Slashdot Mirror
Checking For GPL Compliance, When the Code Is Embedded
Excerpting from ComputerWorld UK, ChiefMonkeyGrinder writes with word of what sounds like a very cool tool: "Open source software is everywhere these days. In particular, Linux is being used increasingly to power embedded systems of all kinds. That's good, but it's also a challenge, because the free software used in such products may not always be compliant with all the licences it is released under, notably the GNU GPL. For companies that sell such embedded systems using open source, it can be hard even finding out what exactly is inside, let alone whether it is compliant. Enter the new Binary Analysis Tool."
I left the country.
haha..... you didn't, right?
There are bears out there!
Someday we'll hit the human carrying capacity. And the band will just play on.
There are so many types of microprocessors on the market it's almost impossible to de-assembly everything.
But I might be wrong.
Muchas Gracias, Señor Edward Snowden !
are an example of a principle that could be adopted to meet the needs of software. Perhaps there could be a little-known or obscure function put inside the kernel (with the blessing of the higher-ups) which could show 100% that it is a Linux. I.e. there should be behaviour P which only exists in "Q" software package, so P -> Q.
Of course, people would just remove this (i.e. Q not -> P), but then again if you are taking a "I don't care" attitude to software licensing, then chances are you do not care about the code and will neglect to remove the deliberate trap set.
Or you could use the law, or the WTO or something.
We're going to take on big companies with a BAT?
Yes, it's the GNU General Public License. No RASSS syndrome here.
Technical requirements
* A Fedora GNU/Linux installation
* python (2.6 or higher preferred, but not 3)
* python-magic
* GNU binutils (for readelf and strings)
* e2tools http://freshmeat.net/projects/e2tools/ (optional)
* squashfs tools (4.0 highly recommended)
* module-init-tools (for modinfo)
* gzip (for zcat)
* xz (for lzma)
* PyLucene (latest version possible)
* OpenJDK, Apache Ant and dependencies to build PyLucene
Hey don't blame me, IANAB
Agreed. The very same people that justify stealing music or movies via download sites are the first people to get up in arms about companies taking open source and not complying to GPL. Bunch of hypocrites.
Tesla was a genius. Edison however was a overrated hack who liked to torture puppies.
Do you really not understand the difference between downloading something for personal enjoyment and commercial distribution?
Also, I really would like some proof that the downloading crowd and the GPL enforcement crowd are made up of the same people.
GNU is Not Unix General Public License
I fail to see the redundancy here.
Ridiculous argument. How can you generalize that the developers of these tools are pro-piracy too? Evidence please.
With most embedded products, what makes them interesting is the software that drives the peripherals and presents it to the user. This stuff is almost always non-GPL, and the peripherals typically require an NDA just to get the specs.
The GPL'd part is typically just stuff like the kernel, busybox and all that boring stuff. So yeah, you can eventually get a root prompt on your satellite receiver (or whatever), but after that good luck.
Are we to believe then that, unlike every single piece of virus-scanning software ever, this binary scanning utility will never encounter a false positive? What happens when it shows some product as containing OSS, but it doesn't?
And with that in mind, even if you *do* identify a product as containing OSS, how do you prove it without access to the source code? The company could simply claim it was a false positive (regardless of whether or not that happened to be true), and you would be left with the burden of proving the tool wasn't flawed.
Of course, there are also the false negatives...
I agree. Many people view open source software as a better alternative to pirated software. Also worth noting: pirating commercial software lets the business keep mindshare. Adobe doesn't pursue students who pirate Photoshop because they would rather hook kids on photoshop so they'll buy it later than see them get adapt to a cheaper (or open source) alternative and never become a customer. The same is true for Windows: Microsoft would rather see people pirate Windows than switch to Linux; at least that way they keep the mindshare.
In general, I think piracy is as much an enemy of open source software as it is commercial software. There could be people who oppose software piracy but support movie and music piracy, but I think very often people take the same stance on piracy across the board.
Isn't this a lot like a DRM designed for open source... The only real difference is what we call Normal DRM makes sure the End User is following the rules. the Open Source is making sure the Companies are following the rules. But in general Closed Source puts restrictions on the Users and the GNU puts restrictions on the Company. So it really is just an other form of DRM.
So it is Evil for a company to say illegal coping and sharing of our software that we put a lot of time, money and development into is given away for free while we still have all these expenses to pay for, and we should try to find a way to make sure we curve this behavior so we can get the money we earned.
But it Haled when a tool is made to make sure Software companies are making software that uses Open Source Software and they are not following the rules of the license.
Odly enough most companies are not as big and evil as you think... Most companies don't have teams of lawyers judging every action they do... No all software developers know the GNU and speak it every sunday at around 9:00 every morning. A lot of people think Open Source means public domain, or how much can they modify the code before it is there and they can license it any way they want...
If you want to go all out and push Open Source GNU license and make sure people are compliant with technical means then you should back off on DRM. Or if you want to push DRM then you should support not having Open Source push the issue too... Otherwise you will be in overall hyporcracy of yourself and probably just be branded as an Anti-Caplistic Nut.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
If you think that is bad, you should take a look at all the dependencies Firefox has....
Hell, if you already have a standard GNU/Linux installation, then half that list is already installed!
"linux is just DOS with a UNIX like syntax" -- Galactic Dominator (944134)
This tool is to be used voluntarily by people wishing to preform an audit of software packages they have acquired. DRM is shipped with software that you receive, and is non-voluntarily run on the consumers computer, to check for compliance.
This would be like DRM if we were writing code into open source projects that would phone home if the company tried to violate the GPL. This is not what is happening at all. (nor would it even be feasibly possible, since open source DRM is a laughable concept)
This is not ensuring compliance by technical means, this is detecting non-compliance by technical means. After it is established that non-compliance exists, the standard practice is to politely contact the company and seek to resolve the issue in a professional manner.
(this happens a lot more than you might think, generally speaking the only times you hear about non-compliant companies is when they are unwilling to resolve the issue, or when someone decides to take the opportunity to get some publicity for themselves.)
"linux is just DOS with a UNIX like syntax" -- Galactic Dominator (944134)
Yes... it does. Problem solved, move on.
see the trick is if you find GNUSort traces in Evil Incs file mangler then as the owner of GNUSort you can file a lawsuit and then get them to prove that the source is "clean".
Any person using FTFY or editing my postings agrees to a US$50.00 charge
I thought Slashdot was opposed to copyright law? The GPL is a copyright license, so why would we care about compliance with a copyright?
Why should downloading the works of others without their permission for personal enjoyment be OK?
It shouldn't. OP is just saying that commercial distribution is far worse - you're actually MAKING MONEY off of the works of others without their permission.
Curious your thoughts on WGA...
When we are going to abolish copyright? This is hypocrisy! This is using the same evil tactics that ??AA uses!
There is no "-1 offended" or "-1 you don't agree with me" mod options for a reason.
Discovered that Cisco is using GPL software and not complying with neither disclosing it nor making it available. Good an clear documentation as well.
I was not able to find anyone interested at all.
don't cut it off www.mgmbill.org
Curious why you would be curious...
"linux is just DOS with a UNIX like syntax" -- Galactic Dominator (944134)
There are multitudes of people ignoring copyright on commercial music. There are multitudes of people ignoring copyright on Microsoft Windows and Microsoft Office. It's an epic failure to say that the people using Linux and OpenOffice must be the ones illegally copying music. The MS pilferers are already breaking copyright law. Therefore, I'd suspect that most people breaking copyright law for music are the ones also doing so for their OS.
I know! You could convince the government to enforce software on everyone's computers which scans for GPL violations!
Looks like you are case in point. Prove its wrong.
Tesla was a genius. Edison however was a overrated hack who liked to torture puppies.
It's an epic failure to say that the people using Linux and OpenOffice must be the ones illegally copying music.
Thats not what I said at all. I was talking about people who dowload illegally would be the first to defend defend GPL. Are you saying that the only people who support GPL are Linux/OpenOffice users? Pretty small group if that's true.
Tesla was a genius. Edison however was a overrated hack who liked to torture puppies.
As I see it, a comparison of DRM and the GPL that basically equates the two, is pretty flawed.
The purpose of DRM is more or less, to restrict and control what users of software can do with that software.
Users of GPL software, on the other hand, are guaranteed certain rights by the GPL, such as the right to have access to the source code of the software they receive.
The tool mentioned in the article will help users to ensure that their rights under the GPL are being protected.
If a company distributes GPLed software, the users are entitled to the source code. This tool makes it easier for users to enforce their rights.
Really, it seems to me that the GPL is basically incompatible with DRM.
he never tried to lobby anyone. His motivation stems from his days at the MIT lab when he got angry over his buddies leaving lab to go pursue careers at proprietary companies.
He then created a psudeo-religion by declaring 'freedoms' instead of simply writing an open source that required derivative works to also be open.
It may seem deceptive to wrap your desires in 'freedoms' but your post is proof that it works....really well.
for a business that has an 80% piracy rate they could care less about any mindshare from pirates who take away potential sales. Companies would rather have less piracy and more sales with which they could spend on advertising. Most software companies are small and medium businesses that need every sale they can get.