Stuxnet/Flame/Duqu Uses GPL Code

David Gerard writes "It seems the authors of Stuxnet/Duqu/Flame used the LZO library, which is straight-up GPL. And so, someone has asked the U.S. government to release the code under the GPL. (Other code uses various permissive licenses. As works of the U.S. federal government, the rest is of course public domain.) Perhaps the author could enlist the SFLC to send a copyright notice to the U.S. government..."

Implications

[tmosley]

That would imply that the government is ruled by law rather than the arbitrary decisions of a few "top men".

It doesn't take long for such attitudes to spread throughout society.

But hey, Obama said he would have, like, the totally most open presidency ever. Surely the new boss will prove himself different from the old boss in SOME way. Surely!

Re:Implications

[operagost]

I'm sure the decisions made by the Bush administration over three years ago are still holding him back.

Re:Implications

[TrentTheThief]

That would imply that the government is ruled by law rather than the arbitrary decisions of a few "top men".

But since we know that to be true, I guess we can all sing like the Who: Won't Get Fooled Again (http://www.sing365.com/music/lyric.nsf/Won%27t-Get-Fooled-Again-lyrics-The-Who/761EF79AAB42FA9C48256977002E72F9)

I'm just wondering when the revolution begins. I don't think that the younger generation realize how dire the situation really is since most of them have less than a zero's interest in history. If they'd even take the time read music lyrics that were being sung 50 years ago, they'd easily see that things are even worse now than they were before.

When does the shooting start?

Re:Implications

[tnk1]

Clearly we should take our cue to start a bloody revolution from music lyrics written by people 50 years ago.

Speaking as someone who does actually read history, I know what happens to people while they are in the midst of their glorious revolutions. That is to say, privation, disorder and mass slaughter. That wonderful period is then most of the time followed by dictatorship or other forms of tyranny. The good times come decades later when someone has managed to restore order.

You'll excuse me if I hope that no one gets around to it for another 50 years or so.

Re:Implications

Did you really walk through a wall once?

Re:Implications

[networkBoy]

And yet somewhere in the middle lies the answer.
It is of use to note that we celebrate a war every year. On the 4th of July we light off fireworks to celebrate going to war with the British and winning (technically we celebrate our declaration to be independent, but we all know damn well that had we lost or had there been no contest, there likely wouldn't be fireworks every year).

Our country does need a revolution. It needs a real tea party, a mass of people who simply refuse to follow governments orders.

The challenge, of course is critical mass. I would wager that in 1776 well over 50% of the population of the nascent United States of America was willing to outright defy the ruling government, while somewhere north of 90% of the remainder at least supported said dissidents. With the combination of the Democrats buying votes from the poor/uneducated/minority/grafters/etc with entitlement programs and the Republicans selling government support to corporations, I believe a civil revolution is impossible.

thk1 is right, an armed revolution is bad, but I'm not sure no revolution is better...

Re:Implications

[number11]

It is of use to note that we celebrate a war every year. On the 4th of July we light off fireworks to celebrate going to war with the British and winning (technically we celebrate our declaration to be independent, but we all know damn well that had we lost or had there been no contest, there likely wouldn't be fireworks every year).

Oh, I dunno. It probably wouldn't be on 4 July. But the Brits have fireworks on Guy Fawkes day (remember, remember, the fifth of November) to celebrate the capture and execution of terrorist plotters in 1605. There would probably be another annual celebration to commemorate the capture and execution of the colonial terrorists (or is that "militants"? it's so hard to remember the correct terminology) of 1776. So there would be fireworks twice a year.

Re:Implications

[TheCarp]

And what happens when people don't have that revolution?

Mass slaughters still happen, just elsewhere. Instead of having it here, we have a judicial system run amok that has filled the prisons far past any sane levels with non-violent "offender" after non-violent "offender", where often offences are often nothing more than smoking the wrong plant.

I say we have the revolution now while the people who brought us all this are old and can suffer for lack of their public benefits that they intended to rely on.

Re:Implications

excuses are for failures

Re:Implications

[couchslug]

You are being rather harsh on Obush, but fear not!

Robama or Omney will win in November and things....won't be different.

Re:Implications

I don't think that the younger generation realize how dire the situation really is since most of them have less than a zero's interest in history. If they'd even take the time read music lyrics that were being sung 50 years ago, they'd easily see that things are even worse now than they were before.

all you gotta do is mix those lyrics some kind of way with songs from Lil' Wayne, Drake, etc

Re:Implications

[FudRucker]

independence from what? a totalitarian monarchy to a totalitarian congress? and the direction the US Gov is going the US Citizens are no more free than they were under British rule and thanks to their "War or Terror" things are sliding down a slippery slope towards something far worse

Re:Implications

The government, while it makes the laws, is subject to the rule of law. The government can be replaced and the laws changed. But by agreeing on a set of laws that apply to everyone is how we keep our noses out of the aforementioned violent chaos.

Revolution is not the answer. Civic engagement is. If we take notice, if we talk about and we insist on accountability and seek to elect politicians that act in our interest. A mature and educated electorate is the required cultural change and I'm optimistic we're heading in that direction. The current shenanigans are not irreperable and are serving a purpose in getting people to take notice.

Re:Implications

[malakai]

Am I the only one that is less concerned with copyrighted GPL code being in this rather humane and elegant attack against a country trying to develop nuclear weapons, and more upset with how and why the information about the program was leaked?

I can't help but feel at some point this is going to be a big deal. Hearings, testimony, etc. One or more people are going to lose their jobs, future security clearance, and possibly face jail time. There's just no way this recent and this active a program should have been briefed to the New York Times.

GPL Code in it? Who cares.

Re:Implications

[TrentTheThief]

Twice, actually. But I ran away and no one knew.

Re:Implications

[BKX]

I would wager that in 1776 well over 50% of the population of the nascent United States of America was willing to outright defy the ruling government, while somewhere north of 90% of the remainder at least supported said dissidents.

And you'd be wrong. It's widely accepted that only 1/5 of population were rebels. Another 1/5 were loyalists. The remaining 3/5 were neutral (with a number joining one army or the other for purely economic reasons without actually believing in one side or another). We only won because England was at war with everyone else at the same time.

Re:Implications

[couchslug]

"If they'd even take the time read music lyrics that were being sung 50 years ago, they'd easily see that things are even worse now than they were before."

Worse for who and in what ways and please be SPECIFIC.

There is no draft so everyone who goes to war is an eager volunteer with no illusions. (I served as an eager volunteer with no illusions, BTW, and would cheerfully do so again.) The Iraq war is over, A-stan will be shortly.

The economy is recovering (it's just another Recession, we've had MANY Recessions, they are NORMAL parts of the economic cycle!) and there are no serious civil rights problems _compared_to_fifty_years_ago_.

Fifty years ago was 1962. Civil rights workers were in routine danger of being SHOT. Things got worse before they got better:

http://law2.umkc.edu/faculty/projects/ftrials/price&bowers/price&bowers.htm

Have some school bombing:

http://en.wikipedia.org/wiki/16th_Street_Baptist_Church_bombing

Now we have a (b)lack President, vastly more civil rights for LGBT folks, legal cannabis in a few areas, greater social mobility, and a much higher standard of living.

Re:Implications

Is it humane to attack a country that is attempting to develop a nuclear power plant? There hasn't been any proof of a nuclear weapons program in Iran.

Re:Implications

[jythie]

Well, they already have a law stating that, if national security is involved, the government can pay private companies to manufacture things based off other people's patents while being immune from patent litigation if they get caught. So even if we knew who to serve, they have that protection from civilian law.

Re:Implications

[jythie]

The thing is, the American Revolution worked because the local elites were driving it, not average people. That tends to be what determines if a revolution goes well or not. When you have two ruling classes struggling for power, the winner usually has the resources to restore order and most of their power structure already in place. When you have ruling class vs general population, it always ends badly regardless of who wins.

Re:Implications

I don't think that the younger generation realize how dire the situation really is since most of them have less than a zero's interest in history.

zero cares a lot about history. It doesn't want to relive those dark days back when it didn't exist.

If they'd even take the time read music lyrics that were being sung 50 years ago, they'd easily see that things are even worse now than they were before.

Music lyrics: best way to learn history

captcha: killjoy

Re:Implications

Am I the only one that is less concerned with copyrighted GPL code being in this rather humane and elegant attack against a country trying to develop nuclear weapons.

[citation needed]

Re:Implications

[X0563511]

There's been plenty of proof of them hiding something. If they are merely developing a power plant, why would they be working so hard to cover their tracks?

(via intelsat we can see them doing extensive demolitions and earthwork prior to inspectors coming in, meanwhile they are executing stalling tactics. just for example.)

Re:Implications

[s73v3r]

If they'd even take the time read music lyrics that were being sung 50 years ago, they'd easily see that things are even worse now than they were before.

Citation needed, pal. I'm sure 50 years ago people were moaning that young people then didn't have any interest in history, and that things were "worse than they were before."

Re:Implications

[Entropius]

The information was leaked because the malware got out. Nobody "leaked" Stuxnet, other than Stuxnet itself.

Re:Implications

[s73v3r]

That's not the fault of the judicial system. That's largely the fault of the legislative branch, who enacts laws mandating certain levels of sentencing. And that blame can largely be brought back to the people who voted for those representatives, who demanded that people be "tough on crime."

Re:Implications

[religious+freak]

+1 for actual knowledge. Though I do seem to remember the number was more like 1/3, 1/3, 1/3 between loyalists, revolutionaries and neutral. TLTG, but I know there certainly was NOT a majority actively supporting the American revolution.

Re:Implications

Why can't more people be as rational as this?

For those who seem nostalgic for these "lost freedoms," just what time period would you like to go back to? 1791 and the government stopping the Whiskey (Tax) Rebellion? Alien and Sedition acts of 1798? Antebellum slavery? Post-Civil-War Jim Crow civil rights? Westward expansion, lawlessness of the frontier and subjugation of Native Americans? Red Scare of the 1910s? Heydey of the Ku Klux Klan? World War I? Labor conflicts of the 1920s? Great Depression? World War II and internment of Japanese? Height of the Cold War and McCarthyism? Government crackdowns on protesters during the 60s? 70s economic malaise and extended recession? Reagan 80s? Clinton 90s? When did this magical period of perfect freedom for all (White Anglo-Saxon Protestant Males) actually take place?

Things are as good now as they have ever been, and anyone who longs for some mythical utopia is deluding himself.

Re:Implications

You guys also celebrate Thanksgiving which is, broadly speaking, a celebration of the invasion of the Americas by Europeans. An odd contrast to the celebration of independence.

But then everyone has weird little events like this, while most of Europe has Armistice day on the 11th of November, the Germans kick off Karneval Season. As someone else mentioned, we Brits burn an effigy to remember the torture of an alleged Spanish terrorist.

Re:Implications

[networkBoy]

Either way, 1/5, 3/5, 1/5 or 1/3,1/3,1/3 I will stand corrected, as by either numbers I was wrong. Do you think even 1/5 of our current population would be willing to push back? I think not.
-nB

Re:Implications

I did a hundred things this morning and none of them really involved the government. The government isn't the problem. Asshats are the problem, and the ones outside government are as intrusive and destructive as those inside it. Any revolution would unleash the asshat in all of us. The only benefit is when the revolution kills off a large number of asshats, i.e., us.

Re:Implications

[dbc]

From what I've heard, it wasn't 50% -- it was more like 3% that were openly and vocally defiant. Most people simply ducked and covered.

Re:Implications

>On the 4th of July we light off fireworks to celebrate going to war with the British and winning (technically we celebrate our declaration to be independent, but we all know damn well that had we lost or had there been no contest, there likely wouldn't be fireworks every year).

If the colonists lost, we would be celebrating Guy Fawkes Night every year instead.

Re:Implications

[davester666]

Well, if 'hiding something' is a significant concern for you, perhaps you should discuss this with your congressman/senator. For example, your own gov't refuses to disclose it's own interpretation of the Patriot act.

Re:Implications

[TheCarp]

whether its their fault or not doesn't change what they are. It is all one system, and a broken, poorly instituted one. We have, right before our eyes, how its become corrupted, the results of that corruption, and its pretty plain to see how this system can't fix these particular problems.

Quite simply, some issues shouldn't matter who is elected, because civil rights should not be up for debate or vote. However, they are. Time and again we have to go all the way back to the people on civil rights.

Nothing short of a revolution is going to fix this system. It may not produce one that will never find itself needing to be overthrown, but, such is the cycle of abuse.

Re:Implications

[sg_oneill]

But what sort of revolution would it be?

I mean if it where up to me, it would be an anarchist revolution with a resolutely syndicalist-socialist economy. But the libertarians probably wouldn't have a bar of that. And all the democracy people (most folks) would probably rather have some sort of government. And then amongst those, half would want a liberal revolution and the other half a conservative one (wheeee chile death squads).

And thats the problem. America isn't having a revolution because despite all the doom and gloom, nobody agrees on shit, and maybe thats the triumph of democracy. When nobody can agree on what they want, mediocracy will rule and protect the status quo of the rich and powerful.

I know this sounds pesimistic, but I am pesimistic, so here is some honesty: American living standards still put most of the world to shame, except perhaps for the mess of the privatized health system. The poor are on average far richer than most of the developing world, and the rich are insanely rich. Things can get a *lot* worse before people finally snap and agree , for better or worse, that shit needs replacement at the burning end of an angry citizenrys pichforks.

Re:Implications

a mass of people who simply refuse to follow governments orders.

Good, I hope we/they arrest these people and put them in jail. You can even raise my taxes to build more jails.

Vote to get the laws changed/vote the people out of office, don't just blatantly disregard the law and think it's fine.

Re:Implications

[tehrhart]

...(via intelsat we can see them doing extensive demolitions and earthwork prior to inspectors coming in, meanwhile they are executing stalling tactics. just for example.)

We can't see much of anything via Intelsat - it's a communications satellite organization. From the oracle of all knowledge :

"Originally formed as International Telecommunications Satellite Organization (INTELSAT), it was—from 1964 to 2001—an intergovernmental consortium owning and managing a constellation of communications satellites providing international broadcast services. As of March 2011, Intelsat operates a fleet of 52 communications satellites, which is the world's largest fleet of commercial satellites."

Re:Implications

[X0563511]

I was talking about intelligence satellites, and not some company or organization called intelsat. This should have been obvious.

Re:Implications

Yes we the people demand that they be tough on crime, you know rape and murder, not J-walking, or pot smoking, or speeding, or taking pictures of the police doing their jobs,... I can go on.

Re:Implications

Alternatively, we could start a golden age first and then there will be no anarchy. All we need to do is to sacrifice a few great people!

Re:Implications

don't just blatantly disregard the law and think it's fine

Why should the government have an exclusive on that?

Re:Implications

Should have, but you made a poor distinction in that regard.

Re:Implications

[J0nne]

It was leaked because Obama wants to show he wasn't weak on Iran so he can get reelected. Leaks like this usually happen because the people in charge want it to be known (with the exception of the Bradley Manning leak, ofcourse).

Re:Implications

[X0563511]

Yep. I'm supposed to know the name of every company, so when one of them happens to have the same name as something totally unrelated I can clarify that I'm NOT talking about them. Sure, that's how it works. Yep.

Re:Implications

Didn't we (the US and possibly Israel) write the code, so we already have a copy. We don't need Kaspersky's, we have the orig... LOL.

Re:Implications

[shutdown+-p+now]

Tsk-tsk. That was so not NPOV.

Re:Implications

[shutdown+-p+now]

is that "militants"? it's so hard to remember the correct terminology of 1776.

It's "rebels", or "traitors", whichever you prefer.

Re:Implications

[s73v3r]

Quite simply, some issues shouldn't matter who is elected, because civil rights should not be up for debate or vote. However, they are. Time and again we have to go all the way back to the people on civil rights.

This is true, but the Judicial system is usually a pretty good balance against this. Prop 8 in California never should have been on the ballot in the first place. However, the courts are doing what they are supposed to be doing, and throwing it out.

Nothing short of a revolution is going to fix this system. It may not produce one that will never find itself needing to be overthrown, but, such is the cycle of abuse.

We have a revolution every 2 years or so, when we vote in new officials.

Re:Implications

[s73v3r]

No, there are many people who agree with the idea of throwing drug users, regardless of the drug or the criminal history of the defendant, behind bars for a long time. And those people generally vote in higher numbers than those of us who don't feel this way.

Re:Implications

When is the last time you saw a political candidate who was actually in it FOR the people? That's MOST of the problem... all politicians are so greedy and corrupt that we haven't a choice in most cases & it makes no difference WHOM we vote for! The people are powerless when there are no candidates with integrity.

Re:Implications

[...] But hey, Obama said he would have, like, the totally most open presidency ever. Surely the new boss will prove himself different from the old boss in SOME way. Surely!

He is different from the old boss... he is not a moron who doesn't know how to pronounce the word "Nuclear".

(Hey, DUUUUH-bya... can you say the word "new"? How about the word "clear"? Now put them together...)

In most other respects, though, I'll grant you - there is disappointing similarity.

Re:Implications

I'm sure the decisions made by the Bush administration over three years ago are still holding him back.

Right.... but if someone where to say "I'm sure the decisions made by the Clinton administration are still holding him back" about former President Bush then everyone would cry fowl. Why does everyone bend over backward when it comes to Obama? He promised the moon (more so than past presidents) and delivered very little.

Re:Implications

[sjames]

How many Iranian inspectors do we share our nuclear operations with?

They MIGHT have just figured it wasn't any of our damned business.

Re:Implications

We also won because France supported us.

Re:Implications

The number I heard was 1/3. Canadian history taught me something American textbooks do not teach and that is the loyalists including Ben Franklin's own son who fought hard agaisnt the revolution and support loyalists and what would become Canada.

The 1/3 also were the rebels in France and the 1/3 that supported the monarch. The founding fore fathers put 2/3s majority on purpose to impeach a president and for constitutional amendments on purpuse as 1/3 is the number for a revolution and only something traumatic as 2/3s opposed to something can change which is good but 51% should never keep overiding anything.

Re:Implications

[aiht]

He was being sarcastic. Oops, sorry I was supposed to say *whoosh*, wasn't I?

Re:Implications

Clearly we should take our cue to start a bloody revolution from music lyrics written by people 50 years ago.

Speaking as someone who does actually read history, I know what happens to people while they are in the midst of their glorious revolutions. That is to say, privation, disorder and mass slaughter. That wonderful period is then most of the time followed by dictatorship or other forms of tyranny. The good times come decades later when someone has managed to restore order.

You'll excuse me if I hope that no one gets around to it for another 50 years or so.

Rubbish. Look at what Revolutions did for France.

Oh wait...

Re:Implications

[mug+funky]

i'm not sure what the GPL says about classified projects, but the US government doesn't have an obligation to release _all_ the things they do as public domain.

you certainly can't download the schematics for the W88 warhead from .gov sites.

Re:Implications

[mug+funky]

it'd be naive to say they weren't at least thinking about making nukes. seriously.

it doesn't all add up, i agree, but here's the few things that seem to have got out of the bullshit cycle:

- they have rather more centrifuges than they need for LEU
- they have a research reactor that's capable of making enough Pu239 for about 2 bombs a year
- they refused inspectors entry to a conventional explosive lab - this has been inferred to be something to do with high explosive lenses

on the flipside:

- the bushehr plant is not usable in weapons, and the centrifuges make sense for making fuel for it
- high explosive lenses are typically for Pu bombs, not U, so why the enrichment program? are they trying to make two different bombs, like the manhattan project? or is it as they say it is?

Re:Implications

[X0563511]

If that were the case, don't you think the stalling, demolitions, and earthwork are out of proportion?

Re:Implications

[jythie]

It is hard to say if Cuba would have went well. Sanctions did not help, but similar systems have gone badly in other nations so it is questionable if Cuba would have somehow bucked the trend.

Re:Implications

Revelations are always started by intellectuals as cronies for the elite, poor peopled were/are and always will be working to make a living or dying for a stupid nationalistic, religious or some fake BS the rich create to make money.

Re:Implications

[wcgOtt]

Agree with the facts but I think forces at work are more subtle than they were 50 years ago. Standard of living has elevated yet the wage gap between rich and poor has widened. Widened so far that the former middle class is close to the bottom than the middle. Arguably, the elevated standard of living has come from cheap food and consumer products that are relatively cheaper than ever before. Why are they relatively cheaper? Industrial food production and overseas cheap production and labor. We don't have segregation, yet there are more black males in prison than college. In fact, we've turned incarceration into a business. I imagine that health insurance wasn't common 50 years ago yet it's essential today (again, healthcare is a for-profit-business now) yet 40+ million Americans are uncovered. Crime statistics show a drop in crime every year yet Americans are more scared and armed than ever before. My point is, yes things are better but things are worse too.

Re:Implications

[sjames]

Perhaps so, or perhaps they hate our paternalistic attitude that much.

Re:Implications

[couchslug]

"Standard of living has elevated yet the wage gap between rich and poor has widened. "

Which means the poor are much better off. Back then, many still worked as sharecroppers and lived in conditions that looked like a Walker Evans photograph. The "gap" doesn't affect the poor, but their actual personal reality does.

"We don't have segregation, yet there are more black males in prison than college."

Medgar Evers and Martin King stopped bullets in the fight for change, but refusal of the masses of black males to take advantage of this is no one's fault but theirs. Meanwhile, black FEMALES are pursuing opportunities and schooling. I've taught both in a local community college. The women are FAR more motivated and better listeners than the men. (This ALSO applies to whites!)

"I imagine that health insurance wasn't common 50 years ago yet it's essential today"

There was almost NO "health care" in the modern sense fifty years ago. See pics of open-bay hospital wards for examples. No expensive treatments means no need for insurance.

"Crime statistics show a drop in crime every year yet Americans are more scared and armed than ever before. My point is, yes things are better but things are worse too."

Which Americans are "more" scared? Being armed back then was common and firearms were widely accepted as just another tool.

Youth marksmanship training etc was common yet "Charlie Whitmans" were more rare (possibly because that wasn't considered cool...).

Re:Implications

[TheCarp]

> This is true, but the Judicial system is usually a pretty good balance against this.

Occasionally... we still have plenty of legal civil rights abuses... war on drugs anyone? Maybe you have forgotten about how often peoples homes get raided and that nearly half of our huge prison population is in there for a class of crimes that has been totally manufactured by civil rights abusing policies?

> We have a revolution every 2 years or so, when we vote in new officials.

Thats the funniest thing I have read all year. I know that word, and I do not think it means what you think it means. Choosing between the candidates allowed to us by the oligarchs in charge of the parties is hardly "revolution" worth calling such.

Not gonna happen

[h4rr4r]

If you are already breaking laws left and right why would you bother to acknowledge copyright?

The people who released this have no respect for the law, and see themselves as above it they will not comply.

Re:Not gonna happen

[DickBreath]

Why would you bother to acknowledge copyright? Because the people who have bought and own the US government want copyright and patents to touch every part of our lives. Buy a cell phone? You should be paying an ever increasing slice to every patent troll that crawls out of the woodwork. Buy blank media, or a blank SD card? You should be paying copyright owners a "tax" on that blank media you dirty filthy pirate! Why else, other than piracy, could you possibly be buying blank media?

/ end rant

Re:Not gonna happen

[ZeroSumHappiness]

Obviously copyright is the most important issue of our time. Look at how much went into ACTA/SOPA/PIPA/CISPA and how little is going into fixing our education, healthcare, research and poverty issues.

Re:Not gonna happen

[Zocalo]

Why not? It's a library, as in (most probably) a stand-alone binary file, is it not? Provided "lzo.dll" or whatever it was called was shipped as part of the package and only linked against, then there is no need to distribute the rest of the source code in order to achieve GPL compliance. Or am I misunderstanding the GPL FAQ?

Re:Not gonna happen

[DarkOx]

Right they want copyright to touch every part of 'our lives' and when 'you' by blank media 'you' should pay a tax. When 'they' want to manufacture something and use GPL code 'they' think they ought be allowed to do so. When 'they' appropriate a photo or tune to use in 'their' works and sell it its just fine, but if 'you' even make a copy of 'their' stuff for you own viewing; 'you' should pay. The law if for 'you' not for 'them'.

Re:Not gonna happen

[networkBoy]

O_o
Seems a non sequitor in this context along the lines of the $699 SCO license fee trolls.

I see the tie in, but ...

Re:Not gonna happen

[PurpleAlien]

If the library were under the LGPL, your statement would be correct. It is however licensed under the GPL, which means that even linking with the library would mean that the rest of the code is considered a derivative and would fall under the GPL.

Re:Not gonna happen

[kbonin]

The FAQ section you linked to is specific to the LGPL. The LZO library is licensed under the GPL, which means any application that uses it, and is distributed publicly, must be released with full source licensed under the GPL. This is an important distinction between the LGPL and GPL...

Re:Not gonna happen

[drakaan]

I was thinking that, too...I don't see anyone saying that they shipped *modified* versions of GPLed code.

Re:Not gonna happen

[Qzukk]

LGPL provides a "just linking" exception and is used 99:1 instead of GPL for libraries because the GPL makes no exception for linking. If your code uses GPL code, your code must be GPL.

Generally the only people who write GPL libraries is the GNU Foundation itself, and even then they only do it when they think they have something so awesome people will adopt the GPL license to use it (like libreadline, which is).

Re:Not gonna happen

[drakaan]

Maybe, maybe not...it depends on how the library is used. See Prelinking and Aggregation.

Re:Not gonna happen

[Dr_Barnowl]

The key word here is "library" ; aggregation typically only covers programs running in separate processes. Communication via sockets and pipes is permissible.

If the summary had said "The lzo utility", fair enough. But if it's linking the library, that's linking. Pre-linking is just linking.

Re:Not gonna happen

[kbonin]

Those are rather unusual cases - under normal use (direct linking or use as a shared library), a GPL library imposes GPL on the entire application that uses it. Yes, it may be possible to use a GPL library without imposing GPL terms on the application, but it takes a good deal of effort to try and do so, like running the library in a separate process space and highly constraining communications with it...

See FAQ entry: http://www.gnu.org/licenses/gpl-faq.html#NFUseGPLPlugins

Re:Not gonna happen

Please stop making stupid statements. Read this for enlightenment.

Re:Not gonna happen

[s73v3r]

You act like people can't do more than one thing at a time. And that we should ignore ACTA/SOPA/PIPA stuff until the other things are fixed, at which time it will be far too late.

Re:Not gonna happen

[tragedy]

The library is GPL, not LGPL. There may be an argument against mere linking being a violation with standard libraries, but when the library is being distributed as part of the application, that argument falls a little flat.

Re:Not gonna happen

[T.E.D.]

I have three issues with this:

1. Does a virus spreading itself really count as "distribution" under the GPL? It could be argued that copying itself (sometimes to places it isn't wanted) is just the normal execution of this particular program (which the GPL always allows), not a proper "distribution". It's not like Iran called up the DoD and asked for its latest malicious virus.
2. Legally you have to hold the party you got your distribution from liable for a GPL violation. That's the way the license is written. Thus to hold the DoD liable, you'd have to be the person who got your copy of the virus direct from them, not from another infected party. In other words, you have to be "patient zero". Who could prove that in court?
3. The USA has laws against copying classified programs. So its quite possible the DoD could decide to turn around and arrest the litigant for posessing and/or distributing classified material.

Re:Not gonna happen

[MickyTheIdiot]

No it's not. If really are concerned about "intrusive government" then copyright is about as intrusive as it gets. It's starting to govern aspects of your life from the time you wake up until the time you go to sleep.

Re:Not gonna happen

[ZeroSumHappiness]

Dammit, people, that was meant to be Funny, not Insightful!

Re:Not gonna happen

[BigDaveyL]

Interesting takes. I don't think Iran wanted the software to begin with. But I think they would love to see the source code!

Re:Not gonna happen

[tobiah]

Barack Obama essentially admitted the U.S. government was behind these viruses. He also insists he respects the law. It's worth pursing this, just to expose the hypocrisy.

Re:Not gonna happen

[girlintraining]

Obviously copyright is the most important issue of our time. Look at how much went into ACTA/SOPA/PIPA/CISPA and how little is going into fixing our education, healthcare, research and poverty issues.

I think you're mistaken. You, I, and most of the world population, finds education, health care, research, and decent living conditions to be the most important issue of our time -- or any time, for that matter. However, wealth is power and wealth has become highly concentrated amongst, perhaps, a few thousand people in this country -- they have all the say about what that wealth does. It can be used to help the impoverished... or it can be used to further restrict our lives and further impoverish us for their benefit.

But it's not going to change because we aren't willing to kill the people who are. I'm not advocating that be the first option considered, but the power of the people depends on being able to make good on the threat of radical modification or destruction of the government; in much the same way Mutually Assurred Destruction kept the peace between the USSR and the USA during the cold war, an armed and educated populace is the best defense against class warfare. You will note the extensive "anti-terror" framework that has acted to prevent any group organizing for political representation, and that gun control laws have become inordinately restrictive. Significant government resources are being devoted to discrediting any ground roots movement or potential political leaders and this framework is most directly put against anyone who directly exposes this framework -- Wikileaks is one example, but the Tor network is another, and there's been remarkably little coverage on the NSA's project to store all information transmitted on the internet that originates or passes through the United States. This is not a project intended to be a resource for foreign surveillance: It is intended to watch US citizens. And recently, high-tech surveillance drones have started to be deployed in major metropolitan areas.

The United States is employing technologically sophisticated measures to create a police state as bad (if not worse) than China; But unlike China, they have created a digital iron curtain to wall off media coverage of this vast change in domestic policy. It is not a coincidence that most of the censorship technologies in use around the world were created here; It is a byproduct of deep and pervasive surveillance technologies already deployed here. We talk about the future of our society as being highly transparent, but that's only true of the average person, who will soon be proverbially naked. Only criminals and the government/corporate superstructure will be allowed to wear clothes; Only they will have privacy.

The naked truth is... copyright law is class warfare. And it's a symptom of a much larger war going on.

Re:Not gonna happen

Barack Obama essentially admitted the U.S. government was behind these viruses.

Quote please.

Re:Not gonna happen

[muridae]

The problem with that question is it assumes the same author for both the library and the main program. If I write a program that is not gpl and allow plug-ins by other authors under "My-License", and rogue user creates a plug-in using gpl code; that is the plug-in authors problem, not mine. The FSF would have to show that I agreed to the gpl with regard to the project; which simply having a plug-in API does not show.

Re:Not gonna happen

[drakaan]

This is interesting stuff...I had been laboring under an incorrect assumption for a while that linking to an external library is one of the things that the GPL typically refers to as "use". I can see how modifying existing source fits, but I'm not sure what I think about a program using an external library having the GPL imposed. Mainly because the workaround is silly (and it's *not* a good deal of effort...if you don't care about speed)...

If all I have to do is make a service that exposes the GPLed library via a network connection (127.0.0.1 is a network address, right?), then I can still release a proprietary blob that uses the library that way and that's viewed as not triggering the GPL? Web services are trivial to create these days.

Are we *really* saying "Yeah, you can still do it the slow way, but not via IPC or shared memory"? Why does that feel wrong?

Re:Not gonna happen

[Dr_Barnowl]

It comes back to distribution ; because the host program and the plugin have incompatible licenses, they cannot be distributed together. The legal position of someone who combines a GPL plugin with a non-free program is probably moot unless he is distributing it, but he cannot offer a recipient the source of the non-free program under GPL terms unless he is the copyright holder, or has received the sources under GPL himself, so he can't distribute it.

The typical interpretation of "distribution" is outside the organization you work in, if it's on a corporate basis, so technically you could prepare an aggregation of non-free code + GPL plugin for your internal users, but you can't distribute it otherwise.

Re:Not gonna happen

[shutdown+-p+now]

Legally, it's still an open question. FSF says that dynamic linking is derivation, but what really matters is how the law sees it (since GPL hinges on the definition of "derived work" as defined by copyright law). There are arguments both for and against it, and, to the best of my knowledge, no-one has tried to argue that in court, so we don't know for sure.

Re:Not gonna happen

[Jherico]

They're not going to give out the source code AND it's not illegal for them not to do so. The GPL will either fall under copyright law, or general contract law, depending on whether you consider it to fall under Article I, Section 8, Clause 8 of the constitution or not. Either way, both sets of laws are superseded by national security concerns, which certainly would cover a cyberweapon developed by the US government. I would no more expect the US to release the details of this software than I would expect then to release all the details of a nuclear weapon if for some reason because the GPL somehow required it.

Re:Not gonna happen

[Memroid]

In that case, perhaps all GPL licensing can be circumvented by only distributing the software via a virus. "Click Here to begin infecting your computer with the latest version!"

Does a virus spreading itself really count as "distribution" under the GPL? It could be argued that copying itself (sometimes to places it isn't wanted) is just the normal execution of this particular program (which the GPL always allows), not a proper "distribution".

is the CIA selling these viruses?

i was under the impression that you only have to give your code back to GPL if you sell a product with GPL'd code

Re:is the CIA selling these viruses?

[dnaumov]

No, selling or not selling is irrelevant. "Distributing" is the key.

Re:is the CIA selling these viruses?

[HarrySquatter]

This whole thing is irrelevant due to state sovereign immunity. Good luck suing the government when they have to permit themselves to being sued.

Re:is the CIA selling these viruses?

[TheSpoom]

Distribute, not sell. (Though you absolutely have the right to sell GPL code as well, as long as you abide by the rest of the license and release your source.)

In any case, I'm guessing that one of the following things will happen:

- Some sort of secrecy / national security provision is given as a reason source cannot be released (1% probability)
- Changes to the GPL portions are released (0.01% probability)
- Stone-cold silence (98.99% probability)

Remember, the US Government hasn't even acknowledged that they created these worms. We're still firmly in the "plausible deniability" phase.

Re:is the CIA selling these viruses?

[ballfire]

License says that with binary package should go the offer to obtain the source, but only for the one that received the binary, isn'it?

Re:is the CIA selling these viruses?

[fuzzyfuzzyfungus]

Option #4: An obscure RFC describing the implementation of TCP/IP on a 5.56x45 'jumbo frame' physical layer is drafted.

Re:is the CIA selling these viruses?

[unixisc]

Precisely, and if someone writes a virus under the GPL, and only runs the virus, making it infect other computers that were not interested in receiving it, then is that considered a distribution of the binaries such that the source code has to be released?

Re:is the CIA selling these viruses?

How would that change anything? It's not the standard/protocol/data structure that's copyrighted under GPL, it's the code implementation.

Re:is the CIA selling these viruses?

[gman003]

5.56x45mm is the specifications for the NATO-standard small-arms ammunition, used by pretty much every modern military assault rifle that isn't a Kalashnikov derivative (and some that are), as well as some police sniper rifles and various civilian rifles.

And now I've explained the joke.

Re:is the CIA selling these viruses?

Yeah but our 'online petition' will have more of an affect over this new physical layer.

Re:is the CIA selling these viruses?

[someSnarkyBastard]

You mean like the one about TCP/IP via avian carriers?

Re:is the CIA selling these viruses?

[donutz]

Right, distributing is the key.

But that means we have to figure out who it was distributed to, and by whom. I think we can agree that the owners of the targeted Iranian computers were recipients of the distribution, so they get to request the source, right? (Ha!)

But what about anyone else? If the distribution to other people was not authorized the the original distributor (e.g. an Iranian infects Internet-connected computers after his air-gapped nuclear equipment controlling system was infected), I'm not sure they'd have the right to request the source. But I haven't read the GPL in quite some time.

Re:is the CIA selling these viruses?

[fuzzyfuzzyfungus]

Better ping; but more packet fragmentation.

Re:is the CIA selling these viruses?

[shutdown+-p+now]

5.56x45 is not the best option for physical layer, though - it has fragmentation issues.

Re:is the CIA selling these viruses?

Americans can't sue their own government then? What if Stuxnet was used for national espionage, would people then be allowed to sue the government? Sorry, I don't buy it, that just isn't possible.

Re:is the CIA selling these viruses?

[cmarkn]

Read 'em and weep:

http://en.wikipedia.org/wiki/Sovereign_immunity#United_States
http://en.wikipedia.org/wiki/Eleventh_Amendment_to_the_United_States_Constitution

Who gets to request code?

Under the GPL, only people that the executable was distributed to are allowed to request the code - and since it's a weapon, the US government isn't alliowed to send it to Iran.

Problem solved.

Re:Who gets to request code?

Actually, Iran was not the subject of distribution of the executable - Iran was the target of the executable. The "owner" of the executable would, most likely, be the same entity that created it in the first place, so the GPL is irrelevant - they already have the source code.

Re:Who gets to request code?

[samkass]

Also, you'll have to prove in a court of law that the Government did, in fact, distribute the software; that the recipient requested and was denied the source code; and that the owners of the Copyright have standing to sue. That's even before Sovereign issues. I'm not optimistic.

Re:Who gets to request code?

[HyperQuantum]

What are the legal implications of GPL software that 'distributes' itself? Assuming that Flame is self-propagating, of course. Because distributing GPL software obviously implies some responsibilities taken care of (like offering the source code). Now who gets the blame when the receiving party didn't get the offer? Can you argue in court that the originator of the software is responsible instead of just the previous link in the infection path?

Re:Who gets to request code?

[funnyguy]

There is no burden to release code if it was never distributed or sold.

Re:Who gets to request code?

[Manfre]

Antivirus vendors around the global would disagree with you statement that it was never distributed.

Re:Who gets to request code?

[Neil_Brown]

Under the GPL, only people that the executable was distributed to are allowed to request the code

It's perhaps a little more nuanced than this, to my mind.

Under GNU GPL 2.0, a distributor of a binary of the Program has two main options for distributing the source code:

• a.) Accompany it with the complete corresponding machine-readable source code ... or,

• b.) Accompany it with a written offer ... to give any third party ... a complete machine-readable copy of the corresponding source code...

If the source code does not accompany the binary, the binary must be accompanied by a written offer to give the source to "any third party" — it does not say "to give any third party who possesses the object code" or similar.

However, the GPL FAQs (which I'd treat as one interpretation of the licence), comment that:

The offer must be open to everyone who has a copy of the binary that it accompanies. This is why the GPL says your friend must give you a copy of the offer along with a copy of the binary—so you can take advantage of it.

However, this is not what the wording says — that the offer must be open to "any third party." If I get the binary directly from you, the status is clear, as is the situation in which I get the binary from my friend, who got it from you — but it's unclear, to my mind, what happens when I do not have the binary. I'd probably leave it that you have an obligation to provide the source code to me — an obligation to provide the source code to "any third party" — but that, without a copy of the offer myself, I'd likely have a very difficult time enforcing the obligation.

GNU GPL 3.0 clears this up, with clause 6(b) providing that a non-source distribution on a physical medium can take place if

accompanied by a written offer ... to give anyone who possesses the object code [the source or access to the source]

However, the fact the words are *not* in GNU GPL 2.0 but *are* in GNU GPL 3.0 does not necessarily mean that they should be read in...

YVMV, of course :)

Re:Who gets to request code?

[TheCarp]

And how exactly do you claim that this software was never distributed? It was clearly distributed, in fact, it distributed itself to new machines without the owners actual approval. The one claim that the authors most certainly not make is that they did not intend for the binary to be distributed.

Re:Who gets to request code?

[Yvanhoe]

And that is, of course, after Iran successfully won the court case about US sabotaging its uranium enrichment. This may be a slight bit more a serious offense...

Re:Who gets to request code?

[PurpleAlien]

I would argue that if the virus would end up on my computer (asked for or not), it was distributed to me - hence I have the right to ask for the source code under the GPL. Furthermore, I could have gotten the code from Kasperski Labs for instance for my research, and would also be able to ask for the code. Remember that the distribution of the binary does not necessarily need to be done by the original source - anyone receiving a GPL'd binary has the right to redistribute, under the same terms as the original.

Re:Who gets to request code?

[Entropius]

Well, they distributed it -- by accident, sure, but they did -- to folks other than Iran.

Re:Who gets to request code?

[nedlohs]

And that's not their problem. Whomever did the distributing needs to provide the source code - it they don't have it or a written offer to pass along for it then they are the ones who violated the GPL.

Of course then it's a virus/whatever that distributes itself that falls apart rather fast.

Re:Who gets to request code?

[TheCarp]

I don't see why that falls apart. The virus is distibuting itself...on behalf of its authors, who released it. They had control, they set it out intentionally.... every single distribution of itself that it makes, it makes because they induced it to start. They are responsibible for the redistributions...every single one of them.

Re:Who gets to request code?

In which jurisdiction? And would that same jurisdiction consider whatever Iran has been up to as well?

Re:Who gets to request code?

[nedlohs]

Hence why the argument falls apart.

Re:Who gets to request code?

[TheCarp]

In that case I clearly misunderstood what you were saying.

What!

They're not distributing it (I hope...) so they don't have to do jack shit! Go get the source from the author...

Good luck with that...

[HarrySquatter]

State sovereign immunity. Game over.

Re:Good luck with that...

[number11]

State sovereign immunity. Game over.

"Laws? We don't need no steenkin laws!"

You can ask ...

[Cassini2]

This involves the Mossad, CIA, and national security. You can ask, but you might not survive the attempt.

Gerald Bull and the drone attacks come to mind. Of course, this assumes that they even listen, and don't simply claim National Security!

Re:You can ask ...

[neokushan]

It's all over slashdot now, they can't "contain" it much longer. All they can do is deny, deny, deny. Deny doing it, deny access, deny the whole thing.
It'd be a hell of an interesting test for the GPL in court, though.

Re:You can ask ...

[h4rr4r]

Why would they care about slashdot?

It would not be a test for the GPL at all, nor would it be a test of any other license. They would just invoke sovereign immunity and be done with it.

Re:You can ask ...

[neokushan]

Nothing to do with slashdot, more that thousands and thousands of people have already seen it. If whoever asks the question suddenly disappears, there's plenty of other people that will line up and ask two questions. Plenty of people on slashdot aren't afraid of the government - any government.
Like I said, it would be an interesting test in court. I highly doubt it'll ever get to that stage.

Re:You can ask ...

[HarrySquatter]

All over Slashdot? Oh man, they're quaking in their boots!!!

Re:You can ask ...

[neokushan]

I never said that they'd be scared, all I said was that they couldn't contain it by "removing" a few people.

Re:You can ask ...

[networkBoy]

ha ha ha
Plenty of people on /. that have not had a real encounter with the government then. I suspect the Venn diagram is actually two concentric circles of the same diameter...
-nB

Re:You can ask ...

[neokushan]

I think you underestimate the number of people that visit slashdot. Law of averages and all that.

There'll always be another Assange or Manning waiting to stand up and shout loudly, be it for legitimate or self-gratifying reasons (admittedly mostly self-gratifying). People like (the frankly idiotic) Anonymous will make enough of a fuss that it'll get news coverage all over the place and by that point, you can't contain it without making it worse. All they can (and probably will) do is hunker down and deny it all.

Yeah, they'll get right on that

[TrentTheThief]

LOLOLOL

What a stupid idea it was to go down that path. Now that the idiots in the us gov't have opened pandora's box, I'm sure we'll all soon have the opportunity to see the code up close and personal.

Re:Yeah, they'll get right on that

[1s44c]

LOLOLOL

What a stupid idea it was to go down that path. Now that the idiots in the us gov't have opened pandora's box, I'm sure we'll all soon have the opportunity to see the code up close and personal.

The decompiled version appears to already be on the net, if you want it you can find it and so can everyone else.

Hopefully this will teach people not to control important things with windows machines but somehow I doubt that will happen.

Re:Yeah, they'll get right on that

[TrentTheThief]

Microsoft Windows: "Kevorkian Approved©" for critical life support applications.

Re:Yeah, they'll get right on that

Dr Kevorkian wanted people to be able to choose when and how to die. A life support machine that fails early and a suicide machine that delivers a sub-lethal dose of toxins would both be against his principles.

Yeah right...

Fucking stupid publicity stunt.

They're going to just ignore the request or deny it on national security grounds.

Re:Yeah right...

[cryptizard]

Considering the "request" was just a joke post an obscure Hungarian blog, they will definitely be ignoring (read: never seeing) it.

Worms with source?

[PhilHibbs]

So if this worm deploys itself onto a machine, it should deploy the source as well? Or, could it just deploy a link to the source, and since the software itself by its very nature tries to hide itself, could it hide the link?

Clever idea, actually.

[drinkypoo]

Someone with gigantic balls of steel should file a FOIA on this basis.

It would be interesting to see if the request would even be acknowledged.

What makes the idea clever is that it's a public request (and publicise the hell out of it!) and it's powered by copyright. This is why the GPL is so effective...

Re:Clever idea, actually.

[HarrySquatter]

Yes, and the government can ignore it since they control the copyright laws. You actually think the government is constrained by the GPL? ROFL.

Re:Clever idea, actually.

[the+eric+conspiracy]

How do you know they didn't buy a commercial license?

Re:Clever idea, actually.

[tepples]

Might it be a lack of a licensee number in the binary? I can't know whether this is required because the terms of an LZO Professional license are subject to NDA.

Re:Clever idea, actually.

[jeff4747]

The laws on classified information trump copyright.

Re:Clever idea, actually.

[amicusNYCL]

Someone with gigantic balls of steel should file a FOIA on this basis.

It doesn't require any courage to file a FOIA request, only information.

It would be interesting to see if the request would even be acknowledged.

Doubtful. There's zero incentive to do so.

What makes the idea clever is that it's a public request (and publicise the hell out of it!) and it's powered by copyright. This is why the GPL is so effective...

Yes, watch how effective the GPL is as exactly nothing happens.

Re:Clever idea, actually.

I've filed a lot of FOIA requests, and the agencies FOI officer is required to acknowledge receipt with significant penalties for failure. Receiving anything relevant in a timely fashion, however, is another matter.

If anyone plans to do this who hasn't already, you may wish to point out that you're planning to present the information online on a blog-like news site if you plan to post it here. That will reduce your costs by a large factor. I also recommend "requesting the records as electronic documents delivered on optical media such as compact disc recordable or digital versatile disc recordable media" unless you want to pay for the photocopies.

(Posting anon since I'm at work.)

GPL infects a virus

Isn't that just, I dunno, special?

I'll venture to guess that the government will say they just can't legally distribute it anymore. Gosh, that sure showed them. From my mother's basement I stab at thee.

Re:GPL infects a virus

[lister+king+of+smeg]

it really is viral licensing now

Re:GPL infects a virus

That actually made sense!

Ask away

[DaveV1.0]

The thing is, no one knows who wrote it. Sure, there is speculation that the U.S. and/or Israel did, but no one knows for sure. The simplest thing for the government to do is say "We can't because we didn't write it." Then, it falls on the asker to prove they did.

Re:Ask away

[tnk1]

This.

I mean, I'm seeing a leap of logic where we look for a piece of GPL code to throw a legality at the US government, but of course, neglect the little detail that no one knows who wrote it, and that the US government certainly hasn't admitted it.

This just sounds like a strange mixture of anti-government outrage mixed with GPL advocacy which is nothing more than an attention whoring exercise in wankery.

Re:Ask away

[eimsand]

Even if the US admits they wrote Flame (much like they just did with Stuxnet), it still won't matter. There are catch-all laws that allow the government to (legally) ignore pretty much any request if it compromises national security.

Re:Ask away

[silentcoder]

True, though the summary is wrong. Yeah, I know I RTFA'd I must be new here, but the actual post said "whoever wrote it please comply with the GPL",
It never actually said it was the US or any other Government.

That claim was made on slashdot alone.

Re:Ask away

[StormReaver]

The simplest thing for the government to do is say "We can't because we didn't write it." Then, it falls on the asker to prove they did.

Whether the Government wrote it doesn't matter. What matters is whether the Government distributed the binaries (not that I expect our Government to comply, but that's an entirely different issue).

Re:Ask away

[dwye]

Except that Stuxnet distributes itself, without human intervention. Somewhere, some human probably distributed a copy (is leaving a USB stick around where someone will steal it legally classed as distributing its contents, BTW? Entirely possible that no one distributed it in the legal sense), but you have to identify that person to sue him.

Re:Ask away

[DaveV1.0]

Different question, same response. There is not enough evidence to say who distributed it. "We didn't do it." and the burden of proof falls on the claimant.

Re:Ask away

[felipekk]

http://www.nytimes.com/2012/06/01/world/middleeast/obama-ordered-wave-of-cyberattacks-against-iran.html?_r=3&pagewanted=2&seid=auto&smid=tw-nytimespolitics&pagewanted=all

"Mr. Obama decided to accelerate the attacks — begun in the Bush administration and code-named Olympic Games — even after an element of the program accidentally became public in the summer of 2010 because of a programming error that allowed it to escape Iran’s Natanz plant and sent it around the world on the Internet. Computer security experts who began studying the worm, which had been developed by the United States and Israel, gave it a name: Stuxnet. "

Re:Ask away

[DaveV1.0]

Now all you have to do is get the reporter to give you his confidential source and have said source publicly testify about how he violated the law and his security clearance by discussing highly classified material substantially damaging national security and covert operations.

Let me know how that goes.

Are we sure it's the GPL version?

[jensend]

Markus Oberhumer, author of LZO, also offers LZO Professional, a commercial version not subject to the GPL.

Re:Are we sure it's the GPL version?

In this case the Iranian government could solve its problems by serving a DMCA takedown notice to the US

Re:Are we sure it's the GPL version?

[jensend]

AARGH should have used preview. LZO Professional.

Re:Are we sure it's the GPL version?

[arth1]

Markus Oberhumer, author of LZO, also offers LZO Professional, a commercial version not subject to the GPL.

Which would make it perfectly legal. But honestly, what do you think the odds are that the TLAs would bother doing what's right?

Re:Are we sure it's the GPL version?

The Iranian government owns the rights to LZO to make such a request? Boy this gets more interesting by the minute.

Re:Are we sure it's the GPL version?

[1s44c]

Markus Oberhumer, author of LZO, also offers LZO Professional, a commercial version not subject to the GPL.

Does he also offer an 'acts of war against a sovereign nation' license?

Re:Are we sure it's the GPL version?

Markus Oberhumer, author of LZO, also offers LZO Professional, a commercial version not subject to the GPL.

Which would make it perfectly legal. But honestly, what do you think the odds are that the TLAs would bother doing what's right?

"what do you think the odds are" doesn't get you standing to file a lawsuit. A judge is going to say "this isn't a pond, you don't go fishing here" and throw it right back at you.

Re:Are we sure it's the GPL version?

[dwye]

I'm certain he would, if asked nicely by men surrounded by other men with guns at their command.

Re:Are we sure it's the GPL version?

[jonwil]

Maybe someone should contact Markus and ask if he has licensed LZO for this or whether it is being used without his permission.

LZO Licensing

From http://www.oberhumer.com/opensource/lzo/lzodoc.php:

"Special licenses for commercial and other applications which are not willing to accept the GNU General Public License are available by contacting the author."

Re:LZO Licensing

So either they are breaking GPL, or the author knows who wrote Stuxnet et al.

Re:LZO Licensing

[aiht]

Somehow I doubt that purchasing a commercial license to the library requires you to tell the library author what program(s) you will use it for.
So, the author might have their name on his list of sales; but how would he know which one it was?

RTFA.

[Robert+Zenz]

So our questions is: Please, Dear Authors of Duqu (whoever they are), hand over the source code of Duqu (or Beacon/NYT), as it contains GPL code.

Disclaimer: This post is for fun, don’t take it too seriously, but the questions are still valid.

OT - GPL violation doesn't necessarily open code

[caseih]

Just as an aside, whenever some commercial entity finds itself in violation of the GPL, people start talking like they expect the code to magically be revealed and gifted to the community. This perpetuates the lie that the GPL is viral and can "infect" closed-source code. The reality is far different. If a company is found to be in violation of the GPL, they find themselves in a copyright violation situation. This means that they must a) stop further distribution and b) potentially be held liable for monetary damages resulting from the distribution. They absolutely don't have to release their code. However if they want to continue to distribute and sell their product they will have to do one of three things: 1) remove infringing code, 2) license the infringing code under acceptable terms, possibly by paying a licensing fee to the copyright holder, or 3) release their derivative code under the GPL.

Is this not the source on their website ???

http://www.oberhumer.com/opensource/lzo/download/LZO-v1/

We'll settle if you release the code

[tepples]

and b) potentially be held liable for monetary damages resulting from the distribution. They absolutely don't have to release their code.

Unless the copyright owner of the GPL code offers to drop the claim for monetary damages in exchange for publishing the infringing code. As I understand it, this offer is routine for copyright infringement cases that involve the GPL.

Re:We'll settle if you release the code

and b) potentially be held liable for monetary damages resulting from the distribution. They absolutely don't have to release their code.

Unless the copyright owner of the GPL code offers to drop the claim for monetary damages in exchange for publishing the infringing code. As I understand it, this offer is routine for copyright infringement cases that involve the GPL.

Infringers still have no obligation to release their own source code. Ever.

Like the GP said, the GPL is not a magic document. It is a license that works under (and because of) strong copyright law. Those who break the GPL license are copyright infringers, nothing more and nothing less. The penalty for copyright infringement is monetary restitution and to cease the infringement, unless some sort of settlement is made in which case. The GPL does not require code to be released in the case of an infringement, nor would that be legally valid.

It should be possible to sue

[the+eric+conspiracy]

The Federal Government has specifically disclaimed sovereign immunity in copyright cases under 28 USC 1498(b).

There may be other concerns, like national security that make it difficult though.

Only one question

Who do I send code requests to? I need to see the part that goes undetected by AV software and messes the other country's infrastructure up...

The source appears to be at their website

opensource/lzo/download/LZO-v1/

Actually, the GPL isn't very cancerous.

As an author of GPLed code, I've read the GPL license. It isn't possible for a random person, including the author of the GPLed works being distributed, to request source code. The only GPL provision for that is if the author distributes binaries of modified GPL code, at which point the author would need to distribute source code as well. Here's the sticky point, whoever requested source code wasn't the recipient of the binaries; therefore, they are not entitled to any source code. The authors of the GPLed source code are not entitled to it either, for the same reason. In fact, the only one who could demand (in theory at least) the source code would be the persons receiving the binaries containing the modified GPL code.

Then there's the point that bundling GPL software with your product doesn't necessarily mean that you're extending that product and therefore bound by the GPL. Not every piece of software compiled on/for Linux is bound by the GPL -- even if that software is distributed as part of a Linux distribution (i.e., bundled as part of a bigger package). Software that has an API and offers services to other software -- compression libraries, SQL, etc -- are expected to offer services to other software. Granted, some developers have taken the stance that if proprietary software works with only a specific GPL software (say, MySQL) and that particular GPL software is distributed with the proprietary software, that it violates the GPL, and a proprietary license is required. However, that is a developer stance, not necessarily a legal one.

So even if the government used GPL software (which may not be the case considering a non-GPL license is available for the software in question), it wouldn't necessarily be required to release any source code. There's a pretty good chance that it didn't change any GPLed source code -- even if it did bundle it with its own software and wrap everything up in a clever installer.

"anyone who possesses the object code"

[tepples]

Under the GPL, only people that the executable was distributed to are allowed to request the code

As I understand the GPL, this offer must be extended to "anyone who possesses the object code" (GPLv3) or "any third party" (GPLv2). Anyone who has ever had a PC infected with any of these viruses "possesses the object code".

It's a joke

[ildon]

Quoting the article because so far no one actually followed the link and read it (as usual).

Disclaimer: This post is for fun, don’t take it too seriously, but the questions are still valid. This post is a personal post of one of the Lab members and does not reflect the view of any organization.

Re:OT - GPL violation doesn't necessarily open cod

"3) release their derivative code under the GPL."

Upon request, to people who they distributed binaries to.

Problem Solved

Do they use a rangeCheck function?
If so, somebody let Oracle know so that they can sue the government.

Re:Problem Solved

See, this deserves a funny mod, but you asshats won't see the post because no one browses at -1 anymore. No one mods posts that haven't been modded. Everyone just mods the posts up that have been modded up and this entire site is an echo chamber.

Also, bipolar. You believe the government about 9/11 without any question, so why would you not believe their official statements on this subject or others?

Re:OT - GPL violation doesn't necessarily open cod

"3) release their derivative code under the GPL."

Upon request, to people who they distributed binaries to.

Right...and if you don't do that, you're in violation of the license, and are committing copyright infringement. The judge won't force you to release the code, you'll just have to pay damages to the copyright owner and stop distributing the infringing code.

Why bother?

Even if they went to court and lost, the money they'd have to pay would be a tiny blip in the defense budget. They'd just pay it and move on, although they probably won't even do that.

Zeus....

Release ... the stallman!

Plenty of (truely) free alternatives

[bhlowe]

If the LZO folks had an easy way to purchase a license to their products (purchase online with credit card), they would have a little more money in their pockets.. Instead, they get a tiny bit of publicity.. and anyone who cares will simply use a free (as in MIT/BSD) library, such as FastLZ or LZJB, 7-Zip.

Re:Plenty of (truely) free alternatives

[gQuigs]

You have to contact them... that doesn't seem so outrageous.. and they are willing to give you a proprietary license for a cost, (likely relative to how big a project or some other metric)

FastLZ is really fast, but compresses less well then zip, is MIT License... 7-Zip is LGPL. and LZJB looks like it is CDDL, which is also a weak copyleft license..

Whoever built Flame, who likely doesn't care about licenses at all, choose this.. That is a pretty good indicator it was the best tool (or easiest) for the job. They certainly could have afforded paying for something else.

"OK. Sorry. We'll stop distributing it now."

[datastew]

They just have to say, "OK. Sorry. We'll stop distributing it now." However the fact is that it continues to distribute itself.

Not entirely GPLed

[Cyko_01]

the GPL makes allowances for things like plugins, extensions, addons, etc and since flame is clearly module based (as discovered by virus researchers) only the one module with the lzo stuff would have to be released under GPL.

Do people even bother to read anymore?

Or do you just look for any excuse you can to beat your drums of dogma? Look at the last line in the linked post:

"Disclaimer: This post is for fun, don’t take it too seriously, but the questions are still valid. This post is a personal post of one of the Lab members and does not reflect the view of any organization."

This is a joke, people. There is no notice being sent to the US Gov't because no one knows who wrote the code in the first place.

Re:Do people even bother to read anymore?

[aiht]

Glad someone else noticed this. There is no mention of the US government, or any indication that the article author has any idea who wrote the code.
Has the US government really admitted to writing these viruses? Did I miss something?

What, so IP suddenly exists?

If you can steal music and movies without obeying their licensing terms (chief among them "pay for it with money") well, then the government, or anyone else, can steal your code without abiding by the licensing terms. Come on slashdot, let's be a LITTLE consistent... ?

The government vs law

[edelbrp]

I realize this is a bit of a tongue-in-cheek news item, but isn't government by definition above the law? I mean, if it actually got serious, wouldn't the president just pass an executive order making it exempt from copyright law?

In any case, the government isn't distributing it, it is self distributing! ;')

If/Then: US Classifies a Work/Condemnation of Work

[cmholm]

Assuming for a moment that Flame is a work by or created under contract for the USG:

Based on my laymen understanding of how a classified work is handled by the USG, if it marks a work with a security classification, said work is therefore condemned and solely owned by the USG, making all previous contracts and copyrights moot.

That's not to say that they would claim sole ownership and copyright of Lua and the other works used to create the final product, but rather just the final product. Therefore, no code release, and not even under the FOIA.

Maybe they licensed it..

[bored]

There is a commercial option, they just have to have licensed it from Oberhumer.

That might have been a fun discussion.

Proof of the coming cyberwar

Yet more researchers have offered proof of Obama's cyberwar: http://infiltrated.net/mgz/obamaganda.jpg

Regina vss U: Implications

[Weatherlawyer]

And yet somewhere in the middle lies the answer.

It is of use to note that we celebrate a war every year. Had we lost or had there been no contest, there likely wouldn't be fireworks every year while somewhere north of 90% of the dissidents

You would have had fireworks and a bonfire at the best time of year for both. Only you'd have been celebrating the death of Roman Catholics not the death of Wild Injuns and buffalo (and maybe would have had to call those bison.)

OTOH you would have ended up downloading the most paid for digital music.

Plus of course we would have owned Persia still so you wouldn't have invented stuffnex.

Now let's see the bloody code will you bollock brains!

Only the Iranians can sue

[iceco2]

Assuming the US government is behind these masterpieces anyone who was given a binary by the US government can request the full source code.
If you happen to stumble upon the binary after passing through many middle-men the original author doesn't owe you anything.

Horrible writing in the summary

The editor should be ashamed.

Ha ha

I work on the team that created flame. Discuss the situation has the license but it was decided that the possibility of enforcement against the employer was zero or some value close to it. I can not say I am disappointed to see the Nazis GPL choose another target not achievable.

But the user does have access to the source code..

Remember, the "user" in this case isn't the nominal owner of the computer system that the virus infected. It's the guys running the virus. I wouldn't be surprised that the GPL terms were followed exactly, in that the operators of the C&C domains that drove this virus did have access to the source.

Perspective is important here. Does the GPL have restrictions on installing the software on systems you don't own? If not, then there hasn't been a GPL violation and we can all go back to sleep.

Doesn't this mean China and Iran

can freely use the code for themselves without fear of reprisal?

oh that's right all governments do whatever the hell they like without fear of reprisal (unless they get bombed/nuked/[insert nastiness here]

Playing Pan, who pays the piper?

[Weatherlawyer]

> Now that the idiots in the us gov't have opened Pandora's box...

Here is a mirror image of the USA:

http://globaltwilight.edublogs.org/2011/03/28/from-mesopotamia-to-persia/

The USA gave the world nuclear weapons, now it has given Persia: Drones, Linux and WW 4.

I'm on my way to my 7th decade. So I am not in the least bit worried. Might even be fun. Take a look in the mirror. Thank you and goodnight.

Re:OT - GPL violation doesn't necessarily open cod

[caseih]

Umm, no. If they have never intentionally released their product under a source code license such as the GPL, then asking them for the source code is silly. Repeat after me. A GPL violation does not force the company to release their code under the GPL. I am not a lawyer but I've spent a lot of time studying the GPL and how it works with copyright law.

A judge can and should punish them monetarily for existing distribution, and prevent further distribution of the product so long as a license compliance issue exists. This all said, I think users calling on companies to open their source because of a GPL violation, particularly when the product is a core proprietary product is harmful to the GPL specifically, and to open source in general. It perpetuates the lie I spoke of.

We should point out violations, however, and point companies at the remedies I listed. At least one of the remedies is required for further distribution, but any one will do.

No sovereign immunity on copyright.

That's even before Sovereign issues.

Check out 17 U.S.C. 551(a).

Unintentional Forced Distribution

[DarwinSurvivor]

Oh man, I can't WAIT to see what RMS has to say about "unintentinal forced distribution". If you give me the virus, I didn't ask for it and you (also being infected) didn't intend to give it to me. I wonder if we'll see a GPLv4 soon to cover this issue like GPLv3 covered Tivoisation!

Re:Unintentional Forced Distribution

[unixisc]

This one is really funny. Of course, given it's Stallman, he'll probably go on a crusade against the US government and want Iran to get the source code. But the source code of the library is already here. So he can demand the full thing, and both the CIA and Mossad can deny that they distributed it in the first place, leaving the burden of proof on RMS. Maybe he'll then find a way to introduce an anti-CIA clause into GPL4.

I thought the GPL enforcement applies to

[ibic00]

the virus/worm authors who used GPLed code, only.
Why shall the government be assumed the obligation?