Stuxnet/Flame/Duqu Uses GPL Code

← Back to Stories (view on slashdot.org)

Stuxnet/Flame/Duqu Uses GPL Code

Posted by Unknown on Wednesday June 6, 2012 @02:34AM from the state-sponsored-piracy dept.

David Gerard writes "It seems the authors of Stuxnet/Duqu/Flame used the LZO library, which is straight-up GPL. And so, someone has asked the U.S. government to release the code under the GPL. (Other code uses various permissive licenses. As works of the U.S. federal government, the rest is of course public domain.) Perhaps the author could enlist the SFLC to send a copyright notice to the U.S. government..."

158 of 221 comments (clear)

Min score:

Reason:

Sort:

Implications by tmosley · 2012-06-06 02:40 · Score: 5, Insightful

That would imply that the government is ruled by law rather than the arbitrary decisions of a few "top men".

It doesn't take long for such attitudes to spread throughout society.

But hey, Obama said he would have, like, the totally most open presidency ever. Surely the new boss will prove himself different from the old boss in SOME way. Surely!
1. Re:Implications by operagost · 2012-06-06 02:43 · Score: 2
  
  I'm sure the decisions made by the Bush administration over three years ago are still holding him back.
  
  --
  
  Gamingmuseum.com: Give your 3D accelerator a rest.
2. Re:Implications by TrentTheThief · 2012-06-06 02:50 · Score: 3, Insightful
  
  That would imply that the government is ruled by law rather than the arbitrary decisions of a few "top men".
  But since we know that to be true, I guess we can all sing like the Who: Won't Get Fooled Again (http://www.sing365.com/music/lyric.nsf/Won%27t-Get-Fooled-Again-lyrics-The-Who/761EF79AAB42FA9C48256977002E72F9)
  I'm just wondering when the revolution begins. I don't think that the younger generation realize how dire the situation really is since most of them have less than a zero's interest in history. If they'd even take the time read music lyrics that were being sung 50 years ago, they'd easily see that things are even worse now than they were before.
  When does the shooting start?
3. Re:Implications by tnk1 · 2012-06-06 03:05 · Score: 4, Insightful
  
  Clearly we should take our cue to start a bloody revolution from music lyrics written by people 50 years ago.
  Speaking as someone who does actually read history, I know what happens to people while they are in the midst of their glorious revolutions. That is to say, privation, disorder and mass slaughter. That wonderful period is then most of the time followed by dictatorship or other forms of tyranny. The good times come decades later when someone has managed to restore order.
  You'll excuse me if I hope that no one gets around to it for another 50 years or so.
4. Re:Implications by networkBoy · 2012-06-06 03:16 · Score: 4, Insightful
  
  And yet somewhere in the middle lies the answer.
  It is of use to note that we celebrate a war every year. On the 4th of July we light off fireworks to celebrate going to war with the British and winning (technically we celebrate our declaration to be independent, but we all know damn well that had we lost or had there been no contest, there likely wouldn't be fireworks every year).
  Our country does need a revolution. It needs a real tea party, a mass of people who simply refuse to follow governments orders.
  The challenge, of course is critical mass. I would wager that in 1776 well over 50% of the population of the nascent United States of America was willing to outright defy the ruling government, while somewhere north of 90% of the remainder at least supported said dissidents. With the combination of the Democrats buying votes from the poor/uneducated/minority/grafters/etc with entitlement programs and the Republicans selling government support to corporations, I believe a civil revolution is impossible.
  thk1 is right, an armed revolution is bad, but I'm not sure no revolution is better...
  
  --
  whois gawk date unzip strip find touch finger mount join nice man top fsck grep eject more yes exit umount sleep dump
5. Re:Implications by number11 · 2012-06-06 03:27 · Score: 4, Insightful
  
  It is of use to note that we celebrate a war every year. On the 4th of July we light off fireworks to celebrate going to war with the British and winning (technically we celebrate our declaration to be independent, but we all know damn well that had we lost or had there been no contest, there likely wouldn't be fireworks every year).
  Oh, I dunno. It probably wouldn't be on 4 July. But the Brits have fireworks on Guy Fawkes day (remember, remember, the fifth of November) to celebrate the capture and execution of terrorist plotters in 1605. There would probably be another annual celebration to commemorate the capture and execution of the colonial terrorists (or is that "militants"? it's so hard to remember the correct terminology) of 1776. So there would be fireworks twice a year.
6. Re:Implications by TheCarp · 2012-06-06 03:32 · Score: 3, Informative
  
  And what happens when people don't have that revolution?
  Mass slaughters still happen, just elsewhere. Instead of having it here, we have a judicial system run amok that has filled the prisons far past any sane levels with non-violent "offender" after non-violent "offender", where often offences are often nothing more than smoking the wrong plant.
  I say we have the revolution now while the people who brought us all this are old and can suffer for lack of their public benefits that they intended to rely on.
  
  --
  "I opened my eyes, and everything went dark again"
7. Re:Implications by couchslug · 2012-06-06 03:44 · Score: 2
  
  You are being rather harsh on Obush, but fear not!
  Robama or Omney will win in November and things....won't be different.
  
  --
  "This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
8. Re:Implications by FudRucker · 2012-06-06 03:48 · Score: 1
  
  independence from what? a totalitarian monarchy to a totalitarian congress? and the direction the US Gov is going the US Citizens are no more free than they were under British rule and thanks to their "War or Terror" things are sliding down a slippery slope towards something far worse
  
  --
  Politics is Treachery, Religion is Brainwashing
9. Re:Implications by Anonymous Coward · 2012-06-06 03:51 · Score: 5, Insightful
  
  The government, while it makes the laws, is subject to the rule of law. The government can be replaced and the laws changed. But by agreeing on a set of laws that apply to everyone is how we keep our noses out of the aforementioned violent chaos.
  Revolution is not the answer. Civic engagement is. If we take notice, if we talk about and we insist on accountability and seek to elect politicians that act in our interest. A mature and educated electorate is the required cultural change and I'm optimistic we're heading in that direction. The current shenanigans are not irreperable and are serving a purpose in getting people to take notice.
10. Re:Implications by TrentTheThief · 2012-06-06 03:53 · Score: 1
  
  Twice, actually. But I ran away and no one knew.
11. Re:Implications by BKX · 2012-06-06 04:03 · Score: 5, Informative
  
  I would wager that in 1776 well over 50% of the population of the nascent United States of America was willing to outright defy the ruling government, while somewhere north of 90% of the remainder at least supported said dissidents.
  And you'd be wrong. It's widely accepted that only 1/5 of population were rebels. Another 1/5 were loyalists. The remaining 3/5 were neutral (with a number joining one army or the other for purely economic reasons without actually believing in one side or another). We only won because England was at war with everyone else at the same time.
12. Re:Implications by couchslug · 2012-06-06 04:04 · Score: 3, Insightful
  
  "If they'd even take the time read music lyrics that were being sung 50 years ago, they'd easily see that things are even worse now than they were before."
  Worse for who and in what ways and please be SPECIFIC.
  There is no draft so everyone who goes to war is an eager volunteer with no illusions. (I served as an eager volunteer with no illusions, BTW, and would cheerfully do so again.) The Iraq war is over, A-stan will be shortly.
  The economy is recovering (it's just another Recession, we've had MANY Recessions, they are NORMAL parts of the economic cycle!) and there are no serious civil rights problems _compared_to_fifty_years_ago_.
  Fifty years ago was 1962. Civil rights workers were in routine danger of being SHOT. Things got worse before they got better:
  http://law2.umkc.edu/faculty/projects/ftrials/price&bowers/price&bowers.htm
  Have some school bombing:
  http://en.wikipedia.org/wiki/16th_Street_Baptist_Church_bombing
  Now we have a (b)lack President, vastly more civil rights for LGBT folks, legal cannabis in a few areas, greater social mobility, and a much higher standard of living.
  
  --
  "This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
13. Re:Implications by jythie · 2012-06-06 04:19 · Score: 1
  
  Well, they already have a law stating that, if national security is involved, the government can pay private companies to manufacture things based off other people's patents while being immune from patent litigation if they get caught. So even if we knew who to serve, they have that protection from civilian law.
14. Re:Implications by jythie · 2012-06-06 04:22 · Score: 4, Insightful
  
  The thing is, the American Revolution worked because the local elites were driving it, not average people. That tends to be what determines if a revolution goes well or not. When you have two ruling classes struggling for power, the winner usually has the resources to restore order and most of their power structure already in place. When you have ruling class vs general population, it always ends badly regardless of who wins.
15. Re:Implications by X0563511 · 2012-06-06 04:49 · Score: 2
  
  There's been plenty of proof of them hiding something. If they are merely developing a power plant, why would they be working so hard to cover their tracks?
  (via intelsat we can see them doing extensive demolitions and earthwork prior to inspectors coming in, meanwhile they are executing stalling tactics. just for example.)
  
  --
  For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
16. Re:Implications by s73v3r · 2012-06-06 04:49 · Score: 1
  
  If they'd even take the time read music lyrics that were being sung 50 years ago, they'd easily see that things are even worse now than they were before.
  Citation needed, pal. I'm sure 50 years ago people were moaning that young people then didn't have any interest in history, and that things were "worse than they were before."
17. Re:Implications by Entropius · 2012-06-06 04:53 · Score: 4, Insightful
  
  The information was leaked because the malware got out. Nobody "leaked" Stuxnet, other than Stuxnet itself.
18. Re:Implications by s73v3r · 2012-06-06 04:53 · Score: 4, Insightful
  
  That's not the fault of the judicial system. That's largely the fault of the legislative branch, who enacts laws mandating certain levels of sentencing. And that blame can largely be brought back to the people who voted for those representatives, who demanded that people be "tough on crime."
19. Re:Implications by religious+freak · 2012-06-06 05:29 · Score: 1
  
  +1 for actual knowledge. Though I do seem to remember the number was more like 1/3, 1/3, 1/3 between loyalists, revolutionaries and neutral. TLTG, but I know there certainly was NOT a majority actively supporting the American revolution.
  
  --
  If you can read this... 01110101 01110010 00100000 01100001 00100000 01100111 01100101 01100101 01101011
20. Re:Implications by networkBoy · 2012-06-06 05:38 · Score: 3, Insightful
  
  Either way, 1/5, 3/5, 1/5 or 1/3,1/3,1/3 I will stand corrected, as by either numbers I was wrong. Do you think even 1/5 of our current population would be willing to push back? I think not.
  -nB
  
  --
  whois gawk date unzip strip find touch finger mount join nice man top fsck grep eject more yes exit umount sleep dump
21. Re:Implications by Anonymous Coward · 2012-06-06 05:45 · Score: 1
  
  I did a hundred things this morning and none of them really involved the government. The government isn't the problem. Asshats are the problem, and the ones outside government are as intrusive and destructive as those inside it. Any revolution would unleash the asshat in all of us. The only benefit is when the revolution kills off a large number of asshats, i.e., us.
22. Re:Implications by dbc · 2012-06-06 05:49 · Score: 1
  
  From what I've heard, it wasn't 50% -- it was more like 3% that were openly and vocally defiant. Most people simply ducked and covered.
23. Re:Implications by davester666 · 2012-06-06 06:32 · Score: 5, Insightful
  
  Well, if 'hiding something' is a significant concern for you, perhaps you should discuss this with your congressman/senator. For example, your own gov't refuses to disclose it's own interpretation of the Patriot act.
  
  --
  Sleep your way to a whiter smile...date a dentist!
24. Re:Implications by TheCarp · 2012-06-06 06:53 · Score: 1
  
  whether its their fault or not doesn't change what they are. It is all one system, and a broken, poorly instituted one. We have, right before our eyes, how its become corrupted, the results of that corruption, and its pretty plain to see how this system can't fix these particular problems.
  Quite simply, some issues shouldn't matter who is elected, because civil rights should not be up for debate or vote. However, they are. Time and again we have to go all the way back to the people on civil rights.
  Nothing short of a revolution is going to fix this system. It may not produce one that will never find itself needing to be overthrown, but, such is the cycle of abuse.
  
  --
  "I opened my eyes, and everything went dark again"
25. Re:Implications by sg_oneill · 2012-06-06 07:07 · Score: 2
  
  But what sort of revolution would it be?
  I mean if it where up to me, it would be an anarchist revolution with a resolutely syndicalist-socialist economy. But the libertarians probably wouldn't have a bar of that. And all the democracy people (most folks) would probably rather have some sort of government. And then amongst those, half would want a liberal revolution and the other half a conservative one (wheeee chile death squads).
  And thats the problem. America isn't having a revolution because despite all the doom and gloom, nobody agrees on shit, and maybe thats the triumph of democracy. When nobody can agree on what they want, mediocracy will rule and protect the status quo of the rich and powerful.
  I know this sounds pesimistic, but I am pesimistic, so here is some honesty: American living standards still put most of the world to shame, except perhaps for the mess of the privatized health system. The poor are on average far richer than most of the developing world, and the rich are insanely rich. Things can get a *lot* worse before people finally snap and agree , for better or worse, that shit needs replacement at the burning end of an angry citizenrys pichforks.
  
  --
  Excuse the Unicode crap in my posts. That's an apostrophe, and slashdot is busted.
26. Re:Implications by Anonymous Coward · 2012-06-06 07:15 · Score: 1
  
  a mass of people who simply refuse to follow governments orders.
  Good, I hope we/they arrest these people and put them in jail. You can even raise my taxes to build more jails.
  Vote to get the laws changed/vote the people out of office, don't just blatantly disregard the law and think it's fine.
27. Re:Implications by tehrhart · 2012-06-06 07:44 · Score: 2, Informative
  
  ...(via intelsat we can see them doing extensive demolitions and earthwork prior to inspectors coming in, meanwhile they are executing stalling tactics. just for example.)
  We can't see much of anything via Intelsat - it's a communications satellite organization. From the oracle of all knowledge :
  "Originally formed as International Telecommunications Satellite Organization (INTELSAT), it was—from 1964 to 2001—an intergovernmental consortium owning and managing a constellation of communications satellites providing international broadcast services. As of March 2011, Intelsat operates a fleet of 52 communications satellites, which is the world's largest fleet of commercial satellites."
28. Re:Implications by X0563511 · 2012-06-06 07:48 · Score: 2
  
  I was talking about intelligence satellites, and not some company or organization called intelsat. This should have been obvious.
  
  --
  For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
29. Re:Implications by J0nne · 2012-06-06 08:30 · Score: 1
  
  It was leaked because Obama wants to show he wasn't weak on Iran so he can get reelected. Leaks like this usually happen because the people in charge want it to be known (with the exception of the Bradley Manning leak, ofcourse).
30. Re:Implications by X0563511 · 2012-06-06 08:45 · Score: 2
  
  Yep. I'm supposed to know the name of every company, so when one of them happens to have the same name as something totally unrelated I can clarify that I'm NOT talking about them. Sure, that's how it works. Yep.
  
  --
  For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
31. Re:Implications by shutdown+-p+now · 2012-06-06 09:05 · Score: 2
  
  Tsk-tsk. That was so not NPOV.
32. Re:Implications by shutdown+-p+now · 2012-06-06 09:08 · Score: 1
  
  is that "militants"? it's so hard to remember the correct terminology of 1776.
  It's "rebels", or "traitors", whichever you prefer.
33. Re:Implications by s73v3r · 2012-06-06 09:54 · Score: 1
  
  Quite simply, some issues shouldn't matter who is elected, because civil rights should not be up for debate or vote. However, they are. Time and again we have to go all the way back to the people on civil rights.
  This is true, but the Judicial system is usually a pretty good balance against this. Prop 8 in California never should have been on the ballot in the first place. However, the courts are doing what they are supposed to be doing, and throwing it out.
  
  Nothing short of a revolution is going to fix this system. It may not produce one that will never find itself needing to be overthrown, but, such is the cycle of abuse.
  We have a revolution every 2 years or so, when we vote in new officials.
34. Re:Implications by s73v3r · 2012-06-06 09:56 · Score: 1
  
  No, there are many people who agree with the idea of throwing drug users, regardless of the drug or the criminal history of the defendant, behind bars for a long time. And those people generally vote in higher numbers than those of us who don't feel this way.
35. Re:Implications by sjames · 2012-06-06 11:18 · Score: 2
  
  How many Iranian inspectors do we share our nuclear operations with?
  They MIGHT have just figured it wasn't any of our damned business.
36. Re:Implications by aiht · 2012-06-06 14:52 · Score: 1
  
  He was being sarcastic. Oops, sorry I was supposed to say *whoosh*, wasn't I?
37. Re:Implications by mug+funky · 2012-06-06 18:45 · Score: 1
  
  i'm not sure what the GPL says about classified projects, but the US government doesn't have an obligation to release _all_ the things they do as public domain.
  you certainly can't download the schematics for the W88 warhead from .gov sites.
38. Re:Implications by mug+funky · 2012-06-06 19:07 · Score: 1
  
  it'd be naive to say they weren't at least thinking about making nukes. seriously.
  it doesn't all add up, i agree, but here's the few things that seem to have got out of the bullshit cycle:
  - they have rather more centrifuges than they need for LEU
  - they have a research reactor that's capable of making enough Pu239 for about 2 bombs a year
  - they refused inspectors entry to a conventional explosive lab - this has been inferred to be something to do with high explosive lenses
  on the flipside:
  - the bushehr plant is not usable in weapons, and the centrifuges make sense for making fuel for it
  - high explosive lenses are typically for Pu bombs, not U, so why the enrichment program? are they trying to make two different bombs, like the manhattan project? or is it as they say it is?
39. Re:Implications by X0563511 · 2012-06-07 03:02 · Score: 1
  
  If that were the case, don't you think the stalling, demolitions, and earthwork are out of proportion?
  
  --
  For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
40. Re:Implications by jythie · 2012-06-07 04:10 · Score: 1
  
  It is hard to say if Cuba would have went well. Sanctions did not help, but similar systems have gone badly in other nations so it is questionable if Cuba would have somehow bucked the trend.
41. Re:Implications by wcgOtt · 2012-06-07 05:26 · Score: 1
  
  Agree with the facts but I think forces at work are more subtle than they were 50 years ago. Standard of living has elevated yet the wage gap between rich and poor has widened. Widened so far that the former middle class is close to the bottom than the middle. Arguably, the elevated standard of living has come from cheap food and consumer products that are relatively cheaper than ever before. Why are they relatively cheaper? Industrial food production and overseas cheap production and labor. We don't have segregation, yet there are more black males in prison than college. In fact, we've turned incarceration into a business. I imagine that health insurance wasn't common 50 years ago yet it's essential today (again, healthcare is a for-profit-business now) yet 40+ million Americans are uncovered. Crime statistics show a drop in crime every year yet Americans are more scared and armed than ever before. My point is, yes things are better but things are worse too.
42. Re:Implications by sjames · 2012-06-07 05:34 · Score: 1
  
  Perhaps so, or perhaps they hate our paternalistic attitude that much.
43. Re:Implications by couchslug · 2012-06-07 06:53 · Score: 1
  
  "Standard of living has elevated yet the wage gap between rich and poor has widened. "
  Which means the poor are much better off. Back then, many still worked as sharecroppers and lived in conditions that looked like a Walker Evans photograph. The "gap" doesn't affect the poor, but their actual personal reality does.
  "We don't have segregation, yet there are more black males in prison than college."
  Medgar Evers and Martin King stopped bullets in the fight for change, but refusal of the masses of black males to take advantage of this is no one's fault but theirs. Meanwhile, black FEMALES are pursuing opportunities and schooling. I've taught both in a local community college. The women are FAR more motivated and better listeners than the men. (This ALSO applies to whites!)
  "I imagine that health insurance wasn't common 50 years ago yet it's essential today"
  There was almost NO "health care" in the modern sense fifty years ago. See pics of open-bay hospital wards for examples. No expensive treatments means no need for insurance.
  "Crime statistics show a drop in crime every year yet Americans are more scared and armed than ever before. My point is, yes things are better but things are worse too."
  Which Americans are "more" scared? Being armed back then was common and firearms were widely accepted as just another tool.
  Youth marksmanship training etc was common yet "Charlie Whitmans" were more rare (possibly because that wasn't considered cool...).
  
  --
  "This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
44. Re:Implications by TheCarp · 2012-06-08 02:12 · Score: 1
  
  > This is true, but the Judicial system is usually a pretty good balance against this.
  Occasionally... we still have plenty of legal civil rights abuses... war on drugs anyone? Maybe you have forgotten about how often peoples homes get raided and that nearly half of our huge prison population is in there for a class of crimes that has been totally manufactured by civil rights abusing policies?
  > We have a revolution every 2 years or so, when we vote in new officials.
  Thats the funniest thing I have read all year. I know that word, and I do not think it means what you think it means. Choosing between the candidates allowed to us by the oligarchs in charge of the parties is hardly "revolution" worth calling such.
  
  --
  "I opened my eyes, and everything went dark again"
Not gonna happen by h4rr4r · 2012-06-06 02:40 · Score: 3, Insightful

If you are already breaking laws left and right why would you bother to acknowledge copyright?
The people who released this have no respect for the law, and see themselves as above it they will not comply.
1. Re:Not gonna happen by DickBreath · 2012-06-06 02:51 · Score: 4, Insightful
  
  Why would you bother to acknowledge copyright? Because the people who have bought and own the US government want copyright and patents to touch every part of our lives. Buy a cell phone? You should be paying an ever increasing slice to every patent troll that crawls out of the woodwork. Buy blank media, or a blank SD card? You should be paying copyright owners a "tax" on that blank media you dirty filthy pirate! Why else, other than piracy, could you possibly be buying blank media?
  
  / end rant
  
  --
  
  I'll see your senator, and I'll raise you two judges.
2. Re:Not gonna happen by ZeroSumHappiness · 2012-06-06 02:52 · Score: 5, Insightful
  
  Obviously copyright is the most important issue of our time. Look at how much went into ACTA/SOPA/PIPA/CISPA and how little is going into fixing our education, healthcare, research and poverty issues.
3. Re:Not gonna happen by Zocalo · 2012-06-06 03:07 · Score: 2
  
  Why not? It's a library, as in (most probably) a stand-alone binary file, is it not? Provided "lzo.dll" or whatever it was called was shipped as part of the package and only linked against, then there is no need to distribute the rest of the source code in order to achieve GPL compliance. Or am I misunderstanding the GPL FAQ?
  
  --
  UNIX? They're not even circumcised! Savages!
4. Re:Not gonna happen by DarkOx · 2012-06-06 03:12 · Score: 2
  
  Right they want copyright to touch every part of 'our lives' and when 'you' by blank media 'you' should pay a tax. When 'they' want to manufacture something and use GPL code 'they' think they ought be allowed to do so. When 'they' appropriate a photo or tune to use in 'their' works and sell it its just fine, but if 'you' even make a copy of 'their' stuff for you own viewing; 'you' should pay. The law if for 'you' not for 'them'.
  
  --
  Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
5. Re:Not gonna happen by networkBoy · 2012-06-06 03:19 · Score: 1
  
  O_o
  Seems a non sequitor in this context along the lines of the $699 SCO license fee trolls.
  I see the tie in, but ...
  
  --
  whois gawk date unzip strip find touch finger mount join nice man top fsck grep eject more yes exit umount sleep dump
6. Re:Not gonna happen by PurpleAlien · 2012-06-06 03:20 · Score: 2
  
  If the library were under the LGPL, your statement would be correct. It is however licensed under the GPL, which means that even linking with the library would mean that the rest of the code is considered a derivative and would fall under the GPL.
  
  --
  My blog, if you're interested: http://www.purp
7. Re:Not gonna happen by kbonin · 2012-06-06 03:21 · Score: 4, Informative
  
  The FAQ section you linked to is specific to the LGPL. The LZO library is licensed under the GPL, which means any application that uses it, and is distributed publicly, must be released with full source licensed under the GPL. This is an important distinction between the LGPL and GPL...
8. Re:Not gonna happen by drakaan · 2012-06-06 03:22 · Score: 1
  
  I was thinking that, too...I don't see anyone saying that they shipped *modified* versions of GPLed code.
  
  --
  "Murphy was an optimist" - O'Toole's commentary on Murphy's Law
9. Re:Not gonna happen by Qzukk · 2012-06-06 03:28 · Score: 4, Informative
  
  LGPL provides a "just linking" exception and is used 99:1 instead of GPL for libraries because the GPL makes no exception for linking. If your code uses GPL code, your code must be GPL.
  Generally the only people who write GPL libraries is the GNU Foundation itself, and even then they only do it when they think they have something so awesome people will adopt the GPL license to use it (like libreadline, which is).
  
  --
  If I have been able to see further than others, it is because I bought a pair of binoculars.
10. Re:Not gonna happen by drakaan · 2012-06-06 03:30 · Score: 1
  
  Maybe, maybe not...it depends on how the library is used. See Prelinking and Aggregation.
  
  --
  "Murphy was an optimist" - O'Toole's commentary on Murphy's Law
11. Re:Not gonna happen by Dr_Barnowl · 2012-06-06 03:38 · Score: 2
  
  The key word here is "library" ; aggregation typically only covers programs running in separate processes. Communication via sockets and pipes is permissible.
  If the summary had said "The lzo utility", fair enough. But if it's linking the library, that's linking. Pre-linking is just linking.
12. Re:Not gonna happen by kbonin · 2012-06-06 03:45 · Score: 1
  
  Those are rather unusual cases - under normal use (direct linking or use as a shared library), a GPL library imposes GPL on the entire application that uses it. Yes, it may be possible to use a GPL library without imposing GPL terms on the application, but it takes a good deal of effort to try and do so, like running the library in a separate process space and highly constraining communications with it...
  See FAQ entry: http://www.gnu.org/licenses/gpl-faq.html#NFUseGPLPlugins
13. Re:Not gonna happen by s73v3r · 2012-06-06 04:55 · Score: 1
  
  You act like people can't do more than one thing at a time. And that we should ignore ACTA/SOPA/PIPA stuff until the other things are fixed, at which time it will be far too late.
14. Re:Not gonna happen by tragedy · 2012-06-06 04:58 · Score: 1
  
  The library is GPL, not LGPL. There may be an argument against mere linking being a violation with standard libraries, but when the library is being distributed as part of the application, that argument falls a little flat.
15. Re:Not gonna happen by T.E.D. · 2012-06-06 05:04 · Score: 4, Interesting
  I have three issues with this:
  
  Does a virus spreading itself really count as "distribution" under the GPL? It could be argued that copying itself (sometimes to places it isn't wanted) is just the normal execution of this particular program (which the GPL always allows), not a proper "distribution". It's not like Iran called up the DoD and asked for its latest malicious virus.
  Legally you have to hold the party you got your distribution from liable for a GPL violation. That's the way the license is written. Thus to hold the DoD liable, you'd have to be the person who got your copy of the virus direct from them, not from another infected party. In other words, you have to be "patient zero". Who could prove that in court?
  The USA has laws against copying classified programs. So its quite possible the DoD could decide to turn around and arrest the litigant for posessing and/or distributing classified material.
16. Re:Not gonna happen by MickyTheIdiot · 2012-06-06 05:12 · Score: 1
  
  No it's not. If really are concerned about "intrusive government" then copyright is about as intrusive as it gets. It's starting to govern aspects of your life from the time you wake up until the time you go to sleep.
17. Re:Not gonna happen by ZeroSumHappiness · 2012-06-06 05:23 · Score: 5, Funny
  
  Dammit, people, that was meant to be Funny, not Insightful!
18. Re:Not gonna happen by BigDaveyL · 2012-06-06 06:11 · Score: 1
  
  Interesting takes. I don't think Iran wanted the software to begin with. But I think they would love to see the source code!
19. Re:Not gonna happen by tobiah · 2012-06-06 06:35 · Score: 1
  
  Barack Obama essentially admitted the U.S. government was behind these viruses. He also insists he respects the law. It's worth pursing this, just to expose the hypocrisy.
  
  --
  "The ability to delude yourself may be an important survival tool" - Jane Wagner -
20. Re:Not gonna happen by girlintraining · 2012-06-06 06:37 · Score: 2
  
  Obviously copyright is the most important issue of our time. Look at how much went into ACTA/SOPA/PIPA/CISPA and how little is going into fixing our education, healthcare, research and poverty issues.
  I think you're mistaken. You, I, and most of the world population, finds education, health care, research, and decent living conditions to be the most important issue of our time -- or any time, for that matter. However, wealth is power and wealth has become highly concentrated amongst, perhaps, a few thousand people in this country -- they have all the say about what that wealth does. It can be used to help the impoverished... or it can be used to further restrict our lives and further impoverish us for their benefit.
  But it's not going to change because we aren't willing to kill the people who are. I'm not advocating that be the first option considered, but the power of the people depends on being able to make good on the threat of radical modification or destruction of the government; in much the same way Mutually Assurred Destruction kept the peace between the USSR and the USA during the cold war, an armed and educated populace is the best defense against class warfare. You will note the extensive "anti-terror" framework that has acted to prevent any group organizing for political representation, and that gun control laws have become inordinately restrictive. Significant government resources are being devoted to discrediting any ground roots movement or potential political leaders and this framework is most directly put against anyone who directly exposes this framework -- Wikileaks is one example, but the Tor network is another, and there's been remarkably little coverage on the NSA's project to store all information transmitted on the internet that originates or passes through the United States. This is not a project intended to be a resource for foreign surveillance: It is intended to watch US citizens. And recently, high-tech surveillance drones have started to be deployed in major metropolitan areas.
  The United States is employing technologically sophisticated measures to create a police state as bad (if not worse) than China; But unlike China, they have created a digital iron curtain to wall off media coverage of this vast change in domestic policy. It is not a coincidence that most of the censorship technologies in use around the world were created here; It is a byproduct of deep and pervasive surveillance technologies already deployed here. We talk about the future of our society as being highly transparent, but that's only true of the average person, who will soon be proverbially naked. Only criminals and the government/corporate superstructure will be allowed to wear clothes; Only they will have privacy.
  The naked truth is... copyright law is class warfare. And it's a symptom of a much larger war going on.
  
  --
  #fuckbeta #iamslashdot #dicemustdie
21. Re:Not gonna happen by muridae · 2012-06-06 08:29 · Score: 1
  
  The problem with that question is it assumes the same author for both the library and the main program. If I write a program that is not gpl and allow plug-ins by other authors under "My-License", and rogue user creates a plug-in using gpl code; that is the plug-in authors problem, not mine. The FSF would have to show that I agreed to the gpl with regard to the project; which simply having a plug-in API does not show.
22. Re:Not gonna happen by drakaan · 2012-06-06 08:53 · Score: 1
  
  This is interesting stuff...I had been laboring under an incorrect assumption for a while that linking to an external library is one of the things that the GPL typically refers to as "use". I can see how modifying existing source fits, but I'm not sure what I think about a program using an external library having the GPL imposed. Mainly because the workaround is silly (and it's *not* a good deal of effort...if you don't care about speed)...
  If all I have to do is make a service that exposes the GPLed library via a network connection (127.0.0.1 is a network address, right?), then I can still release a proprietary blob that uses the library that way and that's viewed as not triggering the GPL? Web services are trivial to create these days.
  Are we *really* saying "Yeah, you can still do it the slow way, but not via IPC or shared memory"? Why does that feel wrong?
  
  --
  "Murphy was an optimist" - O'Toole's commentary on Murphy's Law
23. Re:Not gonna happen by Dr_Barnowl · 2012-06-06 09:06 · Score: 1
  
  It comes back to distribution ; because the host program and the plugin have incompatible licenses, they cannot be distributed together. The legal position of someone who combines a GPL plugin with a non-free program is probably moot unless he is distributing it, but he cannot offer a recipient the source of the non-free program under GPL terms unless he is the copyright holder, or has received the sources under GPL himself, so he can't distribute it.
  The typical interpretation of "distribution" is outside the organization you work in, if it's on a corporate basis, so technically you could prepare an aggregation of non-free code + GPL plugin for your internal users, but you can't distribute it otherwise.
24. Re:Not gonna happen by shutdown+-p+now · 2012-06-06 09:12 · Score: 1
  
  Legally, it's still an open question. FSF says that dynamic linking is derivation, but what really matters is how the law sees it (since GPL hinges on the definition of "derived work" as defined by copyright law). There are arguments both for and against it, and, to the best of my knowledge, no-one has tried to argue that in court, so we don't know for sure.
25. Re:Not gonna happen by Jherico · 2012-06-06 09:35 · Score: 1
  
  They're not going to give out the source code AND it's not illegal for them not to do so. The GPL will either fall under copyright law, or general contract law, depending on whether you consider it to fall under Article I, Section 8, Clause 8 of the constitution or not. Either way, both sets of laws are superseded by national security concerns, which certainly would cover a cyberweapon developed by the US government. I would no more expect the US to release the details of this software than I would expect then to release all the details of a nuclear weapon if for some reason because the GPL somehow required it.
  
  --
  Jherico
  What can the average user can do to ensure his security? "Nothing, you're screwed"
26. Re:Not gonna happen by Memroid · 2012-06-06 14:38 · Score: 1
  
  In that case, perhaps all GPL licensing can be circumvented by only distributing the software via a virus. "Click Here to begin infecting your computer with the latest version!"
  
  Does a virus spreading itself really count as "distribution" under the GPL? It could be argued that copying itself (sometimes to places it isn't wanted) is just the normal execution of this particular program (which the GPL always allows), not a proper "distribution".
Who gets to request code? by Anonymous Coward · 2012-06-06 02:41 · Score: 5, Insightful

Under the GPL, only people that the executable was distributed to are allowed to request the code - and since it's a weapon, the US government isn't alliowed to send it to Iran.
Problem solved.
1. Re:Who gets to request code? by samkass · 2012-06-06 03:04 · Score: 4, Interesting
  
  Also, you'll have to prove in a court of law that the Government did, in fact, distribute the software; that the recipient requested and was denied the source code; and that the owners of the Copyright have standing to sue. That's even before Sovereign issues. I'm not optimistic.
  
  --
  E pluribus unum
2. Re:Who gets to request code? by HyperQuantum · 2012-06-06 03:07 · Score: 2
  
  What are the legal implications of GPL software that 'distributes' itself? Assuming that Flame is self-propagating, of course. Because distributing GPL software obviously implies some responsibilities taken care of (like offering the source code). Now who gets the blame when the receiving party didn't get the offer? Can you argue in court that the originator of the software is responsible instead of just the previous link in the infection path?
  
  --
  I am not really here right now.
3. Re:Who gets to request code? by funnyguy · 2012-06-06 03:09 · Score: 1
  
  There is no burden to release code if it was never distributed or sold.
4. Re:Who gets to request code? by Manfre · 2012-06-06 03:23 · Score: 1
  
  Antivirus vendors around the global would disagree with you statement that it was never distributed.
5. Re:Who gets to request code? by Neil_Brown · 2012-06-06 03:23 · Score: 4, Informative
  Under the GPL, only people that the executable was distributed to are allowed to request the code
  It's perhaps a little more nuanced than this, to my mind.
  Under GNU GPL 2.0, a distributor of a binary of the Program has two main options for distributing the source code:
  
  a.) Accompany it with the complete corresponding machine-readable source code ... or,
  b.) Accompany it with a written offer ... to give any third party ... a complete machine-readable copy of the corresponding source code...
  
  If the source code does not accompany the binary, the binary must be accompanied by a written offer to give the source to "any third party" — it does not say "to give any third party who possesses the object code" or similar.
  However, the GPL FAQs (which I'd treat as one interpretation of the licence), comment that:
  
  The offer must be open to everyone who has a copy of the binary that it accompanies. This is why the GPL says your friend must give you a copy of the offer along with a copy of the binary—so you can take advantage of it.
  However, this is not what the wording says — that the offer must be open to "any third party." If I get the binary directly from you, the status is clear, as is the situation in which I get the binary from my friend, who got it from you — but it's unclear, to my mind, what happens when I do not have the binary. I'd probably leave it that you have an obligation to provide the source code to me — an obligation to provide the source code to "any third party" — but that, without a copy of the offer myself, I'd likely have a very difficult time enforcing the obligation.
  GNU GPL 3.0 clears this up, with clause 6(b) providing that a non-source distribution on a physical medium can take place if
  
  accompanied by a written offer ... to give anyone who possesses the object code [the source or access to the source]
  However, the fact the words are *not* in GNU GPL 2.0 but *are* in GNU GPL 3.0 does not necessarily mean that they should be read in...
  YVMV, of course :)
6. Re:Who gets to request code? by TheCarp · 2012-06-06 03:24 · Score: 2
  
  And how exactly do you claim that this software was never distributed? It was clearly distributed, in fact, it distributed itself to new machines without the owners actual approval. The one claim that the authors most certainly not make is that they did not intend for the binary to be distributed.
  
  --
  "I opened my eyes, and everything went dark again"
7. Re:Who gets to request code? by Yvanhoe · 2012-06-06 03:24 · Score: 1
  
  And that is, of course, after Iran successfully won the court case about US sabotaging its uranium enrichment. This may be a slight bit more a serious offense...
  
  --
  The Wise adapts himself to the world. The Fool adapts the world to himself. Therefore, all progress depends on the Fool.
8. Re:Who gets to request code? by PurpleAlien · 2012-06-06 03:26 · Score: 1
  
  I would argue that if the virus would end up on my computer (asked for or not), it was distributed to me - hence I have the right to ask for the source code under the GPL. Furthermore, I could have gotten the code from Kasperski Labs for instance for my research, and would also be able to ask for the code. Remember that the distribution of the binary does not necessarily need to be done by the original source - anyone receiving a GPL'd binary has the right to redistribute, under the same terms as the original.
  
  --
  My blog, if you're interested: http://www.purp
9. Re:Who gets to request code? by Entropius · 2012-06-06 04:58 · Score: 1
  
  Well, they distributed it -- by accident, sure, but they did -- to folks other than Iran.
10. Re:Who gets to request code? by nedlohs · 2012-06-06 05:25 · Score: 1
  
  And that's not their problem. Whomever did the distributing needs to provide the source code - it they don't have it or a written offer to pass along for it then they are the ones who violated the GPL.
  Of course then it's a virus/whatever that distributes itself that falls apart rather fast.
11. Re:Who gets to request code? by TheCarp · 2012-06-06 06:04 · Score: 1
  
  I don't see why that falls apart. The virus is distibuting itself...on behalf of its authors, who released it. They had control, they set it out intentionally.... every single distribution of itself that it makes, it makes because they induced it to start. They are responsibible for the redistributions...every single one of them.
  
  --
  "I opened my eyes, and everything went dark again"
12. Re:Who gets to request code? by nedlohs · 2012-06-07 03:54 · Score: 1
  
  Hence why the argument falls apart.
13. Re:Who gets to request code? by TheCarp · 2012-06-08 02:13 · Score: 1
  
  In that case I clearly misunderstood what you were saying.
  
  --
  "I opened my eyes, and everything went dark again"
Good luck with that... by HarrySquatter · 2012-06-06 02:42 · Score: 1

State sovereign immunity. Game over.
1. Re:Good luck with that... by number11 · 2012-06-06 03:33 · Score: 1
  
  State sovereign immunity. Game over.
  "Laws? We don't need no steenkin laws!"
You can ask ... by Cassini2 · 2012-06-06 02:42 · Score: 1

This involves the Mossad, CIA, and national security. You can ask, but you might not survive the attempt.
Gerald Bull and the drone attacks come to mind. Of course, this assumes that they even listen, and don't simply claim National Security!
1. Re:You can ask ... by neokushan · 2012-06-06 02:51 · Score: 1
  
  It's all over slashdot now, they can't "contain" it much longer. All they can do is deny, deny, deny. Deny doing it, deny access, deny the whole thing.
  It'd be a hell of an interesting test for the GPL in court, though.
  
  --
  +1 IDisagreeSoHeMustBeATrollOrAnAstroturferOrAShill
2. Re:You can ask ... by h4rr4r · 2012-06-06 02:53 · Score: 1
  
  Why would they care about slashdot?
  It would not be a test for the GPL at all, nor would it be a test of any other license. They would just invoke sovereign immunity and be done with it.
3. Re:You can ask ... by neokushan · 2012-06-06 02:58 · Score: 1
  
  Nothing to do with slashdot, more that thousands and thousands of people have already seen it. If whoever asks the question suddenly disappears, there's plenty of other people that will line up and ask two questions. Plenty of people on slashdot aren't afraid of the government - any government.
  Like I said, it would be an interesting test in court. I highly doubt it'll ever get to that stage.
  
  --
  +1 IDisagreeSoHeMustBeATrollOrAnAstroturferOrAShill
4. Re:You can ask ... by HarrySquatter · 2012-06-06 03:08 · Score: 1
  
  All over Slashdot? Oh man, they're quaking in their boots!!!
5. Re:You can ask ... by neokushan · 2012-06-06 03:12 · Score: 1
  
  I never said that they'd be scared, all I said was that they couldn't contain it by "removing" a few people.
  
  --
  +1 IDisagreeSoHeMustBeATrollOrAnAstroturferOrAShill
6. Re:You can ask ... by networkBoy · 2012-06-06 03:22 · Score: 1
  
  ha ha ha
  Plenty of people on /. that have not had a real encounter with the government then. I suspect the Venn diagram is actually two concentric circles of the same diameter...
  -nB
  
  --
  whois gawk date unzip strip find touch finger mount join nice man top fsck grep eject more yes exit umount sleep dump
7. Re:You can ask ... by neokushan · 2012-06-06 03:32 · Score: 1
  
  I think you underestimate the number of people that visit slashdot. Law of averages and all that.
  There'll always be another Assange or Manning waiting to stand up and shout loudly, be it for legitimate or self-gratifying reasons (admittedly mostly self-gratifying). People like (the frankly idiotic) Anonymous will make enough of a fuss that it'll get news coverage all over the place and by that point, you can't contain it without making it worse. All they can (and probably will) do is hunker down and deny it all.
  
  --
  +1 IDisagreeSoHeMustBeATrollOrAnAstroturferOrAShill
Re:is the CIA selling these viruses? by dnaumov · 2012-06-06 02:43 · Score: 4, Informative

No, selling or not selling is irrelevant. "Distributing" is the key.
Yeah, they'll get right on that by TrentTheThief · 2012-06-06 02:43 · Score: 2

LOLOLOL
What a stupid idea it was to go down that path. Now that the idiots in the us gov't have opened pandora's box, I'm sure we'll all soon have the opportunity to see the code up close and personal.
1. Re:Yeah, they'll get right on that by 1s44c · 2012-06-06 03:35 · Score: 1
  
  LOLOLOL
  What a stupid idea it was to go down that path. Now that the idiots in the us gov't have opened pandora's box, I'm sure we'll all soon have the opportunity to see the code up close and personal.
  The decompiled version appears to already be on the net, if you want it you can find it and so can everyone else.
  Hopefully this will teach people not to control important things with windows machines but somehow I doubt that will happen.
2. Re:Yeah, they'll get right on that by TrentTheThief · 2012-06-06 03:52 · Score: 1
  
  Microsoft Windows: "Kevorkian Approved©" for critical life support applications.
Re:is the CIA selling these viruses? by HarrySquatter · 2012-06-06 02:44 · Score: 3, Insightful

This whole thing is irrelevant due to state sovereign immunity. Good luck suing the government when they have to permit themselves to being sued.
Worms with source? by PhilHibbs · 2012-06-06 02:44 · Score: 1

So if this worm deploys itself onto a machine, it should deploy the source as well? Or, could it just deploy a link to the source, and since the software itself by its very nature tries to hide itself, could it hide the link?
Clever idea, actually. by drinkypoo · 2012-06-06 02:45 · Score: 4, Interesting

Someone with gigantic balls of steel should file a FOIA on this basis.
It would be interesting to see if the request would even be acknowledged.
What makes the idea clever is that it's a public request (and publicise the hell out of it!) and it's powered by copyright. This is why the GPL is so effective...

--
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
1. Re:Clever idea, actually. by HarrySquatter · 2012-06-06 02:47 · Score: 1
  
  Yes, and the government can ignore it since they control the copyright laws. You actually think the government is constrained by the GPL? ROFL.
2. Re:Clever idea, actually. by the+eric+conspiracy · 2012-06-06 03:03 · Score: 3, Insightful
  
  How do you know they didn't buy a commercial license?
3. Re:Clever idea, actually. by tepples · 2012-06-06 03:14 · Score: 1
  
  Might it be a lack of a licensee number in the binary? I can't know whether this is required because the terms of an LZO Professional license are subject to NDA.
4. Re:Clever idea, actually. by jeff4747 · 2012-06-06 03:29 · Score: 1
  
  The laws on classified information trump copyright.
5. Re:Clever idea, actually. by amicusNYCL · 2012-06-06 05:13 · Score: 1
  
  Someone with gigantic balls of steel should file a FOIA on this basis.
  It doesn't require any courage to file a FOIA request, only information.
  
  It would be interesting to see if the request would even be acknowledged.
  Doubtful. There's zero incentive to do so.
  
  What makes the idea clever is that it's a public request (and publicise the hell out of it!) and it's powered by copyright. This is why the GPL is so effective...
  Yes, watch how effective the GPL is as exactly nothing happens.
  
  --
  "Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
Re:Yeah right... by cryptizard · 2012-06-06 02:47 · Score: 1

Considering the "request" was just a joke post an obscure Hungarian blog, they will definitely be ignoring (read: never seeing) it.
Re:is the CIA selling these viruses? by TheSpoom · 2012-06-06 02:47 · Score: 4, Interesting

Distribute, not sell. (Though you absolutely have the right to sell GPL code as well, as long as you abide by the rest of the license and release your source.)
In any case, I'm guessing that one of the following things will happen:
- Some sort of secrecy / national security provision is given as a reason source cannot be released (1% probability)
- Changes to the GPL portions are released (0.01% probability)
- Stone-cold silence (98.99% probability)
Remember, the US Government hasn't even acknowledged that they created these worms. We're still firmly in the "plausible deniability" phase.

--
It's better to vote for what you want and not get it than to vote for what you don't want and get it.
- E. Debs
Ask away by DaveV1.0 · 2012-06-06 02:52 · Score: 4, Insightful

The thing is, no one knows who wrote it. Sure, there is speculation that the U.S. and/or Israel did, but no one knows for sure. The simplest thing for the government to do is say "We can't because we didn't write it." Then, it falls on the asker to prove they did.

--
There is no "-1 offended" or "-1 you don't agree with me" mod options for a reason.
1. Re:Ask away by tnk1 · 2012-06-06 03:12 · Score: 3, Informative
  
  This.
  I mean, I'm seeing a leap of logic where we look for a piece of GPL code to throw a legality at the US government, but of course, neglect the little detail that no one knows who wrote it, and that the US government certainly hasn't admitted it.
  This just sounds like a strange mixture of anti-government outrage mixed with GPL advocacy which is nothing more than an attention whoring exercise in wankery.
2. Re:Ask away by eimsand · 2012-06-06 03:21 · Score: 1
  
  Even if the US admits they wrote Flame (much like they just did with Stuxnet), it still won't matter. There are catch-all laws that allow the government to (legally) ignore pretty much any request if it compromises national security.
3. Re:Ask away by silentcoder · 2012-06-06 03:29 · Score: 1
  
  True, though the summary is wrong. Yeah, I know I RTFA'd I must be new here, but the actual post said "whoever wrote it please comply with the GPL",
  It never actually said it was the US or any other Government.
  That claim was made on slashdot alone.
  
  --
  Unicode killed the ASCII-art *
4. Re:Ask away by StormReaver · 2012-06-06 04:26 · Score: 1
  
  The simplest thing for the government to do is say "We can't because we didn't write it." Then, it falls on the asker to prove they did.
  Whether the Government wrote it doesn't matter. What matters is whether the Government distributed the binaries (not that I expect our Government to comply, but that's an entirely different issue).
5. Re:Ask away by dwye · 2012-06-06 06:28 · Score: 1
  
  Except that Stuxnet distributes itself, without human intervention. Somewhere, some human probably distributed a copy (is leaving a USB stick around where someone will steal it legally classed as distributing its contents, BTW? Entirely possible that no one distributed it in the legal sense), but you have to identify that person to sue him.
6. Re:Ask away by DaveV1.0 · 2012-06-06 07:29 · Score: 1
  
  Different question, same response. There is not enough evidence to say who distributed it. "We didn't do it." and the burden of proof falls on the claimant.
  
  --
  There is no "-1 offended" or "-1 you don't agree with me" mod options for a reason.
7. Re:Ask away by felipekk · 2012-06-06 19:48 · Score: 1
  
  http://www.nytimes.com/2012/06/01/world/middleeast/obama-ordered-wave-of-cyberattacks-against-iran.html?_r=3&pagewanted=2&seid=auto&smid=tw-nytimespolitics&pagewanted=all
  "Mr. Obama decided to accelerate the attacks — begun in the Bush administration and code-named Olympic Games — even after an element of the program accidentally became public in the summer of 2010 because of a programming error that allowed it to escape Iran’s Natanz plant and sent it around the world on the Internet. Computer security experts who began studying the worm, which had been developed by the United States and Israel, gave it a name: Stuxnet. "
8. Re:Ask away by DaveV1.0 · 2012-06-07 01:37 · Score: 1
  
  Now all you have to do is get the reporter to give you his confidential source and have said source publicly testify about how he violated the law and his security clearance by discussing highly classified material substantially damaging national security and covert operations.
  Let me know how that goes.
  
  --
  There is no "-1 offended" or "-1 you don't agree with me" mod options for a reason.
Are we sure it's the GPL version? by jensend · 2012-06-06 02:58 · Score: 1

Markus Oberhumer, author of LZO, also offers LZO Professional, a commercial version not subject to the GPL.
1. Re:Are we sure it's the GPL version? by Anonymous Coward · 2012-06-06 03:03 · Score: 1
  
  In this case the Iranian government could solve its problems by serving a DMCA takedown notice to the US
2. Re:Are we sure it's the GPL version? by jensend · 2012-06-06 03:10 · Score: 1
  
  AARGH should have used preview. LZO Professional.
3. Re:Are we sure it's the GPL version? by arth1 · 2012-06-06 03:22 · Score: 1
  
  Markus Oberhumer, author of LZO, also offers LZO Professional, a commercial version not subject to the GPL.
  Which would make it perfectly legal. But honestly, what do you think the odds are that the TLAs would bother doing what's right?
4. Re:Are we sure it's the GPL version? by 1s44c · 2012-06-06 03:42 · Score: 1
  
  Markus Oberhumer, author of LZO, also offers LZO Professional, a commercial version not subject to the GPL.
  Does he also offer an 'acts of war against a sovereign nation' license?
5. Re:Are we sure it's the GPL version? by dwye · 2012-06-06 06:29 · Score: 1
  
  I'm certain he would, if asked nicely by men surrounded by other men with guns at their command.
6. Re:Are we sure it's the GPL version? by jonwil · 2012-06-06 12:33 · Score: 1
  
  Maybe someone should contact Markus and ask if he has licensed LZO for this or whether it is being used without his permission.
LZO Licensing by Anonymous Coward · 2012-06-06 03:00 · Score: 5, Informative

From http://www.oberhumer.com/opensource/lzo/lzodoc.php:
"Special licenses for commercial and other applications which are not willing to accept the GNU General Public License are available by contacting the author."
1. Re:LZO Licensing by aiht · 2012-06-06 15:07 · Score: 1
  
  Somehow I doubt that purchasing a commercial license to the library requires you to tell the library author what program(s) you will use it for.
  So, the author might have their name on his list of sales; but how would he know which one it was?
RTFA. by Robert+Zenz · 2012-06-06 03:01 · Score: 3, Informative

So our questions is: Please, Dear Authors of Duqu (whoever they are), hand over the source code of Duqu (or Beacon/NYT), as it contains GPL code.

Disclaimer: This post is for fun, don’t take it too seriously, but the questions are still valid.
OT - GPL violation doesn't necessarily open code by caseih · 2012-06-06 03:06 · Score: 5, Informative

Just as an aside, whenever some commercial entity finds itself in violation of the GPL, people start talking like they expect the code to magically be revealed and gifted to the community. This perpetuates the lie that the GPL is viral and can "infect" closed-source code. The reality is far different. If a company is found to be in violation of the GPL, they find themselves in a copyright violation situation. This means that they must a) stop further distribution and b) potentially be held liable for monetary damages resulting from the distribution. They absolutely don't have to release their code. However if they want to continue to distribute and sell their product they will have to do one of three things: 1) remove infringing code, 2) license the infringing code under acceptable terms, possibly by paying a licensing fee to the copyright holder, or 3) release their derivative code under the GPL.
Re:is the CIA selling these viruses? by fuzzyfuzzyfungus · 2012-06-06 03:10 · Score: 5, Funny

Option #4: An obscure RFC describing the implementation of TCP/IP on a 5.56x45 'jumbo frame' physical layer is drafted.
We'll settle if you release the code by tepples · 2012-06-06 03:12 · Score: 2

and b) potentially be held liable for monetary damages resulting from the distribution. They absolutely don't have to release their code.

Unless the copyright owner of the GPL code offers to drop the claim for monetary damages in exchange for publishing the infringing code. As I understand it, this offer is routine for copyright infringement cases that involve the GPL.
It should be possible to sue by the+eric+conspiracy · 2012-06-06 03:13 · Score: 1

The Federal Government has specifically disclaimed sovereign immunity in copyright cases under 28 USC 1498(b).
There may be other concerns, like national security that make it difficult though.
Actually, the GPL isn't very cancerous. by Anonymous Coward · 2012-06-06 03:18 · Score: 1, Informative

As an author of GPLed code, I've read the GPL license. It isn't possible for a random person, including the author of the GPLed works being distributed, to request source code. The only GPL provision for that is if the author distributes binaries of modified GPL code, at which point the author would need to distribute source code as well. Here's the sticky point, whoever requested source code wasn't the recipient of the binaries; therefore, they are not entitled to any source code. The authors of the GPLed source code are not entitled to it either, for the same reason. In fact, the only one who could demand (in theory at least) the source code would be the persons receiving the binaries containing the modified GPL code.
Then there's the point that bundling GPL software with your product doesn't necessarily mean that you're extending that product and therefore bound by the GPL. Not every piece of software compiled on/for Linux is bound by the GPL -- even if that software is distributed as part of a Linux distribution (i.e., bundled as part of a bigger package). Software that has an API and offers services to other software -- compression libraries, SQL, etc -- are expected to offer services to other software. Granted, some developers have taken the stance that if proprietary software works with only a specific GPL software (say, MySQL) and that particular GPL software is distributed with the proprietary software, that it violates the GPL, and a proprietary license is required. However, that is a developer stance, not necessarily a legal one.
So even if the government used GPL software (which may not be the case considering a non-GPL license is available for the software in question), it wouldn't necessarily be required to release any source code. There's a pretty good chance that it didn't change any GPLed source code -- even if it did bundle it with its own software and wrap everything up in a clever installer.
"anyone who possesses the object code" by tepples · 2012-06-06 03:18 · Score: 3, Informative

Under the GPL, only people that the executable was distributed to are allowed to request the code
As I understand the GPL, this offer must be extended to "anyone who possesses the object code" (GPLv3) or "any third party" (GPLv2). Anyone who has ever had a PC infected with any of these viruses "possesses the object code".
Re:is the CIA selling these viruses? by unixisc · 2012-06-06 03:21 · Score: 2

Precisely, and if someone writes a virus under the GPL, and only runs the virus, making it infect other computers that were not interested in receiving it, then is that considered a distribution of the binaries such that the source code has to be released?
It's a joke by ildon · 2012-06-06 03:24 · Score: 4, Informative

Quoting the article because so far no one actually followed the link and read it (as usual).

Disclaimer: This post is for fun, don’t take it too seriously, but the questions are still valid. This post is a personal post of one of the Lab members and does not reflect the view of any organization.
Problem Solved by Anonymous Coward · 2012-06-06 03:37 · Score: 1

Do they use a rangeCheck function?
If so, somebody let Oracle know so that they can sue the government.
Re:is the CIA selling these viruses? by gman003 · 2012-06-06 03:48 · Score: 5, Informative

5.56x45mm is the specifications for the NATO-standard small-arms ammunition, used by pretty much every modern military assault rifle that isn't a Kalashnikov derivative (and some that are), as well as some police sniper rifles and various civilian rifles.
And now I've explained the joke.
Re:is the CIA selling these viruses? by someSnarkyBastard · 2012-06-06 03:49 · Score: 1

You mean like the one about TCP/IP via avian carriers?
Re:GPL infects a virus by lister+king+of+smeg · 2012-06-06 03:54 · Score: 1

it really is viral licensing now

--
---Saying gnome 3 is better than windows 8 not so much a compliment as it is damning with light praise.
Plenty of (truely) free alternatives by bhlowe · 2012-06-06 04:13 · Score: 1

If the LZO folks had an easy way to purchase a license to their products (purchase online with credit card), they would have a little more money in their pockets.. Instead, they get a tiny bit of publicity.. and anyone who cares will simply use a free (as in MIT/BSD) library, such as FastLZ or LZJB, 7-Zip.
1. Re:Plenty of (truely) free alternatives by gQuigs · 2012-06-06 05:14 · Score: 1
  
  You have to contact them... that doesn't seem so outrageous.. and they are willing to give you a proprietary license for a cost, (likely relative to how big a project or some other metric)
  FastLZ is really fast, but compresses less well then zip, is MIT License... 7-Zip is LGPL. and LZJB looks like it is CDDL, which is also a weak copyleft license..
  Whoever built Flame, who likely doesn't care about licenses at all, choose this.. That is a pretty good indicator it was the best tool (or easiest) for the job. They certainly could have afforded paying for something else.
"OK. Sorry. We'll stop distributing it now." by datastew · 2012-06-06 04:13 · Score: 1

They just have to say, "OK. Sorry. We'll stop distributing it now." However the fact is that it continues to distribute itself.
Not entirely GPLed by Cyko_01 · 2012-06-06 04:15 · Score: 1

the GPL makes allowances for things like plugins, extensions, addons, etc and since flame is clearly module based (as discovered by virus researchers) only the one module with the lzo stuff would have to be released under GPL.
Re:is the CIA selling these viruses? by donutz · 2012-06-06 04:28 · Score: 1

Right, distributing is the key.
But that means we have to figure out who it was distributed to, and by whom. I think we can agree that the owners of the targeted Iranian computers were recipients of the distribution, so they get to request the source, right? (Ha!)
But what about anyone else? If the distribution to other people was not authorized the the original distributor (e.g. an Iranian infects Internet-connected computers after his air-gapped nuclear equipment controlling system was infected), I'm not sure they'd have the right to request the source. But I haven't read the GPL in quite some time.
Re:is the CIA selling these viruses? by fuzzyfuzzyfungus · 2012-06-06 04:30 · Score: 2

Better ping; but more packet fragmentation.
The government vs law by edelbrp · 2012-06-06 04:52 · Score: 1

I realize this is a bit of a tongue-in-cheek news item, but isn't government by definition above the law? I mean, if it actually got serious, wouldn't the president just pass an executive order making it exempt from copyright law?
In any case, the government isn't distributing it, it is self distributing! ;')
If/Then: US Classifies a Work/Condemnation of Work by cmholm · 2012-06-06 05:12 · Score: 1

Assuming for a moment that Flame is a work by or created under contract for the USG:
Based on my laymen understanding of how a classified work is handled by the USG, if it marks a work with a security classification, said work is therefore condemned and solely owned by the USG, making all previous contracts and copyrights moot.
That's not to say that they would claim sole ownership and copyright of Lua and the other works used to create the final product, but rather just the final product. Therefore, no code release, and not even under the FOIA.

--
Luke, help me take this mask off ... Just for once, let me butterfly kiss you with my own eyes.
Maybe they licensed it.. by bored · 2012-06-06 05:31 · Score: 1

There is a commercial option, they just have to have licensed it from Oberhumer.
That might have been a fun discussion.
Only the Iranians can sue by iceco2 · 2012-06-06 05:45 · Score: 1

Assuming the US government is behind these masterpieces anyone who was given a binary by the US government can request the full source code.
If you happen to stumble upon the binary after passing through many middle-men the original author doesn't owe you anything.
Re:is the CIA selling these viruses? by shutdown+-p+now · 2012-06-06 09:13 · Score: 1

5.56x45 is not the best option for physical layer, though - it has fragmentation issues.
Re:OT - GPL violation doesn't necessarily open cod by caseih · 2012-06-06 11:12 · Score: 1

Umm, no. If they have never intentionally released their product under a source code license such as the GPL, then asking them for the source code is silly. Repeat after me. A GPL violation does not force the company to release their code under the GPL. I am not a lawyer but I've spent a lot of time studying the GPL and how it works with copyright law.
A judge can and should punish them monetarily for existing distribution, and prevent further distribution of the product so long as a license compliance issue exists. This all said, I think users calling on companies to open their source because of a GPL violation, particularly when the product is a core proprietary product is harmful to the GPL specifically, and to open source in general. It perpetuates the lie I spoke of.
We should point out violations, however, and point companies at the remedies I listed. At least one of the remedies is required for further distribution, but any one will do.
Unintentional Forced Distribution by DarwinSurvivor · 2012-06-06 12:01 · Score: 1

Oh man, I can't WAIT to see what RMS has to say about "unintentinal forced distribution". If you give me the virus, I didn't ask for it and you (also being infected) didn't intend to give it to me. I wonder if we'll see a GPLv4 soon to cover this issue like GPLv3 covered Tivoisation!
1. Re:Unintentional Forced Distribution by unixisc · 2012-06-06 20:36 · Score: 1
  
  This one is really funny. Of course, given it's Stallman, he'll probably go on a crusade against the US government and want Iran to get the source code. But the source code of the library is already here. So he can demand the full thing, and both the CIA and Mossad can deny that they distributed it in the first place, leaving the burden of proof on RMS. Maybe he'll then find a way to introduce an anti-CIA clause into GPL4.
Re:Do people even bother to read anymore? by aiht · 2012-06-06 15:01 · Score: 1

Glad someone else noticed this. There is no mention of the US government, or any indication that the article author has any idea who wrote the code.
Has the US government really admitted to writing these viruses? Did I miss something?
I thought the GPL enforcement applies to by ibic00 · 2012-06-06 18:13 · Score: 1

the virus/worm authors who used GPLed code, only.
Why shall the government be assumed the obligation?
Re:is the CIA selling these viruses? by cmarkn · 2012-06-08 21:15 · Score: 1

Read 'em and weep:
http://en.wikipedia.org/wiki/Sovereign_immunity#United_States
http://en.wikipedia.org/wiki/Eleventh_Amendment_to_the_United_States_Constitution

--
People should not fear their government. Governments should fear their people.