FSF Settles Suit Against Cisco

Saint Aardvark writes "The Free Software Foundation has announced that they've settled their lawsuit with Cisco (reported earlier here). In the announcement, they say that Cisco has agreed to appoint a Free Software Director for Linksys, who will report periodically to the FSF; to notify Linksys customers of their rights; and to make a monetary donation to the FSF. An accompanying blog entry explains further: 'Whenever we talk about the work we do to handle violations, we say over and over again that getting compliance with the licenses is always our top priority. The reason this is so important is not only because it provides a goal for us to reach, but also because it gives us a clear guide to choosing our tactics. This is the first time we've had to go to court over a license violation.'"

Re:This is the first time we've had to go to court

Or maybe the FSF (unlike some other IP-related litigants out there) only wants people to comply with the GPL, and will settle once the defendant agrees to do so (as opposed to extorting money out of the defendants)?

FSF should've claimed the attorney-fees-to-date it had to incur, but that's about it. If they were to push for any kind of "punitive" damages, or *AA-style ridiculous "compensation fees" that would portray them as just another trolling IP extortionist. Kudos to the FSF for going for what's right rather than what's rich.

Re:This is the first time we've had to go to court

[baomike]

Why should they? If you get what you want with out the risk of a trial
you are MUCH better off. Trials are risky,they do not always go as planned.
As for a cooperative solution , much better (and cheaper) than an advisarial one.
As for change , I hope not, they seem to be doing well.

mention this next time someone says OSS is bad

[fermion]

This is the way that software should be handled. If someone is not in compliance, work with them to get them in compliance.

Compare this to what the BSA is advocating. Essentially any disgruntled employee can put unlicensed commercial software on a computer and then report the violation to the BSA for a reward. Sure companies can put millions of dollars of safeguards to prevent harassment from inefficient employees, but why bother. Just make it a policy to only use free software, and when the BSA comes knocking, show them the policy and the minimal cost efforts that makes all other software the responsibility of the user.

This will also help long term interpretability, as OSS has minimal incentives to obstificate the data to force users to continue to pay the ransom to access said data.

I'm nervous about this

[ruin20]

Cisco releasing the source code for thousands of routers doesn't strike me as being a good thing. I mean it's one thing to develop in an open environment and being open from the start, and I agree security though obscurity is bound to fail but as someone running Linksys routers on my network, I would expect there to be some stepped process, as I don't trust Cisco was totally competent in their development. Imagine if windows source was suddenly made available to the masses, the time it would take to identify, patch, and distribute a fix vs the time it takes to just identify and exploit is a significant window of vulnerability. Security through obscurity doesn't work because it assumes no one will ever find out and people will. But dissemination of that information takes time. Discovery of defect takes time. Opening the source of a previously closed product greatly reduces that time and therefore intensifies the threat. Overall this will lead for a much stronger product but I fear what is going to happen in the first few weeks.

Re:I'm nervous about this

[Ilgaz]

Cisco decided to release their sources right when they used GNU licensed code. If there is a security risk because of being open, it will be their fault and not RMS :)

I think it won't be a bad thing, you will see amazing amount of obvious flaws will be fixed in months as result of it. Especially home devices will benefit. Don't worry, MS thought home users (with unfortunate reasons) that they should update their software for security, performance. All Cisco/Linksys product I have is a dumb gigabit switch but I am sure the smart stuff already has easy update functionality.

Re:I'm nervous about this

[vertinox]

Cisco releasing the source code for thousands of routers doesn't strike me as being a good thing.

Huh? What part of GPL did Cisco not understand? If they did not want to release their source code, then they should not have used used other's GPL code in their products.

They could have either:

A. Used something under BSD license and kept the code closed

or

B. Wrote their own.

The fact they used someone else's GPL code in their products means they used someone eles's work.

If you are so worried about it, then take your beef up with Cisco for lack of A and B. Not the GPL or FSF. They knew what they were doing.

Re:I'm nervous about this

[dopodot]

They're only releasing source code related to the Linksys products, which were in violation. Cisco acquired Linksys a few years ago -- Linksys still operates mostly as their own company. Cisco proper already has people responsible for ensuring source license compliance and they seem to have done a good job. I don't think there's any GPL code in IOS, which is what it sounds like you're worried about. There's lots of BSD-style code though.

Re:I'm nervous about this

[Fred+Ferrigno]

Linksys always intended to release the code. By and large, they already have. If you follow all the way to the original complaint, it's all about modified GNU tools, not any core router components that Linksys might want to keep secret. Also, they usually would release the source, only they made a lot of mistakes in the process. They'd release the source late, release the wrong version of the source, or forget to include all the necessary tools to build the source, etc.

Even though in most cases Linksys did eventually come into compliance with the GPL, the FSF got tired of having to hold Linksys' feet to the fire. Now the idea is that Linksys will have an internal watchdog instead who will ensure that releases are compliant with the GPL the first time around.

Re:This is the first time we've had to go to court

[Presto+Vivace]

A lawyer friend of mine once said that once you go to court anything can happen.

Re:Fear

You mean this MIT license? The one which says "do whatever you like, just don't sue and provide this notice"? The old Apache license is similar, and 2.0 even includes patent provisions.

Looks like the FUD already worked on you. Not all licenses are the same, nor are all OSS licenses viral.

Re:Shakedown

[lwsimon]

I'm not real big on the GPL, but this is hardly a shakedown. More like repeatedly begging them to abide by the terms they agreed to, taking them to court, then settling before going to trial where more $$ could have be obtained from them.

FSF wanted Cisco to follow the agreement, not to suck money from the company.

Re:Fear

[MrEricSir]

Buying a license doesn't buy you legal safety. Look at Apple's license agreements for developers and tell me how "safe" you feel legally developing code for their platforms.

Re:Fear

[tomhath]

The only time a company I worked for ran into licensing issues was with a proprietary runtime executable. We had a "freely redistributable" license under 7.0 for the runtime. We upgraded to 8.0, which had a runtime with the same name, but we didn't read the fine print in the new license until later when we were told by the vendor that we owed them a five-figure royalty fee for redistributing the 8.0 version.

Re:Fear

[EmperorOfCanada]

That is what I mean. Some licenses are great and some suck. But some software seems to have a great license but links to software that has a crappy one. Thus you may have just blessed your own product with the crappiest of the bunch. If you link to 100 MIT licensed libraries and 1 of those also links to a GPL licensed product, then you are screwed. Now that QT has gone LGPL I am a happy camper but that happiness goes away if I statically link to QT.

Re:Fear

[david_thornley]

First, find a new lawyer (assuming you're not just trolling).

Second, if your organization is allowing developers to throw in libraries from all over, without checking licenses, you've got some pretty big problems, and you're probably better off if they're using OSI-approved licenses (which at least allow commercial use). That still doesn't mean that the libraries are appropriate or of good quality, which is why I'd be a bit slower to worry about the legal issues.

Third, if you think commercial licenses are easier to work with, you need to read a few. It's very, very common to have little exclusions and conditions in them. There aren't all that many OSI-approved licenses, and you can come up with a list of approved ones for certain projects fairly easily. Besides, the commercial places employ nastier lawyers.

Fourth, there is no risk of having to publish source code, even if you've wrongly linked it with GPLed code and distributed it. That isn't a legal remedy, and no court will order you to do it.

!donation

[nsayer]

Cisco has agreed to [...] make a monetary donation to the FSF.

Um, that's not a donation.

Donations are gifts. Gifts are given freely, not as a penalty for wrongdoing or in return for dropping a cause of action.

Freedom

[spun]

GNU is about freedom. Let's say I wanted to punch you in the face. I have the freedom to do so, unless you have the power to stop me. But trying to stop me is taking away my freedom to swing my fist, under your definition of freedom. Under my definition of freedom, your right not to get hit in the face outweighs my freedom to swing my fist wherever I like.

The GPL and the FSF help protect developers and end users from getting punched in the face by companies like Cisco. The GPL and the FSF help protect freedom, unless you define freedom as 'I get to do whatever the hell I want and screw the rest of you.'

Re:Freedom

[InMSWeAntitrust]

It seems BadAnalogyGuy has a second account.

I kid, I kid.

Re:FSFAA!

[Volante3192]

So, by that logic, music given away as a promotion can be freely copied because it was obtained at zero cost to the recipient?

Re:This is the first time we've had to go to court

[cenc]

My father, an attorney for many years had variation on that.

A good lawyer goes to court and gets their client off. A great lawyer makes sure the client never goes to court in the first place.

It's a license, not a contract

[bzzfzz]

The GPL is a license, not a contract. Failure to comply with the GPL cannot result in having to give out source code that you wrote. On the other hand, it may result in a suit for infringement. In contrast, most commercial products are covered by contractual agreements that don't have that safety valve.

Licenses for closed-source commercial products are no better, just different. There are all kinds of restrictions on what and how you can distribute from the Microsoft Visual Studio tools. There are termination clauses in the contract. And despite all the M$ bashing, that contract is relatively liberal and lightly enforced compared to most commercial software tools, particularly those for phones and embedded devices.

I used to work for a Fortune 100 company that allowed us to use GPL code with less red tape than certain commercial products. The difference? The commercial products had an enforceable indemnification provision that could have cost millions of dollars had things gone badly.

Re:This is the first time we've had to go to court

[jbdigriz]

This is a win for Cisco as well. They get plenty of good karma, and put non-compliant competition at a disavantage. All for little or no real cost.

The Linksys routers in question command a premium, even on the used market, precisely because of the GPL and hackability.

Win-win, all around. Any more, Cisco and the FSF would have to get a room. Kudos on a job well done.

RTFA

[spun]

This is a tax deductible donation to a 501(c)3 charitable foundation, agreed to as part of a out of court settlement. It was freely given, Cisco could have gone to trial instead.

Re:Consider this

[Presto+Vivace]

GNU thing started because a large corporation refused to give specs of a printer. I know.

Re:This is the first time we've had to go to court

[SL+Baur]

Or maybe the FSF (unlike some other IP-related litigants out there) only wants people to comply with the GPL, and will settle once the defendant agrees to do so (as opposed to extorting money out of the defendants)?

I am pleased that this got settled quickly and in a manner that supports the GPL.

Kudos to the FSF for going for what's right rather than what's rich.

Ditto. Credit where credit is due.

And kudos to Cisco for supporting the GPL in the end, even if a few hard-headed managers had to get larted.

Disclaimer: I am a supporter of the GPL, but I am not a friend of the FSF and although I am a Cisco employee, I do not write for Cisco.

Re:Yeah, thank god Windows is closed source. I

[ruin20]

You misunderstand. Just because you release the code, it doesn't magically become as secure because it's "open source". Open Source is secure because it goes through a process. A process this code didn't see. That process allows for corrections when errors are made. This process takes time. And what I said in my original post is that there is going to be a window between when we, the community, improve the quality of product up to other open source standards, and when the source code is released, during which time there is an elevated threat.

Nearly all software products have vulnerabilities. With open source products, those vulnerabilities get fixed faster, making them more secure. They get developed in ways that are security conscience because the community is watching. With closed source vulnerabilities get discovered slower, but get fixed slower so there's no gain. Additionally, they don't go through the same focus and scrutiny during development, so they tend to have more vulnerabilities at release. Taking something that was developed in secret, widely implemented and then divulging the source doesn't get you any of the benefits of either. Vulnerabilities and exploits are near instantly apparent and discovered, and you don't have the benefit of open development.

If just having the source open to everyone is more secure, then don't ever bother to update firefox or whatever browser your running ever again. Keep doing your banking online with it. Knowing something has security holes is one thing. Telling the world what those security holes are is another thing, especially since there's not development process ready to respond to the vulnerabilities yet. This is like taking a browser that hasn't been patched for two years and pushing it to every third computer in the US. There's going to be a race to patch the system to make it secure and exploit the vulnerabilities and I'm not sure that's something I like.

Re:Shakedown

[SL+Baur]

FSF wanted Cisco to follow the agreement, not to suck money from the company.

That seems clear. The big winner here is the GPL.

That is a good thing.

Re:This is the first time we've had to go to court

[OrangeTide]

I think everyone settles because the license is pretty clear. You don't like the license, then you don't ship the software.
Most companies are willing to made a deal because it's still cheaper than paying commercial royalties the old fashion way. If you can suffer the GNU viral license, you can also have a very quick time to market compared to writing everything from scratch. It's pretty obvious that many companies are willing to make sacrifices to get the benefits. Having worked at Cisco, in groups that use Linux, we understood the sacrifices before we started, but it was never that easy to transmit that information up the chain of command in a way that would result in appropriate action being taken.

Many times it is just incompetence with key decision makers that results in GPL (and other) license violations. And every corporations I've worked for in the valley has a fair amount of incompetence and ignorance in the key decision making positions.

If you act now

[huckamania]

You get a Free Software Director.

Disclaimer: Free Software Director is not 'free', nor 'software'.

Re:If you act now

[Amazing+Quantum+Man]

With purchase of a second Software Director. *

* Free Software Director must be of equal or lesser value than the purchased Software Director. Limited to supplies on hand. Offer void where prohibited.

Surprised this wasn't mentioned

[biggerboy]

John Chambers is now required to grow a neckbeard.

Re:FSFAA!

[inode_buddha]

You may wish to start studying copyright law. The GPL was the only license that Cisco had to the software, hence they have to abide by it. In other words, its the principle of the thing that matters, not the money. Meanwhile, you may wish to consider joining these guys.

Re:But THAT is what freedom is.

[drinkypoo]

Free Software is about the software remaining free. It is actually a more descriptive term than saying "free software" when you mean you don't have to pay. The end result is more freedom for the user, if not the programmer. The user is more important.

Re:This is the first time we've had to go to court

[drinkypoo]

Amen to that. I have two WRT54G routers, both with DD-WRT24sp1. I just upgraded the one I'm using from v24; the other is a version 5 unit which can only run micro, but that's what's on it. Comb your local flea markets :)

FSF shows us how to handle infringement

[jbn-o]

Whenever we talk about the work we do to handle violations, we say over and over again that getting compliance with the licenses is always our top priority.

This cannot be said enough, particularly amongst a crowd that discusses the latest goings-on with the corporate media lobbyists they (justifiably) hate: Unlike the major corporate media copyright holders, the FSF sues and gets license compliance which is what they're really after. You'll notice that the FSF isn't seeking to bankrupt Cisco (even while recognizing that corporations aren't people). This is a far cry from what the MPAA, RIAA, and other corporate copyright holders pursue with the public—economic domination.

And, as I've said before, violating the GPL is not like violating other licenses and here's another way in which that is the case: GPLv3 has language which makes the situation better for violators who correct their behavior. As the plain language guide to the GPL explains, under GPLv2 a violator had to beg the copyright holder to have their rights under the GPL restored because those rights vanished instantly and permanently upon license violation. Under GPLv3 section 8 violators catch a break: "if you violate the license, you'll get your rights back once you stop the violation, unless a copyright holder contacts you within 60 days. After you receive such a notice, you can have your rights fully restored if you're a first-time violator and correct the violation within 30 days.". Other free software licenses have no similarly forgiving language; it appears that under the new BSD license if one violates any of the 3 conditions listed in the license one loses permission to "[redistribute] and use [the covered program] in source and binary forms" because the violator reverts to the default state of copyright: no permission to copy, share, or modify.

Re:FSF shows us how to handle infringement

[laughingcoyote]

Other free software licenses have no similarly forgiving language

That's because other (read: legitimate) free software licenses generally don't need them.

I'm tired of hearing people claim that the FSF is anything other than a disease, to be honest. Maybe back when they were still actually developing or maintaining software, you might have been able to claim that they were doing something useful; but these days they don't really do anything other than rabble rouse and occasionally legally harass people.

I know, I know...you're going to say that the only reason why the FSF goes after people in court is because they violate the GPL. If the GPL wasn't blatantly anticommercial, however, it wouldn't be an issue; if Cisco had simply used something BSD licensed, they could have done what they liked and the court case never would have happened.

Of course, we know the reason why people who have no intention of complying with the GPL use it; it's because they want to curry favour with the freaks who've drunk sufficient amounts of Stallman's Kool Aid that they actually think it's a genuinely worthwhile license.

The GPL 2 I can tolerate, but the GPL 3, no. The license aside, however, one thing that has always been true is that the FSF are a textbook destructive cult, and Stallman himself is the proverbial aspirant cult leader; he's the computing world's answer to Lefayette Ronald Hubbard.

Development of the GNU project has been primarily handed over to Red Hat at this point, and as I've already said, I consider the GPL 3 a bad and overly restrictive license, even if v2 wasn't. Given those two points, the FSF have been reduced to not much more than a group of low budget terrorists, and the organisation should thus be abolished at this point. If it has ceased maintaining software or generating real code, it has outlived its' usefulness.

Little bitter?

The canard that the GPL is "anticommercial" is silly, but it's repeated often enough it's worth dismantling.

The GPL is not in any way anticommercial. It explicitly permits commercial use. When I license my code under the GPL, I'm accepting that someone can take that code and make billions from it, and they will not owe me a nickel. I'm not presenting that as a negative, mind you. When one licenses under any free license, that is one of the freedoms one is granting to everyone in the world.

Many proprietary licenses, on the other hand, are "blatantly anticommercial", in that they contain restrictions or additional payment/royalty requirements for commercial use, or ban various types of commercial use entirely. Try making an improved version of the Windows kernel and offering it for sale. You will very quickly see "blatantly anticommercial", and I would venture a guess that this would come in the form of "legally harass[ing]" that would be quite swift and more than occasional. It will happen every time.

What the GPL does require is quite simple. If you're going to take my code, improve it, and profit from it, you're required to share those improvements, just as I did for you in the first place. And even that's only true if you redistribute. If you improve my code and use it for your own in-house purposes, but do not distribute it, you don't even have to follow that requirement. It's only when you start distributing that code that the requirement to share the source kicks in.

There are anticommercial licenses out there, including effectively all proprietary licenses and many others. One Creative Commons license (CC-NC) is quite explicitly anticommercial. That's its very name, "noncommercial"! That does not of course mean commercial use is impossible, as anyone who wants to use material licensed under such a license is free to contact the copyright holder and work out terms for it to be licensed to them for commercial distribution. This license serves those who are willing to say "I will let you redistribute and modify this if not for a profit, but if you intend to ma

Re:But THAT is what freedom is.

[Magic5Ball]

In the last 10,000 years, science and engineering have done pretty well for enhancing themselves and have let anyone else do the same by not encumbering their algorithms in legal protections. Even with modern patents, the maximum duration of exclusivity over an algorithm is less than 20 years, after which anyone can muck around as they please for fun and profit.

Algorithms such as cola recipes do not need to be protected in the first place (our society demonstrates this by the fact that anyone can implement and sell a liquid with the same formula as the one that Coke sells, they just can't call it Coke for very good consumer protection and trademark reasons). However, it's a very good thing to be able to protect exclusivity over specific implementations since there are valuable social and monetary assets tied to particular meatspace implementations of algorithms, just as there should be the ability to protect exclusivity over particular non-meatspace implementations of algorithms. When I purchase a DVD labeled Apple OS X 10.5, I do not want something containing a QNX installer.

But that's not the kind of protection GPL adds for the producer or consumer. GPL for software tries to prevent particular implementations of algorithms (products) from being used in unauthorized ways, and does not claim to protect any particular algorithms (otherwise it would have the same conceptual failings as business process patents). So clearly, GPL is not intended to protect algorithms, but possibly to protect particular implementations or rights of their implementers.

GPL's restrictions on how an implementation may be redistributed (must include a link/copy of the GPL and distribute code if redistributing) would be analogous to Coke prohibiting the redistribution of remixed products such as cola-battered chocolate crumbles unless each cola-battered chocolate crumbles comes with a copy of the recipe, no matter how the redistributor of the instance of Coke used came to acquire that instance of the Coke, even if the chocolate crumbles are not advertised as being a Coke-containing product. If the waste products from the production of cola-battered chocolate crumbles ends up being sold in commercial compost, a copy of the recipe for the compost would then have to accompany each bag of compost, even if the compost is not advertised as being a Coke-containing product. Ad nauseum. In this simple instance, GPL would add nothing to actively protect a particular implementation or its implementer, so the kinds of things it protects are not analogous to tangible goods, nor are the freedoms it enhances related to those tangible goods.

So what does it protect and what freedoms does it enhance? Copyrights perhaps? If we consider software to be like books or artwork, where each licensed copy is protected, a number of issues arise:
1) If copyright terms remain related to the life of the creator, at what point should a particular version of GPL-licensed software fall into the public domain? If GPL requires tracking the providence of each contributor to a work to determine length of copyright before I can use a work which falls into the public domain, GPL-licensed code has the effect of being more difficult to re-use than code protected under copyright alone, or code in the public domain.
2) If GPL claims to be an enhanced copyright protection, the doctrine of first sale says I can buy a copy of a book, make a derivative work by pasting/cutting from it, and then resell that copy without restriction as long as I'm not representing the altered work as an original. Does GPL permit me to obtain one copy of GPL-licensed source code, modify it, and then install that instance to a router to be distributed without a copy of the modified source code? If not, GPL has the effect of being less free than code protected by copyright alone, or code in the public domain.
3) If GPL claims to be an enhanced product labeling or consumer protection, it does no better than existing consumer protection legislation in terms of disclo

Cisco has some long-term work to do.

[jbn-o]

And kudos to Cisco for supporting the GPL in the end, even if a few hard-headed managers had to get larted.

I wouldn't be so quick to hand out these kudos; the non-compliance can return. This, I suspect, is why Cisco needs a Free Software Director who regularly reports back to the FSF. As the FSF's Compliance Engineer Brett Smith pointed out in 2008, "Despite our best efforts, Cisco seems unwilling to take the steps that are necessary to come into compliance and stay in compliance." (emphasis mine). Smith wrote that 5 years after the FSF learned that Cisco was not complying with the GPL and the FSF had been getting nowhere with its attempt to silently get Cisco to comply—what Smith called "a five-years-running game of Whack-a-Mole". Cisco and the FSF recently arrived at their agreement. It will take years to convince the public that Cisco is compliant and will remain compliant with those that treat Cisco so nicely as to share their work in whole with Cisco. "The end" you refer to is nowhere near here. Good will to correct wrongdoing on this scale takes time to sow.