Software Freedom Conservancy Funds GPL Suit Against VMWare

← Back to Stories (view on slashdot.org)

Software Freedom Conservancy Funds GPL Suit Against VMWare

Posted by timothy on Thursday March 5, 2015 @05:19AM from the this-isn't-nam-man-there-are-rules dept.

Jeremy Allison - Sam writes with this excerpt from a news release from the Software Freedom Conservancy: Software Freedom Conservancy announces today Christoph Hellwig's lawsuit against VMware in the district court of Hamburg in Hamburg, Germany. This is the regretful but necessary next step in both Hellwig and Conservancy's ongoing effort to convince VMware to comply properly with the terms of the GPLv2, the license of Linux and many other Open Source and Free Software included in VMware's ESXi products. Serge Wroclawski points out the SFC's technical FAQ about the suit. One nugget: This case is specifically regarding a combined work that VMware allegedly created by combining their own code (“vmkernel”) with portions of Linux's code, which was licensed only under GPLv2. As such, this, to our knowledge, marks the first time an enforcement case is exclusively focused on this type of legal question relating to GPL

37 of 188 comments (clear)

Min score:

Reason:

Sort:

How to help ! by Jeremy+Allison+-+Sam · 2015-03-05 05:29 · Score: 5, Informative

To donate funds to Conservancy GPL compliance efforts see here:
http://sfconservancy.org/linux...
I'm dying of curiousity by idontgno · 2015-03-05 05:34 · Score: 4, Interesting

about VMWare's position on this. What on earth do they think trumps their obligations to the license they agreed to by using GPLv2 software in their product?
I wonder if they could possibly be as deluded and stubborn as SCO.

--
Welcome to the Panopticon. Used to be a prison, now it's your home.
1. Re:I'm dying of curiousity by lolcutusofbong · 2015-03-05 05:49 · Score: 2, Interesting
  
  They probably figured they'd never get caught by anyone with the balls and money to take them to court. I'd love to see all of ESXi and vSphere get open sourced as the result of this lawsuit, but I suspect that's just a pipe dream.
2. Re:I'm dying of curiousity by loosescrews · 2015-03-05 05:50 · Score: 4, Informative
  
  They are not using the entire linux kernel. At this point most of vmkernel is their own code and they are (for the most part) only linking in the parts of the linux kernel that deal with hardware. Linux has way better hardware support than BSD.
3. Re:I'm dying of curiousity by Tom · 2015-03-05 05:53 · Score: 4, Informative
  
  They are taking a calculated risk knowing that very few GPL lawsuits actually went to court. They know it takes money to fight a legal battle and hope the opposing side doesn't have it, or will run out of it before reaching a final verdict. And finally, from the fact that they've been at this since 2012 - they probably think that it's a fairly cost-efficient way to buy more time and make business.
  
  --
  Assorted stuff I do sometimes: Lemuria.org
4. Re:I'm dying of curiousity by pseudofrog · 2015-03-05 05:54 · Score: 4, Insightful
  
  I'll never get why the GPL is considered controversial with regard to its legality. Litigation should basically be:
  
  It this your code?
  No.
  Why are you distributing this code?
  We have a license.
  What are the conditions of the license?
  ...
5. Re:I'm dying of curiousity by Richard_at_work · 2015-03-05 05:58 · Score: 4, Interesting
  
  If, and thats a big if, VMWare have done anything in violation of the license at all - the "technical FAQ" is very light indeed on actual technical details, instead mostly talking about how Conservancy went to great lengths to do anything they could to open a dialog before suing. The "technical" part of the FAQ is a single diagram which explains very little in how they think VMWares approach is violating either the GPL or copyright.
  This is going to be something to watch, as its going to be an interesting one.
6. Re:I'm dying of curiousity by gstoddart · 2015-03-05 06:00 · Score: 4, Interesting
  
  They're a for-profit corporation, who see this as their bread and butter technology.
  All you need is an idiot CEO to say "I want this" and an asshole lawyer to agree with him.
  Are you honestly expecting principle, logic, and honesty from this?
  It's a corporation looking out for its own interests. If that means fucking everybody else over or coming up with your own interpretation of the law? So be it.
  I expect nothing less from this kind of situation.
  
  --
  Lost at C:>. Found at C.
7. Re:I'm dying of curiousity by bill_mcgonigle · 2015-03-05 06:01 · Score: 5, Interesting
  
  it's a fairly cost-efficient way to buy more time and make business.
  It sure is, and the people making such decisions face no consequences for violating the license. Yeah, maybe the corporation will get slapped with a tiny fine that reflects some small percentage of the money saved by incorporating the GPL'ed library, but how is that really any disincentive? It's more of an inconvenience, or simply a cost that gets processed through the EMC legal department, and then only maybe.
  The money being spent on the prosecution won't actually change much behavior - there might be better causes to donate your money too (especially if you don't believe in imaginary property) than funding this expedition to behead a hydra.
  
  --
  My God, it's Full of Source!
  OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
8. Re:I'm dying of curiousity by lgw · 2015-03-05 06:01 · Score: 5, Interesting
  
  I highly doubt there was any such forethought. Much more likely (at least, at companies I've worked at) that some junior dev checked in GPL code as his own work, and it somehow slipped past code review (as can happen at crunch time).
  I worked for "shrinkwrap software" companies for `15 years, and all of them had ironclad rules against using GPL software in any way (without a multi-month lawyer-approval process anyhow). One place I worked ran open source detection tools (similar to the plagiarism detection tools, but seeded with all the big free projects) as part of the daily build, they were so paranoid. I'd be surprised if this was deliberate on VMware's part. But then, maybe they're just a shitty company now?
  That will be the interesting part of this case, IMO: was this deliberate, against official policy that the dev teams ignored, or some junior guy cheating?
  
  --
  Socialism: a lie told by totalitarians and believed by fools.
9. Re:I'm dying of curiousity by zarthrag · 2015-03-05 06:09 · Score: 5, Insightful
  
  If that was the case VMware would (or should) have apologized, and removed the offending code to get into compliance. The fact that things are this far along signals at least some degree of maliciousness towards the terms of the GPL.
  Hopefully, the penalty doesn't come out to be a meaningless fine. Instead, it should be a meaningless fine and forced compliance to the GPL - not through removal of the offending code (they have passed on that), but through open-sourcing of the entire product via GPLv2, effective immediately.
  
  --
  Why can't all fpga/microcontroller manufacturers just release free optimizing compilers???
10. Re:I'm dying of curiousity by HornWumpus · 2015-03-05 06:42 · Score: 2
  
  Only the headers (that define interfaces used) not a derivative work.
  Uses actual implementations, derivative work.
  This was covered three of four times in the commercial software world.
  
  --
  John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
11. Re:I'm dying of curiousity by jedidiah · 2015-03-05 06:42 · Score: 4, Insightful
  
  It's only "controversial" in software where people think that "what's mine is mine and what's yours is mine" is an acceptable way to think about other people's work.
  The GPL is a clever hack of copyright law written by someone that knew what he was doing. I think people see RMS and think they can get away with sh*t because they think he's not smart enough to hire a real lawyer.
  
  --
  A Pirate and a Puritan look the same on a balance sheet.
12. Re:I'm dying of curiousity by dottrap · 2015-03-05 06:57 · Score: 3, Interesting
  
  That is, unless VMWare sincerely thinks they are in the right and have a defensible case. Then things get very interesting because then there is a chance the GPL could be undermined/weakened if they win and you will see a lot of groups start paying attention to make sure Software Freedom Conservancy doesn't screw up the case for GPL. (And you may see other parties interested in exploiting a weakened GPL.)
13. Re:I'm dying of curiousity by sjames · 2015-03-05 07:16 · Score: 2
  
  That may have started it, but keep in mind, talks have been ongoing for several years now. They have had every opportunity to correct the problem. The suit didn't happen until VMware made it clear that they have no intention of remedying the situation.
14. Re:I'm dying of curiousity by MightyMartian · 2015-03-05 09:32 · Score: 2
  
  I guess the point has to be, what has VMWare bought to the game. They've essentially grabbed the Linux kernel, stacked their own kernel extensions on top of it and called it their own. I've never heard of them as major contributors to the Linux kernel itself.
  
  --
  The world's burning. Moped Jesus spotted on I50. Details at 11.
15. Re:I'm dying of curiousity by mysidia · 2015-03-05 10:41 · Score: 5, Informative
  
  You are mistaken in thinking they use the Linux kernel in ESXi. There is no Linux kernel anywhere in ESXi.
  They have written their own operating system from scratch, and they did a complete rewrite of the kernel in the update from ESXi 3.5 to 4.0.
  What they have done is copied a subset the interface API from the Linux kernel. Much how like the Wine Project has copied API details from Win32 without permission from Microsoft.
  This allows existing driver source code that already works in Linux to be compiled using the VMware driver development kit into a binary that can be loaded as a driver in ESXi.
  This means that hardware vendors can write the driver once, and then it could be built for either Linux or ESXi, so that seems beneficial for Linux users to have more drivers still being written for Linux.
  This is considered a legacy framework, and VMware is already phasing this out... see details on the new native driver framework
  This will be sad, as the native driver framework is proprietary, and it will likely no longer be possible to write your own drivers for ESXi, once vmklinux is gone, without purchasing the driver development tools at high $$$.
  Also, major enterprises are running ESXi on much of their hardware, so the incentive may go away for many manufacturers to release information or develop Linux drivers; they can just produce their binary ESXi drivers and be done with it.
16. Re:I'm dying of curiousity by cas2000 · 2015-03-05 10:56 · Score: 2
  
  if someone sees the terms of the GPL and then chooses not to use GPL-ed code, then that is the GPL working as intended. You're only supposed to use GPL code if you are willing to pay the licensing "fee", which is that your derivative work can only be distributed under the same terms.
  If you choose not to use GPL code, that's perfectly OK. That's not a bug in the GPL, it's an intended feature.
  vmware's fault is that they chose to use GPL-ed code while refusing to pay the license "fee". This directly harms not only their users (whose GPL rights to the derivative work they've bought from vmware have been infringed) and Christoph Hellwig but also everyone who has ever contributed in any way to the linux kernel, as those contributions were made with an expectation that any derivative work would only be distributed under the terms of the GPL.
17. Re:I'm dying of curiousity by cas2000 · 2015-03-05 11:02 · Score: 2
  
  no, it's not the mistake of a junior dev - it's quite clear that vmkernel is entirely based around the linux kernel, most of the code is linux with some changes and additions.
  either:
  1. they're recklessly ignorant about software licenses
  2. they're unable/unwilling to see the difference between BSD licensed code and GPL licensed code
  3. they thought they'd get away with it, either because they thought nobody would notice or because the legal costs of license enforcement would be prohibitive.
18. Re:I'm dying of curiousity by Paul+Jakma · 2015-03-05 18:03 · Score: 2
  
  Which means their own code depends heavily on the Linux code they've borrowed. Which, to my layman's understanding, likely means the resulting combined work is a derived work of the Linux code concerned, at least under US norms. Which means they would need to follow the GPL for *all* the code concerned. Alternatively, if they don't like that, they have the choice of not using the Linux code they don't own.
  My understanding is based on advice from US corporate counsel that I have dealt with. Corporate counsel gave us in engineering a rule of thumb that adding such dependencies on others' code likely introduced licensing issues (i.e. created a derived work).
  
  --
  I use Friend/Foe + mod-point modifiers as a karma/reputation system.
19. Re:I'm dying of curiousity by Paul+Jakma · 2015-03-05 18:12 · Score: 4, Insightful
  
  My understanding is that your description is inaccurate.
  Yes, they have implemented a number of Linux APIs in their own code. Additionally, they have sucked in bits of GPL Linux code that implemented bits of those APIs (i.e. NOT reimplemented, as WINE does). This is to allow ESXi to be able to re-use drivers from Linux, as you say. However, they didn't stop there, from what I understand. They also have ESXi use Linux GPL drivers.
  My understanding, from what I've read, is that ESXi didn't just re-implement Linux APIs. ESXi also heavily depends on GPL licensed Linux code, both in the partial-reimplementation of Linux APIs, and in sucking in Linux GPL drivers. The issue is this direct re-use of GPL code, and ESXi's heavy dependence on that GPL code. That dependence likely makes ESXi a derived work of the Linux GPL code, and as such it - in its *entirety* - must be distributed in accordance with the GPL.
  Alternatively, VMWare are quite free to not use code they didn't write and don't own, if they don't like the licence conditions.
  This is very different from what WINE does, and to characterise the situation as like WINE seems to be quite inaccurate.
  
  --
  I use Friend/Foe + mod-point modifiers as a karma/reputation system.
20. Re:I'm dying of curiousity by Paul+Jakma · 2015-03-05 20:28 · Score: 2
  
  The Software Conservancy FAQ has a diagramme giving an abstract of what they allege has been copied:
  http://sfconservancy.org/linux...
  With respect to the drivers, it seems they've copied SCSI, USB and network drivers. Christoph Hellwig holding copyright to at least some of the SCSI drivers concerned, in addition to core code VMWare are alleged to have copied to implement required APIs for the drivers.
  It seems you could give us a full list from an ESXi installation, if you wished, rather than just a selected driver (selected why?).
  
  --
  I use Friend/Foe + mod-point modifiers as a karma/reputation system.
More than curious, by piRSqrd · 2015-03-05 05:55 · Score: 2

I need to know if I should stop using VMWare.

--
I put the 'Physics' in 'Physical Attraction'
1. Re:More than curious, by pak9rabid · 2015-03-05 06:08 · Score: 4, Informative
  
  The answer to this should have been obvious 8 years ago when they:
  
  1. Made their management tools run on only Windows, shitting on the Linux community
  2. Deprecated VMWare Server 1.x (free and very functional) for VMWare Server 2 (free and barely functional)
  
  There are far better free alternatives out there nowadays if you're not managing a full-blown cloud infrastructure (see: LXC and KVM). And if you are, there's OpenStack.
2. Re:More than curious, by GerryGilmore · 2015-03-05 06:10 · Score: 2
  
  Of course not. Why would you even think that? If VMWare loses, which they should, IMO, all that will happen is that they'll either pay $$ to Christoph or just rewrite the offending sections. VMWare isn't going anywhere...
3. Re:More than curious, by ledow · 2015-03-05 06:50 · Score: 3, Informative
  
  Judging by the diagram, the "offending sections" are huge swathes of virtualisation-specific code that ESXi runs on, written or modified by VMWare.
  Being forced to open-source their largest software project is a quite conceivable (even if unlikely) outcome. Not everyone who has a part in the Linux kernel is going to accept "Here's some cash, ssshh, don't tell anyone we cocked up" compared to forcing them to open their code.
  VMWare accepted a (believed to be) legally binding agreement to open any code that modified or become part of the kernel under GPL licences to anyone who asked. You can't always buy your way out of such obligations with money, and the courts may well end up showing that.
  And that... that's gotta hurt the bottom line to have vast portions of ESXi available as open-source software.
4. Re:More than curious, by Cramer · 2015-03-05 09:50 · Score: 2
  
  FLASH based, through a web page. And it's a horrible mash of crap compared to the native client.
Interpreting these conditions by tepples · 2015-03-05 05:57 · Score: 5, Informative

The controversial part, as I understand it, is the difference in interpretation of a license's conditions. For example, the difference between an "aggregation" and a "combined work" in the GPLv2 confused at least one Slashdot user.
1. Re:Interpreting these conditions by Anonymous Coward · 2015-03-05 06:57 · Score: 2, Interesting
  
  To take that a step further, the GPL is largely untested in court.
  Mostly because every violator's lawyers have looked at it and said "Give up. There's no way we can win this in a court case. This thing is ironclad."
2. Re:Interpreting these conditions by hawkinspeter · 2015-03-05 07:01 · Score: 2
  
  This could be interesting as VMWare are most likely going to have to rely on the GPL being valid as otherwise they are not allowed to distribute that code, only their own code. So, presumably they need to show that the GPL is valid and that they are complying with it (which will be subject to interpretation).
  
  Users don't have to worry about the GPL as anyone is allowed to use GPL code however they like, but it's only when you distribute it that you come up against its restrictions.
  
  --
  You're a temporary arrangement of matter sliding towards oblivion in a cold, uncaring universe
3. Re:Interpreting these conditions by bmo · 2015-03-05 07:26 · Score: 2
  
  the GPL is largely untested in court.
  No it isn't. It's been tested at the federal level.
  Daniel Wallace tried to get the GPL declared invalid through stretching of legal concepts, and was thusly shown how stupid /that/ is.
  
  Wallace v. International Business Machines Corp.
  From Wikipedia, the free encyclopedia
  Wallace v. International Business Machines Corp. et al., 467 F.3d 1104 (7th Cir. 2006), was a significant case in the development of free software. The case decided, at the Court of Appeals for the Seventh Circuit, that in United States law the GNU General Public License (GPL) did not contravene federal antitrust laws. Daniel Wallace, a United States citizen, sued the Free Software Foundation (FSF) for price fixing. In a later lawsuit, he unsuccessfully sued IBM, Novell, and Red Hat. Wallace claimed that free Linux prevented him from making a profit from selling his own operating system.[1]
  And this quote from the decision shows that the courts completely understand the values behind the GPL and copyleft.
  From the 7'th Circuit decision of the Wallace vs. IBM appeal:
  
  http://www.internetlibrary.com...
  People may make and distribute derivative works if and only if they come under the same license terms as the original work. Thus the GPL propagates from user to user and revision to revision: neither the original author, nor any creator of a revised or improved version, may charge for the software or allow any successor to charge. Copyright law, usually the basis of limiting reproduction in order to collect a fee, ensures that open-source software remains free: any attempt to sell a derivative work will violate the copyright laws, even if the improver has not accepted the GPL. The Free Software Foundation calls the result âoecopyleft.â
  And notice the subsequent utter silence from Darl and the lawyers at SCO, who were jumping up and down about the so-called unconstitutionality of the GPL. Among other things.
  The validity of the GPL is now settled law.
  but any element of it that is reasonably subject to interpretation can be interpreted any way you like
  This is why you aren't a lawyer.
  --
  BMO - not a lawyer, but someone who doesn't agree with people who think that lawyers perform magic. They don't.
Re:Silly people by Mikawo · 2015-03-05 06:03 · Score: 4, Informative

After skimming the GPLv2, found under section 3:

For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable.
Seems like it includes building and installation to me.
Here's a suggestion for a verdict by Opportunist · 2015-03-05 06:07 · Score: 4, Interesting

Anyone found in willful and deliberate violation of the GPL showed that they have no interest in copyright or its protection. Hence they implicitly and irrevocably agree that they will not pursue anyone violating their copyright.
That should take care of this pretty quickly. You don't even have to look for GPL violations in products anymore, corporations will do that for you in the products of their competitor, hoping to kick them out of the market that way.

--
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Installation on what machine? by tepples · 2015-03-05 06:17 · Score: 2

But does it include "compilation and installation" on the end user's machines, or only on developer hardware available only to a select few? The latter interpretation leads to the Tivoization loophole in the GPLv2. GPLv3 tightened this by defining "Installation Information", its counterpart to GPLv2's "scripts used to control [...] installation", to require that execution be possible "in that User Product" if the work is designed for a consumer platform.
1. Re:Installation on what machine? by TemporalBeing · 2015-03-05 06:59 · Score: 2
  
  But does it include "compilation and installation" on the end user's machines, or only on developer hardware available only to a select few? The latter interpretation leads to the Tivoization loophole in the GPLv2. GPLv3 tightened this by defining "Installation Information", its counterpart to GPLv2's "scripts used to control [...] installation", to require that execution be possible "in that User Product" if the work is designed for a consumer platform.
  Well, having used VMware Workstation 8 and 9, I can was able to download and modify the Linux drivers provided by VMware, necessary to fix some kernel related bugs (http://clocksmind.blogspot.com/2013/04/vmware-workstation-8-and-linux-kernel-38.html) as kernels changed over time but VMware simply didn't keep up with compatibility.
  
  So frankly, I'm a little surprised but then, may this is for a different edition or something.
  
  --
  Truth is like the sun. You can shut it out for a time, but it ain't goin' away. - Elvis Presley (source: imdb.com)
2. Re:Installation on what machine? by mysidia · 2015-03-05 10:31 · Score: 2
  
  Well, having used VMware Workstation 8 and 9, I can was able to download and modify the Linux drivers provided by VMware, necessary to fix some kernel related bugs
  I don't think the lawsuit is over vmware tools. VMware provides source code to most of the VMware tools components; often they are installed by building the source code.
  The VMware hypervisor includes a special management Virtual Machine run by the vmkernel which uses Busybox.
  They do not include the source code for Busybox. However, there is a written offer for customers to request source code on CD for the product you purchased, valid for 3 years after you purchased the software product from VMware, by sending a request to an address given of VMware General Counsel, Attn: Open Source Files Request.
  Versions of ESXi prior to 5.5 supported an architecture for drivers called vmklinux; essentially, the VMware kernel supported a framework compatible with Linux drivers ---- you could compile Linux drivers from source code and load them into the vmklinux system. ESXi5.5 introduced a new thing called Native Drivers, but they still support the Linux kernel driver SDK. There is no Linux kernel code, other than drivers themselves, however, they have only copied the Kernel driver API interfaces.
Re:GPL is about control, not freedom by CAPSLOCK2000 · 2015-03-05 09:36 · Score: 2, Insightful

It is about freedom, just not the freedom of the programmer. It's about the users. Freedom is not an absolute condition, it's always a balance the rights of various stakeholders. The cliche is that my right to swing my fist ends where your nose begins. Most software licenses restrict the rights of the users in favour of the programmer. The BSD licenses are vary liberal but they only focus on programmers that want to use the code. As a user you don't know anything about your rights if code is based on BSD code. Usually its 'free', but there is no guarantee. The programmer has no obligation to the user. The GPL is about giving assurances to users. If software is based on GPL code the user knows for sure that he will be able to get the code and use it.