Slashdot Mirror

← Back to Stories (view on slashdot.org)

Checking For GPL Compliance, When the Code Is Embedded

Posted by timothy on from the thank-you-bruce-perens-for-busybox dept.

Excerpting from ComputerWorld UK, ChiefMonkeyGrinder writes with word of what sounds like a very cool tool: "Open source software is everywhere these days. In particular, Linux is being used increasingly to power embedded systems of all kinds. That's good, but it's also a challenge, because the free software used in such products may not always be compliant with all the licences it is released under, notably the GNU GPL. For companies that sell such embedded systems using open source, it can be hard even finding out what exactly is inside, let alone whether it is compliant. Enter the new Binary Analysis Tool."

11 of 75 comments (clear)

  1. Re:Frist post by Dayofswords · · Score: 2, Informative

    haha..... you didn't, right?

    There are bears out there!

    --
    Someday we'll hit the human carrying capacity. And the band will just play on.
  2. So.. by qreeves · · Score: 5, Funny

    We're going to take on big companies with a BAT?

  3. Way to go .. by roguegramma · · Score: 2, Informative

    Technical requirements

            * A Fedora GNU/Linux installation
            * python (2.6 or higher preferred, but not 3)
            * python-magic
            * GNU binutils (for readelf and strings)
            * e2tools http://freshmeat.net/projects/e2tools/ (optional)
            * squashfs tools (4.0 highly recommended)
            * module-init-tools (for modinfo)
            * gzip (for zcat)
            * xz (for lzma)
            * PyLucene (latest version possible)
            * OpenJDK, Apache Ant and dependencies to build PyLucene

    --
    Hey don't blame me, IANAB
  4. Re:GNU GPL?!? Come on! by selven · · Score: 2, Funny

    GNU is Not Unix General Public License

    I fail to see the redundancy here.

  5. False positives...? by nlewis · · Score: 2, Interesting

    Are we to believe then that, unlike every single piece of virus-scanning software ever, this binary scanning utility will never encounter a false positive? What happens when it shows some product as containing OSS, but it doesn't?

    And with that in mind, even if you *do* identify a product as containing OSS, how do you prove it without access to the source code? The company could simply claim it was a false positive (regardless of whether or not that happened to be true), and you would be left with the burden of proving the tool wasn't flawed.

    Of course, there are also the false negatives...

    1. Re:False positives...? by publiclurker · · Score: 2, Insightful

      Of course, there are also people who enjoy reading machine code dumps with their morning coffee. Tools like this simple help them to know where to concentrate there efforts.

    2. Re:False positives...? by RAMMS+EIN · · Score: 2, Interesting

      ``What happens when it shows some product as containing OSS, but it doesn't?''

      That's a good question, and that's why we have things like "innocent until proven guilty" and rights for criminal suspects and people who have been put under arrest.

      In other words, as long as we all stay civilized, false positives needn't be a big problem. You inform the company that you believe their product may contain software whose license puts certain requirements on the company that it doesn't seem to be fulfilling, and then they get a chance to convince you that everything is in order and it's just a false positive.

      If you are not convinced, I suppose you can always bring the case to court and force disclosure and investigation. But experience up to now seems to indicate that companies who are violating the terms of the GPL usually change their ways before things get that far.

      --
      Please correct me if I got my facts wrong.
  6. Re:Why? by AusIV · · Score: 4, Insightful

    I agree. Many people view open source software as a better alternative to pirated software. Also worth noting: pirating commercial software lets the business keep mindshare. Adobe doesn't pursue students who pirate Photoshop because they would rather hook kids on photoshop so they'll buy it later than see them get adapt to a cheaper (or open source) alternative and never become a customer. The same is true for Windows: Microsoft would rather see people pirate Windows than switch to Linux; at least that way they keep the mindshare.

    In general, I think piracy is as much an enemy of open source software as it is commercial software. There could be people who oppose software piracy but support movie and music piracy, but I think very often people take the same stance on piracy across the board.

  7. Re:Isn't this like DRM for Open Source... by DarkOx · · Score: 4, Informative

    Its not hypocrisy at all but a cleaver response. The GPL was originally created because RMS felt that the way software was being produced, sold, and controlled with licensing, patents, and copyright was not good for people, the economy, and especially the general principle of freedom.

    He and others first lobbied to try and get the rules changed, many continue that effort. In the mean time he did the next best thing. He co-opted the rules and created a license that preserves things he felt were important that others were using the same rules to take away. He then put in lots of effort to ensure there would be a concentration of value protected by that license such that others would want to access it. The four freedoms would for the most part exist in the natural state; that is a world free of patents, and copyright. You might not always have the source to something you bought but it would be a pretty tough world to sell software in competitively without offering the code.
    So what the GPL is really designed to do is say, look we don't think the system should work this way and that there should be these rules but ok if you get to use them than so can we. If you don't like it than you have to adopt our position that the copyright and patent system at least where software is concerned is broken and throw out your rules.
    were using the same rules to take away. Most of the freedoms would probably exist

    --
    Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
  8. It is only like DRM if you don't know what DRM is. by Sir_Lewk · · Score: 2, Interesting

    This tool is to be used voluntarily by people wishing to preform an audit of software packages they have acquired. DRM is shipped with software that you receive, and is non-voluntarily run on the consumers computer, to check for compliance.

    This would be like DRM if we were writing code into open source projects that would phone home if the company tried to violate the GPL. This is not what is happening at all. (nor would it even be feasibly possible, since open source DRM is a laughable concept)

    This is not ensuring compliance by technical means, this is detecting non-compliance by technical means. After it is established that non-compliance exists, the standard practice is to politely contact the company and seek to resolve the issue in a professional manner.

    (this happens a lot more than you might think, generally speaking the only times you hear about non-compliant companies is when they are unwilling to resolve the issue, or when someone decides to take the opportunity to get some publicity for themselves.)

    --
    "linux is just DOS with a UNIX like syntax" -- Galactic Dominator (944134)
  9. Re:Isn't this like DRM for Open Source... by pseudonomous · · Score: 2, Insightful

    It's not at all like DRM, it's a forensics tool. DRM takes your file/software/whatever and asks "is this an authorized copy? should I let the user access/run this file?", this software looks at software that's already been compiled and is being used and determines if it likely came from known source code. Nor is this tool limited to use with open source software, it's just that tool itself is open-source.