get Sued. Details of the reasons will fade just the face the proprietary software is considered to Risky for a corporate environment. You better off getting a License from GPL as you can choose to agree to the terms before hand, then going with a product which wile may be backed by a big company will have a bunch of people ready to pounce on you if you make this code successful.
The really weird thing is that the WRT54G, with Linux, cost $50 years ago. The new WRT54G, with less hardware, cost -- guess what -- $50 today! Or, alternatively, the WRT54GL costs more than $50. Isn't hardware supposed to get cheaper and better over time, rather than worse or more expensive?
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
Cisco is being REALLY REALLY stupid here and I just don't understand why.
I've done a lot of commercial software that uses LGPL and GPL code, and its not rocket science. RMS himself even says that "mere aggregation" is not a problem.
Here are the rules:
if its LGPL, link to it, but don't modify it. If you need to modify it, make the modification in the form of a generic API extension and call it from the application. Make your extensions public.
If it is GPL, make it a service and call it through a socket.
If it is a kernel module, there seems to be some wiggle room there, otherwise make a public mini-driver and a proprietary user space app.
How hard is that? Jeez, if you screw up GPL compliance, you are not paying attention.
Isn't this rather misleading, considering that if you can't get at the source, the project isn't under the BSD license? It doesn't make the BSD license less free if a derivative is not BSD-licensed, it reflects on the license of the derivative. Furthermore, the original BSD-licensed code will always be available once it's been given up to the public (barring the project dying out altogether, which can just as easily happen to a GPL project).
"16MB (fuck off, MiB fascists)" - The Mighty Buzzard
To give more context:
More than a decade ago I interned at Lucent BCS (Now Avaya), doing, among other things, cost-to-build analysis of other products for comparison to ours. i.e. "how much profit is the other guy making".
An interesting story was that Lucent business phones had this two-LED (one red one green) indicator system for each line button.
There were effectively ongoing holy wars over the UI benefits of the extra 4-8 low-brightness SMT LEDs per phone vs. the 10-20 cent cost of said LEDs on a high end business phone that sold for $200+ per unit.
It's a funny thing, but my experience with BSD in a corporate environment is that it doesn't end up as much of a success. There are some exceptions, but even in the case of OS-X, Apple seems to have completely failed to build the community they wanted at the beginning. Most other cases, starting with BSD/OS (BSD 386) and going through IPSO, Ipsilon's home grown BSD based OS, and many others you haven't heard of (AlchemyOS etc.) end up completely dead. Even Microsoft's TCP stack seems to have been rewritten with little BSD left behind.
I think the reason the BSD code dies is precisely because of it's non copyleft license. The companies mostly know that the best way to handle maintenance is to contribute back to the original developer. However, that's not a requirement of the license and so needs to be agreed to by the corporate lawyers. Separately for each contribution. The always want a justification and it just isn't worth any programmer's effort. With GPL code, the fact you have to give back makes the justification very easy to provide. That puts the corporate developers easily in touch with the "community" of other developers on that software and makes the development end up more successful. I'd love to hear other explanations for this. The main data point I have is that across a bunch of different projects I have seen, it always seems that the GPL ones have an active process for contributing back and have developers who are active and known in the original development community. On the other hand the BSD ones, even though they've included a number of former BSD developers don't seem to and those developers seem to give up on making contributions back to the original system.
I know that's CISCO, in this case is probably not really getting as much benefit from this as they could if they followed the GPL, but I think there gets to be a general perception that Linux leads to success and BSD leads to dead ends. People select software based on that perception
=~ s,(.*),<sarcasm>$1</sarcasm>,g if any_point_you_wish();
CallManager 5.x, Redhat-based
CallManager 6.x, Redhat-based
Content Engine (CE560,CE590): Redhat-based
MDS switches: Redhat-based.
NM-NAM module for routers: Redhat-based
Some 7600/Catalyst 6500 service modules: Linux-based.
Want proof?
Connect to the console for a cold boot... Redhat is explicitly mentioned.
Heck, the update patches for some of the modules are UNSIGNED RPM's.
The interesting thing is that the modules have router/switch backplane connectivity, i.e. that Linux on the module has a network interface that is attached to the router/switch, and the Router/Switch sees the module as one or more interfaces... Drivers anyone?
The NM-NAM may also use other open source code as the basis for analysis and display of collected NetFlow data...
The initial install images may contain more common file formats, (Gzip, cpio, tar) with proprietary headers prepended...
Busting images open is an excercise for some geek with time and CCO access thats entitled to updates for the products they want to investigate.
Oh, my.
Imagine, for a moment, that various $BIG_COMPANIES decide they want to be able to use code from free software in their products without a fuss, while still keeping protection for their own code.
So, what they do is approach various national governments, WIPO, etc., and have copyright protection removed from source code.
The companies then sit back with the fact that their binary code is still copyright protected, and their source code is safely hidden under "trade secret" protections . . . but the source code of free software is neither copyrighted nor secret. So the companies can take the known, non-copyrighted source code from free software, and combine it with their secret source code to make their copyrighted binary blobs . . .
I believe there is a three-year statutory limitation, so they can only persue violations that occured within the last three years.
I know full well where the tech came from, I supported the former Aironet employees for 3 years after they were bought by Cisco =) The VxWorks stuff was more stable than IOS at least for the first year or two after IOS was ported and if our AP's at work are any indication that's still true as of a few years ago (noone is using them but they still crash once in a while).
p.s.
An interesting aside, the VxWorks software was also easier to maintain since it was written in modern C++ vs old straight C for IOS. This became very clear one day when a particular large school called and said all of their AP's were rebooting randomly at fairly short intervals. It turns out they had a HUGE flat network with 28k+ visible MAC addresses. This was more than the AP's were speced for but Cisco couldn't just let a large customer's install die, so after they figured out the cause they had to come up with a solution. For the VxWorks code they simply modified the MAC table class and recompiled, a patch was available within a few hours of the trouble starting. The IOS patch was much more difficult with tons of searching through header files and later after the first patch failed searching through the entire codebase. The small minority of new AP's which were running IOS were flashed in the field to VxWorks with an unsupported dev tool because officially the 'upgrade' to IOS was one way.
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.