Slashdot Mirror
'Open Source Security' Loses in Court, Must Pay $259,900 To Bruce Perens (theregister.co.uk)
Bruce Perens co-founded the Open Source Initiative with Eric Raymond -- and he's also Slashdot reader #3872. Now he's just won a legal victory in court. "Open Source Security, maker of the grsecurity Linux kernel patches, has been directed to pay Bruce Perens and his legal team almost $260,000 following a failed defamation claim," reports The Register. Slashdot reader Right to Opine writes:
The order requires Spengler and his company to pay $259,900.50, with the bill due immediately rather than allowing a wait for the appeal of the case. The Electronic Frontier Foundation's attorneys will represent Perens during OSS/Spengler's appeal of the case.
Perens was sued for comments on his blog and here on Slashdot that suggested that OSS's Grsecurity product could be in violation of the GPL license on the Linux kernel. The court had previously ruled that Perens' statements were not defamatory, because they were statements by a non-attorney regarding an undecided issue in law. It is possible that Spengler is personally liable for any damages his small company can't pay, since he joined the case as an individual in order to preserve a claim of false light (which could not be brought by his company), removing his own corporate protection.
Perens was sued for comments on his blog and here on Slashdot that suggested that OSS's Grsecurity product could be in violation of the GPL license on the Linux kernel. The court had previously ruled that Perens' statements were not defamatory, because they were statements by a non-attorney regarding an undecided issue in law. It is possible that Spengler is personally liable for any damages his small company can't pay, since he joined the case as an individual in order to preserve a claim of false light (which could not be brought by his company), removing his own corporate protection.
I am very lucky to have my attorneys from the Electronic Frontier Foundation, and my attorneys from O'Melveny and Meyers who won the lower court case and will continue to help EFF during the appeal.
My attorneys have requested that I not comment about the case at this time. Obviously, I'd love to discuss it with you sometime, when it's all over.
Valerie, Stanley and I are doing well and send you our best wishes.
Thanks
Bruce
Bruce Perens.
According to TFA, the $260k was awarded due to California's anti-SLAPP law. However, this is half of what Perens asked for to cover legal fees. I'm really wondering why he chose to spend over $500k on lawyers, for a defamation and business interference case. Surely the default judgement wouldn't even be that much money? Posting a comment to slashdot leads to half a million dollars in legal fees for the poster? Doesn't anyone else see this as insane? Imagine how many slashdotters would be bankrupted daily by various posts about Theranos, Microsoft, Systemd, Yahoo, Google, or various government officials, if robo-lawyers automatically filed charges for every arguably-defamatory post about them, leading to $500k legal fees each.
Corruption is convincing someone that the selfless ideal is the same as their selfish ideal.
"Bruce Perens defamed the plaintiffs" and "the plaintiffs violated copyright law" is not a true dichotomy. Zero, one, or both statements could be true in the abstract. This court case only resolved the first question.
My, I should have gotten an account like a year before I did... I remember when Rob told me about /. on #Linux96 and so I was like, ok sure I'll check it out... then it became Slashdot... and finally I was like, damn, perhaps I should have an account. I could have had a cool reader #. :( Maybe even in the double digits lol.
Ok, yeah this comment adds exactly zero to the conversation. Sorry.
I do want to say I remember when Bruce and Eric were coming out of the office after they were having meetings about this stuff when I worked at VA... I'd be like "Larry, wtf were they doing in there?" and he'd be like "Shut up Trae and get back to work." Actually, no, he would just tell me what they were doing; Larry is a super nice guy. I'm old, I'm rambling and I just wanted to post.
Jeff, Rob, etc... if you read this, I finally turned 50. Yeah... I'm getting old AF. Miss all you guys, hope you are well.
geeky stuff I'm proud to have been a part of: linux.com / themes.org / sourceforge.net / sicnus.com
He's standing up not just for himself but everybody.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
The idiotic drama surrounding Linux "security" shows a large area for improvement that few have cared about during the lifetime of Linux. OpenBSD, MINIX, seL4 and others are very successful for pursuing security without drama, due to security being a clear goal that is designed for.
Grsecurity likes to claim they are secure, but at DEFCON last year, someone looked into it, and hacked it pretty easily, even installed DOOM on the device running it.
"First they came for the slanderers and i said nothing."
If the patches are not in compliance with the GPL, then they're being distributed in violation of copyright law. Which is illegal, last I checked.
The GPL doesn't have to be "codified into law", because nothing else gives you permission to distribute the code in question. The only purpose of the GPL, really, is to provide people with a defense against infringement charges by the copyright holders. And technically, it contains no restrictions at all--it simply has limits on the otherwise-illegal things allows you to do. Anything copyright law allows, the GPL allows. So the only way to "violate the GPL" is to do something against the law.
That said, we still have no idea whether GR Security is violating the GPL (and thus copyright law). All we really know is that Bruce is entitled to his opinion.
Now children. Behave yourselves. :p ;)
I hope you discussed this comment with your legal team before you posted it.
Just to get this out of the way, while I disagree strongly with Bruce about the merits of his claim, I do not in any way support the defamation claim against him for saying it. A differing view is not the same as a defamatory statement.
That said, the idea that a set of modifications to a copyright product, distributed separately, constitutes a derivative work is terrible policy and is philosophically counter to the 'freedom to tinker' that the tech community holds dear. I don't know if it is is the law right now (and absent. a very expensive test case, we aren't likely to find out), but just as a matter of policy I think it would be a Very Bad Ideaâ.
Consider, for instance, a student or researcher that patches the software in a commercial digital microscope to improve image quality or performance in a fashion. Let's further suppose they release the patch under some F/OSS license both to benefit other users of the product but also as part of disclosing their methods for the purpose of scientific integrity and reproducibility. It's undisputed that the company selling the microscope retains copyright. in the original software, but under Perens' claim they also have rights to the patch as a derivative work.
To me, this cannot be right. A modification to a work, distributed separately, is not derivative. It is not a copy with some changes, it is just the changes. To say that one violates copyright without distributing a single bit of the underlying work inflates the power of rights holders at the expense of everyone else, in a regime that's already quite solicitous of the rights holders.
[ Of course, GRSecurity are not the greatest poster boys for this claim. But bad examples should not make bad policy. The claim here is a one that has broad implications beyond the individual lawsuit-happy jerks involved this time. ]
If the patches are not in compliance with the GPL, then they're being distributed in violation of copyright law. Which is illegal, last I checked.
The problem is that using the term "illegal" which has very specific legal and judicial meaning. In terms of GPL and copyright, it's a violation of the license and a breach of contract. When we talk about copyright legal terms like "theft" and "illegal" keep being thrown around when they are not precisely used. As an example, if I have an agreement with a consignment store to sell some items for 35% but after selling my items they only give me 25%. Did the consignment store "steal" my property? No, there may be a dispute about terms of the contract and payment, but the store didn't "steal" property. The store didn't "illegally" sell my goods. That's the difference.
The GPL doesn't have to be "codified into law", because nothing else gives you permission to distribute the code in question.
I'm not sure what your point is here. Copyright law says only the copyright holder can distribute work with exceptions like fair use. Copyright law leaves open the idea that the copyright holder can impose restrictions on distribution; it does not clarify what kind of restrictions. Restrictions have been clarified by the courts as valid or invalid. For example, if a music company gives away demo CDs, it cannot declare that those demo CDs cannot be sold later. If a music company licenses music to be used in a movie that does not automatically grant the same music can be used in a video game unless a licensing agreement stipulates it, etc.
The only purpose of the GPL, really, is to provide people with a defense against infringement charges by the copyright holders. And technically, it contains no restrictions at all--it simply has limits on the otherwise-illegal things allows you to do.
I don't think that was the point of the GPL. It was to ensure that code in particular remain open source with stipulations. Other open source licenses like BSD imposes fewer restrictions.
Anything copyright law allows, the GPL allows. So the only way to "violate the GPL" is to do something against the law.
I don't understand your logic here. You said that the GPL isn't law yet you say violating it is against the law. That's not how the law works. When you violate the GPL, you violate a contract because the GPL is additional conditions imposed that are not in the law. If you violate copyright laws that's illegal. Violating GPL is not per se illegal.
Well, there's spam egg sausage and spam, that's not got much spam in it.