Slashdot Mirror
GPL Case Against Danish Satellite Provider
Rohde writes "The number of satellite and cable boxes on the Danish market using Linux has significantly increased during the last couple of years. The providers Viasat, Yousee and Stofa all provide HD receivers based on Linux, and all of them fail to provide the source code or make customers aware of the fact that the units are based on GPL licensed software. I decided it was time to fix this situation and luckily the Danish legal company BvHD has decided to take the case. We are starting with Viasat, which distributes a Samsung box including middleware and security from NDS, and you can follow the case here."
at some stage, manufacturers will realize the hidden cost of using GNU/Linux in their embedded platforms... For commodity gadgets and tools, it will not be an issue to share the internals are the hardware will be the added value. But for unique items that should not be the case and therefore some other toolkit with no ogligation to share modifications should be preferred.
And I'm making my living with GNU/Linux tools only ;-)
More often, I see my customers using GNU/Linux because it's without licenses to pay for the final product. But they do not realize theyr obligation to share... And it'is very difficult to educate them.
Does fellows /.ers have similar issue with customer?
This is why we need a "-1 WTF" option
I'm guessing sarcasm. If it's not, ignore this.
It may actually get media attention to Linux, which is always good. It's definitely not hard for them to provide source either; simply have something in the manual stating "source available at [url]". I don't see why this would be a problem for Linux, at all. If anything, it's free advertisement to communities that normally wouldn't have the first idea about its existence.
Nowhere does TFA provide information on exactly which part of the GPL code the guy is claiming copyright ownership.
You can't sue for GPL violations if you have no claim of copyright over atleast some part of the GPL licensed product.
Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
What does the community get out of the fact that YouSee, Stofa, and Viasat use Linux?
All the Danes on Slashdot probably know about Viasat's business practices, which are about as close to fraud as you can get without losing in court, so I don't need to warn anyone against signing contracts with them.
Finally! A year of moderation! Ready for 2019?
You sure are generous. This smells more like troll than do gooder. I thought the States held the award for being sue happy. kudos to you for bringing it to the old country. IMHO you are poorly representing the GPL. We want friends and converts, not enemies. Email, call, send certified mail, not lawsuits. Sueing them makes you and us look like fuckwits.
Sera
Slashdot, where armchair scientists get shouted down and armchair theologians get modded up.
If you sell somebody a box with linux on it you need to at the minimum include a statement in the user manual which more or less says "This box has some GPL licensed software installed on it. You can obtain the source-code from the following website and you are free to modify it under certain conditions. Please see the complete license for more details."
Alternatively you can include a CD with the source code, or load the source code into the box's harddrive ( provided it is readily retrievable ). Basically you just need to make the customer aware you use GPL software on the box and tell them how to obtain the source code from you. There's various ways to do that but the easiest is probably to either include the source on a CD or to upload it to your website and tell the customer they can retrieve it from there. The main problem with the latter approach is that the GPL requires you to keep the source available for some years (can't remember how many ) and thus you may find it easier to just give the user a CD with the source code since you are then not obliged to keep a server running.
They use customized Linux ([archived page with details]) and don't even bother to provide the source with each copy.
What's worse, they change copyright notices of existing programs to their employees and do not include GPL license text in their "distribution".
Is it a GPL violation? They don't distribute MSVS outside of MoD and its numerous branches (state companies) - you can't neither buy nor download the system. Is it Ok to do the aforementioned things then?
Coding etudes
``This is going to be great for the uptake of Linux, and will really encourage people to use open-source tools instead of rolling their own proprietary black box. Keep up the good work!''
Rather than ... take the hard work of many hands, without compensating them or abiding by their terms, and using that to make your proprietary black box? Because that's what these companies have done.
The fact that the black box runs open source software means nothing when you don't get your Four Freedoms.
Please correct me if I got my facts wrong.
In europe we have a lot of sat receivers built around Linux. I personally use a Dreambox. There are many variations on the distributions with different add ons and themes for interface. My favorite is the Gemini. The ecosystem is very well and alive and is centered around many forums where people exchange their experience
I wonder if this provider uses something based on the Dreambox.
The providers very often don't support using those Linux receiver because they have more options then the locked down proprietary receiver. By example my setup has a rotor so that I can pick many positions and different providers. Another cool thing is that you can stream on your local network the video and see it with VLC on any computer in your home, something that proprietary boxes never allow...
The problem is that there are several Chinese clones because if the software is GPL the hardware is not open sourced.
In cyberspace nobody knows you're a cat!
Also, their lawsuit is not going too far, unless they personally are the copyright owners of the code. Just having a violation is not enough. The copyright owner needs to sue them for it. It's not enough for someone who have heard about the work to sue them.
From http://duff.dk/viasat/ (TFA)
August 16th, 2009 - It has been brought to my attention that I do not state which part of the GPL code I am claiming copyright ownership on. I have some patches in the Linux kernel and a direct copyright notice in e.g. therm_adt746x.c. However my patches alone are not going to make a very strong case and it is my hope that big contributors to busybox and uClibc will help out making a bigger group of people who had their copyright violated. I have already contacted several people who have very clear violations of their copyright in the product, and we are looking to sue on their behalf too. But let me please be very clear about the fact that I would rather this case could be settled in a peaceful manner.
And, why, exactly, can you not modify them? Any box I've ever touched had an option to "update firmware". Granted, I haven't touched them all, but I can't imagine one without the option. If your box is using open source, people can build their own firmware - look at all the WRT firmwares available, starting with Tomato, DDWRT, OpenWRT - and there may be more.
A bright individual might roll his own, or not.
Actually - it might be to the ISP's advantage to allow this sort of thing. Some people are going to brick their boxes while tampering with them. Warranty is void, of course, if the box has been tampered with. So, the ISP gets the opportunity to sell another 20 dollar (or Euro, kroner, or whatever they use up there) box for 50 dollars.
Inform people that they have options. I'm all for that.
On the other hand, I wonder if pursuing these sort of actions might not scare vendors away from open source?
"Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
Hold a Vista installation DVD in front of it and see if it growls.
Because the device only accepts firmware with the proper digital signature? At least, that's how TiVo did it.
No existe.
So if sell someone a box with a linux distribution installed on it do I need to print out all of that distribution's source code and ship it with the computer as well?
You don't need to print it out. In fact, that would be discouraged and may not meet the requirements of being in a customary format (too lazy to go look up the specific GPL wording ATM, but electronic format would be encouraged, dead tree format discouraged as it has to be converted back to electronic format for use), today. You do, however, need to make the sources available -- and no, pointing at upstream doesn't suffice, except "in the trivial case". (Again, I'm not going to go look up the details, but the idea is that individual users can share say Ubuntu and point to Ubuntu for sources, but commercial distributors and the like must make them available themselves.)
With GPLv2 (which the Linux kernel uses), you have two choices. If you provide sources at the time of purchase, say, throwing in a CD/DVD with the sources on it, you're covered, and don't have to worry about it when you quit distributing the binaries. Similarly with a download, if you provide the binaries and an archive with the sources at the same time, you're fine. Similarly if you distribute disks at a FLOSS convention or the like. Have a stack of disks with the binaries and another with the sources (or a computer with a burner setup to burn a disk of the sources on demand, assuming there'll be less demand for that than the binaries).
Alternative two is to include a notice /with/ the software offering the sources for no more than a limited handling fee, to cover the costs of providing them (and this cost may be audited if you decide it's several hundred or thousand dollars...). *HOWEVER*, if you do this, the offer of sources must be valid for (I believe it's) three years from the time of distribution of the binaries -- thus, you must keep the exact sources necessary to build the binaries as distributed (not an updated version of those sources) available for three years BEYOND the point at which you stop distributing the binaries, so users who get the binaries the last time they were distributed have sufficient time to decide they want the sources, and (covering the user-trivial case) so they can pass on disks using you as an upstream sources provider, provided they don't have to be a provider themselves.
It is the three-year requirement in this choice that sometimes ensnares distributions that are otherwise playing by the rules, as many don't realize that if they only include the offer for sources, it must remain valid for three years after they've stopped distributing the binaries. Take a distribution that may be distributing historical versions of their LiveCD, for instance, from say 2003. As long as they are still distributing that LiveCD, AND FOR THREE YEARS AFTER, in ordered to comply with the GPLv2, they must make the sources used to compile the binaries on that CD available, as well. So if they're still offering that historical 2003 LiveCD in August 2009, they better still have the sources used to create it available thru August, 2012, or they're in violation of the GPLv2 that at least the Linux kernel shipped on that LiveCD is licensed with. It's easy enough to forget about that part and thus be in violation, when they can't provide sources for the binaries that were current way back in 2003, but that they may well still be making available "for historical interest" on that 2003 LiveCD.
One many distributions become aware of this catch, they make it policy to ensure that they make available the actual sources at the time of distribution as well as the binaries, instead of simply providing the notice that people can request them later, so they don't have to worry about that 3-year thing.
Of course, if an organization is on top of things, and sets it up so they're tarballing all the sources for a particular shipped version and indexing them by product release and/or model number (and perh
Duncan
"Every nonfree program has a lord, a master,
and if you use the program, he is your master."
R Stallman
Not exactly correct
You only need to provide source code when ASKED for it. There is no requirement in the GPL to pro-actively distribute the source code along with the binaries nor that they must be available for download on the Internet. The good old CD in the mail system is fine. You might even charge for CD and postage.
However, if you do not include source code in the distribution then you need to provide a written offer valid for at least three years to provide anyone who possesses the object code a copy of the corresponding source code.
The reason most compliant companies chose to either include the source or just put it on their corporate web page is because this is easier in the first place than to handle potentially thousands of letters asking for the source later.
In point of fact there is _nothing_ "hidden" about the cost of using GPL software in a product.
If you go the Microsoft Wince (I didn't name it 8-) route, you pay many dollars up-front, and some dollars per-unit.
You go GPL you pay nothing up front and pay full disclosure on the back end per unit.
The whole problem is the perception that this is "hidden" in the first place. When the tech people sell the GPL software to their managers they, in their naiveté, usually don't know to make a distinction between free(beer) and free(open).
Once the programmers, and indeed people like you, understand enough to present the cost/benefit analysis as it truly is, then this may stop happening.
Don't even think _hidden_, don't fool yourself or others. It's right there in the language of the GPL plain as day. Just like it's supposed to be. And thats the good thing that separates it from the BSD license which has no cost at all. That is the _whole_ reason to pick one over another as a licensor.
Hence "copyleft" instead of "public domain" etc.
Innocent people shouldn't be forced to pay for inferior software development.
--"Code Complete" Microsoft Press
If the company picked up the source code for the linux kernel, altered (extensively or not) to their liking, built an OS based on that kernel and started distributing the binaries without any hint it was linux and much less publishing the interfaces and even the source code then how exactly is it any different than "rolling their own proprietary black box" ?
Moreover, if someone picks up a copyrighted work and intentionally breaks the license agreement that made it possible for them to access that copyrighted work to begin with then that person just set him/herself for a lot of legal pain. That is true for any type of copyrighted work, including open source and any flavour of proprietary software. So no, it doesn't affect the uptake of linux, as any copyright dispute involving proprietary software affects the uptake of proprietary.
Slashdot, fix your code or at least hire someone who is competent at it to do it for you.
I don't understand why the embedded systems world hasn't embraced one of the *BSDs, to avoid this kind of thing?
Those would be reasons they don't want to comply. Not reasons they are unable to.
It seems to me that a simple solution is to make it legal to pirate (to use the vernacular) any content received with these boxes. Actually encode into law that any media transmitted to these boxes automatically enters the public domain for as long as the software's license is violated. They'd clean up really fast or lose their market.
What does the community get out of the fact that YouSee, Stofa, and Viasat use Linux?
It gets valuable proof that Linux is a serious industrial strength system, making it hard for critics to portray it as a homespun system for hobbyists. Even (especially?) if Joe public hates these firms, businessfolk will respect them.
Market share also means that component manufacturers will have an incentive to support Linux (I doubt these firms make their own chipsets).
The programmers working on these devices will get Linux experience, and put it on their CVs. "5 years Linux experience with major company" reads better (to a suit) than "hack with Linux a bit on my own time".
Perversely, even a well-spun lawsuit might help (it shows that Linux is valuable enough to be worth defending). Especially if the publicity points out how little it will cost the culprits to comply vs. how many millions they would have been liable for had they breached a license for proprietary software, and points to all the other big, ugly firms that comply without going bust (even 800lb gorillas like Apple and IBM manage not to cross the line).
Quite honestly, though, the community still gets the benefit of market share if some of the users fail to comply. Its one of those awkward questions - do you want "four freedoms" and an OS that nobody uses, or "three-and-a-half freedoms" plus a fighting chance of being a major player in a field where the competition offers "minus six freedoms"?
In a survey of 100 programmers, 111111 thought that duck-typing was a good idea.
If they do not comply, regardless of the reason, then they do not have any license to redistribute the GPLed software at all.
If they cannot comply then they will end up having to pay punitive damages to the copyright holders of the software that they illegally distributed and cease any further distribution of the software.
You cannot simply ignore the GPL because it doesn't fit with your other contractual obligations. The copyright holders were not a party to those other contracts and so the existence of them does not free the distributors of their GPL obligations.
Windows is a bonfire, Linux is the sun. Linux only looks smaller if you lack perspective.
Yes, but the progressions from Meeting->Dinner->Wait->Lawsuit seems a bit quick to jump into court.
Maybe he's just too pissed at this companies behaviour (which does seem pretty bad), but it seems to me the reasonable approach would have been to send a few letters explicitly asking for the code and seeing what -if anything - they respond with. If they don't give a satisfactory response then you think about using the courts.
Lawsuits are only good for lawyers. They should be a last resort.
... and I call bullshit on his story of "NDS investigators". What we do, we do well, and what we don't, we stay out of.
As far as technical details: no kernel changes were made; the drivers are non-GPLed, using a small GPL'ed wrapper layer. The NDS software, which on these boxes runs entirely in user-space, is linked against the LGPL'ed uClibc. Busybox is used on the STB. All of the "glue" (such as busybox, boot scripts, etc) are provided by the broadcaster, STB manufacturer, and/or chipset vendor.
The bootloader is not based on any Linux code.
Well, it seemed that he HAD tried the diplomatic route, not just once, and now the companies are 'forcing his hand' to use this last resort.
Doesn't anybody RTFCATFA (read the f***g comments about the f***g article) anymore? What is this world coming to??
WARNING: Smartphones have side effects--most of them undocumented.
Considering they first sent around inspectors to spy on him for daring to open the box ... fuck 'em. Fuck 'em hard.
http://rocknerd.co.uk
I want to distribute binaries via physical media without accompanying sources. Can I provide source code by FTP?
Version 3 of the GPL allows this; see option 6(b) for the full details. Under version 2, you're certainly free to offer source via FTP, and most users will get it from there. However, if any of them would rather get the source on physical media by mail, you are required to provide that.
Distributing the source online is only acceptable if you also (only) distribute the binary online. If you distribute the binary on a physical medium, such as a disk, tape, or set-top box, then you must provide a written offer good for three years of the source code.
I am TheRaven on Soylent News
The whole argument that kernel modules must be GPL is seriously flawed. A kernel module is just another application that the OS can run, albeit by a different API at a different security level.
There is some issue of compiling against the kernel header files (which I believe are GPL, not LGPL), but arguably, they're defining the API, not generating code, so the resulting code should still not infringe on the Linux copyright or be considered a derivative work.
You have to offer to supply the source for all GPL software, not just your changes.
Just because such a comment will get you modded up on slashdot, does not make it true.
http://www.gnu.org/licenses/gpl-faq.html
If I write a driver for Linux, and it is GPLed, all that is required of me is to release the source code for that driver.
I do NOT, i repeat NOT, have to provide an entire mirror of ftp.kernel.org, nor a mirror of the FSF code base, nor am I expected to provide the source code to your pet GPL project, if I do not distribute any of that stuff as a binary!
It is not possible to expect the developers (or in this case, distributers) to have the source for *ALL* gpl software. That is just ridiculous.
If my driver is made from scratch, I must provide its complete source, and any glue code needed to compile and use it.
If it is a modification to an existing driver, then I must provide sources of the entire end-result. aka diff files are not enough, it must be the entire code for THE DRIVER, including my changes. But that is it. Not the source to all kernels, not the source to every possible distro that driver would work on. Just my changes.
Providing a distribution is different of course. You do need a source 'snapshot' of the entire distribution. But that is it!
If I distribute a version of Ubuntu with my driver, then I must provide the source to that Ubuntu release, as well as my driver.
Again, not *ALL* GPLed source code, as you claim. Just source of what you are distributing binaries of.
...our soon-to-be BSD-using foreign satellite provider overlords.
And this is the whole point of "Trusted Computing", Microsoft's much applauded "security" suite that fortunately seems to be have shown as seriously flawed that I'm just not seeing anyone developing for it. The signature/authentication/encryption chip was built into the motherboard or the CPU: there was a very tight toolchain to have signed tools open other signed tools to access data, designed to prevent non-authorized tools from reading media but also able to protect data files.
The problem was it was also clearly designed to control bootability and hardware access, although that got little attention: if you don't have a Microsft signed key boot loader, kernel, and application set, you can't boot the box or open a hard drive. Period. And even other company's keys would reside in Microsoft's hands, since they would hold the backup copies of everyone's _private_ keys.
It was nasty, nasty, nasty stuff. and I'm glad it seems to be stillborn.
While Apple is heavily involved in several Open Source projects like WebKit, CUPS etc. they do not use Linux in any way.
They may not use the Linux kernel, but OS X includes a metric shedload of GNU and other o/s code including, for example, samba, bash and gcc, which are also critical parts of many Linux-based OSs. (and how many suits make the distinction between the kernel and what you get in a full distro?)
The point is that, while IBM seem to have renounced their wicked ways and become born again FOSS evengelists, Apple are still notoriously secretive, litigious, and protective of their IP (and maybe not particularly liked by the FOSS movement) yet even they manage to at least provide source code.
In a survey of 100 programmers, 111111 thought that duck-typing was a good idea.
Your lawyers were wrong; GPL compliance is not even slightly that hard.
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
If you can't provide the necessary source to comply with the GPL then you
don't really have the necessary source to rebuild your complete environment.
You aren't really in a good position to ensure anything with regards to QA
of your entire "product" because you can't recreate the entire user
environment.
If you are in a position properly test your product based on BSDL or GPL work
then you are in a position to pass that source along to any customer that asks.
A Pirate and a Puritan look the same on a balance sheet.