EFF Defends Bruce Perens In Appeal of Open Source Security/Spengler Ruling

Bruce Perens co-founded the Open Source Initiative with Eric Raymond -- and he's also Slashdot reader #3872. "The Electronic Frontier Foundation has filed an answering brief in defense of Bruce Perens in the merits appeal of the Open Source Security Inc./Bradley Spengler v. Bruce Perens lawsuit," reads his latest submission -- with more details at Perens.com: Last year, Open Source Security and its CEO, Bradley Spengler, brought suit against me for defamation and related torts regarding this blog post and this Slashdot discussion. After the lower court ruled against them, I asked for my defense costs and was awarded about $260K for them by the court.

The plaintiffs brought two appeals, one on the merits of the lower court's ruling and one on the fees charged to them for my defense... The Electronic Frontier Foundation took on the merits appeal, pro-bono (for free, for the public good), with the pro-bono assistance of my attorneys at O'Melveny who handled the lower court case...

You can follow the court proceedings here
"Sorry I can't comment further on the case," Perens writes in a comment on Slashdot, adding "it's well-known legal hygiene that you don't do that." But he's willing to talk about other things.

"Valerie and I are doing well. I am doing a lot of travel for the Open Source Initiative as their Standards Chair, speaking with different standards groups and governments about standards in patents and making them compatible with Open Source."

Bazinga!

Another quality first post by Anonymous Coward!

Re:Bazinga!

[gweihir]

Well, at least somebody that can match the meaninglessness of his action in his personality got it.

meanwhile

People who really have injustices done to them and REALLY need a good lawyer, can't seem to get one. I wonder why.

Re: meanwhile

They should choose to not be poor, like President Trump. All it takes is a small loan and the art of the deal to be successful. If these people can't even do that for themselves, they don't deserve proper representation.

Re: meanwhile

Anti trump has gotten old, i see so many copy paste comments from one article to the next. Its meaningless now to the point that most just ignore it and move on.

-geekpoet

Re: meanwhile

Ummm anti trump? He is just parroting what trump said in his own fucking book.

You trumptards are legit grasping at strings.

Re: meanwhile

I see the Bruce Perens dick riders have mod points.

Tell me, why did Bruce defense charge 200k+? I've seen people on trial for murder and not pay that much for a 6 month long trial. But yet Bruce's lawyers scammed Bruce out of 200k, but Bruce didn't care because he knew he wouldn't pay for it. Bruce knew someone ELSE would pay his lawyer bills.

So once again, the lawyers get rich, and everyone else is left standing around with their dick in their hands.

But yea, keep praising Bruce as the best thing since sliced bread. Bruce doesn't give a fuck about you. I would go on record as saying Bruce's lawyers charged him the 200k, and then gave Bruce a 100k kickback. Just for the easy business.

This shit is sickening. A man who is financially well off has his lawyers PAID for. Yet a poor person gets a public defender that has 30 other clients and can only spend 1 hour per client.

Thanks again Bruce, I guess. LOL.

Re: meanwhile

I would go on record as saying Bruce's lawyers charged him the 200k, and then gave Bruce a 100k kickback. Just for the easy business.

No you wouldn't. You're just an internet blowhard. You know that's a slam-dunk defamation *if said in a context where you are obviously serious about it*. But you pulled it out your ass. BP had no certainty as to whether he would get legal fees or how much legal fees he would get. This sort of case would need high-priced specialist lawyers. But you know all that, don't you?

Re: meanwhile

What's sickening is that people such as Bradly Spengler violate the linux copyright and get away with it because no one has the money to sue them.

Good job Bruce and EFF

[110010001000]

Keep up the good fight. People like the Grsecurity folks are the scourge of the industry in my opinion.

Re: Good job Bruce and EFF

You're right, the industry wants nothing to do with security.

Re: Good job Bruce and EFF

[110010001000]

We like security, just not the "Gr" part.

Re:Good job Bruce and EFF

[gweihir]

Indeed.

Re: Good job Bruce and EFF

Well, that's the thing, you see. Good security doesn't care about politics. From your perspective you've drawn the battle lines and ejected what you've been told is a threat to open source that won't go quietly. From another, you've been manipulated into removing a better alternative to the terrible security in the kernel as mandated and controlled by a few companies. I'm not saying what grsecurity ended up doing was right, but I am saying they were actively and aggressively forced into that corner, there is no moral high ground here.

Re:Good job Bruce and EFF

Opps.. Be careful... GRsecurity is now gonna come after you....

Re: Good job Bruce and EFF

[110010001000]

Sorry, there are more important things than "security". The way they go about it is a threat to the entire Open Source ecosystem. And you don't need to post anonymously - we all know who you are.

Re:Good job Bruce and EFF

Damn shame they can't both lose.

Re: Good job Bruce and EFF

You think I'm Brad Spengler? Categorically no, you are wrong, and hilariously paranoid. I would hope any party to that suit would not be stupid enough to discuss details on Slashdot. I look forward to the subpoena tracking my IP down, I've nothing to do with the case; although bizarrely have communicated with both Bruce and Brad at one time or another in the past. They're both decent enough and I don't think either of them deserve to be caught up in a lawsuit.

Re: Good job Bruce and EFF

[MrMr]

That's a very strange opinion. One of the parties in "Bradley Spengler v. Bruce Perens" must have thought a lawsuit was a good idea, so why does that party not deserve to be caught up in it?

Re: Good job Bruce and EFF

I've already stated he was backed into a corner and left no choice but to launch a lawsuit or pack up shop, that should be fairly obvious. Prior to the last desperate work for hire EULA, I didn't see anyone rushing to defend him or offer legal aid when his code was stripped of copyright notice to be imported into the kernel (so I understand). I guess copyright infringement is fine when it's your side doing it, right?

Re: Good job Bruce and EFF

No point in discussing this on slashdot.

Almost everyone here is a Bruce Perens dick rider. Everything Bruce does is the holy gospel. Bruce does no wrong.

I've seen one person call out Bruce for his bullshit on slashdot. And that was drinkypoo. A man who knows Bruce personally. That tells ya something right there. When Bruce went on record saying his colleagues invented the term open source, drinky called Bruce out as a liar and provided citations and facts to back him up.

Re: Good job Bruce and EFF

This. This would be the best outcome for open source.

They both lose and fuck off back to the hole they came from.

Re: Good job Bruce and EFF

Bruce is in the right here. Spengler is violating the linux kernel terms. "Red hat did it too and no one sued them!" is not an argument (also: Red hat always released the source itself, albit in a huge tarball, but that made the case moot in the minds of anyone with standing to sue (copyright holders), since they are programmers and easily can take what code they want for their section of the kernel from the tarball)

Those legal costs..

Here, on the other side of the pond, I would have expected to have to pay 3k-6k EUR (about $3.5k-7k) legal costs in such a case. $260k is something you pay for six months to year of corporate overhaul and reorganization to a high flyer consultant.

Re: Those legal costs..

Tell me more about how everything is better in Europe again? I have not heard in at least 5 minutes and I am starting to forget.

Re: Those legal costs..

Evri ting iz beta in Iurop.

Re:Those legal costs..

Here, on the other side of the pond, I would have expected to have to pay 3k-6k EUR (about $3.5k-7k) legal costs in such a case.

No doubt! And they are even lower in Burundi, Cambodia, Haiti, and Somalia.

That's because everything is cheaper in rundown, impoverished nations, and Europe is pretty rundown and impoverished.

Thanks for pointing that out.

Re:Those legal costs..

Nah, your just a troll trying to divide allies. The US and Europe are both very fine places to live. :)

Re: Those legal costs..

I feel like a proud Alabaman trailer occupant, looking to buy an two-room apartment at the center of Tokyo. Then again, I have heard the British have to pay through their noses as well for their legal services. I mean, how many hours of billable work there is in this kind of case at the rate of 300 to 1000 dollars or euros an hour? Maybe the legal system differences bring additional legal work?

Re: Those legal costs..

At least they're still majority white. Europe will still be civilized long after the states have been diversified into Mexico Norte.

Re:Those legal costs..

[HornWumpus]

Both Europe and The US are big places. Both have many fine places to live.

Than you have places like Decatur Illinois and Scotland. Places where they would stick the tube to give the content an enema.

Clean mind.

It is Security-through-clarity.

Bruce - YOU ROCK

[gavron]

Giving up mod privs for this thread by posting in it and IT'S WORTH IT!

Bruce, I've been an FOSS advocate in every company I've worked in, for, managed, ran, owned, started, and directed.

YOU are the champion of living the word.

Thank you!

Ehud Gavron
Tucson AZ
FAA CPL-H

Re: Bruce - YOU ROCK

You are a nobody. Stop trying to look like a somebody. It is not working.

Re: Bruce - YOU ROCK

Ehud onto my dilz and Gavron all around

Re: Bruce - YOU ROCK

Kind of ironic when an anonymous coward too stupid to use google calls someone else a nobody. It's like reddit, but without the brains.

Re:Bruce - YOU ROCK

Bruce, die in a fire!

Re: Bruce - YOU ROCK

Ehud ate my balls last night and I am not afraid to admit it- it was nice. Heâ(TM)s very gentle.

Re:Bruce - YOU ROCK

(((Ehud Gavron))) supports (((Bruce Perens))). I'm shocked! Shocked!

Re:Bruce - YOU ROCK

Cowardly anti-semite uses coward-code brackets to mean Jewish. What a surprise. Fucking master race? Hitler would have had you gassed along with the Jews that you hate.

Re:Bruce - YOU ROCK

Bruce, I've been an FOSS advocate in every company I've worked in, for, managed, ran, owned, started, and directed.

YOU are the champion of living the word.

You are confusing Bruce Perens, an OSS advocate with Richard Stallman, a Free software advocate. Not all OSS is Free.

Re:Bruce - YOU ROCK

> Not all OSS is Free.

Especially if it's GPL-licensed. <duck>

Re:Bruce - YOU ROCK

who started the fire?

Perens Is A Leech And Scammer

[StevenSheeves]

Hope Perens gets sued into the poor house.

He has been a leech on the software development world for far too long.

I am glad companies aren't being bullied into his trademark extortion racket over the industry term Open Source.

Re: Perens Is A Leech And Scammer

[nmo.marques]

Leave the shrooms mate

Re: Perens Is A Leech And Scammer

[StevenSheeves]

Fuck off clown.

Re: Perens Is A Leech And Scammer

[UnknowingFool]

So by your argument I can sue you for voicing an opinion about whether Perens should be sued.

Re: Perens Is A Leech And Scammer

So by your argument, you are a mouth breathing Bruce dick rider who never questions his leader.

Got it!

Your nerd gods are all going to hell

Perens gets sued into the poorhouse, Musk commits securities fraud and RMS doesnâ(TM)t understand personal hygiene.

Time for a motberfucking swirly, nerds!!

Who?

[Gravis+Zero]

Not sure who this Bruce guy that everyone keep talking about but to assert my superiority, I demand to fight him in an epic battle for the ages! ;)

Re:Who?

Not sure who this Bruce guy that everyone keep talking about

He invented the Lisp programming language, you dolt.

Re:Who?

he's like the westboro baptist church, but more legit as a church....

Re:Who?

[110010001000]

Wrong. That was Vint Cerf.

Re:Who?

No no no. Vint Cerf invented the shortboard.

Re:Who?

[110010001000]

I apologize.

Re:Who?

He's the guy known as ESR and he invented Ubuntu or BSD or something.

Re:Who?

[smallfries]

You’re confusing Vint Cerf with Al Gore. It’s easy to do, but try to remember: Al was the real inventor.

Another frivolous suit?

[macraig]

The entire proceeding reads like a personal grudge unsupported by facts and yet executed in the public court system. That would be the very textbook definition of frivolous.

It's hard to be defamed by the truth.

[Grog6]

You can't sue someone just because they made you look like a tool.

Especially if they're right. :)

Re:It's hard to be defamed by the truth.

[macraig]

You CAN sue the person, but your suit will be frivolous.

Re: It's hard to be defamed by the truth.

Did you learn that when you tried to sue a mirror manufacturer?

Re: It's hard to be defamed by the truth.

[UnknowingFool]

Also they can counter sue for costs which happened in this case.

Re: It's hard to be defamed by the truth.

[macraig]

And they just might get SLAPPed by the judge. :-)

not a ruling on the copyright issue itself

[ooloorie]

This was a defamation lawsuit. It didn't settle the issue of whether the copyright issue itself is prohibited.

Perens' argument on the legal issue itself strikes me as dubious. He's claiming that GPL copyright automatically extends to separately distributed patches that, themselves, do not contain any of the GPL'ed code. I'm not sure why that would be the case, and I'm not convinced that that would be a ruling that would be in the interest of open source software, because it seems to put a lot of other open source software at risk of being considered "derivative works" of proprietary software.

Re: not a ruling on the copyright issue itself

[UnknowingFool]

I suspect it's because that they couldn't win on any copyright claim as Perens (as is anyone) can voice an opinion about copyright just like you just did above. If someone sued you for what you just wrote, that's the equivalent of what happened. Is Perens right about it? That was never the point. It was about trying to silence him.

Re: not a ruling on the copyright issue itself

Look at it from their perspective: from what I can see, it was the only remaining avenue open to them to protect their business after Bruce *very* publically broadcast that people stay away from them. This isn't the normal reaction to GPL violations that I can remember. Usually we hear of the softly softly approach, with companies being handled with kid gloves over many years to achieve compliance. A full on publicity stunt with an iron fist - yeah, there were serious politics at play there I think.

Let me quality all that by saying trying to EULA their patches at the end was certainly a big mistake. However, I can understand why they had that reaction. Ostracised by the mainstream kernel, they set up shop (without EULA) only to eventually find a project to reincorporate their code into mainstream minus authorship. Correct me if I'm wrong, but that reeks of hypocrisy, and is no less a copyright infringement as anything else in this sordid affair. It's certainly soured my view of Linux and the whole "Open Source" movement.

Personally, I would have taken the lawsuit as a win, as what you basically have is a court saying Bruce was offering his opinion as Joe T Shlubb, not as a professional (correct me if I'm wrong?) I guess by then the damage was done, though.

Re: not a ruling on the copyright issue itself

[ooloorie]

I suspect it's because that they couldn't win on any copyright claim as Perens (as is anyone) can voice an opinion about copyright just like you just did above.

You're stating the obvious. I mean, Perens can obviously bloviate as much as he wants to on things he doesn't know anything about; god knows he's been doing that a lot throughout his career.

Now answer me this: if this is a GPL violation, why don't the Linux kernel developers actually sue?

Re: not a ruling on the copyright issue itself

[UnknowingFool]

Not the point. Suing him for stating an opinion even it's wrong is like me suing you for what you just posted.

Re: not a ruling on the copyright issue itself

[UnknowingFool]

Look at it from their perspective: from what I can see, it was the only remaining avenue open to them to protect their business after Bruce *very* publically broadcast that people stay away from them. This isn't the normal reaction to GPL violations that I can remember. Usually we hear of the softly softly approach, with companies being handled with kid gloves over many years to achieve compliance. A full on publicity stunt with an iron fist - yeah, there were serious politics at play there I think.

Even if everything you said is right, that means that any restaurant reviewer can be sued for telling their listeners to stay away from a restaurant. Any movie reviewer on YouTube can be sued by telling people to avoid the movie. Also that presumes that any company looking to do business with them was turned away only by Perens' opinion and that they didn't consult with their own experts.

Let me quality all that by saying trying to EULA their patches at the end was certainly a big mistake. However, I can understand why they had that reaction. Ostracised by the mainstream kernel, they set up shop (without EULA) only to eventually find a project to reincorporate their code into mainstream minus authorship. Correct me if I'm wrong, but that reeks of hypocrisy, and is no less a copyright infringement as anything else in this sordid affair. It's certainly soured my view of Linux and the whole "Open Source" movement.

All of which as nothing to do with Perens being able to express himself. Richard Stallman has some very staunch opinions about how Open Source should be. No one is suing him.

Personally, I would have taken the lawsuit as a win, as what you basically have is a court saying Bruce was offering his opinion as Joe T Shlubb, not as a professional (correct me if I'm wrong?) I guess by then the damage was done, though.

You understand that Perens had to spend money to defend himself against a lawsuit that the court dismissed. Also the latest development is that now Perens has to defend against the appeal so he would have had to keep spending money after he won if he was not represent pro bono.

Re: not a ruling on the copyright issue itself

[ooloorie]

Suing him for stating an opinion even it's wrong is like me suing you for what you just posted.

I agree. I said so in my original posting. Do you find it hard to follow a couple of English sentences? Or do you go out of your way of inventing strawmen?

Re: not a ruling on the copyright issue itself

Even if everything you said is right, that means that any restaurant reviewer can be sued for telling their listeners to stay away from a restaurant. Any movie reviewer on YouTube can be sued by telling people to avoid the movie. Also that presumes that any company looking to do business with them was turned away only by Perens' opinion and that they didn't consult with their own experts.

I think your restaurant reviewer analogy falls flat by a significant distance. If Bruce had said that he thought the code was terrible, it didn't solve the issues it claimed to, and was likely to lead to system instability, that would have been your restaraunt reviewer. However, he stated that he did not believe the code license was legal, and suggested that before anyone attempt to use it they consult a lawyer. That would be the restaurant equivalent of saying "the place was knowingly serving up endangered species, and now that I've told you that you should consult a lawyer as you could be held as an accessory. This is my personal opinion, but I am a world renowned expert witness on endangered species law." I know that's a bit strained, but I hope you understand what I see as being the difference there. I did question Bruce over how exposed his comments made him at the time, but then I am obviously neither a lawyer nor have the faintest idea about the US legal system.

Richard Stallman has some very staunch opinions about how Open Source should be

No, he categorically doesn't, as he rejects the ethos outright, and I suspect would be insulted that you associated him with it. I think you mean Free Software:

"Supporters of open source (which I am not) promote a “development model” in which users participate in development, claiming that this typically makes software “better” — and when they say “better”, they mean that only in a technical sense. By using the term that way, implicitly, they say that only practical convenience matters — not your freedom. I don't say they are wrong, but they are missing the point. If you neglect the values of freedom and social solidarity, and appreciate only powerful reliable software, you are making a terrible mistake." - RMS

You understand that Perens had to spend money to defend himself against a lawsuit that the court dismissed. Also the latest development is that now Perens has to defend against the appeal so he would have had to keep spending money after he won if he was not represent pro bono.

Yes, I understand that. The court ruled on the above as going the way you suggested, but if you consider my analogy I hope you can see why there is a reason for appeal, however valid it may be in the US legal system. It sucks for Bruce, but then it sucks for Brad too.

Re: not a ruling on the copyright issue itself

[UnknowingFool]

That would be the restaurant equivalent of saying "the place was knowingly serving up endangered species, and now that I've told you that you should consult a lawyer as you could be held as an accessory.

No it's not remotely similar. Your statement presents a fact which can proved as false or true. Your statement also alleges that the restaurant has done something illegal. Perens clearly stated his opinion on not what the plaintiff did or did not do (which plaintiff doesn't deny) but rather on his clear opinion on what he thinks it means.

This is my personal opinion, but I am a world renowned expert witness on endangered species law." I know that's a bit strained, but I hope you understand what I see as being the difference there. I did question Bruce over how exposed his comments made him at the time, but then I am obviously neither a lawyer nor have the faintest idea about the US legal system.

Again you are not using the same analogy. You've extended the analogy. A better analogy would have been if Perens said he thinks Nixon should have gone to jail for the Watergate scandal. If Nixon were alive, should Nixon sue Perens for clear opinion? Nixon could always sue but the judge in that case would have ruled a summary judgment too. As a "I am a world renowned expert witness on endangered species law", you should know what summary judgment means.

Again, your analogy changed the situation.

Re: not a ruling on the copyright issue itself

[UnknowingFool]

Do you always resort to insulting people who respond the way you want them to respond?

Re: not a ruling on the copyright issue itself

Lay off of it. We get it. You suck Bruce's dick. Answer his question or stfu. You keep cheating strawmen.

Re: not a ruling on the copyright issue itself

For the record, Bruce went with this:

Warning: Grsecurity: Potential contributory infringement and breach of contract risk for customers. It’s my strong opinion that your company should avoid the Grsecurity product sold at grsecurity.net because it presents a contributory infringement and breach of contract risk.

We disagree over emphasis and analogy, so I doubt we'll get any further arguing back and forth. In addition, you misread part of my analogy as something you thought I claimed I was. You really should check your reading comprehension before opining further.

Re: not a ruling on the copyright issue itself

[UnknowingFool]

We disagree over emphasis and analogy, so I doubt we'll get any further arguing back and forth. In addition, you misread part of my analogy as something you thought I claimed I was. You really should check your reading comprehension before opining further.

You introduced criminality into the analogy above thereby changing the whole analogy. You've also changed Perens' actual claims of his expertise. Specifically you failed to mention this part of Peren's blog: "I am an intellectual property and technology specialist who advises attorneys, not an attorney. This is my opinion and is offered as advice to your attorney. Please show this to him or her. Under the law of most states, your attorney who is contracted to you is the only party who can provide you with legal advice." You changed what was said and ask me to check my reading level?

Re: not a ruling on the copyright issue itself

You introduced criminality into the analogy above thereby changing the whole analogy

Yes, that's correct, that was the entire point. What did you assume the issue was? Perhaps criminality instead of civil law is hyperbolic, but I'd have thought it would have been obvious enough to get the point across.

You've also changed Perens' actual claims of his expertise.

I most certainly have not. I gave a direct quote of the title and leading sentence of his blog post on the subject. I made no assertion of his claims of expertise whatsoever (see my comment below also)

Specifically you failed to mention this part of Peren's blog: "I am an intellectual property and technology specialist who advises attorneys, not an attorney.

I'm not going to paste the entire blog post, and to not be accused of lying by omission, gladly agree his post includes that, right after suggesting he can advise further, and then suggesting people contact their attorneys.

You changed what was said and ask me to check my reading level?

I did not change what was written, anyone can verify that, and I'll ask you not to continue making false claims. You'll note I was extremely careful in making my analogy in that I explicitly mention an expert witness, and not an attorney; this being the closest analogy.

And yes, I again urge you to carefully re-read the post. Please don't take it as a throwaway insult, I am seriously suggesting you re-read if you did not already do so. I note that others have also complained to you on the comments under this story that you've misread what they've said, too.

Re:not a ruling on the copyright issue itself

He's claiming that GPL copyright automatically extends to separately distributed patches that, themselves, do not contain any of the GPL'ed code.

The patches themselves are supposedly released under GPL but they added a restriction that you could not redistribute under the GPL terms.

So basically the patch is either GPL in which case the restriction is forbidden by the license, or not GPL and then patch maintainers run into issues with being a derivative work as the patch does nothing outside of the GPL work.

Re:not a ruling on the copyright issue itself

Use scare quotes all you want, layperson, the GRSecurity patch to the linux kernel is a wholly-derivative work of the linux kernel.

Go read what a derivative work is.

Yes IAAL.

Re: not a ruling on the copyright issue itself

>Now answer me this: if this is a GPL violation, why don't the Linux kernel developers actually sue?

If one even so-much as sends an cease-and-desist letter, the defendant can pray to the court to declare weather a violation occurred: potentially costing the plaintiff thousands in legal-fees to execute a federal case when he may have not been financially prepared to do so. And what does the plaintiff gain from a bankrupt defendant in the end?

This is likely why no one has sued (yet): they don't see Spengler as solvent and their lawyers have informed them of it, and they don't have the money to pay the lawyer out of their own pocket*.

So thusly Spengler seemingly may continue to violate the Linux Kernel copyright, where a company with more cash-flow or assets might have been approached by now.

*A 33pct contingency of 0 is still 0, so the attorney would not likely work on a contingency fee basis for this case.

Re: not a ruling on the copyright issue itself

[UnknowingFool]

Yes, that's correct, that was the entire point. What did you assume the issue was? Perhaps criminality instead of civil law is hyperbolic, but I'd have thought it would have been obvious enough to get the point across.

So you admit to changing the context of the conversation? Doesn't that makes your point moot then?

I most certainly have not. I gave a direct quote [perens.com] of the title and leading sentence of his blog post on the subject. I made no assertion of his claims of expertise whatsoever (see my comment below also)

What does "expert in [XXXX] law" mean to you? That means a lawyer. You'd be hard to find anyone who has an expertise in law not to be a lawyer. And Perens has stated that he is not a lawyer which you failed to mention.

I did not change what was written, anyone can verify that, and I'll ask you not to continue making false claims. You'll note I was extremely careful in making my analogy in that I explicitly mention an expert witness, and not an attorney; this being the closest analogy.

Again. An expert in law is generally a lawyer. You NEVER stated he was merely an expert witness which is not the same thing as an expert in "law". The word "law" being use changes the expertise significantly.

And yes, I again urge you to carefully re-read the post. Please don't take it as a throwaway insult, I am seriously suggesting you re-read if you did not already do so. I note that others have also complained to you on the comments under this story that you've misread what they've said, too.

And I urge you to be careful with words you use. An "expert in law" means something. In the legal profession, lawyers have to be careful to use the terms "Law Office" vs "Law Firm" as well as "Attorney-at-law" vs "graduated law school".

Using this argument...

...Perens would claim that any program you code for Linux or even the product you create with those programs is automatically GPL. Imagine, i use a text editor to write a novel, and automatically it is GPL?

That's what Gates meant when the GPL is like a virus.

Re:Using this argument...

Do you think if you write a novel with a proprietary editor that the novel belongs to MS/Apple/Google or whoever created the editor? That seems dumb to me.

Re:Using this argument...

[amiga3D]

But to Oligarchs like Larry Page, Jeff Bezos and Bill Gates it makes perfect sense.

Re:Using this argument...

Perens would not (and AFAIK has not) claimed that, and I would be incredibly surprised if he did.

That's precisely what derived means

[raymorris]

Suppose you write a novel. Perhaps, like Stephen King, you're living in a broken down trailer with no telephone when you're book sells 13,000 copies, netting you $2,500. Then someone turns your book into a movie. The movie doesn't have any pages of the book read aloud in the movie. It doesn't "contain" the book per session, it's a transformation, an adaptation, of the book. The author is entitled to a share of the movie revenue because it's his novel, adapted to the screen. That's a derivative work. "Derived from" doesn't mean "contains".

Re:That's precisely what derived means

[ooloorie]

It doesn't "contain" the book per session, it's a transformation, an adaptation, of the book

A movie is a transformed version of the original novel.

A patched kernel is a transformed version of the original kernel.

A kernel patch is not a transformed version of the original kernel.

That's a derivative work. "Derived from" doesn't mean "contains".

Under your standard, a commentary on a movie is "derived from" the movie even if it doesn't contain any content at all from the movie. I consider that undesirable.

Re:That's precisely what derived means

[phantomfive]

In most cases, the patch would be utterly unusable, indeed wouldn't make sense, without the Linux kernel.

To understand, consider a patch that wouldn't be a derivative work: imagine NVidia writes a windows driver for their video card. It's 50,000 lines of code. Then they write a small compatibility layer to get the driver running on Linux. In that case, the driver would likely not be a derivative work, because most of it is orthogonal to the Linux kernel.

With the grsecurity patches, the entire reason they exist is to modify the Linux kernel. If the kernel didn't exist, they wouldn't either. It's hard to argue they are not a derivative work.

Re:That's precisely what derived means

[squiggleslash]

Under your standard, a commentary on a movie is "derived from" the movie even if it doesn't contain any content at all from the movie. I consider that undesirable.

I am not a lawyer, but I was under the impression that commentary is "protected" as fair use. If something is fair use, then it's technically breaching copyright, but the copyright holder isn't (usually) able to enforce their copyrights because other laws, or the constitution, take precedence over copyright law in that instance.

So his standard is perfectly reasonable, if you remember that just because something violates copyright it doesn't mean you can enforce copyright law to stop it.

Re:That's precisely what derived means

[ooloorie]

With the grsecurity patches, the entire reason they exist is to modify the Linux kernel. If the kernel didn't exist, they wouldn't either. It's hard to argue they are not a derivative work.

So your criterion is that "if X wouldn't exist without Y then Y's copyright applies to X"? If that's the principle, then you can kiss FOSS goodbye.

Re:That's precisely what derived means

[ooloorie]

I am not a lawyer, but I was under the impression that commentary is "protected" as fair use

The commentary itself is a new work with a new copyright; it is neither a copy of the original work nor a transformation of it.

As part of writing the commentary, you are allowed to copy parts of the work you are commenting on under the "fair use" doctrine. That is the sense in which "fair use" applies to commentary.

Re:That's precisely what derived means

[shutdown+-p+now]

Do you understand the very definition of the word "patch"? A patch is inherently a derived work.

And if X is a derived work from Y, then licensing terms of X apply. This has always been the case, it's not some new concept. Indeed, GPL (a large part of FOSS) is built on that concept.

Re:That's precisely what derived means

So if I merely offered a series of instructions that 'transformed' a Stephen King novel into a screen play, (e.g. 'use dialogue on page 15, lines 12-20, use lines 26-30 to set the next scene, etc, etc' King wouldn't be owed a dime?

Re:That's precisely what derived means

[phantomfive]

This isn't even a point grsecurity disputes: they know it is a derivative work, and their work is released under the GPL. As far as that goes, they aren't in violation. It's the "extra" terms they add in the contract that is under dispute.

Re:That's precisely what derived means

[ooloorie]

A patch is inherently a derived work.

As I was saying:

A movie is a transformed[/derived] version of the original novel.

A patched kernel is a transformed[/derived] version of the original kernel.

A kernel patch is not a transformed[/derived] version of the original kernel.

Do you understand the very definition of the word "patch"?

Do you?

Re:That's precisely what derived means

[ooloorie]

they know it is a derivative work, and their work is released under the GPL

Notice how you say "their work is released"? Thanks for proving my point.

This isn't even a point grsecurity disputes:

Well, obviously they do, otherwise they wouldn't be applying the extra terms, since they obviously can't apply extra terms to someone else's GPL'ed code, but they can apply it to their own.

Re:That's precisely what derived means

> And if X is a derived work from Y, then licensing terms of X apply.

Sort of. If X is a derived work of Y, then the author of Y gets to set licensing terms for X. They don't necessarily have to be the same terms for both.

Re: That's precisely what derived means

[phantomfive]

A derivative work doesn't belong to the original creator. The kernel devs can't sue grsecurity and "steal" their work, but the creator of the derivative work has obligations to the creator of the original work under the law. Grsecurity is accused of not following those obligations.

Re: That's precisely what derived means

[ooloorie]

A derivative work doesn't belong to the original creator.

Discussing who the software "belongs to" is a red herring and legally irrelevant. What matters is that if you distribute the derivative work, you must comply with all legal obligations you have, under the original GPL, under the patches, and under any other legal agreements you have entered.

but the creator of the derivative work has obligations to the creator of the original work under the law

The GPL only imposes obligations when you distribute, not when you create derivatives.

Grsecurity is accused of not following those obligations.

Grsecurity has no obligations under the kernel GPL because they aren't distributing the GPL'ed kernel code. All they distribute is patches. The derivative work is created by the people who are applying the patches to the original kernel. And those people then cannot redistribute the combined work under their legal agreement with Grsecurity.

This is pretty much the same when you work for a corporation and use GPL code: you may be creating derivative works from the GPL'ed software as part of your job, but you cannot redistribute that because your employment contracts forbids it, even though the GPL allows it.

Re: That's precisely what derived means

[phantomfive]

Grsecurity has no obligations under the kernel GPL because they aren't distributing the GPL'ed kernel code. All they distribute is patches. The derivative work is created by the people who are applying the patches to the original kernel. And those people then cannot redistribute the combined work under their legal agreement with Grsecurity. This is pretty much the same when you work for a corporation and use GPL code: you may be creating derivative works from the GPL'ed software as part of your job, but you cannot redistribute that because your employment contracts forbids it, even though the GPL allows it.

Yes, this is GRSecurity's argument. GRSecurity's contract doesn't even forbid you from redistributing it (which actually would be illegal). They merely say they will punish you if you redistribute it.

Bruce points out that actually they are actively discouraging people from redistributing, and he claims it is illegal. I think he's right on that point, if it went to court I don't think GRSecurity would win (but who knows). Bruce also suggests that anyone who uses GRSecurity would be liable for infringement (by using code that GRSecurity infringed on). This second argument of his doesn't make as much sense to me, but again, if it went to court, who knows.

Re:That's precisely what derived means

"So your criterion is that "if X wouldn't exist without Y then Y's copyright applies to X"? If that's the principle, then you can kiss FOSS goodbye."

No that is not his criterion, but it is, more-or-less, the US courts criterion... in very loose layman's terms.

Separability..

Really, you programmers, you think it is up to YOU to decide what the law is?

Re: That's precisely what derived means

They can sue them for copyright infringement, and they should do so.

Lay moron.

The person creating the derivative work only has the permission granted to him by the original copyright holder, in this case through the license grant.

Re:That's precisely what derived means

It would be a derivative work - just like the GRSecurity patch is.
You would be liable.

Feel free to claim otherwise all day, everyday; you programmers surely know better than we attorneys.

Re: That's precisely what derived means

[phantomfive]

They can sue for copyright infringement for creating a derivative work without permission, as you said, but they can't sue to gain ownership of the derivative work.

Re: That's precisely what derived means

> ... they can't sue to gain ownership of the derivative work.

For copyright purposes, the original author already owns the derivative work.

Re: That's precisely what derived means

[phantomfive]

No, that's a misunderstanding. The courts use the abstraction, filtration, comparison test to determine what is a violation and what is not.

I am God's gift to you stupid niggers... apk

See subject & APK Hosts File Engine 2.0++ 64-bit for Linux h t t p : / / a p k . i t - m a t e . c o . u k / A P K H o s t s F i l e E n g i n e F o r L i n u x . z i p (remove spaces between characters & download).

Yields more security/speed/reliability/anonymity vs. any SINGLE solution (99% of threats = hostnames vs. IP address that most firewalls use) more efficiently/FASTER + NATIVELY 4 less!

(Vs. "Bolt on 'MoAr' illogic-logic" competitors slowing you, hosts speed you up 2 ways (adblocks + hardcodes u spend most time @) vs. competition loaded w/ bugs (DNS/AntiVir) + their overheads (messagepass ('souled-out' to advertiser addons) + filtering drivers) & their complexity leads to exploitation).

* ONLY 1 of its kind in GUI on Linux/BSD!

(Much better vs. Windows model in speed & efficiency + new "merge" feature)

APK

P.S.=> You love Bruce Perens but I'm world-class and better than him. You stupid níggers can benefit from my greatness as God's gift to you... apk

You stupid niggers like & use my work... apk

Your software is just fine - well written, functional... I'm going to continue using the Host File Engine by mmell February 17, 2017

Your premise that hostfiles are a good way to deal with advertising and malvertising is quite valid - by JazzLad April 20, 2016

his hosts program is actually pretty good by xenotransplant August 10 2015

his hosts tool is actually useful for those cases in which one does indeed want to locally block stuff outright while consuming minimum system resources by alexgieg September 25 2015

I like your host file system by Karmashock September 09 2015

that APK guy, I use his host file by rogoshen1 Tuesday March 03, 2015

I personally use a HOSTS file blocker produced from a genius called APK by 110010001000 October 27 2017

* Best part = Linux 64-bit model's faster/more efficient (2x work in 1/2 the time)

APK

P.S.=> For a faster/safer/more reliable internet. Even you stupid níggers can benefit from my greatness. God's gift to Slashdot will NEVER be silenced... apk

gweihir = fake name massive human fail... apk

See subject: Your MASSIVE FAIL in this life is you're nothing more than a chattering little do-nothing "ne'er-do-well" online & you know it...

* Is that the best your "phantasyland FAKE NAME" (for your fake lie of a so-called 'life') can manage?

When a FAKE NAME do nothing like YOU does better than I have? Then talk (you're all talk & no action)...

You can't help you're an immature little BUTTHURT no-mind, lol! I blew you away in TONS OF PLACES and easily dust your no-mind bullshit blatherings.

APK

P.S.=> The TRUE PRICE of your UNIDENTIFIABLE FAKE NAME do-nothing selves like you that I can ALWAYS CASH IN ON (lol) is that I can use FACT/TRUTH on them to SHATTER their all TOO fragile delusional egos that they actually know A DAMN THING in computing, lol... apk

Re:gweihir = fake name massive human fail... apk

[gweihir]

a) I know this is not APK, as I actually am able to communicate with people directly and openly, something you obviously have never mastered.

b) Is that all you have? A smart 12 year old can do better. I guess you based these "insults" on the defects and fears of your own person. Here is a hint: That does not work in me, I am way out of your league. Some sophistication is required (look it up).

c) You are pissed at me because I am not pathetic, unlike you? Nice! Makes my day. Thanks for that and keep the inept trolling coming.

Never seen a patch?

[raymorris]

Have you never seen kernel patch? Or any patch for any project?  If not, it made be good to stop making assertions about things you've never even seen in your life.

> A kernel patch is not a transformed version of the original

Actually that's EXACTLY what a patch is - the relevant section of code, with some lines marked out and the new version of those lines added. Here's a trivial patch as an example:

    printk("comedi%d: ni_labpc: %s, io 0x%lx", dev->minor, thisboard->name,
               iobase);
    -       if (irq) {
    +       if (irq)
            printk(", irq %u", irq);
    -       }
    -       if (dma_chan) {
    +       if (dma_chan)
            printk(", dma %u", dma_chan);
    -       }
        printk("\n");

        if (iobase == 0) {

It starts with a couple lines exactly as in the original, unchanged. Then where a like is changed, it has the original line, with a "-" mark added, then the transformed version, marked with a "+".

Re:Never seen a patch?

[ooloorie]

Are you so inexperienced with UNIX that the only patch format you have ever seen is a context diff?

Re:Never seen a patch?

[smallfries]

Please enlighten us oh great unix guru:

What type of patch does not specify which content is being deleted as part of the edit?

Re:Never seen a patch?

You could come up with a patch format that doesn't. Simply mention the line numbers to delete.

I'm not advocating for this. It would be a dumb format. So is any non-unified diff patch file format probably just dumb.

Re:Never seen a patch?

[ooloorie]

What type of patch does not specify which content is being deleted as part of the edit?

"diff -e"

Re:Never seen a patch?

[ooloorie]

You could come up with a patch format that doesn't. Simply mention the line numbers to delete.

You don't have to come up with it, it has been around since V7 and since before context diffs: diff -e

If you wanted a context diff but didn't want to include the literal context, you could replace the context by a hash of the context.

Re:Never seen a patch?

[smallfries]

Ok, that is a fair point. I had not seen that option before.

So rewinding a couple of steps to the part of the argument that led here:

Assume that a patch is created as an ed script, it does not contain any of the kernel code. Its only use is to transform the kernel source. Who owns the coyright on the transformed source that results after the patch is applied?

Re:Never seen a patch?

[ooloorie]

Its only use is to transform the kernel source. Who owns the coyright on the transformed source that results after the patch is applied?

Original Linux Kernel: Linux kernel authors hold the copyright and define copy terms for the kernel. Since that's the GPL, you can redistribute it under the GPL.

Patch: patch authors hold the copyright and define copy terms for the patch itself. If that prohibits redistribution, it can't be redistributed.

Patched kernel: both the Linux kernel authors and the patch authors hold a copyright in the result. When copying the combined work, you must comply with the terms of both the Linux kernel authors and the patch authors. One license permits redistribution, the other one doesn't, so the combined work can't be redistributed.

Keep in mind that the GPL allows for proprietary modifications; that is, if you modify and deploy GPL software in-house, you are not required to share your modifications. This was the express intent of the authors of the GPL. Furthermore, if you are a company and you have employees modify GPL software as part of their job, they can't just take the modified software and publish it; they are still bound by their employment agreements. Proprietary patches like this really are not all that different.

Re:Never seen a patch?

>Patch: patch authors hold the copyright and define copy terms for the patch itself. If that prohibits redistribution, it can't be redistributed.

Programmers are morons.

Think of how the patch was created. It was created by editing the linux kernel source code. It is a derivative work.

It does not matter what mechanical steps were created to come up with the patch file, what matters is what was done to create this work to begin with.

GRSecurity is not separable work. It is meaningless absent its parent work. The GRSecurity authors must comply with the terms offered by the owners of the parent work or they are violating the copyright.

Since the GRSecurity authors have decided to add additional restrictive terms, they are violating the linux kernel licensing terms.

Best of luck to Mr Perens!

Hope you win, and I hope the linux kernel people sue Spengler for copyright infringement.

Re: Best of luck to Mr Perens!

Bruce thanks you for blindly sucking his cock.

Re: Best of luck to Mr Perens!

Given that I kicked the whole thing off...
"concernedfossdev"...
and I am an attorney...
(as well as an opensource programmer with an interest in the GPL being enforced and upheld)

Why wouldn't I want ...my side... to win?

Bruce Peren's arguments, with the exception of the contributory infringement section, are the same arguments I sent to him on the mailing lists. The same arguments I had been putting forth since 2015. I am grateful to him for making them known to a wider not-legally-sophisticated audience and for fighting this good fight.

Yes, I do want the Linux Kernel rights-holders to sue for relief regarding Bradly Spengler's violation of their copyrights, and I would like them to initiate the suit before the statute of limitations expires on the known-violation, and before a laches argument can be made against them.

So much winning...

[gosand]

by lawyers I mean. It's really a shame that so much money is spent on things like this, and other frivolous legal actions. While hopefully the right people are vindicated by this (you know who you are, Bruce), the only ones who really win are the lawyers. Their profession is such a twisted self-fulfilling prophecy of sorts.

Actually they can't due to GPL trademark

[raymorris]

You're not allowed to call just any license "GPL". Only the GPL license can be called by that trademark name. The GPL does not allow adding clauses. Therefore it cannot be licensed "GPL with additional clauses".

They have said their software is GPL licensed. Therefore if they try to say "no, we mean our own special 'GPL', with extra terms added", that would violate the GPL trademark.

Re:Actually they can't due to GPL trademark

[ooloorie]

They have said their software is GPL licensed. Therefore if they try to say "no, we mean our own special 'GPL', with extra terms added", that would violate the GPL trademark.

That might be the case, but that's a different claim from what Perens claims. Perens claims that they violate the GPL on the kernel.

Now, I have no reason to believe that they distribute their patches to paying customers under the GPL; do you know?

PS could be similar to GPL license and not use GPL

[raymorris]

PS I forgot to say they COULD legally use a license that is similar to thr GPL, but different, and call it by a different name. They haven't chosen to do that. At least, under trademark they could.

If they chose to do that, they wouldn't be violating trademark, but since they are distributing things copy-pasted from the GPL kernel, it's a derivative work and would violate the license.

Bottom line:
If you sell a modified version of GPL software, it as to be GPL licensed, and you can't change the GPL to whatever you want it to be. Playing games doesn't work, you just end up falling into a different kind of violation.

Re:PS could be similar to GPL license and not use

[ooloorie]

If you sell a modified version of GPL software,

But they aren't. They are neither selling kernel sources nor are they distributing kernel sources. All they are distributing is their own patches. It is the end user that creates the "modified version of GPL software".

I forgot to say they COULD legally use a license that is similar to thr GPL, but different, and call it by a different name. They haven't chosen to do that.

How do you know what license they distribute their kernel patches under to paying customers? Are you a paying customer?

It's easy to find on their web site

[raymorris]

> How do you know what license they distribute their kernel patches under to paying customers?

It's stated quite plainly on their web site. It'll be the top result if you Google "grsecurity license". (Kinda sad you didn't bother to Google it before arguing about it.)

> They are neither selling kernel sources nor are they distributing kernel sources. All they are distributing is their own patches. A patch IS modified kernel sources. Here's a trivial kernel patch so you can see what they look like:

        printk("comedi%d: ni_labpc: %s, io 0x%lx", dev->minor, thisboard->name,
                              iobase);
        - if (irq) {
        + if (irq)
                        printk(", irq %u", irq);
        - }
        - if (dma_chan) {
        + if (dma_chan)
                        printk(", dma %u", dma_chan);
        - }
                printk("\n");

                if (iobase == 0) {

It starts with a couple lines exactly as in the original, unchanged. Then where a line is changed, it has the original line, with a "-" mark added, then the transformed version, marked with a "+".

It's not only the new lines derived from the original (a derivative work), but also which lines to remove, copy-pasted exactly from the original GPL kernel. You can't copy-paste from the original kernel OR distribute your modified version of those source lines without complying with the GPL. A kernel patch generally does both.

Re:It's easy to find on their web site

[ooloorie]

It's stated quite plainly on their web site. It'll be the top result if you Google "grsecurity license". (Kinda sad you didn't bother to Google it before arguing about it.)

I'm way ahead of you. That is what they distribute public patches under.

It's not only the new lines derived from the original (a derivative work), but also which lines to remove, copy-pasted exactly from the original GPL kernel.

Most people assume that context diffs consider fair use, just like quotations, and hence do not fall under the GPL. But if this were the origin of a copyright claim, then they could switch to non-context diffs.

You've put up a bunch of red herrings. Nothing you have said addresses the core question: in what way does Grsecurity's distribution of patches violate the GPL.

Furthermore, my point remains: if creating some work that depends on a GPL'ed work but does not include it constitutes a GPL violation, then the same principle would apply to other copyrighted works, and that would be really bad for FOSS.

Re:It's easy to find on their web site

>Furthermore, my point remains: if creating some work that depends on a GPL'ed work but does not include it constitutes a GPL violation, then the same principle would apply to other copyrighted works, and that would be really bad for FOSS.

It does, insofar as that work is derived from the parent work.
It may be "really bad" for FOSS, according to you, but that does not change US copyright law.

No matter HOW MUCH you want it to change. Keep crying layperson.

If a work is created in reference to another work, and is not seperable, it is a derivative work.

For instance. If you took a glass plate and put it over a portrait, and then drew thick black eyebrows on the glass plate, that new work would be derivative of the original work (the painting).

You could then try to argue de-minimus if you wished, but grsecurity cannot, their changes aren't small.

Moron.

Re:PS could be similar to GPL license and not use

This issue was settled by FSF and NeXT in the 1980s.

NeXT wanted to distribute their Objective-C compiler as a user-installable plugin to GCC. FSF nixed it, on the basis that the combined pieces create a "single program."

If your patches don't work on their own, and to work must be combined with the kernel code, you are creating a single work that is a derivative of the kernel. The fact that the user does the combining doesn't change this fact; it's a single program (according to the FSF) and thus must be GPL-licensed.

Dubious my ass.

Since you obviously failed to read the original blog post, let me quote it for you:

Grsecurity is a patch for the Linux kernel which, it is claimed, improves its security. It is a derivative work of the Linux kernel which touches the kernel internals in many different places. It is inseparable from Linux and can not work without it. it would fail a fair-use test (obviously, ask offline if you don’t understand). Because of its strongly derivative nature of the kernel, it must be under the GPL version 2 license, or a license compatible with the GPL and with terms no more restrictive than the GPL. Earlier versions were distributed under GPL version 2.

Clearly the patches contained GPLed code. You can look at the source code of the older versions to determine any derivative nature from kernel sources.