Slashdot Mirror
Hamstersoft Ebook App Rips Off GPL3 Code, Say Calibre Devs
Nate the greatest submits news of a claim that a recently released ebook application from Hamstersoft is actually built from code lifted from calibre, the ebook library app. He writes "It turns out that one calibre contributor is now reporting that his code was pirated for Hamstersoft. You can find the full details over on John Schember's blog. It's technically complicated and quite long. You can also find a non-technical summary. The short-short version is that Hamstersoft needs to give away a complete source code for the Hamstersoft Ebook Converter because that app uses parts of calibre, which is licensed under GPL v3. John gave Hamstersoft a month to comply and they did not. Now that app is clearly a GPL violation."
The short-short version is that Hamstersoft needs to give away a complete source code for the Hamstersoft Ebook Converter because that app uses parts of calibre, which is licensed under GPL v3.
The behavior of a virus.
Queue the GPL critics praising the BSD license. The short-short-short of it is that if these fuckers didn't want to have to abide by the GPL3 license, they shouldn't have been lazy pieces of worthless stealing shit and wrote their own fucking code.
I hope they get sued into fucking oblivion.
The world's burning. Moped Jesus spotted on I50. Details at 11.
Dear submitter:
They appear to have moved stuff.hamstersoft.com to store.hamstersoft.com to dodge search engine blocks.
This is a perfect example of how intellectual property is morally bankrupt and lawyers are terrible people and how IP law holds back true innovation and ... oh wait, because the holder of the copyright released it under a license we like, then let's completely reverse our supposedly deeply held beliefs: nothing is wrong with intellectual property, the infringing party should be sued to smithereens, etc. etc.
It looks like they do offer the code for the product?
http://ebook.hamstersoft.com/en/support
Link to a ZIP file at the bottom of the page above.
So, is this a non-issue or did the company throw the code up quickly to avoid the DMCA?
We all know you shouldn't steal public property for personal profit, and this theft wasn't unique or creative in any way. Where's the news?
This isn't really any different than stories about random violent crimes or bad weather in other states. It's not relevant to your life, it doesn't teach you anything you didn't know already, and it's only purpose is to generate page views. It's not like I don't care about protecting GPL or preventing corporate malfeasance, I just question how this story tells me anything I didn't already know.
I like news that tells me something...new.
Hope ./ readers see this one and realize the error of their ways!
Yahoo was the first to respond. They said they get all of their search results from Microsoft via Bing and referred me to Microsoft. So no luck there.
I don't care who they get their search results from. They are the site provider and are responsible for following the DMCA. Failure to do so will strip them of their safe harbor provisions and open them up to liability alongside Hamstersoft.
'The tyrant will always find pretext for his tyranny.' - Aesop's Fables
It appears that nearly all of HamsterSoft's products are based substantially upon code released under versions of the GPL or LGPL. (There's also a 7ZIP-based archiving utility for which I can't find the relevant source code; and an FFMPEG-based video transcoding utility).
I wonder if their CD burning application is based upon CDRecord/CDRTools, too...
Those guys can get stuff done !!
It is not clear if they modified calibre because the binary builds are only part of calibre not the entire program as it is officially distributed.
Why not just decompile the binary? It's written in C# .NET and things like .NET Reflector are fairly good at it.
Unless the Calibre developer invests tens of thousands (or more) and a few years of his life, all into suing a company that is probably one guy working out of his apartment anyway, then this is just some online whining.
The GPL is not a magical hall monitor shield, which forces people to show you their hall pass when you wave it. Rather, it simply gives you the right to sue if you have the resources to pursue that road. In this case, I don't know if the Calibre guy has those resources, or if the Hamster guy has enough resources to be worth suing anyway.
From their EULA: (http://hamstersoft.com/eula)
RESTRICTIONS
The source code, design, and structure of HAMSTER free software are trade secrets except software licensed under GNU GPL 3.0, LGPL, MPL, BSD-licensed or Free components used to compile. You will not disassemble, decompile, or reverse engineer it, in whole except to the extent expressly permitted by law or except GNU GPL 3.0, LGPL, MPL, BSD-licensed or Free components used to compile HAMSTER free software. You will not use HAMSTER free software for illegal purposes. You will comply with all export laws. HAMSTER free software is licensed, not sold.
---
Sorry guys, you can't have GPL'd code and trade secrets in one piece of software.
assignment != equality != identity
I'm a good friend of John, the blog post author, and have been working with him throughout this process in trying to unravel Hamstersoft's deceit. I want to make a few things pretty clear:
Yes, they posted a zip of code on a hard-to-find link. But they did something sneaky. They included the very short and trivial C# wrapper around Calibre, but they only included a compiled (well, .NET dll) binary blob of the bulk of the application code -- the user interface. And of course, since all the heavy lifting is in Calibre itself, this code is the most important part of the application. They went through pains to extract the source of the UI components and only include it publicly as already compiled. They even packaged it up in a nice Visual Studio Solution so that you can load it up and hit "compile" and you get the software. It looks, at first, like they've complied. But then you dig into the source code actually provided, and it becomes obvious that they haven't provided the majority of the code at all, but only the wrapper code and a few call outs to the provided compiled DLL.
Cheap trick.
The other thing to take notice of in John's post is that in fact the search engines and Facebook have hardly complied -- there are still search results and Facebook pages for this company. Now, you can debate and troll and bikeshed and argue the validity and ethics of the DMCA all you want, but the fact of the matter is that when the big companies want to use it against the small, it seems to work, but when some OSS devs want to take the case up with giant companies, the response is exceedingly lackluster. (Likely, this being on /. will change things, we'd hope...)
The final point to consider is what this all means for GPL and OSS. Hamstersoft is Russian, so good luck trying law suit or anything. But at the very least, shouldn't the OSS community have an army of lawyers willing to work probono, or financed by various foundations, for this kind of thing exactly? John mentioned he tried contacting one such organization, and was unsuccessful. He's told me that at another point, he got in contact with a lawyer from another place who didn't offer to do any work for him but vaguely suggested he send these notices to Google, Facebook, etc. That's pretty lackluster. I don't want to complain to loudly, but instead I just want to suggest that this issue call our attention to the bigger issue -- what institutions do we have in place to protect OSS software effectively as small OSS devs? Do such institutions work? In this case, thus far, they don't seem to be working.
ZX2C4
http://media.hamstersoft.com/hamster.ebookconverter.project.zip thats the source got that from: http://ebook.hamstersoft.com/en/support
A free app using code from another free app, oh my god!
Would someone mod down the parent post. If you would have read the article, you'd learn that they neglected to post the bulk of the source code, and instead released a compiled binary with some wrappers around it. An outright dirty trick.
This is the exact kind of righteous indignation that GPL users secretly crave. This guy's blog post should be read as a long moan of ecstasy.
Without copyright, nobody would be forced to share their code
Without copyright, people would be making and openly trading thoroughly commented disassemblies of proprietary software.
Of course, you would be free to reverse engineer it
And students with more time than money would do just that.
The DMCA take-down notices are to be sent to the providers that are hosting the content. The search engines are not hosting this content, and sending them take-down notices is a heavy-handed abuse of the law.
So either John misunderstands the DMCA or is willfully abusing it. Either way it makes it a lot harder to sympathize with his attempt to address violation of copyright law, when he himself is willing to resort to the very behavior of other copyright abusers.
But at the very least, shouldn't the OSS community have an army of lawyers willing to work probono, or financed by various foundations, for this kind of thing exactly?
What exactly do you expect them to do? The offender is in Russia and is hosted in Russia. How is a small donation-funded organization supposed to enforce copyright in situations where even large well-funded companies like Microsoft have been unable to do so?
People sometimes get away with breaking the law, especially far away countries. It sucks, but it's life and you have to learn to accept it. The people who won't are exactly the ones that drive us further and further into a police state in their unending drive to "decrease crime", not understanding the trade-off they are making.
They can not be forced to disclose the source code. This is a common misconception about the GPL.
If a GPL violation goes to court, the judge can order the infringing party to stop the distribution and pay damages to the copyright owner, but he will not order the disclosure of the source code. The disclosure of the source code is only a gesture that most FOSS developers will accept to drop the charges.
Of course, if the software is only a thin layer of sugar around a core of GPL code, stopping the distribution means closing the business.
On the other hand, the situation can be reverted: the GPL code may be just a small, non-essential part of the software. Think readline, for example: a software is more comfortable with line editing, but it is in no way necessary. In such situation, the violator may decide to pay the damages and remove the GPLed code from its software, to keep in business with its proprietary model.
So some company is violating GPL v3, who is going to do anything about it? Who's going to hire the lawyer(s) to take them to court to get settlement money - the vast majority of which will likely to go the lawyers? Or do you report them to "the authorities" and some government funded lawyer chases them down?
Even if you do go to court and get a judgement against the company, then what? Hamstersoft doesn't sound like a company with deep pockets. So they declare bankruptcy, and the officers open another company doing the same thing with a different name.
Perhaps I'm overly cynical or naive, but I see the effort of enforcing the GPL to be greater than the harm done by violating it. Yes, perhaps the company deserves to be driven out of business for flagrantly violating GPL and stealing other peoples' work. But it will take a lot of effort & money to make that happen.
Now that app is clearly in violation of the GPL.
FTFY. An app cannot be a violation, the violation was the act of noncompliance! /pedantry
It depends on what you sue for. There is a thing called "specific performance," which is basically forcing the defendant to comply with the terms of the license or contract in cases where there is no adequate remedy in monetary damages. An injunction is also possible, and even likely, in copyright infringement cases.
It is easy to pirate BSD-licensed code too. Not everyone includes the notices required by the BSD license when distributing such code as a part of some other software in binary-only form.
For example, AVR libc is under BSD license. Many AVR microcontrollers are flashed with programs that have been compiled with AVR-GCC and contain some code from AVR libc. It's easy to skip including the BSD license text and copyright notices when shipping products that include microcontrollers with such code. It's especially easy because most people won't have any clue that there is a microcontroller in the product, let alone what code it might contain.
It turns out that one calibre contributor is now reporting that his code was pirated for Hamstersoft.
But piracy is people on the high seas hijacking vessels and stealing their cargo, right? Oh wait, this was GPL code we are talking about so we throw out all the "but it's not theft" or "it's not piracy" bullshit excuses that come up when it comes to proprietary software or movies/music/ebooks/etc.
Not to mention trade secrets have no protection under law, in fact that's why copyright law exists in the first place.
Never say never.
Approximately 40 states have adopted the model Uniform Trade Secrets Act (USTA). The USTA defines a trade secret as "information, including a formula, pattern, compilation, program device, method, technique, or process, that: (i) derives independent economic value, actual or potential, from not being generally known to, and not being readily ascertainable by proper means by, other persons who can obtain economic value from its disclosure or use, and (ii) is the subject of efforts that are reasonable under the circumstances to maintain its secrecy."
The USTA specifies remedies for violation of trade secrets including injunctions, damages, and attorney's fees. It also gives courts the authority to grant protective orders to ensure the secrecy of a trade secret during the discovery phase of litigation, and prevents disclosure of confidential information by witnesses.
Federal Protection for Trade Secrets
The Economic Espionage Act of 1996 federally criminalizes the theft or misappropriation of trade secrets under two key provisions. The first makes it illegal to steal trade secrets for the benefit foreign powers; the second, makes it illegal to steal trade secrets for commercial or economic purposes regardless of who benefits.
Trade Secrets
The reverse engineering of software faces considerable legal challenges due to the enforcement of anti reverse engineering licensing provisions and the prohibition on the circumvention of technologies embedded within protection measures. By enforcing these legal mechanisms, courts are not required to examine the reverse engineering restrictions under federal intellectual property law. In circumstances involving anti reverse engineering licensing provisions, courts must first determine whether the enforcement of these provisions within contracts are preempted by federal intellectual property law considerations. Under DMCA claims involving the circumvention of technological protection systems, courts analyze whether or not the reverse engineering in question qualifies under any of the exemptions contained within the law.
Frequently Asked Questions (and Answers) about Reverse Engineering
- what institutions do we have in place to protect OSS software effectively as small OSS devs? Do such institutions work? In this case, thus far, they don't seem to be working.
If you have given given the FSF the full copuright to the code, and make it GNU project, they go after the culprits. But if you guys are the sole owners, its your duty to protect your property.
They may claim they never signed/agreed to the GPL, and therefore aren't bound by any requirements of it. Specific performance remedy is a type of equitable relief and requires a valid contract/agreement between the parties.
In that case, the plaintiff would have little choice but to pursue a copyright infringement claim, and specific performance would be off the table.
Without agreeing to the GPL, with the code copyrighted, and no license, there would be infringement... so the remedy options would basically be monetary/statutory damages or injuctions.
Disclosure of source might be a settlement option, but it's not a thing the judge may order, any more than the judge could simply assign copyright of the product to the open source developer whose copyright was infringed.
Without agreeing to the GPL they are in intentional violation of copyright. The means (under US law) max statutory damages of several hundred thousand dollars PER distribution (which if they even distributed it a dozen times could be several million dollars) and the court will probably award punitive damages of up to 9 times the statutory damages for intentional infringement. If they sold a hundred copies of the software they could conceivably be hit with a hundred million dollars in statutory damages and punitive awards.
Although you are right they could claim they didn't agree to the GPL, but by doing so they would make the damages much much worse. This is the reason in nearly every single case where legal proceedings are started companies comply with the GPL, because not agreeing to the contract contained in the GPL is a far worse fate then complying with the terms. People forget that this is by design, Stallman deliberately used copyright law (and it's massive damages) to create a license that creates a situation where complying with the license is the least damaging result to an infringer.
Now this is all hypothetical as the company in question is Russian and unless you are good friends with Putin nothing will happen to the people or companies involved..
The EULA for the free eBook converter now contains some extra stuff, such as:
"The source code of Hamster Free eBook Converter inherits GNU GPL 3.0 rights from Calibre. You may all operations with it permitted by law. GNU GPL 3.0 restrictions must be met. You will not use Hamster Free eBook Converter for illegal purposes. You will comply with all export laws. Hamster Free eBook Converter is licensed, not sold."
which looks like it was written hastily, and
"GNU GPL 3.0
Calibre source codes: http://code.google.com/p/calibre-ebook/downloads/list
Hamster Free eBook Converter source codes: http://ebook.hamstersoft.com/en/support
License GNU GPL 3.0: http://www.gnu.org/licenses/gpl.html"
So, they've included the GPL in their license terms, and have published the source code for the eBook converter. Looks like yet another win for GPL.
Those who can make you believe absurdities can make you commit atrocities. - Voltaire
They may claim they never signed/agreed to the GPL
That'd be the same as admitting to the court that they knew they were in breach of copyright law but decided to willfully continue anyway. NO sane company would tell that to the court!
Looking at their website, all trace of the Ebook software seems to have vanished, I'm glad to say.
TdR doesn't like it if you don't violate the license. If, for example, you take BSD code and GPL it, he goes completely librarian-poo. If it had been decently closed up, he wouldn't care: after all the original version is still available. But since the original version is still there when you relicense as GPL, this is a huge problem.
I never went to University for CS and I studied assembly. In fact, I wrote a CGI library for Linux x86 assembler that didn't link with libc. This allowed you to write a native CGI application in 120 bytes! Although it only supported GET requests and I only wrote atoi() of all the conversion functions in libc. Pretty sweet if you ask me. This time that I spent so long ago has paid for itself many times over. And even more as I transition into iOS programming. Contrast that with my buddy Daniel who graduated from a state school with a masters in CS and doesn't know ANY assembler. He learned Java byte code, but never native assembler. He and his professors espouse the "but you'll never need to know that" school. It's a waste of time because the JIT/compiler can write better assembler than you can. Pshaw, children these days, lawns needing vacated.
I have a theory that the truth is never told during the nine-to-five hours. - Hunter S. Thompson
Hope they will DDoS the hell out of hamstersoft.
Even the FSF will tell you, the GPL is not a contract. It covers distribution of a specific copyrighted work, and does not cover independent works which the same party may happen to also distribute.
In Russian "hamster" is an internet slang word for a "mindless, unwary and predictable consumer of popular novelty items", a "lemming". Definitely not the kind of name people would trust (as long they know what it means)!