CopperheadOS Fights Unlicensed Installations On Nexus Phones

An anonymous reader writes: Earlier this week security-hardened Android build CopperheadOS temporarily blocked Nexus updates on its servers after finding out that other companies have been flashing the ROM onto Nexus phones and selling them commercially in violation of the CopperheadOS licensing terms. The incident highlights an inherent problem in getting open source to be used by the masses: the difficulty of organizations being able to build and monetize a successful, long-term open source business model...
"We've enabled over-the-air updates again," CopperheadOS tweeted Saturday, "to avoid impacting our remaining customers on Nexus devices and other legitimate users. However, downloads on the site will no longer be available and we'll be making changes to the update client for Nexus devices."

In an earlier series of tweets, they explained it's an ongoing issue. "It's not okay to disrespect our non-commercial licensing terms for those official builds by flashing and selling it on hundreds of phones... This is why we've been unable to sell access to Pixel images. There are people that are going to buy those and flash + sell devices in direct competition with us in violation of the licensing terms. Needing to deal with so many people acting in bad faith makes this difficult.

"It's not permitted for our official Nexus builds and yet that's what's happening. We do all of the development, testing, release engineering and we provide the infrastructure, and then competitors sell far more devices than us in violation of our licensing terms. Ridiculous."

Not sure they understand licensing

[Luthair]

If you look at their github account they've dropped their license into clones of Google's Android repositories. Even if you're adding commits you don't get to re-license the code.

Re:Not sure they understand licensing

[HornWumpus]

Isn't the GPL specifically designed to prevent this?

Re: Not sure they understand licensing

I'm not sure you understand licensing. The Linux kernel is licensed under GPLv2, but the rest of Android is licensed under the Apache License. The Apache License is permissive and isn't a copyleft license, meaning that software can be relicensed. Although the GPL prohibits such behavior, that isn't the case for many other open source licenses such as the Apache, BSD, and MIT licenses.

Re: Not sure they understand licensing

The GPL prevents it, yes. The Linux kernel is licensed under GPLv2. However, the rest of Android is licensed under the Apache License, which does not contain does allow for relicensing.

Re:Not sure they understand licensing

It does and they're most likely in violation of the GPL.

Re: Not sure they understand licensing

They may no understand licensing, but they (the people behind CopperheadOS) also don't understand hypocrisy.

CopperheadOS is based on Android (which they didn't create), which itself is based on the Linux kernel (which they also didn't create). They are perfectly happy to take the work of others and use it for their own benefit, but when someone else does that to THEM . . . . .ZOMG!!! IT'S TERRIBLE!! WE CANNOT ALLOW THIS!!!

STFU.

Re:Not sure they understand licensing

[mysidia]

The Apache 2.0 License most of Android is under permits Sublicensing, but not complete License Replacement --
the new license needs to include the Apache terms.

ALSO, the License they have cited the CreativeCommons-NonCommercial-ShareAlike is NOT DESIGNED to be used for software source code and binaries, and it does not even qualify as an Open Source software license.

Re: Not sure they understand licensing

[mysidia]

The Linux kernel is licensed under GPLv2, but the rest of Android is licensed under the Apache License.

The binary firmware blob is under the GPL, because the Apache 2 license is GPL-compatible, what happens is the entire BLOB file which is distributed is subject to the most restrictive license, and distributing a Blob containing GPL binary code with additional non-commercial use restrictions would be a GPL violation.

Re: Not sure they understand licensing

No. That's likely incorrect.

The Linux kernel is released under the GPLv2, but the rest of Android is released under the Apache License. The Apache License is permissive. It's not a copyleft license. Apache-licensed software can be relicensed.

The GPL only applies to the Linux kernel. The GPL requires that users who have received a copy of the software binaries must be allowed to receive a copy of the source code. GPL software can be sold and the license makes no restrictions on the price. The vendor is only obligated to provide copies of the source code on request to those who have received the binaries. The code doesn't have to be posted online, either. It is permitted to mail out copies of the source code upon request rather than making it available online. Furthermore, the GPL even allows the vendor to charge for the costs of the medium (like a DVD) and the postage. This obligation is for up to three years. There is a lot of flexibility allowed for complying with the GPL.

Those who receive the source code must be free to modify and redistribute the source code, with the requirement that it is distributed under the GPL.

There's actually a lot of flexibility about how to comply with the GPL, and it only applies to the Linux kernel because the rest of Android is licensed under the Apache License.

Re: Not sure they understand licensing

Are you certain of this?

The GPL doesn't require that a vendor release binaries to anyone. The vendor is free to charge a fee or to only distribute the binaries to non-commercial users. They're also required to provide the source code upon request to users who have received the binaries.

Those who receive the source code are free to modify and redistribute it under the GPL. It's clear to me that the GPL requires that source code can be redistributed. It's also clear that derivative works can be redistributed, including recompiling the binaries. It wasn't clear to me in reading the GPLv2 that the original binaries must be subject to unrestricted redistribution. Can you point me to where in the GPLv2 it indicates that the original binaries must be able to be redistributed without restriction?

It's just not clear to me that they violated the GPL. I do believe their behavior is asinine and that I certainly won't be using their products.

Re: Not sure they understand licensing

Oops, I meant to post this in reply to your comment about frimware blobs. I replied to the wrong comment, but at least to the right user.

Re: Not sure they understand licensing

Plugins and other parts can be GPL v3 and 2

Re: Not sure they understand licensing

[Bruce+Perens]

Only the copyright holder can relicense the software, even if it's under the Apache license. While others can put their license on a work, it is not valid for pieces that they do not own. They can't go to court and enforce rights on the software as if it was under their license and they owned it. They can only enforce their own license terms on the pieces that they actually own.

Re:Not sure they understand licensing

[Bruce+Perens]

Also, if you sublicense the Apache software, you still only get to enforce the license on the pieces that you own, not the Apache pieces.

Re: Not sure they understand licensing

[Bruce+Perens]

I'm not so sure. I think the binary blob is an aggregation of multiple works rather than a derivative work of the GPL kernel in its entirety. You can install it and extract the pieces separately.

You can enforce the GPL on the pieces within the blob that are under GPL, and the pieces that are combined to make a single program with the kernel. But not the whole of user-mode, etc.

Re: Not sure they understand licensing

Never mind the fact that the cost is out of this world

Re: Not sure they understand licensing

It's about different business models and the Linux kernel license explicitly permits this through the license preamble in its COPYING file to make sure that you can separate the kernel from the rest of the system.

Their business model is selling licenses, if you think what they do has value then by all means become a customer. If you think what they do does not have value then don't bother. Google's business model is selling advertising services and Android is the driver for that hence it being free of charge. The model for developing Linux is that those who use it are the ones that develop for it so the Linux project benefits and the users benefit, indirectly, by the incorporation of Linux in their products, services or just general running of their business.

What would you propose as the business model for something like CopperheadOS? I mean clearly the community hasn't been able to produce a security-hardened alternative through voluntary contributions so it needs dedicated people and the incentive for that is to pay them (or perhaps there's a convincing alternative).

Re: Not sure they understand licensing

You repeat a common mistake and I've no idea where it came from. If you want to distribute a binary of a GPL v2 work you have 3 options and the third is not valid for noncommercial distribution so doesn't apply here (and even if it did it involves passing on the second option I am about to address).

Option 1 is to provide the source code with the binary which makes everything moot.

Option 2 is to provide a written offer to provide the source code basically as you describe except that you say they only have to supply it to people who received the binaries whereas the GPL v2 says the offer must be "to give any third party" the source code.

Re: Not sure they understand licensing

[stephanruby]

Can you point me to where in the GPLv2 it indicates that the original binaries must be able to be redistributed without restriction?

You mean GPL v3. Don't you?

In any case, you're asking the wrong question. CopperHeadOS is clearly implying that their new licensing applies to the entire source code, not just the binaries. And they're actually happy that this new license has had a chilling effect on their competitors capable of building their own binaries themselves.

Aleksa Sarai: @LordCyphar - 23hr Wouldn't that be an argument that GPLv3 would still work, you just need to not provide binaries that people can hock off for their own products? Bad actors will always exist, so I don't see how GPLv3 is less helpful than CC-BY-NC-SA in this area?

CopperHeadOS: @CopperHeadOS - 23h There are very few individuals and companies willing to build illegal businesses on our code. GPLv3 let them do it legally and we were unable to have even close to a sustainable business. CC-BY-NC-SA has substantially improved the situation.

And if you don't believe my interpretation of CopperHeadOS's response, just read the content of their new CC-BY-NC-SA license for yourself and take a look at one of the many locations where they placed it within the source code!

Re: Not sure they understand licensing

Who cares? Are you going to do something about it? No.

Whether it is a GPL violation or not isn't even really relevant because nobody is going to litigate it anyhow. This is a VERY similar case to what Sveasoft does with GPL'd Linksys router firmware, even down to the way they block subscribers that redistribute binaries. It's been ongoing for years and yes there was vigorous debate but in the end it's just pointless because the keyboard warriors aren't going to do anything anyway nor is the FSF.

Re:Not sure they understand licensing

Dammit ust give us 100 percent open source android on all android phones or indeed all phones already and make it illegal worldwide to lock the bootloader.. Give users tools to safeLy find and flash roms that are opensource and free and free of spyware... Also we want libreboot on android phones... NOW GODDAMMIT!

And stop copying every single moronic thing that crapple does!

Re: Not sure they understand licensing

[TFAFalcon]

But a modified version CAN be re-licensed. They can add their modifications to the Apache licensed code and license the resulting code any way they want. Even if the modifications are minor.

Re: Not sure they understand licensing

[drinkypoo]

But a modified version CAN be re-licensed. They can add their modifications to the Apache licensed code and license the resulting code any way they want. Even if the modifications are minor.

What? Who told you that? The lines of code they actually wrote can carry their license, but they can't relicense a whole file just because they made changes to it. Even if they did, they'd only be creating an unauthorized derivative work.

Re: Not sure they understand licensing

[Half-pint+HAL]

The only way a derivative work of an Apache-licensed package is unauthorised is if you neglect to credit the named copyright holders of the code you derived your version from. But if you credit the original authors, you are allowed to slap literally whatever license you like on it. As long as you are not claiming credit for having written code you haven't, object files are yours to distribute however you see fit.

Re: Not sure they understand licensing

[Half-pint+HAL]

They may no understand licensing, but they (the people behind CopperheadOS) also don't understand hypocrisy.

CopperheadOS is based on Android (which they didn't create), which itself is based on the Linux kernel (which they also didn't create). They are perfectly happy to take the work of others and use it for their own benefit, but when someone else does that to THEM . . . . .ZOMG!!! IT'S TERRIBLE!! WE CANNOT ALLOW THIS!!!

STFU.

There is no hypocrisy in this.

Linux and Android provide a common "floor" that everyone can build from, in the same way that there is a massive base of shared public knowledge in science and engineering that we all tap into when we start making physical products.

The makers of Apache understood that the software they were all contributing to would offer benefits to private companies as well as the universities they worked for, and they understood that they were contributing to creating a shared knowledge base that had potential to make everyone's lives better -- their software went on to become more important to the entire world than they could ever have possibly dreamed. Even where people use servers other than Apache itself, the base level of performance was defined by Apache. Apache built the world we know, and its permissive license is part of the reason it could.

The makers of Android chose the Apache license knowing full well what it meant (was it Android Inc. who open-sourced it or Google?) and to use it exactly as the makers intended is in no way hypocritical.

Unless you think it's hypocritical that Android apps charge money having been built on a free platform and making extensive use of free APIs rather than talking direct to the hardware (which is impossible for an Android app to do anyway).

Re: Not sure they understand licensing

[Half-pint+HAL]

Never mind the fact that the cost is out of this world

Yes, the cost of producing a secure operating system is pretty high. Hence the price of the product.

Re: Not sure they understand licensing

[Half-pint+HAL]

Of course they're happy that not letting competitors pick up their code for free and profit off it is stopping competitors picking up their code for free and profitting off it -- I hardly think that's what "chilling effect" means. They have produced something that is badly needed at considerable expense to themselves. They have made the source available for non-commercial uses, which is part self-promotion and part generosity, but mostly just a responsible, sensible move for something that claims to be secure. Security-by-obscurity doesn't protect Microsoft or Apple, and having the code available means they have to make damned sure they're genuinely secure.

Re: Not sure they understand licensing

Apache + CC = OK
GPL + CC = GPL violation

So as long as they only stick the apache license on code that's apache they're free to do that.
That being said, CC-BY-NC-SA is NOT an open source license. This qualifies as "source available" or "available source" license, i.e. the source is available but you are not free to do what you want with it.

As long as they don't attach the license to any GPL parts they will probably be fine, legally.

I wont be supporting them though. While I like the idea, $1k is too much for a phone, and they aren't even open source.

Re: Not sure they understand licensing

[bluefoxlucid]

Actually, they took the source code, modified it, then said you can have the source code and they're keeping control over the binaries which they built. You're allowed to build, modify, and distribute their work; you're not allowed to download the ready-to-go package, flash it, and sell phones.

They're not downloading Google's Android image, flashing it, and selling phones, either. They built their own--with modified code, even.

Re: Not sure they understand licensing

[ArmoredDragon]

What? Who told you that? The lines of code they actually wrote can carry their license, but they can't relicense a whole file just because they made changes to it. Even if they did, they'd only be creating an unauthorized derivative work.

/facepalm

If there was an award for being the most outspoken idiot on slashdot, you would have gnawed on the plutonium medal after winning it several times now...

http://www.apache.org/foundati...

Even if you change every single line of the Apache code you're using, the result is still based on the Foundation's licensed code. You may distribute the result under a different license, but you need to acknowledge the use of the Foundation's software.

Can the offending phones be bricked?

Maybe a poison pill update can be sent out that senses the illegal phones and bricks them? Or at least wipes the OS.

Re:Can the offending phones be bricked?

[mysidia]

They could do that if they want to go to jail..... ILLEGAL.

Re:Can the offending phones be bricked?

That would hurt the customers, not the companies who used the software without permission.
Who exactly are you trying to punish?

Re:Can the offending phones be bricked?

[starblazer]

FTDI got away with it.....

Re: Can the offending phones be bricked?

Go tell that to Logitech who just shut down their servers and bricked a bunch of devices, all in the name of new shiny.

Re:Can the offending phones be bricked?

And Get Sued to oblivion

Re: Can the offending phones be bricked?

[BronsCon]

They also sent the new shiny to everyone who wanted one and had one of the bricked devices.

Re:Can the offending phones be bricked?

[Bruce+Perens]

There are several legal issues here. You can't brick the phone preventing installation of a replacement for your software, and you can't prevent 911 calls. Other than that, you could indeed deny access to features by license violators or those who got their phones from license violators.

That said, it bothers me that they misrepresent their system as Open Source (wrong license to be Open Source) and it sounds like they have less than a full understanding of what pieces their license applies to (only the ones they wrote).

Re:Can the offending phones be bricked?

Their home page calls it "Open-source", as distinct from "Open Source" or "open source" and they don't use the OSI's logo anywhere. This is the problem with lack of protection of "intellectual property" in that anybody can call their thing by the same term that you use and simply define it slightly (or even drastically if they wanted to) differently. Same thing with "free software", that constant battle for the past 3+ decades of having to always point out that in the context of a discussion "free" refers to "free of restriction/encumbrances" rather than "free of charge" though it might also be free of charge.

Re:Can the offending phones be bricked?

[mysidia]

When the GP writes "Poison Pill" update, one thinks of a software update which is developed to be deliberately destructive --
rendering the basic functions of phone inoperable, at least without manually re-installing the operating system...
knowingly deploying such an update in way users would be expected to automatically receive it, is essentially writing and propagating sabotage malware through a system users expect to receive bug patches ---- the reason Jail time could result is that willfully developing code intended to cause this kind of damage is the same as distributing any other kind of malware, which criminal laws exist to protect the public against.

A copyright owner's protections against illegal/unauthorized use of their works are important, BUT the law does not protect vigilantism or software-based ATTACKS directed against the users of devices running software suspected or known to be illegal; the remedies for copyright infringement are provided by the courts, and the technical ability to use auto-update propagation to brick a fully-functional device running an illegal operating system copy does Not provide a legal right to do so.

Delivering an update that retains basic operation of the device but restricts access to the closed-source features previously available to the user but developed specifically by the author and deployed without proper licensing is a potential gray area that would be more likely to result in actions for the civil courts to sort out than criminal issues.

Suppose the vendor roll out an update that just adds a nag screen and disables the Scientific CALCULATOR App for devices suspected to be illegally loaded, offering a chance to buy an activation key, but the open source code had no calculator app and it was a unique feature that vendor added.

The end customer might argue they never agreed to receive upgrades which would remove features from the software, And deploying the patch automatically through the update facility either fraudulently or negligently damaged features their device had previously, and from the EULAs the user accepted --- none of them granted the update vendor permission to disable or remove application features.

Re:Don't see the problem

You really don't know what you're talking about, do you?

In other words, don't pay the chinaman

even if he takes you to the other side. Be safe. Stay safe. Buy American.

That moment...

... when you realize the bazaar is just as much a made up religion as the cathedral.

Re:GTFO

Open Source does not mean free! I am tired of seeing this misunderstanding. It means what it says, Open Source! the SOURCE is OPEN.

So they distribute open source software

[johanw]

written by others, adapted by themselves, and now they are whining that someone else does the same with their variant? Another company that does not understand that there is no right to have paying customers.

After these tricks and their anouncement I would not trust their software anymore. Who knows what malware thei are going to distribute to anyone they might think uses their software from other channels?

Re:So they distribute open source software

Yes, and it seems like their only valid is that those unpaid copies are trying to use their update servers etc.

If they want to follow this business model, they should realize that they need to include a user-registration step where subscriptions to their update server can be enabled with a per-client key (much like Red Hat Enterprise Linux). You obviously can't just build one key into the binary image and expect to enforce this kind of support subscription.

Re:So they distribute open source software

[prunus.avium]

Not exactly. They are complaining about people using their compiled and packaged binary without paying the licensing fee.

Note that this is not in violation of even the GPL as distribution costs can be charged.

Re:GTFO

[ShanghaiBill]

It means what it says, Open Source! the SOURCE is OPEN.

That sounds great in theory, but in practice it means that anyone can build their own binaries, so why should they pay you?

Plenty of people (including me) make money writing FOSS, but few of us do it by "selling the software", and those that do don't earn much.

If you can download it, it's free.

Fuck them!

The problem is not with open-source software

[pthisis]

Earlier this week security-hardened Android build CopperheadOS temporarily blocked Nexus updates on its servers after finding out that other companies have been flashing the ROM onto Nexus phones and selling them commercially in violation of the CopperheadOS licensing terms. The incident highlights an inherent problem in getting open source to be used by the masses

This is FUD. If CopperheadOS prohibits selling it commercially, then they are not using an open-source license. By definition, open-source licenses cannot prevent others from selling the software commercially or otherwise prohibit redistribution or discriminate against fields of endeavor (including business use).

And, indeed, most sources (e.g. https://en.wikipedia.org/wiki/...) call the Copperhead license "source available" rather than "open source" because of these non-open-source restrictions.

See https://opensource.org/osd

1. Free Redistribution
The license shall not restrict any party from selling or giving away the software as a component of an aggregate software distribution containing programs from several different sources. The license shall not require a royalty or other fee for such sale. ...
2. 6. No Discrimination Against Fields of Endeavor
The license must not restrict anyone from making use of the program in a specific field of endeavor. For example, it may not restrict the program from being used in a business, or from being used for genetic research.

And flashing it onto a ROM would constitute a derived work covered under section 3 of the OSD.

Re:The problem is not with open-source software

[Bruce+Perens]

You are correct that it's not an Open Source license. I do not, however, believe that a binary blob for an android install is a derivative work of the kernel in its entirety. It's an aggregation, like a Linux distribution CD. You can take it back apart. The GPL can be enforced on the GPL components in it and anything that is directly combined with the GPL program. But not just anything on the filesystem.

Re: The problem is not with open-source software

[ciascu]

Agreed - developers conflating Open Source (OSI compliant) and proprietary licenses, including "non-commercial", causes wide-ranging problems. Not suggesting CopperheadOS do this, only a number of previous commenters

1. Developers including open source code, to later find out that they have just sunk their company's product. Even with GPL, you can look at becoming compliant. Here, that means winding up your company
   • My Github code is MIT licensed, use for your project! (By the way, I built it on another MIT licensed project - turns out it wasn't, sorry, but a random third-party developer now wants damages from your employer). Lot less likely when upstream doesn't stick source-available non-OSS project on Github with an MIT license. Looking at you, HoverCSS.
2. It's anticompetitive, which is fine, but pretends to be collaborative, which isn't. Open source works because it's a clear concept, with interpretations all following some basic principles. NC doesn't. If Android was source-available there would be no CopperheadOS.
3. It feeds FUD. Building on open source doesn't automatically destroy your business. But using this would.
4. It perpetuates the "Open Source is anti-commercial" myth. Not convinced? Read the comments above. That makes it far harder for those of us running businesses making (and selling) commercial open source products to challenge those assumptions (and so survive commercially).
5. It's far harder to prove non-derivation of your own code from source-available than closed source you haven't had access to.

Summary order of preference:

1. Open source
2. Source-available proprietary
3. Closed proprietary
4. Being delivered a trained parrot and monkey who alone may interact with the software on my behalf
5. Either 2 or 3 pretending to be 1.

Re:Don't see the problem

[DidgetMaster]

Actually that sounds about right. Open source software does not have to be free (as in beer). If you create something that has value and you want to get paid for it, you can choose to charge people money for using it, whether it is open source or not. Some people have no problem with giving away the fruits of their labor, so open source can be a great way to do that, but that does not mean everyone has to do that.

Because some people give away their software, the Pandora's box has been opened. A very vocal group of people seem to think that everything must be free. Hey, who doesn't like free stuff? But to expect everything to be free and to call people evil who want to be rewarded for their hard work is just plain wrong. If someone builds something and tells you that you must pay something for it, then if you turn around and steal it, then you are a thief. You can try and justify it by saying that it should have been free in the first place; that because it was a digital copy that the owner didn't really lose anything; or that they were just asking too much. But it is still stealing.

Re:Don't see the problem

The infinite artificial scarcity people like you want is far more detrimental to society. If you don't like people making copies, go make tangible objects to sell instead.

Re:Don't see the problem

Firstly, everything is not black and white.
Secondly, this is not about people using it for free. They can do that, the source is there. This is about people flashing phones and selling the phones in a commercial way. Not like you buy/get the software, use it and then sell that one phone and most likely replace it with a newer model.
Thirdly, don't be such a corporate whore.

Re:Don't see the problem

and i'm free to fork it and come out with my own improved version

Steal = The owner loses the item (Copying doesn't make the original to disappear)

Source seems to be still available.

[edgedmurasame]

Now what prevents someone from taking the source and just flashing it that way? Otherwise, it's just shades of Sveasoft with slightly different licensing.

Re:Source seems to be still available.

[amorsen]

It is exactly Sveasoft.

MGGA

So they Made Greed Great Again and you want to stop them. How un'merkin of you.

MGGA

Make Greed Great Again.

Better title.

CopperheadOS puts bite on rogue installations.

Trademark Violations

Despite being open source, if the 3rd party sellers aren't changing the branding then they'd likely be in violation of trademark laws since they don't have the licenses to use that brand name.

Re:Don't see the problem

however, if you charge someone for your gpl or al or bsd or mpl or whatever 'open source' software, be prepared for that someone to exercise their rights, and ya know, distribute what they 'paid' for under the actual terms of the licenses.

in android's case. *EVERY BIT OF UNMODIFIED CODE* is still APACHE 2 code. the kernel is GPL. copperhead is probably nearly entirely configuration and shit and not actual changes to 'code' (those *changes* are the only bits that they could license as something other than al2), so it's likely that the distribution would be reusable with minimal changes or omissions however the recipient desires, so long as the al2 and gpl2 are adhered to.

My company has this "problem"

We sell devices and have competitors who sell similar devices, but have done NONE of the software development work. We're still successful because we have a sane workable business model. This company is just excusing its own business development failings by blaming it on its competitors. If I had it my way I'd get rid of copy"right" altogether. Now that said I wouldn't go with Oracle over Redhat and do think Oracle's move was a bit of dick move and so was it for these competitors (probably). However there are advantages to developing code yourself and having your product cloned. You're still going to be first to market with said product for instance and there are still potentially things you can do to reduce risk. For instance my company has gotten into designing hardware. We also have many different products. Some are more easily copied than others. Ultimately we do well because we have certain advantages over our competitor. We're the brand name. They're just a cheap clone competitor.

Just like Usenet

When "Them Asses" got access to the Internet, they immediately took over Usenet -- "monetizing" it into uselessness. There are a lot of parasites who didn't understand the culture and still don't. They have hosed everything they've touched. In fact, the Morris Worm was shocking because it was so against the culture. Today punks and criminals are a fact of life. The good stuff has been destroyed forever.

Re:GTFO

[Bruce+Perens]

Open Source doesn't allow "no commercial use" terms.

CopperheadOS Is Not Open Source

[Bruce+Perens]

CopperheadOS use the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International license as their compilation copyright. This is not an Open Source license, thus CopperheadOS is not Open Source.

Re:CopperheadOS Is Not Open Source

Android / Linux is Apache + GPL. In other words, what CopperheadOS itself is doing is the problem. They are not allowed to relicense under a proprietary license and prevent others from redistributing or obtaining the source.

Re:CopperheadOS Is Not Open Source

I assume their license is only applicable to what they wrote (even should they claim otherwise, you can still get the same Android+Linux from Google and avoid the legal question). Afaik Apache2 allows commercial use without giving any source code.

Re:CopperheadOS Is Not Open Source

[drinkypoo]

Not this again. If you can download the sources, then it's Open Source. Stop saying "Open Source" when what you mean is "OSI Approved".

Re:CopperheadOS Is Not Open Source

[Bruce+Perens]

Hi Martin,

I hope you're doing well and that this recent spate of nasty fires didn't harm you. My 17-year-old FIRE/EMS student fought the fire in Napa. Lots of smoke at my home.

It's ironic that you want to credit SCO for a cut-down definition of Open Source at the same time you criticize the legitimacy of the Open Source I announced to the world. That's what Caldera became, of course, and we are clear that they bore ill will for our community and are now a bankrupt failure. More interestingly, their attorneys, who took stock in SCO exchange for pursuing their lawsuit against IBM to the final breath, are still pursuing it under that obligation, even though this can bear no fruit other than bankrupting their practices. The IBM lawyers want to make sure that nobody else ever takes the same bargain.

Despite some infrequent use of the two words together before my announcement, "Open Source" is the proper name for a campaign that I first announced to the world and started with the same ESR who is under discussion in this article. And it has a definition that very many people follow.

It would make no sense for me to challenge your use of Martin Espinoza because there were earlier Martin Espinozas and there are more famous ones now.

Re:CopperheadOS Is Not Open Source

[drinkypoo]

It's ironic that you want to credit SCO for a cut-down definition of Open Source at the same time you criticize the legitimacy of the Open Source I announced to the world.

I don't actually. That's just the earliest reference for which I could find a citation. People in nerd communities like that in scruz (nominally centered around ucsc) were already calling it "open source" before SCO even had a product called "open desktop". That both I and SCO come from the same place is of course merely a coincidence, although I have been acquainted with many fine technical SCO employees including the lead developer of Xenix.

Despite some infrequent use of the two words together before my announcement, "Open Source" is the proper name for a campaign that I first announced to the world and started with the same ESR who is under discussion in this article.

It really is not. It really is the name for the practice of providing source code to others, and it follows the long-standing naming tradition of calling things "open" when they are interoperable. This lack of a distinction is the entire reason why we needed a Free Software movement — because the term "open source" is meaningless on its own. And that's why the Open Source Initiative is the proper name for that campaign, regardless of who controls it today, and why your ongoing attempts to claim ownership of the phrase "Open Source" are a disingenuous attempt at self-aggrandizement rather than the thing we actually need — more support for Free Software.

Saying that something is "not an open source license" because it is not OSI approved is an attempt to rewrite the narrative for your own purposes, and in the bargain it actually harms users who would be better served by promotion of Free Software.

Re:CopperheadOS Is Not Open Source

[Bruce+Perens]

I am> promoting Free Software. Just not to the community to whom the words Free Software are resonant. And any use of Open Source to deprecate Free Software was not done with my countenance and is no longer relevant in any case.

You'll notice that even Bradley Kuhn of the Software Freedom Conservancy, a FSF-aligned organization, uses "FLOSS", which I find grating. But the reasons for not simply using "Free Software" in English are well known.

Re:CopperheadOS Is Not Open Source

Neither "Free Software" or "Open Source" clearly and un-ambiguously represent what they want to.

But until you come up with better terms and get everyone to use them, they're what we have now and trying to pretend they mean something neither the FSF or OSI have said they mean is really a gigantic waste of fucking time.

Re:CopperheadOS Is Not Open Source

[drinkypoo]

But until you come up with better terms and get everyone to use them, they're what we have now and trying to pretend they mean something neither the FSF or OSI have said they mean is really a gigantic waste of fucking time.

There is already a better term for what the OSI does, and it is "OSI Approved". "Open Source" already meant something when the OSI was created, and that the people who founded the OSI don't know that doesn't make them authoritative, it makes them ignorant.

It's Not Open Source

[Bruce+Perens]

CopperheadOS uses the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International license as its compilation copyright and as the copyright on their new work. That isn't an Open Source license. It violates rule #6 of the Open Source Definition.

6. No Discrimination Against Fields of Endeavor

The license must not restrict anyone from making use of the program in a specific field of endeavor. For example, it may not restrict the program from being used in a business, or from being used for genetic research.

Commercial use is obviously a field of endeavor.

Re:It's Not Open Source

No. Use-for-profit ( commercial ) is a path-of-exchange, not a field of endeavour. I may fuck your sister for profit or fun ... but if I want enlightenment I must get a blojob from your mother. Compren'de ...?

Re: It's Not Open Source

You should totally use that one in court.
It makes no sense whatsoever. It's just crazy enough it might work.

Re:Don't see the problem

[Bruce+Perens]

You can put your configuration under a compilation copyright. It can be argued, however, that most of what they do to enhance security is functional, and thus not subject to copyright under 17 USC 102(b). The copyrighted matter in your program is the artistic choices you make when you have more than one way of doing things. Not every line of your code. Not function definitions and returns, data structures, and anything required for compatibility with something else. Read up on CAI v. Altai to get more of an idea of how this works.

Re:GTFO

Yes you're right, it depends on the field. Most successful open source projects are developed because they form part of a business's products, services or general operations but not every category of project can work in that context. The alternative is the model of 'selling support' but even that has limited applicability outside of corporate clients.

If you trace back where most of these open source projects (that pay their developers) get their funding it goes back to the sorts of sources that are often opposed to free/open source software ideals. Firefox is primarily funded by Google's "you are the product" business model. Blender is primarily developed by Hollywood, 'nuff said. Linux is developed by a variety of companies including Google, Microsoft, Oracle, Tivo, etc.

Re:Don't see the problem

[stephanruby]

then if you turn around and steal it, then you are a thief.

Yes, the people who wrote CopperheadOS are thieves. The security layer of Android is at the Linux level.

The people who wrote CopperheadOS are free to charge whatever they want for their modifications, but they are not allowed to retroactively change the open source license of Linux by dictating that their code can only be used non-commercially.

They cant restrict redistribution...

Sorry, if Copperhead is an OS based on Linux, then Copperhead must be GPL
As such, they CANNOT restrict further redistribution.
Copperhead are the ones violating the license to redistribute Linux here.
The commercial vendors are rightly exercising their right to redistribute a GPL work.

Re:They cant restrict redistribution...

Sorry, if Copperhead is an OS based on Linux, then Copperhead must be GPL

Well, details matter. The GPL parts must be GPL and derivative works must be GPL (and the GPL source offered under reasonable terms), but additional components may be able to be licensed differently (this is the "TiVo-ization" model).

It is likely that CopperheadOS needs to try to move towards the RH type of model, where the software source is technically free, but only licensees get the binaries (and others (like Oracle for the RH model example) can download *a* source image and, and then compile, and support on their own while removing the copyrighted/trademarked content). This, of course, works better when the customers are themselves large commercial enterprises that understand the entire licensing models and the idea of paid support.

Re:They cant restrict redistribution...

[exomondo]

Sorry, if Copperhead is an OS based on Linux, then Copperhead must be GPL

No that's not correct. Android is an OS based on Linux and it is not GPL. The kernel is GPL but the rest of the OS is under various other licenses including Apache. The Linux kernel COPYING file explicitly states that programs that use the kernel via normal system calls do not constitute derived works under the GPL.

Missed One

Free Software. The open source guaranteed to remain so.

GPL licensed software guarantees continued freedom (not free of cost), whereas non-free open source licenses do not. Since the Linux kernel is published under the GPLv2:

Summary order of preference:

0) Free Open Source (FOSS)
        Non-Free Open Source (Allows conversion to proprietary)
        Source-available proprietary
        Closed proprietary
        Being delivered a trained parrot and monkey who alone may interact with the software on my behalf
        1 pretending to be 0.
        Either 2 or 3 pretending to be 1 or 0.

i see this crap all the time

[luther349]

there immature devs rip off someone else work in this case android then hide it behind a paywall and think the rules dont apply to them. the issue is most company's dont bother to knock them off there cloud of stupid.

Re:Don't see the problem

Yes, the people who wrote CopperheadOS are thieves.

How can they be thieves if this assertion is true?

Free for non-commercial use

Their license restricts commercial use. You, as an individual, can flash the ROM to your own phone and pay nothing.

Re:GTFO

[TFAFalcon]

Not if it is against the license - you could have access to the source code but have a license that prohibits redestribution. Or a license that prohibits use without paying for it.

Open source is not the same as FOSS

Open source means the source code is open.

Just because you are using a standard written by an organization to promote open source, does not change the intrinsic definition of open source.

Re: GTFO

The Open Source Initiative is not the high priestly guardian of open source. If I go start The Sandwich Initiative and proclaim that tomatoes cannot be part of any sandwich, have I invalidated the BLT?

Re:GTFO

[drinkypoo]

Open Source means that you can download the source code for your own use, it does not mean that it conforms to the OSI's vision of what Open Source should mean if they were allowed to trademark it — which they aren't, because it already had a meaning when the OSI became a thing, and it already had a meaning when Bruce &co claim to have invented it.

Not open soruce

CC-BY-NC-SA is NOT an open soruce license.
It falls under the available source category, but not open source. Non-commercial restrictions are incompatible with the definition of open source.

Re:GTFO

Which wouldn't meet the definition of Open Source or Free Software.