Slashdot Mirror

← Back to Stories (view on slashdot.org)

How Ubiquiti Networks Is Creatively Violating the GPL

Posted by Soulskill on from the violating-it-in-the-normal-way-is-passe dept.

New submitter futuristicrabbit writes: Networking company Ubiquiti Networks violates the GPL, but not in the way you'd expect. Not only did the kernel shipped in their router firmware not correspond to the sources given, but their failure to provide the source led to a vulnerability they created being unpatched long after its disclosure. They're maintaining the appearance of compliance without actually complying with the GPL.

136 of 225 comments (clear)

  1. It's rape Jim, but not as we know it by Anonymous Coward · · Score: 1, Insightful

    The GPL was violated. Doesn't matter how they did it.

    1. Re:It's rape Jim, but not as we know it by Anonymous Coward · · Score: 1

      The GPL is rape in license form. Viral infection of the GPL sounds like an STD left behind by a rapist.

      Sure. Now go grow your own STD (or BS), don't use ours. You aren't gonna pull a Montsanto on GPL software.

    2. Re:It's rape Jim, but not as we know it by Anonymous Coward · · Score: 2, Interesting

      Yeah, we should all be using closed source shit and live hapily in laa-laa land. Or we could use BSD kind of licenses, create software for free and pay money to get closed source shit back. Wohoo!

    3. Re:It's rape Jim, but not as we know it by maligor · · Score: 5, Interesting

      Yet another brand of router to avoid.
      At least unless there's DD-WRT or something for the hardware, I won't buy one that isn't supported by real open-source software (even if I stick with their router SW).

      DD-WRT is hardly a posterchild of open router software, they extensively use binary drivers in their releases, especially on the BCM platform.

      OpenWRT is what you want as a baseline.

    4. Re:It's rape Jim, but not as we know it by Coren22 · · Score: 4, Insightful

      Actually, their stuff is lightyears ahead of most of the 802.11 stuff you can buy for home use (as it is enterprise grade) while being in the same price range.

      That however does not give them an excuse to violate the GPL and just ignore the terms of the agreement.

      I hope they realize the error of their ways and fix the issue before they have to be sued into oblivion.

      --
      APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
    5. Re:It's rape Jim, but not as we know it by ClickOnThis · · Score: 4, Informative

      The GPL is rape in license form. Viral infection of the GPL sounds like an STD left behind by a rapist.

      The GPL may be viral, but to correct your metaphor, the only way to catch it is via consensual intercourse with GPL source. There's no rape going on.

      --
      If it weren't for deadlines, nothing would be late.
    6. Re:It's rape Jim, but not as we know it by mark-t · · Score: 4, Informative

      The GPL is just the terms and conditions that you have to agree to in order to have permission to copy the work, and in particular, to create derivative works from it. The GPL can do this because stuff put under it is copyrighted, and you need the copyright holder's permission to make copies of copyrighted works outside of what would have ordinarily been considered fair use in the first place.... all the GPL does is outline the terms you have to agree to in order to receive such permission. If you don't want to comply, there's no permission given in the first place, so there's actually no unwanted viral aspect to it at all. If the terms are simply disagreeable to you, you may, at your option, try and contact the copyright holder to obtain alternate licensing arrangements for your special case, but the copyright holder is no more obligated to give anyone such permission than Paramount is obligated to give anyone permission to make their own for-profit Star Trek film.

      --
      File under 'M' for 'Manic ranting'
    7. Re:It's rape Jim, but not as we know it by dargaud · · Score: 2

      Don't like the license ? That's absolutely fine. But then don't use it and write your goddamn operating system FROM SCRATCH !

      --
      Non-Linux Penguins ?
    8. Re:It's rape Jim, but not as we know it by Shakrai · · Score: 5, Funny

      It can't be rape; the router has ways of shutting itself down when that happens.

      --
      I want peace on earth and goodwill toward man.
      We are the United States Government! We don't do that sort of thing.
    9. Re:It's rape Jim, but not as we know it by whh3 · · Score: 1

      After significant experience deploying embedded wireless routers, I've always been impressed with their physical manufacturing. Their outdoor devices are extremely resilient to weather and the casing generally seals as designed. They do operate at a pricepoint above average consumer grade hardware. What's more, and this was always more important to me, their hardware is extremely well supported by OpenWRT. In fact, the OpenWRT derivative I used was frequently cited by Ubiquiti itself -- it seemed like they were happy to promote the fact that their OS was not the end all be all.

      Which makes news like this all the more disappointing to me. I consider abiding by the GPL to be a very important part of user (corporate) responsibility and do not tolerate violations.

      As another poster said, just another company to scratch off my list.

      --
      remove nospam. to email!
    10. Re:It's rape Jim, but not as we know it by Enter+the+Shoggoth · · Score: 1

      Replying to undo a mod I didn't select... fuck what is it with slashdot these days.

      --
      Andy Warhol got it right / Everybody gets the limelight
      Andy Warhol got it wrong / Fifteen minutes is too long.
    11. Re:It's rape Jim, but not as we know it by khellendros1984 · · Score: 3, Insightful
      Wait. Are you talking about software or hardware? A laptop, tablet, smartphone, activity tracker, or smartwatch is a piece of hardware. All of those things can, and often *do* have a core of open-source software that they're built around. Hardware is much more difficult to manufacture than software is. If someone sends me the appropriate source code, I can get a working product by typing a few things in on my keyboard. If someone sends me hardware design files, I suppose that I'd either have to buy a FPGA of the appropriate size and speed for the hardware or I'd have to start talking to chipfabs about the 1-device manufacture run that I'd like them to undertake.

      Hardware and software are apples and oranges. Although it would be convenient if open hardware were as easy to make as open software, it's not.

      Fact is restrictive open source isnt producing innovation

      I've never felt restricted by open-source software. The problem has always been closed systems, for me. Although, I suppose that the licensing issues go to the back of your mind anyhow when you've got a system that won't do what you want, and there is no way for you or anyone else but the vendor to fix it.

      --
      It is pitch black. You are likely to be eaten by a grue.
    12. Re:It's rape Jim, but not as we know it by khellendros1984 · · Score: 1

      No they are not, they are a combination of hardware and software

      But we *have* open software to run on those. That just leaves the hardware that you could be talking about.

      Yes, like the Linux kernel. But there isnt much you can do with just that.

      Well, and the entire rest of the OS, if you don't count some of the drivers and firmware (which require either reverse engineering or published hardware specs from the manufacturers to implement openly).

      But where is the free software (let's exclude the hardware component for a minute) version of these products?

      Well, again, aside from BIOS/firmware and some drivers if I want all my hardware's features to work, it's here. We don't just have a kernel, we have full general-purpose OSes.

      My point is that the idea that everybody should ditch closed source and proprietary software in favor of FOSS is misguided because FOSS doesn't have all the answers.

      ...And if the closed/proprietary software were to be open, then FOSS *would* have all the answers. As far as I can tell, that's the end goal of "the movement".

      Sorry I mean restrictive open source (GPL) as opposed to permissive open source (BSD, et. al).

      So did I. I see GPL-like licenses as being more protective than restrictive. They protect my access to code derived from the projects that are licensed that way. It's just a matter of perspective. I don't *want* to take someone else's open source code and make a closed-source derivative product. Until we have non-eternal copyright terms, I wouldn't really want to see someone *else* doing that either.

      Proprietary and Free software work together to produce innovative products but there are a lot of absolutists with very limited vision that seem to think FOSS is the answer to everything.

      I can see the benefit of a system where proprietary software is closed for a period of time, in order to encourage development of new technology, and then made open to enrich the public as a whole. I don't see that happening, so out of practicality, I'll accept closed/proprietary software and hardware as a stopgap. It does the job right now, and I'll just buy the next-available closed system when my current one doesn't have the functionality that I need.

      --
      It is pitch black. You are likely to be eaten by a grue.
    13. Re: It's rape Jim, but not as we know it by cthulhu11 · · Score: 1

      I bought one for home based on glowing recommendations from someone at my previous employer. Managing the WAP was a pain, a proprietary app launching a web interface or something, unique to each firmware version. The release firmware seemed to never be updated, there were occasional betas if you knew where to look. My unit became very flaky, I sent it in under warranty and it took several months for them to send a replacement, they claimed they didn't have any stock! The last straw was realizing that the thing didn't even do 5GHz. The recommender was like oh you didn't buy the $300+ Pro model? Yeah no, trucks don't drive up and spill cash at my doorstep. Gave it away and bought an ASUS.

    14. Re:It's rape Jim, but not as we know it by Coren22 · · Score: 1

      If they correct the issue after this, would you consider penciling them back in? :)

      If you have better suggestions of units that act as APs and can do bridging (for the Bluray downstairs), I am all ears.

      --
      APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
    15. Re:It's rape Jim, but not as we know it by bhiestand · · Score: 1

      Any chance you can link to some tests/reviews of their claims?

      Not the AC, and too lazy to google this again, but I was going to post the same experience with ZH. They announced support for zero hand off when it was in ages, never got it working well, and seem to have given up on it.

      The basic idea was "set all APs to use the same channels, then clients will just use the strongest signal". Of course, even after hours of research and trying to fix the configs, clients lost connection when physically walking around. And if they managed to find a spot where the signals were similar, they could get some really fun rapid switching between APs.

      --
      SWM seeks new sig for a brief fling
  2. But... by Gription · · Score: 3, Funny

    Isn't outing a manufacturer over product issues more of a Twitter thing?

  3. Ubiquiti Networks by WillRobinson · · Score: 2

    Interesting, I have been looking at their WISP stuff for awhile, and one thing I liked was they were using lots of COTS and open source software. Funny I would not want to publish my code either, as apparently it was buggy, they would have been lash wipped by Linus!

    1. Re:Ubiquiti Networks by TheCarp · · Score: 2

      If you are so embarassed by your code as to not want to publish it, might I suggest you SHOULD be too embarassed to sell products based on it or otherwise distribute it in binary form.

      --
      "I opened my eyes, and everything went dark again"
    2. Re:Ubiquiti Networks by Anonymous Coward · · Score: 1

      If you've written any significant amount of code and never made an embarrassing mistake that ended up in a release... well, you don't exist and therefore I'm not talking to anyone and should stop rambling on...

      Realistically, it's probably just a screw up by some employees who were either pressured by a deadline, didn't know better, or weren't trained properly (or a process failed after someone who had set it up, later left the company under non-ideal circumstances). Stuff like this happens all.the.time. Find it, fix it, put polices and procedures in place to prevent it, (and take care of the legal consequences of your screw-up), then move on.

    3. Re:Ubiquiti Networks by MtHuurne · · Score: 1

      Funny I would not want to publish my code either, as apparently it was buggy, they would have been lash wipped by Linus!

      Linus will only rant at bad code being submitted to the kernel mailinglist for integration into the mainline kernel. If you publish code on your own website, he's not even going to look at it.

    4. Re:Ubiquiti Networks by TheCarp · · Score: 1

      Oh my code is embarassing as shit, don;'t get me wrong on that point. However, most code is a bit of a mess and a lot of it is not terribly well organized. So if yours is so much of a mess that it is actually the reason you don't want to release it (rather than a philosophical disagreement with open source/free software, which while i don't share, I do understand), then maybe basing products around it is something you should at least think twice about.

      And thats before even getting to how its no excuse for vipolating the license.

      However, I think you are actually right. This is very likely a simple screw up, and its of exactly the type I see all the time when you have people working towards deadlines and manual processes. I would almost bet you dollars to donuts that somewhere there is an email that was the only instruction a guy got that poorly outlined how to package it all up, which left out half the details or wasn't updated between its first version and when development changed their paths.

      Seriously, I could totally see this sort of error as a simple fuckup. My only objection here is to the proposition made by others that it might be intentional due to the state of the code, because, that just doesn't fly in any good way for them in this situation.

      This DOES however look like exactly the sort of error you get from bitrot in documentation for manual processes though.

      --
      "I opened my eyes, and everything went dark again"
  4. What? by gstoddart · · Score: 2

    And in what way is this not how I'd expect?

    Sleazy corporation skirts around rules, film at 11.

    --
    Lost at C:>. Found at C.
    1. Re:What? by NoNonAlphaCharsHere · · Score: 4, Insightful

      Probably more like "Docs out of date with production code, film at 11".

  5. edgerouter.. by bored · · Score: 1, Interesting

    I have the edgerouter POE, which is a fantastic piece of hardware, but it still doesn't support proper vlan tagging controls on the embedded switch ports. A feature I would add myself but the hardware isn't open enough to do it without a lot of reverse engineering.

    So, this makes me wonder if they are sort of stuck between stupid hardware companies and the GPL. They may not be able to publish changes to the open source products without violating their NDAs with the manufactures of assorted chips/etc they use.

    I'm not trying to defend them, just point out a situation I've found myself in. GPL software is great for bootstraping a project, but for some of these platforms it can be a real PITA. I feel for small companies like Ubiquiti. But I'm pretty irritated by Sony, broadcom, cisco, etc which are also playing the same game.

    1. Re:edgerouter.. by gstoddart · · Score: 5, Insightful

      So, this makes me wonder if they are sort of stuck between stupid hardware companies and the GPL. They may not be able to publish changes to the open source products without violating their NDAs with the manufactures of assorted chips/etc they use.

      You know, that's a self-inflicted problem, and not deserving of sympathy.

      Either you run closed source stuff and write your own stuff, or you comply with the GPL.

      It's a bummer if a small company got themselves into a predicament. But, nobody cares.

      I know you're not defending them, but honestly if a company decided it wanted to steal someone else's code and not play by the rules of the GPL, that's their own damned problem.

      From the sounds of it, they knew damned well they were not compliant.

      --
      Lost at C:>. Found at C.
    2. Re:edgerouter.. by awing0 · · Score: 1

      I just (as in this morning) ordered a pair of radios from them for a point to point link. Can anyone recommend good competitors for ubiq's point to point radios?

      --
      Cthulhu Saves.
    3. Re:edgerouter.. by caseih · · Score: 1

      I haven't anything at that price point. I gave half a dozen their point to point devices and they rock. I get a full 100MBs over about 800 feet. I'm very happy with them. Hope this issue with the kernel source gets sorted out. They seem like a good little company and they have good affordable hardware.

      A local wireless ISP in my area uses their equipment exclusively. Works very well.

    4. Re:edgerouter.. by SuiteSisterMary · · Score: 1

      At that price point, and in that space? Cambium ePMP.

      --
      Vintage computer games and RPG books available. Email me if you're interested.
    5. Re:edgerouter.. by Grishnakh · · Score: 2

      There's ways around the NDA problem: put that code in a separate place where it interfaces with GPL code, but does not require actually modifying the GPL code with anything NDA-tainted, for instance. If you can't figure out how to do that, then you really have no business working with this stuff. Or just use a proprietary OS like VxWorks.

    6. Re:edgerouter.. by Grishnakh · · Score: 1

      I've never actually heard of any BSD derivative used in a small, embedded system. Usually the choice is between Linux (on ARM or MIPS or maybe ppc) and a proprietary RTOS like VxWorks or QNX. There's probably a reason for this.

    7. Re:edgerouter.. by Grishnakh · · Score: 1

      They're violating the license agreement. That code is copyrighted, and is only provided to you under the conditions stated in the GPL license, which govern how that code is distributed, and in a nutshell requires you to make the source code available to any changes you distribute to anyone in binary form (i.e., in products you sell which use that code). If you refuse to follow the terms of that license, then you automatically have no right to use the code at all, and are now in violation of copyright. If you don't like the terms of this license, you're free to not use the software, and find an alternative or make your own.

    8. Re:edgerouter.. by Anonymous Coward · · Score: 1

      >They stole code?

      Yes. As a purchaser of Ubiquiti's GPLed products, you have a right to the source code for the GPLed software running on them. They refuse to provide this. It is stealing much the same as I give you $20 for a 10 pound sack of potatoes and a recipe for potato soup (as advertised the potato soup is complete, tasty and wholesome), and you just give me the potatoes and a scrap of paper that says "Recipe: Put potatoes in water and hope a soup happens" (the results of which are nothing like the soup advertised nor anything like the soup you sampled from their company). You also and refuse to give me the full recipe (which it is now obvious I'm missing), nor do you offer my money back. You owe me $20 for busting a deal. In this case, Ubiquiti owes their customers a refund for refusing to provide source code as advertised.

      It is theft of money and fraud.

      >So they deprived all other people of the Linux kernel code?

      No. Ubiquiti is partially using linux code, and partially using their own code, all of which is licensed under the GPL. The Ubiquiti code is not provided. Whether that *also* counts as stealing is an academic issue. However, we've already proven Ubiquiti owes their customers money or code. Not providing either is theft and fraud.

      Just as in my potato example someone would say "stolen recipe" as a shorthand for "Fraudulent transaction involving missing goods", one could easily say "stolen code" and not only be understood, but not violate the maxim of "pirating =/= stealing" which I believe you're alluding to.

    9. Re:edgerouter.. by Coren22 · · Score: 1

      Here is what they did, with Windows replacing Linux:

      They downloaded Windows 8, cracked the licensing mechanism, then redistributed the software on their own hardware. When someone pointed out to them that what they did is against the law, they ignored the request to rectify the situation.

      Would this be illegal? How is it different when it is a piece of GPL software?

      --
      APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
    10. Re:edgerouter.. by BronsCon · · Score: 1

      Can you download the kernel code used by Ubiquiti? If so, please tell me where. If not, well... Under the GPL, that source code is the property of anyone to whom they distribute a product that makes use of the code in any format (including binary) and they've simply stolen that code from those people. Personally, I think it's silly to call it stealing, as well, but that's effectively what the GPL does in these instance. It's not right, but it's not stealing, either.

      --
      APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
    11. Re:edgerouter.. by loonycyborg · · Score: 1

      No, it's not GPL that is PITA but closed specs and NDA requirements. They're PITA no matter whether you're using BSD or GPL. So who cares if GPL prevents you from doing things in lawyer approved OCD way those companies want? It just won't work. At most you'll end up with some BLOB nobody maintains and which gets obsolete within a year.

    12. Re: edgerouter.. by bill_mcgonigle · · Score: 1

      photocopiers often run ancient unpatched versions of BSD.

      --
      My God, it's Full of Source!
      OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
    13. Re:edgerouter.. by Grishnakh · · Score: 1

      The big difference here is the DMCA, which makes it illegal to crack the licensing mechanism like this; this makes the action in your scenario a crime.

      Violating the GPL is not (AFAIK) a crime, it's a tort, just like any normal copyright violation. The party harmed has to sue for damages.

    14. Re:edgerouter.. by adri · · Score: 1

      The reason is because the manufacturer gives you some old version of linux that they have included as their "base" reference design OS, and .. people just build on that.

      It's purely inertia.

    15. Re:edgerouter.. by Grishnakh · · Score: 1

      That doesn't sound right. If everyone were just using Linux, that would make sense, but they're not, they're also using QNX and VxWorks and some other RTOSes. Manufacturers are not giving anyone reference designs with proprietary RTOSes, so any company choosing those is doing so for a specific reason (probably they want lower resource-usage than Linux can achieve). If so many companies can do this, some would also be choosing BSD. But that doesn't seem to be happening, so I would think this is probably because BSD can't compete at all with the RTOSes in terms of resource usage, and doesn't offer enough over Linux to bother with it.

    16. Re:edgerouter.. by orasio · · Score: 1

      So it's not stealing. It's something else.

      And you might want to get your analogy checked, I don't thing it holds. Maybe if it was potato soup + recipe or something like that. In any case, no need for analogies. It's easier to get it without them.

      They are not stealing anything from anyone. The users didn't have any source to begin with, for example. They are not entitled to the source. The problem lies in the other end. Ubiquiti is licensing some code, and not complying with the license, by not providing source. This means they are not covered by the license.

      This is plain, simple, copyright infringement. Not stealing, something else. And when you do it for profit, most people agree it's a bad thing. At least in the current context.

  6. Re:Unexpectedly expected? by Anonymous Coward · · Score: 3, Funny

    I was expecting three things: fear, surprise, ruthless efficiency, and an almost fanatical devotion to the Pope.

  7. Get your razor out by NotFamous · · Score: 2

    Never attribute to malice that which is adequately explained by stupidity.

    --
    Some settling may occur during posting.
  8. Get your axe out by Lead+Butthead · · Score: 3, Insightful

    Never attribute to malice that which is adequately explained by stupidity.

    Never attribute to stupidity when it's a habitual offender.

    --
    ELOI, ELOI, LAMA SABACHTHANI!?
    1. Re:Get your axe out by Coren22 · · Score: 1

      Habitual? Do you have links to other instances? Also, how exactly are they not complying? My understanding was that compliance in this case requires that they offer up the source code for whatever they use. If they then make changes, there is no requirement to post their changes as well.

      --
      APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
    2. Re:Get your axe out by gstoddart · · Score: 3, Interesting

      No, modifying the code means you have created a derivative work and need to release those code changes to anybody using it.

      Which is what the license has said for at least 20 years.

      There is no provision to make changes to GPL code and not release it.

      If you have an application which is only ever inside your corporate firewall, it's unlikely the people in accounting will want to see the source code. But you sure as hell can't modify it, build a product around it, and then not release those changes.

      Your understanding is wrong.

      --
      Lost at C:>. Found at C.
    3. Re:Get your axe out by Anonymous Coward · · Score: 2, Informative

      GPL requires that you provide complete source code to binaries you distribute that are derived from that source code. That includes any changes that you have made and code you have added.

      So either you get a head start from the existing code and then share your changes. Or you write it all yourself. Pretty straight forward tradeoff.

    4. Re:Get your axe out by gmack · · Score: 4, Informative

      The GPL is designed to avoid the "What's yours is mine and what's mine is mine" scenario where someone uses the code +their changes to always stay one step ahead of the free version and so the GPL requires that they hand over the full source with any changes they made that were used to build whatever product they shipped. If they made changes to the GPL code that were included in the shipped product, they must publish those changes. On the other hand, if they made changes they did not ship with any product(internal releases etc), they are under no obligation to release those changes.

      In this case, they are not shipping all of the changes they made to their source code that was used to build their firmware so that is a clear violation of the GPL.

    5. Re:Get your axe out by Coren22 · · Score: 1

      Thank you for your polite response (unlike the three above you). I was asking a question and you answered it. I unfortunately can't bring up the link in TFS, as it is blocked by the corporate firewall, so I can't see what they did.

      I don't routinely deal with GPL code beyond just use, so am unfamiliar with the inner workings of the GPL.

      Thank you again.

      --
      APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
    6. Re:Get your axe out by linuxrocks123 · · Score: 1

      To be fair, stupid people act stupidly on a fairly regular basis.

      --
      vi ~/.emacs # I'm probably going to Hell for this.
    7. Re:Get your axe out by Grishnakh · · Score: 1

      I'm not trying to be rude, but this isn't some kind of secret, nor some obscure "small text" in the GPL license, it's the entire reason for the GPL. If you use GPL code at all, it's good to understand the license at a very basic level; furthermore, the GPL license itself is very simple as far as licenses go, and was intentionally designed that way because it's meant for developers and users, not lawyers to argue in courtrooms for $$$/hour. It's simple: if you're given access to GPL code by its copyright owner, you're allowed to distribute that to others, with the one condition that you must also give those people access to the source code for any changes you make that are in the binary you give them. Since almost all GPL code is freely-available on the internet, that just means it's free to use and modify, but if you do modify it and give that to someone, you have to give them the source too. That way, you can't make critical changes, keep them secret, and profit from that secrecy (or just make people's life harder by them not being able to see how it works). The whole idea is to promote sharing and discourage secrecy.

    8. Re:Get your axe out by Anonymous Coward · · Score: 1

      You post could be clearer, you are using "release" in a manner confusing to someone not familiar with software licensing. The key element is (re)distribution.

      If you make changes to GPL code, and distribute the result, you need to release the source code to your changes as well.

      But if you don't redistribute the changed software, you aren't required to release anything to anyone.

      In this case though, the seller was redistributing the software, and that's why they need to publish changes. It's the redistribution that requires them to do so, not simply the usage of it.

    9. Re:Get your axe out by Coren22 · · Score: 1

      I was thinking of commenting on the copyright issues with posting the full text of the post, then got to the bottom where he actually says feel free to report my stuff :) pretty cute there.

      Interesting what they are doing, it does sound much worse than what I understood from the summary. I wonder if enough attention being brought to this may help the developers in Ubiquiti to understand what they are doing to maybe fix it. I like Ubiquiti's equipment, as they make great hardware that "just works", I replaced a dual band wireless router from Netgear with one of their single band 802.11 N APs, and have been very happy with the device so far, I would hate to see the company get sued into oblivion because of stupid decisions like this.

      Hopefully the issue can be resolved to the satisfaction of all parties involved.

      --
      APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
    10. Re:Get your axe out by Holi · · Score: 2

      Still think you should cite your source, otherwise its just pure plagiarism.

      --
      Sorry, teleporters just kill you and then make a copy. A perfect, soul-less copy.
    11. Re:Get your axe out by cHiphead · · Score: 1

      My understanding was that compliance in this case requires that they offer up the source code for whatever they use. If they then make changes, there is no requirement to post their changes as well.

      Your self proclaimed understanding was incredulously incorrect and shows that you did not actually have an understanding of the GPL. Playing to some niceties of politeness when you yourself are bullshitting is less than honest, sir. You asserted understanding that was false. No need to get upset when someone attempts to correct your assertion.

      Have a nice day.

      --

      This is my sig. There are many like it, but this one is mine.
    12. Re:Get your axe out by Coren22 · · Score: 1

      The source is the linked article in the summary.

      --
      APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
    13. Re:Get your axe out by Coren22 · · Score: 1

      Um, how is that me hating on Stallman? The guy made a tasteless joke about Stallman and I poked him for not posting anonymous and suddenly I think Stallman is a terrible person?

      And to respond to cHiphead, I clearly stated that it was my understanding of the GPL, I am no lawyer, nor do I deal with software licenses on a daily basis, I am a user of GPL software (as in I have a couple Linux servers at home), I am no zealot on either side, and was saying thank you to the one person who didn't use personal attacks, but I guess it is too much to ask for people to be civil in an online conversation.

      --
      APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
    14. Re:Get your axe out by Coren22 · · Score: 1

      I didn't post anything, I made an assumption as to what it was in reply to (my company blocks the link, what was the problem). I don't post AC, I put my handle on every one of my posts.

      --
      APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
  9. BroadBand HamNet by Rufty · · Score: 1

    How will this impact BroadBand HamNet (formerly HSMM) which mainly targets Ubiquiti hardware, and obsolete Linksys stuff?

    --
    Red to red, black to black. Switch it on, but stand well back.
    1. Re:BroadBand HamNet by bradvoy · · Score: 1

      In the short term it shouldn't have much effect on BroadBand HamNet because the BroadBand HamNet project replaces Ubiquiti's proprietary software with software based on OpenWRT. In the longer term this could help BroadBand HamNet. If this results in Ubiquiti releasing the source to their software, that could make it easier for the OpenWRT and BroadBand HamNet developers to add additional features/performance/reliability to their builds that target these devices.

  10. Official build systems ... by perpenso · · Score: 1

    Never attribute to malice that which is adequately explained by stupidity.

    Raise your hands if you have ever worked somewhere where there was an official build system and most developers did not get matching binaries from their development systems.

    1. Re:Official build systems ... by gstoddart · · Score: 4, Insightful

      Dude, this isn't binaries which have different checksums. This is binaries which don't in any way correspond to the code they provided.

      This is a case of any sufficiently advanced incompetence is indistinguishable from malice.

      They're either grossly inept, or knew damned well what they were doing.

      --
      Lost at C:>. Found at C.
    2. Re:Official build systems ... by Rufty · · Score: 4, Funny

      They're either grossly inept, or knew damned well what they were doing.

      NB, these options are not mutually exclusive.

      --
      Red to red, black to black. Switch it on, but stand well back.
  11. Re:And this is why corporations don't trust the GP by danbob999 · · Score: 1

    So you are saying that corporations don't trust the GPL because they do not comply with the GPL? Seems like an easy fix isn't it?

  12. Re:And this is why corporations don't trust the GP by gatkinso · · Score: 1

    What's not to trust? Either you use the GPL code knowing full well the ramifications of doings so... or you Write It Yourself.

    --
    I am very small, utmostly microscopic.
  13. Re:And this is why corporations don't trust the GP by Holi · · Score: 1

    Why because they want to steal other peoples work? It's a fucking copyright violation regardless of it's GPL status.

    --
    Sorry, teleporters just kill you and then make a copy. A perfect, soul-less copy.
  14. Re:And this is why corporations don't trust the GP by Anonymous Coward · · Score: 1

    Yeah, really odd that. They don't trust the GPL because they can get into trouble when ignoring the license of someone else's code.

    Unlike Microsoft...

    Uh...

    Well, I guess corporations don't trust EULAs or ToS either, then.

    Right?

  15. Re:Unexpectedly expected? by Archangel+Michael · · Score: 3, Funny

    that is four things ...

    --
    Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
  16. Re:This issue is why people are leaving... by danbob999 · · Score: 2

    This issue is why people are leaving... the GPL and going to BSD, MIT, others.

    Last time I checked, WiFi routers are still full of GPLed software such as Linux, u-boot and busybox. What's the BSD or MIT alternative? The only manufacturer selling BSD-based routers I know is Apple. I don't think companies such as Linksys, Netgear or TP-Link have the resources to develop their own OS. It's either they use Linux and comply with the GPL, or pay for a proprietary alternative.

  17. Re:And this is why corporations don't trust the GP by gstoddart · · Score: 4, Insightful

    Sad, but true.

    Sorry, but what?

    Nobody forced the company to use GPL stuff. Nobody forced them to build a product around it.

    That they failed to comply with their obligations under the license is their own damned problem.

    Use the GPL stuff, don't use the GPL stuff .. it's your choice. But if you choose to use the GPL stuff, you don't get to piss and moan that you don't want to live by the license.

    Corporations aren't entitled to use GPL code and not adhere to the license. It's not a situation in which you can just decide how you'll interpret releasing the code.

    These corporations which don't trust the GPL are entirely free to piss off and write their own code, or start with something like BSD which says "go ahead, do whatever you want with it".

    --
    Lost at C:>. Found at C.
  18. Re:Unexpectedly expected? by Anonymous Coward · · Score: 1

    that is four things ...

    https://www.youtube.com/watch?v=vt0Y39eMvpI

  19. Re:And this is why corporations don't trust the GP by ClickOnThis · · Score: 2

    So you are saying that corporations don't trust the GPL because they do not comply with the GPL? Seems like an easy fix isn't it?

    This.

    It isn't the GPL that has earned distrust here. It's Ubiquiti Networks.

    --
    If it weren't for deadlines, nothing would be late.
  20. its pobably less of a conspiracy. by nimbius · · Score: 2

    Dev: we moved to new Gentoo servers over the weekend and the script that exports builds is broken. it dies trying to get to the compliance server
    Ops: we shut that thing down, its ancient and would take too much time to patch for heartbleed. besides it only hosted an FTP server with some open source code. use the new server, USCMPSRV013435 to sync the GPL code outside the firewall
    PHB: NO DONT i read an article on how GPL code is viral and also Edward Snowden stole Wikileaks 6 months ago from chinese hackers in the presidents internet.
    Ops: er...okay...sooo....the last data up there is what we restored from old sparky...
    Dev: oh dear thats ancient....we had to patch new GPL'd code into the product to get ipv6 to stop crashing

    --
    Good people go to bed earlier.
    1. Re:its pobably less of a conspiracy. by Anonymous Coward · · Score: 1

      According to one person, who seems to be pissed off by Ubiquiti. I'd like less generalization and more specifics (code examples, dates, method and content of contact and response, etc) before getting out the torches and pitchforks. Even then it's likely just a screw up or oversight on Ubiquiti's part. If so, they need to fix it and resolve any legal issues resulting from it, but they don't necessarily need to be attacked and strung up over it. Given the options, I've actually come to prefer their equipment to the competition so far, but still evaluating.

      The author of TFA REALLY comes across as someone with a major axe to grind. Anyone or any company can be accused of or sued for anything at any time, but instead of saying the company has faced accusations of certain things we get "the company has a dark history of..." Seriously? Oh and from one of those terrible "dark history" links:

      "This is a major victory for Ubiquiti and a validation of its business practices."

      Are you sure this person didn't just get fired from Ubiquiti last month or something? Or maybe they work for a competitor and as part of their competitive analysis they came across this and decided to milk it for all the negative publicity it's worth? It sure sounds kind of similar to something like that at first glance.

    2. Re:its pobably less of a conspiracy. by mcl630 · · Score: 1

      Your scenario would make sense if this was just a one time thing, but the issues with Ubiquiti have been going on for many months.

    3. Re:its pobably less of a conspiracy. by mcl630 · · Score: 2

      - He links to a GPL'ed project named "u-boot". He then works from the assumption that this must be the same exact software as is used by Ubiquiti, who couldn't possibly have any in-house projects named "u-boot" that would boot a Ubiquiti device. No, that's just too far-fetched. Some proof of it even being the same software would be in order. Even if there's some documentation from Ubiquiti themselves, it would be something that would at least tie them together, rather than falling into the category of "strange coincidence".

      So you think they wrote their own bootloader for their router, named it the same as a well known bootloader that's used in lots of other routers, and then when people request the source (including one of u-boot' copyright holders) they wouldn't just say "it's not *that* u-boot, it's are own proprietary bootloader and we're keeping it closed"? Grasping at straws much?

  21. Re:Unexpectedly expected? by thaylin · · Score: 1

    Probably that they were not providing the source at all, not that they were providing a fake source.

    --
    When you cant win, ad hominem.
  22. Get lost by 0dugo0 · · Score: 1

    You are not getting my .config and trivial kernel patches either (for value of patches, a few well placed /* */'s). Do your own homework.

  23. Well, this just screwed the legal pooch... by tlambert · · Score: 1

    Well, this just screwed the legal pooch... your posting pretty much kills any recovery change you hd in court.

    They could easily claim:

    (1) Witness tampering
    (2) Jury tampering
    (3) Impossibility of a fair hearing (and they get to pick the venue; how's East Texas sound?)
    (4) They were attempting to remedy the issue, and this posting did irreparable harm to their business

    Most likely they are just trying to hide a hard-coded signing key.

    Most likely, you are just bitching because you can't run your firmware on their hardware without the hard coded signing key.

    1. Re:Well, this just screwed the legal pooch... by phantomfive · · Score: 1

      (1) Witness tampering
      (2) Jury tampering
      (3) Impossibility of a fair hearing (and they get to pick the venue; how's East Texas sound?)
      (4) They were attempting to remedy the issue, and this posting did irreparable harm to their business

      If a single blog post were enough to make it impossible to get a fair hearing, then no one would ever get a fair hearing.

      --
      "First they came for the slanderers and i said nothing."
    2. Re:Well, this just screwed the legal pooch... by Drachs · · Score: 1

      They probably are just trying to hide a hard coded signing key, but that's the whole point of the GPL isn't it? That you can't get away with that kind of crap. The GPL exists to keep the ecosystem open for the people that want to use it, and prevent big portions of it from being co-opted by commercial organizations and hidden behind DRM like signing keys burried in bootloaders.

      If someone wants to hide their firmware behind a hard coded signing key they have to write they're own boot loader, they're not allowed to use a GPL'd bootloader and then just ignore the rules because it's cheaper to steal someone elses.

      And I think your legal analysis is incorrect, the gentlemen who wrote this blog entry doesn't have standing to sue and wouldn't be part of the case. My understanding is only the original copyright holder has standing to sue.

      The original copyright holder wrote a threatening letter a year ago and did nothing. If he did sue he would win but get nothing, and probably doesn't think it's worth the trouble. Ubiquity is banking on him thinking it won't be worth the trouble because they know if they get sued and loose all they have to do is what they should have done in the first place.

      Back in the day the GPL used to have a nuclear option that said that if you were found in violation of the GPL by any court you lost your ability to distribute any GPL software from that point on without the explicit permission of all copyright holders. Back in the day, the GPL had some teeth, and corporate legal departments did't fuck around with it like this. That was considered too extreme, unfortunately, and new versions make being found in violation pretty harmless.

    3. Re:Well, this just screwed the legal pooch... by Pentium100 · · Score: 1

      Isn't it possible to comply with GPL and still have the restriction on what can run on the hardware?

      For example: sign the binaries and put a pre-bootloader (something small you wrote yourself (no need to open the source) put on protected memory of the CPU (no way to read or modify it)) that check the signature and either starts the bootloader (open source) or not.

      Or how about a modified version of gcc (not distributed, so no need to provide the source) that inserts the key when compiling, so the source just says "{_PUT_KEY_HERE_}"?

    4. Re:Well, this just screwed the legal pooch... by tlambert · · Score: 1

      They probably are just trying to hide a hard coded signing key, but that's the whole point of the GPL isn't it? That you can't get away with that kind of crap.

      No, actually, that's the point of the GPLv3. GPLv2 is perfectly happy with it, and it's why vendors are happy using Linux in embedded devices.

      The u-boot code is GPLv2, and it's perfectly OK to "TIVO-ize" it. It's what we did in Chrome OS, in fact. It's just that, in Chrome OS, the BIOS that loads the u-boot checks the signature block on the u-boot, too, and sends it the signature verification key to use on the kernel, and on the rest of the OS.

      You're not allowed to change the boot code, and you're not allowed to change the kernel image, and so on, unless you enable "programmer mode" for the BIOS, and then it gets bitchy on boot to warn a user that they're on a potentially compromised machine.

      I suspect that instead of "Turtles, all the way down", they missed a turtle at the bottom. I suspect that they are furiously working to correct this by adding another turtle, and, technically, under U.S. law, after receiving notification and acknowledging receipt (this is usually done using a constable, process server, or registered mail), they have 90 days in which to respond.

      So at the very least, the blogger jumped the gun.

      The GPL exists to keep the ecosystem open for the people that want to use it, and prevent big portions of it from being co-opted by commercial organizations and hidden behind DRM like signing keys burried in bootloaders.

      You are once again speaking incorrectly. I suspect that you have not read Richard Stallman's "GNU Manifesto". I'll summarize it for you without the rationalizations and justifications: "I hate copyright. So I have written the GPL to fuck over copyright *using* copyright."; there is some other crap in there as well, about preventing the existance of professional programmers as a class, rather than as work for hire contractors, yada yada, but that's the gist of it.

      And again: the code in question is GPLv2; the GPLv3 is what addresses patents and DRM. And it's irrelevant here.

      If someone wants to hide their firmware behind a hard coded signing key they have to write they're own boot loader, they're not allowed to use a GPL'd bootloader and then just ignore the rules because it's cheaper to steal someone elses.

      Again, incorrect; they just have to give out the sources to the GPL'ed boot loader. There's nothing stopping them having a BIOS or boot ROM mask programmed onto their SOC that refuses to run the u-boot if it's modified, and there's nothing preventing them from having the u-boot code (for which they must give away sources) have modifications (for which they give way sources) which *also* enforces DRM on the kernel.

      And I think your legal analysis is incorrect, the gentlemen who wrote this blog entry doesn't have standing to sue and wouldn't be part of the case. My understanding is only the original copyright holder has standing to sue.

      I thought he was a u-boot contributor, and so had a copyright interest? If I'm mistaken, I apologize, and amend the hypothetical charges to slander, libel, defamation of character, disclosure of trade secrets, and tortious interference of business. They could potentially sue his ass off on those grounds.

      P.S. as a u-boot contributor, I *do* have standing.

    5. Re:Well, this just screwed the legal pooch... by tlambert · · Score: 1

      Isn't it possible to comply with GPL and still have the restriction on what can run on the hardware?

      With GPLv2 code, yes; with GPLv3 code, which was supposed to close the patent and DRM "loopholes" to prevent "TIVO-ization", it's unclear; those clauses of the GPLv3 haven't been tested, mostly because as soon as something goes from GPLv2 to GPLv3, companies tend to use the older code and maintain it themselves, find an alternative, or run screaming, like Apple did with LLVM.

      The code in question is GPLv2.

    6. Re:Well, this just screwed the legal pooch... by mcl630 · · Score: 1

      If they were doing what you suggest, why wouldn't they just release their u-boot source?

    7. Re:Well, this just screwed the legal pooch... by tlambert · · Score: 1

      The bottom turtle is missing (u-boot itself is not signed and checked by the BIOS/SOC POST code... I'm sure they are working on fixing it; if not, I charge unreasonable consulting fees, and I'm available;) ... also worked with the same problem on Chrome ...).

    8. Re:Well, this just screwed the legal pooch... by Antique+Geekmeister · · Score: 1

      > You are once again speaking incorrectly. I suspect that you have not read Richard Stallman's "GNU Manifesto". I'll summarize it for you without the rationalizations and justifications: "I hate copyright. So I have written the GPL to fuck over copyright *using* copyright.";

      No, I'm afraid that _you_ are speaking incorrectly. Don't paraphrase it, there's no need. It's at https://www.gnu.org/gnu/manife.... In particular, read the Review the paragraphse surrounding this statement:

              > The copyright system was created expressly for the purpose of encouraging authorship. In the domain for which it was invented—books, which could be copied economically only on a printing press—it did little harm, and did not obstruct most of the individuals who read the books.

      That manifesto is not a "all information should be free!" or an "I hate copyright" document. It's a well reasoned analysis of the purposes and benefits versus the costs, of copyright restrictions for software.

    9. Re:Well, this just screwed the legal pooch... by Paul+Jakma · · Score: 1

      The GPLv2 is not perfectly happy with DRM. It is very much possible to read the GPLv2 as requiring *all* material needed to install an executable, which would include keys:

      “For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable.”

      The GPLv2 was very much intended to allow end-users to be able to *install* modified works. The incident which motivated RMS to start this whole free software thing and come up with the GPL was a printer whose software he wanted to fix but couldn't. The freedom to modify software on hardware you own is what the GPL was intended to provide.

      The GPLv2 is *not* "happy" with DRM. At best, this is an untested grey area simply because the GPLv2 predates the notion of DRM and so could not use the language we use today. However, it clearly intended to cover installation. The GPLv3 unambiguously fixes this wording issue. That does not mean the GPLv2 allows it though.

      --
      I use Friend/Foe + mod-point modifiers as a karma/reputation system.
  24. Slashdotted by ClickOnThis · · Score: 3, Informative

    The linked site in TFS is suffering from (possibly slashdot-induced) overload. Here's the text from the linked page:

    Four ways Ubiquiti Networks is creatively violating the GPL
    Ubiquiti Networks is a company which makes long-range wireless equipment. Admittedly, you can do some pretty amazing stuff with it, but the company has a dark history of securities fraud, violation of U.S. sanctions, trademark and copyright lawsuits and software patents, which isn't as amazing.

    In addition to this, they have been violating the GPL. However, because they did it creatively, most people don't know about it, and Ubiquiti still hasn't come into compliance.

    Here are four ways that they have succeeded in making the violations hard to notice, and even harder to act upon.

    1. Giving the appearance of compliance

    'You can find the complete and corresponding source in the GPL archive.'
    Ubiquiti had a website set up where you can download tarballs purportedly containing all GPL source for each and every firmware release. (I can't find it any more, but that doesn't mean that it isn't still there.) When you look through these tarballs, they appear to be complete, and there are build instructions which allow you to make your own custom firmware.

    It's only when you look closer that you start to notice problems, such as...
    2. Refusing to provide the source to their modified bootloader, even though they made changes that introduced security vulnerabilities

    Security keys
    Up until version 5.5.4 of Ubiquiti's airOS, the locally-modified u-boot bootloader contained a security issue - It was possible to extract the plain-text config from devices running the firmware, without leaving a trace. And the plain-text config contains unencrypted WPA/WPA2/RADIUS passwords.

    Even worse than this security issue, was Ubiquiti's response to it. Namely, they:

    Refused to provide the source code, even though u-boot is under the GPL
    Didn't fix the security issue for a long time after it was publicly disclosed

    To this day, Ubiquiti still has not provided the u-boot source code.
    3. Providing source code to a version of Linux, just not the one that they actually ship, and hoping that nobody notices

    Ubiquiti Source Ubiquiti Binaries
    It would be natural to think that the binaries that Ubiquiti provides were compiled from the source code that Ubiquti provides. As it turns out, for a large number of their releases, the kernel source given does not correspond to the kernel in the official firmware images.

    As evidence, consider that in version 5.5.4 of the AirMax firmware, the kernel was modified such that the MTD partitions would be read only, however this change cannot be found in the corresponding kernel patches or source.

    Such practices make finding violations extremely difficult, and we can't know for certain that they haven't done this with anything else in the GPL tarball. It's possible that this was just a mistake, but remember that people have complained about this without much of a response.

    And speaking of complaining...
    4. Dragging out GPL code requests for months on end, then inexplicably going silent

    Bureaucracy is a challenge to be conquered with a righteous attitude, a tolerance for stupidity, and a bulldozer when necessary
    In case you think that I am being mean to Ubiquiti by going public, please note that I have been trying to contact Ubiquiti for the past year about the issue of the u-boot source code. You can see my attempts here, here and here.

    In fact, I even got a copyright holder of u-boot to ask for the source, and they still haven't provided it.

    From my conversations with Ubiquiti, I have found that they claimed that it's alright to refuse to provide source code to GPL-licensed software if "This decision was taken with the security of the users in mind". Furthermore, my conversations were endlessly delayed by the supposed necessity to forward m

    --
    If it weren't for deadlines, nothing would be late.
    1. Re:Slashdotted by Anonymous Coward · · Score: 2

      In fact, I even got a copyright holder of u-boot to ask for the source, and they still haven't provided it.

      unless and until wolfgang pursues legal action, there really isn't anything that can be done for force the company's hand. and that's part of the problem. you have big giant company doing whatever the hell they want to, trampling all over the license and rights granted by a much, much smaller entity who cannot afford to do anything about it.

    2. Re:Slashdotted by cas2000 · · Score: 2

      wrong. read GPLv2 section 3:

      3. You may copy and distribute the Program (or a work based on it,
      under Section 2) in object code or executable form under the terms of
      Sections 1 and 2 above provided that you also do one of the following:

              a) Accompany it with the complete corresponding machine-readable
              source code, which must be distributed under the terms of Sections
              1 and 2 above on a medium customarily used for software interchange; or,

              b) Accompany it with a written offer, valid for at least three
              years, to give any third party, for a charge no more than your
              cost of physically performing source distribution, a complete
              machine-readable copy of the corresponding source code, to be
              distributed under the terms of Sections 1 and 2 above on a medium
              customarily used for software interchange; or,

              c) Accompany it with the information you received as to the offer
              to distribute corresponding source code. (This alternative is
              allowed only for noncommercial distribution and only if you
              received the program in object code or executable form with such
              an offer, in accord with Subsection b above.)

      (bolding/emphasis added by me)

      i.e. you must either provide the source WITH the binaries (e.g. by including a source CD with the router product), *OR* you must supply the source to *anyone* who asks for it.

  25. Pera gets rich of other's backs ... by Resol · · Score: 5, Interesting

    I used to work for a company that was meant to be a partner of Ubiquiti -- from the first meeting with Robert, one could tell this was not going to be a "share and share alike" partnership -- more likely it was going to be a one party gives, the other takes partnership. We as partners needed access to some parts of the code, and in meetings said we'd like to get the source, and given that it was built on GPL'd code, we figured it would be a non-issue. How wrong we were. Basically told that was never gonna happen, not for us, nor anyone else that wanted it, it was their IP. Robert's one of Forbe's 10 youngest billionaires. He's gotten stinking rich off others, and refuses to give back. It certainly douses your faith in the human spirit somewhat. Anyway, not that it's much better, but you can always buy from MikroTik (ducks! ;-) )

    1. Re:Pera gets rich of other's backs ... by Resol · · Score: 1

      I apologize for offending you, it was certainly not my intention. Rather, I intended it (along with the ducks! comment) to indicate that I appreciated that I was suggesting another vendor with similar products that also has "issues" with making source available. Next time I'll leave out the emoticon. I am interested to know what you suggest for indicating that text you've written is meant to be sarcastic, ironic, or other. Do you just avoid using constructs that are common in speech in your writing?

    2. Re:Pera gets rich of other's backs ... by don.g · · Score: 2

      Mikrotik appears to have its own GPL issues. And good luck getting OpenWRT to run on any of their recent devices :-(

      --
      Pretend that something especially witty is here. Thanks.
    3. Re:Pera gets rich of other's backs ... by TCM · · Score: 1

      Stop apologizing to a random text on the Internet. WTF is wrong with you?

      --
      Of course it runs NetBSD. BTC: 1NT7QvbetmANwaMzhpVL6
    4. Re:Pera gets rich of other's backs ... by sjames · · Score: 1

      P{erhaps he was bitten by a duck as a child. Now he's quacking up.

      I'll be here all week. Try your waitress, tip the beer.

  26. Re:Pretty much. by maugle · · Score: 1

    Honest mistakes happen, but copyright violation is copyright violation. Ubiquiti needs to put things right ASAP, and thank their lucky stars that the copyright they violated was owned by a bunch of copyleft hippies and not a big lawsuit-happy corporation.

  27. Re:This issue is why people are leaving... by afidel · · Score: 1

    Plenty of higher end networking gear is BSD based, there's really no reason you couldn't use BSD for lower end gear other than your parts supplier might not have ready made drivers or images for you to modify (although even Atheros has support for current chips in FreeBSD so that appears to no longer be much of an issue).

    --
    There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
  28. Re:And this is why corporations don't trust the GP by lgw · · Score: 1

    If "you" are a one-man shop, that's fine.

    If "you" are the legal department for a company with 10,000 developers, the GPL is scary. You can either blanket-ban GPL code, and make your life easy, or create a system for separately evaluating the use of each and every piece of GPL code you allow in, plus some auditing process to catch cheaters (who check in GPL code as their own work, which happens).

    Cloud services companies usually go with the latter: because you don't have to share your code if you don't distribute it, the payoff is good to allow use of GPL code, and police the corner cases where you do distribute code. Blanket bans on GPL code are still common at old-school software companies.

    --
    Socialism: a lie told by totalitarians and believed by fools.
  29. Author asks for your help by emailing by monkeyzoo · · Score: 4, Insightful

    If you can spare a minute, please do any or all of the following so that we can retain the GPL's power to help the community:
    - Raise awareness - upvote it, send it to friends or write a blog post about it
    - Write to Ubiquiti requesting the source - their email addresses are support@ubnt.com and info@ubnt.com. You should try both.
    - Send me an email telling me what you've done. My email address is riley@openmailbox.org

    1. Re:Author asks for your help by emailing by Anonymous Coward · · Score: 1

      Also from the author's page: "but the company has a dark history of securities fraud, violation of U.S. sanctions, trademark and copyright lawsuits and software patents, which isn't as amazing."

      These references are a little misleading. The securities fraud is half advertisement for a layer trying to develop a case in 2012 with no further followup. The sanctions violation was going astray by selling equipment to Iran, and they paid ~half a million in fines as punishment. The copyright and trademark lawsuit was dismissed in their favor (that is, NOT guilty). The software patent link just points to a software patent, no grievance.

      The author might consider removing the "dark history" claim or risk the label of hyperbole.

  30. This is too bad by Anonymous Coward · · Score: 2, Informative

    This is too bad. They are currently the only supported hardware maker for one of ham radio's more interesting projects: A self discovering/healing/organizing mesh network providing WiFi networking over dozens of miles on the portions of the WiFi spectrum available to hams. http://www.broadband-hamnet.org The project still officially supports the venerable Linksys WRT54G, but official support for this router is ending this month and it is a pretty old router. Then again, when you use Ubiquiti hardware and this firmware, I suppose you are no longer violating the GPL! Still, it'd be nice to not give your dollars to a GPL violator.

  31. Re:Pretty much. by Grishnakh · · Score: 1

    The problem with this "maybe it's just a mistake" line of thought is that, usually, whenever these GPL violation issues come up publicly, it's because the accusers have already contacted the alleged infringer and sought to rectify the situation, and it didn't go over well.

  32. Re: Or you write a separate process... by shitzu · · Score: 1

    We are talking about kernel accessing hardware here.

  33. Re:And this is why corporations don't trust the GP by Anonymous Coward · · Score: 1

    How does this disagree with the GP? Comply with the license, or pay to license something proprietary. It's not that hard.

  34. Re:Also, a company is != an individual by Grishnakh · · Score: 1

    The problem with this "it's probably not malice" idea is that, usually, whenever a public GPL project complains about some company violating the GPL, they've already contacted the company through official channels, seeking to rectify the situation, because they have the exact same idea: that this is just a misunderstanding, the right hand doesn't know what the left is doing, etc. Most of the time, this is most likely the problem, and the company, after consulting with their lawyer, realizes its mistake and fixes it, and we never see a story like this with the title "ABC Corp is violating the GPL!!!". However, when the company refuses to comply, then we get what we're seeing now. Occasionally, some dumb company even gets dragged into court over it, and loses: this happened not too long ago in Germany I believe.

  35. Re:This issue is why people are leaving... by Grishnakh · · Score: 1

    Higher-end networking gear has serious CPU horsepower compared to your average Belkin or Linksys consumer-grade router, enough horsepower to rival a high-end PC probably, if not more.

    How often do you see BSD used on any small embedded device with an ARM or MIPS CPU? I can't say I've ever even heard of this. It's always either Linux or something proprietary like QNX or VxWorks.

  36. Yes, that's exactly what a rapist would say. by Anonymous Coward · · Score: 1

    Breech of license of GPL code is like raping a three year old, and blaming the license for being restrictive is like blaming the child for being cute, therefore its their fault you raped them.

    There is no viral nature to GPL.

    The only viral nature is copyright. Get copyright banned if you like.

  37. Re:And this is why corporations don't trust the GP by gmack · · Score: 1

    If you can't trust your developers, you have more than the GPL to worry about. If you think the cost of a GPL violation is bad, just wait and see the results of someone borrowing code claimed by a former employer (or even writing code too similar). Just ask Google where the one thing that has cost them the most pain so far, was a 9 line function that one of their programmers copied into the Android source code..

  38. Re:And this is why corporations don't trust the GP by lgw · · Score: 1

    How does this disagree with the GP? Comply with the license, or pay to license something proprietary. It's not that hard.

    I'm sure these guys did it on purpose, but that's not always the case. Many junior developers are simply oblivious to any concern about mixing GPL code in with their own work, and a few will cheat deliberately. Do you rely on code reviews? Do you run an auditing tool like Black Duck? In a large enough shop, you can't just make a policy and hope for the best, so the very existence of GPL code causes headaches for the legal team.

    Yeah, sure, someone could copy closed source too, but that's much less likely to happen, especially by ignorance or accident.

    --
    Socialism: a lie told by totalitarians and believed by fools.
  39. Re:Proper, fair punishment by Coren22 · · Score: 2

    Forget to check the post anonymously box? Be careful, you might get attacked by Stallman and his followers :)

    --
    APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
  40. Re:And this is why corporations don't trust the GP by kthreadd · · Score: 1

    If "you" are a one-man shop, that's fine.

    If "you" are the legal department for a company with 10,000 developers, the GPL is scary. You can either blanket-ban GPL code, and make your life easy, or create a system for separately evaluating the use of each and every piece of GPL code you allow in, plus some auditing process to catch cheaters (who check in GPL code as their own work, which happens).

    Cloud services companies usually go with the latter: because you don't have to share your code if you don't distribute it, the payoff is good to allow use of GPL code, and police the corner cases where you do distribute code. Blanket bans on GPL code are still common at old-school software companies.

    Most non-free licenses are quite scary too, but they often get a pass since they are not that open to begin with.

  41. Re:And this is why corporations don't trust the GP by danbob999 · · Score: 2

    However, if GPL had been more permissive this whole incident would never have happened.

    Of course it wouldn't. And Linux/U-Boot/Busybox wouldn't be as great as they currently are because corporations wouldn't have contributed back to these projects.

  42. Re:And this is why corporations don't trust the GP by lgw · · Score: 1

    Legal departments already know how to deal with that (I've signed something at every new job promising I wouldn't do that, as a condition of employment), and it's obviously the wrong thing to do. Open source code is right there when you google for a solution to the problem in front of you, and it's often fine to incorporate. Quick, what license is the code you find on Stack Overflow under? OK to copy into commercial code or not?

    p.s., probably not

    --
    Socialism: a lie told by totalitarians and believed by fools.
  43. Do I gotta be the guy to ask? by ckatko · · Score: 1

    What if this was an intentional backdoor so that they-who-shall-not-be-named can spy on internet traffic of closed networks and WISPS?

    And it was not included in the the source packages because the source is subjected to a gag order and publishing it would be showing it to the world.

    Lastly, if this is true, what if this is "standard procedure" for backdoors inserted into many open-source projects, where the code presented is actually a fork of the true, backdoored code, running on lots of hardware? Or, as per Ken Thompson's watershed article, "Reflections on Trusting Trust", they-who-shall-not-be-named has a version of GCC capable of adding backdoors to open source code and we're all blaming Ubiquiti for something they didn't even put there?

    I'll be the first to admit, there's plenty of speculation here. But if there's anything we've learned in the last few years, the state of spying is way more prevalent than we thought it was. So while I have no proof, I'm certainly holding onto this information should more evidence come out.

  44. Re:This issue is why people are leaving... by danbob999 · · Score: 1

    Plenty of higher end networking gear is BSD based, there's really no reason you couldn't use BSD for lower end gear other than your parts supplier might not have ready made drivers or images for you to modify

    You pretty much nailed the problem. Board support packages (not just raw drivers) for WiFi router chips are much more available/complete/mature for Linux than for BSD.
    So people are not leaving the GPL. Linux probably never had such a large share of the WiFi router market, while BSD is close to 0%.

  45. Mod parent down by Prune · · Score: 1

    I feel for small companies like Ubiquiti.

    So a multi-billion dollar company like Ubiquiti, which has made its CEO one of Forbes' 10 youngest billionaires, is a small company?

    --
    "Politicians and diapers must be changed often, and for the same reason."
  46. Re:Pretty much. by msauve · · Score: 1
    Ubiquiti, and others. GPL2:

    You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License.

    Note that if anyone with copyright over the kernel wins such a suit, the rights to use the kernel are lost for all time ("terminated"). And, there's no way to get those rights to use the kernel back. (Well, maybe they could negotiate with every individual copyright holder...)

    Those who don't honor the requirements are playing with fire, and risking their entire business. That includes large firms like Samsung, who makes a habit of not releasing Linux (Android) kernel source for a considerable time after releasing new phones.

    Someday, someone with a copyright interest in the kernel is going to sue a Samsung, and get a billion dollar negotiated settlement because their business couldn't exist without a valid license to the kernel.

    --
    "National Security is the chief cause of national insecurity." - Celine's First Law
  47. Re:And this is why corporations don't trust the GP by hairyfeet · · Score: 1

    Yeah either use BSD like Apple or pull a EEE like Google and be showered with praise for the teabagging by the FOSS community. Since they don't have the funds to pull the latter? The former would be the wise move.

    --
    ACs don't waste your time replying, your posts are never seen by me.
  48. Re:And this is why corporations don't trust the GP by danbob999 · · Score: 1

    They use Linux because they think it's a superior product. Despite the license. If they thought *BSD was superior, they'd use it. If they preferred the GPL, then they would make a GPL fork of *BSD.
    So you are suggesting them to use an inferior product, just so that they don't have to release their minor modifications to the Linux kernel? Remember they are hardware companies. Their profit isn't on the kernel they are shipping with their routers.

  49. Re:This issue is why people are leaving... by ClickOnThis · · Score: 1

    the GPL and going to BSD, MIT, others.

    I think you're confused about what "the issue" is.

    Ubiquiti Networks modified GPL code and released binaries, and in the process, created a security problem with their product that they have yet to fix themselves. Under the GPL, they are obliged to release their modifications to the GPL code, but they refuse to do so. If they released the changes, then their customers could find and fix the problem without having to wait for Ubiquity Networks to do it.

    Now, if Ubiquity Networks had used BSD or MIT code, they would be under no obligation to reveal the changes they made. Therefore, they could continue to ignore the problem, and the customers would be unable to find and fix the problem themselves. In short, a BSD/MIT license would benefit Ubiquity Networks, but obviously not its customers.

    --
    If it weren't for deadlines, nothing would be late.
  50. Re:Also, a company is != an individual by mcl630 · · Score: 1

    Your theory that one employee or one team screwed up might fit if this were just a case of a single customer requesting the source and the employee or team mistakenly saying no, but that's not the case here. This has been going on for months now, with multiple contacts to the company. Even the copyright holder of uboot sent them a letter last July threatening legal action if this doesn't get resolved, and they've ignored it for 9 months now. That's far beyond a single person or team making a mistake, or a miscommunication, now you're in the territory of a company willfully violating the licence.

  51. Re:Obvious axe to grind blogger is obvious by monkeyzoo · · Score: 1

    The author might consider removing the "dark history" claim or risk the label of hyperbole.

    ... or risk the *libel* of hyperbole!

  52. Re:And this is why corporations don't trust the GP by adri · · Score: 2

    No, they used linux because that's what Atheros gave them as a base for the Atheros reference AP implementation.

    Please don't make stuff up.

  53. Ubiquiti has form by lordlod · · Score: 1

    As the article said "the company has a dark history of securities fraud, violation of U.S. sanctions, trademark and copyright lawsuits and software patents".

    I personally discovered that their standard wifi board didn't follow the mini-pcie spec on flight mode (W_DISABLE). In fact there is no way, other than cutting power to the card, of disabling radio transmissions. Multiple inquiries on this topic were all met with stunned silence. At the time I was working for a substantial company buying boxes of cards at a time, I can't imagine their response to individuals raising issues would be better.

    I wouldn't trust a Ubiquiti device in the future, their attitude to standards and specifications could best be described as flexible. As a manufacturer once you incorporate their device into your product you become liable for all their RF creativity, not something any rational company should accept.

  54. Another possible cause by Gazzonyx · · Score: 1

    My company (specifically, my department) uses and contributes to a number of open source projects. From time to time stuff gets lost in revision control and either a commit isn't upstreamed, upstream doesn't merge pull our changes right away, the patch hasn't made it to the mainline trunk or is staged for the next release.

    It's not completely uncommon for me to pull from an upstream project and hit a bug I know we patched and then have to track down that patch's merge history internally (sometimes it doesn't make it from one developer's local working copy to our git/svn server) and then see if it's been accepted upstream. It's nothing intentional, but it happens; sometimes a commit just slips through the cracks and you don't realize it right away.

    --

    If I mod you up, it doesn't necessarily mean I agree with what you've said, sorry.

    1. Re:Another possible cause by Eunuchswear · · Score: 1

      I don't understand your point. The GPL doesn't say you have to send your changes upstream (that's just politeness). The GPL says that if you release binaries you have to make the corresponding source available.

      If you ever find yourself in the situation where you can't re-create your binaries from source you've fucked up big time.

      --
      Watch this Heartland Institute video
  55. Re:Also, a company is != an individual by Antique+Geekmeister · · Score: 1

    > Your theory that one employee or one team screwed up might fit if this were just a case of a single customer requesting the source

    There is another potential source of the problem. One of the most difficult situations I've encountered is when developers build software, including kernels, on their own workstations with their own source code and never submit their changes to the corporate source control. I've especially encountered this when the code is heavily customized with "optimizations" that do not match the normal distribution, especially with kernels that do not build modules that the developers has decided they do not need and statically loaded the ones they do want. It's been a screaming nightmare to get these developers to share their work and get their changes in source code, partly because on code review it turns out to be _horrible_. One of my worst such experiences involved a highly paid developer cutting and pasting public patches they did not understand and did not test into the kernel, taking credit for the "improvements" they did not write and which were only detectible in contrived and unrealistic performance tests, and breaking entire deployments by including broken old code from their private source branches, which were impossible to merge due to unnecessary rewrites and re-organizations of upstream code.

    The chaos in production use was predictable. Features which were included, and tested, in the standard kernel were left out of the "tuned" kernel, for which there is no reference code available to anyone else, and debugging its failures is a QA and systems debugging nightmare. It's part of the reason to build the code only on a well defined build environment, and only build from a defined source control repository that is checked out with every build.

  56. Re:Also, a company is != an individual by Eunuchswear · · Score: 1

    The way this worked when I was working for a big company was that the people who did the final build weren't the developers, and the build team only worked from the checked in versions of the code.

    People seem to have got a lot sloppier these days.

    (System-X , Plessey Telecommunications, 1980).

    --
    Watch this Heartland Institute video
  57. Re:And this is why corporations don't trust the GP by JoelKatz · · Score: 1

    Actually, their profit is in the software. Their hardware isn't significantly different from everyone else's hardware. The reason most people buy their hardware is because their software makes that hardware very easy to monitor and manage. With routers, just like with phones, good software sells hardware.

  58. Re:And this is why corporations don't trust the GP by danbob999 · · Score: 1

    They all have the same software functionality. Most people never access their router's web interface. They can differentiate their product on the web interface, but switching from Linux to BSD won't help them sell more routers.

  59. Re:People are rude to others who openly lie. by Coren22 · · Score: 1

    As others said, it is your type no one wants to deal with.

    I never said "the GPL is this" I said my understanding of it was X. I am no lawyer, nor do I have a couple hours to dedicate to reading a license I already know I don't break (I don't distribute, at all). I was asking a damn question and get attacked by morons like you that have nothing better to do than rage at someone that was wrong on the internet.

    Here is something for you, now go chill out.

    https://xkcd.com/386/

    --
    APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
  60. Re:And this is why corporations don't trust the GP by david_thornley · · Score: 1

    You're suggesting that they should violate license terms because the product with the inconvenient license is superior? Most people consider Windows 7 to be a more useful operating system than Fedora Linux, so you say they should make their own copies of Windows 7 rather than use an inferior product?

    They're a hardware company. In what way would releasing the kernel modifications they made hurt them?

    --
    "When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
  61. Re:And this is why corporations don't trust the GP by danbob999 · · Score: 1

    Uh? Were you replying to me?

  62. Re:And this is why corporations don't trust the GP by DeVilla · · Score: 1

    Why did Atheros use it? And was it theirs to "give".

  63. Re:Pretty much. by elgaard · · Score: 1

    ==
      GPL2:
    >You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License.

    Note that if anyone with copyright over the kernel wins such a suit, the rights to use the kernel are lost for all time ("terminated").
    ==

    That is not what that clause means. For example GPL also says that they not have to accept the license.

    What it means, is that they then have distributed the kernel without permission from the GPL.
    And they could get in trouble for that.