I'm suddenly picturing a couple having their fetus tested in the womb, it flunks the test, and they fix the problem with one of those in-the-womb surgeries to cut down this brain structure.
it's clear that the GPLv2 does not prohibit "tivoization".
That's the "common knowledge", but I think that only because no one has noticed or pursued this particular legal angle. It seems the general terms of the GPLv2 effectively defeat this TiVoization scheme, with no need for any special clause to target it.
Sega v. Accolade. It's a trademark/misrepresentation case
True. But as I said I was just citing a single case off the top of my head that essentially demonstrates that courts do treat this sort of thing as part of the program itself. I probably could have cited an even better case to make the point, but I think this case hits the nail pretty well on the head anyway. Both the SEGA text trademark and the TiVoized signatures are both platform specific checks of things that are not "conventional executable code" and which are a functional required part of the software's startup sequence. In this case as well as many others I've seen, the court explicitly considers it to be part of the program proper.
That being said, it's the need for a digital certificate that would be the functional part here, not the certificate itself.
That makes no sense. That's like saying the program header table in a Windows or Linux executable "would be the functional part", but the actual contents of that header table are somehow not part of the program. The operating system cannot and will not launch that program if these things are mot present.
In fact this is an absolutely perfect comparison - one of the things within the Windows executable file formate is a 32-bit CRC of entire contents of executable. This is generated and attached to the executable code during compilation. This is an absolutely amazing parallel to the signature added to the executable for iPhone executables. Both are mathematical hashes describing and validating the integrity of the rest of the executable. There is no possible dispute that it is not part of the executable.
I guess I should thank you. Without your challenge on this point I wouldn't have realized how this iPhone signature is such an exact match for things that already exist within the standard Windows executables. It just doubled the strength of my case that these executable-signatures really are part of the executable, exactly as executable-CRCs are a part of any Windows executable. Now the case is a slam dunk.
The iPhone OS isn't checking to be sure the application has a specific digital certificate, only that the certificate satisfy some requirement
I think the Windows executable startup sequence usually neglects to check the accuracy of the executable's CRC integrity value, but if and when it does, the Window "OS isn't checking to be sure the application has a specific [CRC32], only that the [CRC32] satisfy some requirement".
You are searching around for some way to make a distinction about these signatures, but you're just proving my point that there is no distinction.
But regardless of which definition you choose, it's only a definition.
We are attempting to define weather or not the TiVo signature and iPhone signatures are part of the executable being distributed. I am attempted to look at how it is defined as a legal issue. I'm a programmer not a lawyer, but I developed substantial amature expertise studying the law and reading court cases in relation to copyright and software. The court rulings I've read all seem clear and consistent on accepting this sort of thing as being part of the program itself.
Speaking both as a programmer and as someone who has looking into the law on this, once you specifically notice the issue it seems quite clear that these signatures are functionally and legally elements of the iPhone (or TiVo) executable file format.
It has no legal consequence except that which the GPL gives it, and the GPL doesn't use this term at all.
People have been asking for legislation to decriminalize marijuana for ages, but it's only just now making real progress in California and in other legislatures because of the bad economy and the idea of using huge marijuana tax revenues to fix government budget problems.
I'd also see some legislation allowing the Federal Constitutional Courts to hand out savage beatings with the clue stick to everyone involved in drafting and passing unconstitutional laws. And they should broadcast it on TV, too.
No. If you want to see legislators get savagely beaten for drafting and passing unconstitutional laws, I propose selling tickets.
I will literally shit myself if my government appoints a minister of puppies, pink ponies and day old baby ducklings.
Oh, it's not just minister titles. That happens with the titles of laws too. I will literally shit myself if my government ever passes some law with an OMGPUPPIES!-title like Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act.
Let me clarify the "SDK license" thing. I was referring to the SDK license as represented by the license key. The unique developer signing key used to prepare the final executable for upload to the iTunes store.
I certainly wasn't suggesting the entire SDK package and tools had to be GPLed:D
some clever (and wrong, IMO) application of the term "functional code"
That may be your opinion, but I'm pretty sure the courts disagree with you. Courts consistently say that platform specific checks for things like this in order to successfully launch a program are functional code, and refer to them as part of the program. Just to cite one case off the top of my head, Sega Enterprises Ltd. v. Accolade Inc. consistently referred to "SEGA" text trademark as being functional code, and it being part of the initialization sequence of the program itself. That ruling and many others reach their conclusions in part upon the assumption or express assertion that platform-specific startup checks (like this signature) are part of the program itself.
It is not part of the source, and it is not required to execute the software (it runs in a simulator fine).
That software, a plain executable that "runs in a simulator fine", that he certainly could distribute without any key. He only has to supply the source for the executable that he is distributing. If the developer wanted to upload that plain unsigned executable to the iTunes store he is perfectly free to do so, that would be perfectly fine under the GPL. But that is completely irrelevant because that's not what we're talking about. I don't think we have any disagreement when that is what is being distributed.
If a developer compiles a "plain" executable and distributes it on iTunes (or elsewhere) then obviously it's fine under the GPL to not-include an unused key with the source. However in the case we're discussing, the developer does not consider that compilation complete. He does not yet have the executable he intends to distribute. Trying to upload it to the iTunes app store in this unsigned form would be Complete Fail. So the developer preforms an additional compilation step to generate a different executable with additional initialization code. That is the executable that is being distributed.
He's not distributing an executable for a simulator target platform. He's compiling and distributing an iPhone executable.
Releasing the key would be a logical way to comply with the GPL, but I suspect it's also a violation of your agreement with Apple.
I thought I had said that, but looking back I see I didn't make that point explicit. I was thinking that and implying it when I said: "In order to comply with the GPL he has to supply all of the source he used to compile that particular executable. If he cannot or will not do that then he cannot legally distribute that executable." I'm not very familiar with Apple's contract terms, but it's probably not possible to legally distribute GPL software in the iTunes app store under Apple's current contract terms.
the GPL only covers the release of the source code for the program itself
Right, and US courts have repeatedly stated that things like this are a functional part of the initialization sequence of the program. The courts consistently treat things like this as a functional and integral part of the program itself.
I replied in more detail to someone else over here.
That signing happens after linkage, which means that it's not part of the binary.
It doesn't matter when in the compilation process it it generated, if it is in fact part of the executable being distributed. It is intended to be, and in fact is, an essential functional part of the startup code of the executable they are distributing.
Console Game manufacturers have quite often required specific text or an image or other oddball things to appear at the beginning of a game cartridge to activate executable startup sequence for that platform. The courts have consistently said that such things are in fact a functional part of the executable. The courts consistently refer to them as functional startup code of that executable.
According to US Courts the English text "SEGA" is in fact initialization code of executables for the Sega Genesis console. The hardware specifically scans for that text signature when loading a game cartridge, and treats it as a functional command in the initialization sequence to run a game. If by your own intent you distribute an executable for the Sega Genesis console and you include the text signature "SEGA" along with that executable, then that is part of the executable and it would be a violation of the GPL to supply incomplete source lacking that text signature. It doesn't matter if there may exist some other hardware platform that could run a SEGA-free executable, because you are not distributing a SEGA-free executable for that other platform. By your own knowledge and intent you are distributing an executable that does include, and does require that SEGA text signature.
The binary produced (without the code) will run just fine.
No it won't, not from the point of view of the person utilizing the GPL and engaging in distribution of that executable. They are the ones who have to comply with the terms of the GPL, and they have to supply the source for the executable that they are distributing, by their own knowledge and intent.
As I said, you cannot distribute a spreadsheet executable and supply different tic-tac-toe source, nor can you distribute source for a Cray and supply different source for a Commodore64 version of the program. You have to supply the source for the exact executable that you are distributing.
TiVo is distributing an executable that they compiled for their TiVo hardware, and the signature required functional startup code of that executable they are delivering. Just consider if had left out signature when they distributed it. What would their own understanding of that situation have been? Their own understanding of the situation would be that they had accidentally distributed an incomplete and completely non-functional executable. From their own point of view, and that of their customers, the software would be incomplete and fail to run at all.
that is, an iPhone (in default configuration) will not run an unsigned app.
Exactly, and that "signed app" is the executable that, by the distributor's own intent, he is distributing. Again, imagine if he had accidentally omitted the signature. From his own point of view the executable he is distributing would be incomplete, defective, and completely non-functional. From his own point of view it is part of the intended initialization sequence for that executable.
That is hardly the developers fault.
Fault? This has nothing to do with any sort of "blame". I am simply stating that he is distributing an executable, and that that he knows and intends that executable to have integral functional startup code in the form of that signature. In order to comply with the GPL he has to supply all of the source he used to compile that particular executable. If he cannot or will not do that then he cannot legally distribute that executable.
Someone correct me here if I'm wrong, but as I understand it each iTunes developer receives some sort of unique identity key they need to use in compiling the final EXE for upload to the iTunes store. That unique developer compilation key would in fact be part of the source used to compile the executable. The GPL requires requires you to provide the complete source materials you used during compilation of that final executable.
While I basically agree the GPL3 wasn't really necessary, it's for the exact opposite reason as you.
TiVo did not violate the "spirit" of the GPL2, they literally violated the letter of the GPL2. TiVo distributed an executable, and according to the GPL2 they are required to supply the all of the they used to compile *that* executable. You cannot distribute an executable for complex photo-manipulation software and offer different source code sufficient to compile some tic-tac-toe executable. You cannot distribute a Cray-supercomputer executable and offer different source code sufficient to compile a same-purpose-but-different-executable for a Commodore64. The executable they created and distributed included a crypto-signature, and that signature was fully intended to be a functional element of that final executable. From their own point of view, their executable would have been incomplete and non-functional if they had left off that signature. The executable they created, the executable they intended to create, was intened to run on TiVo hardware by their own intent the crypto signature was a required functional component of that executable. That signature was in fact part of the executable, and creating that signature was in fact a part of their compilation process for the executable they distributed. Under the existing GPL2 they are required to provide all source materials they themselves needed and used to compile the executable they distributed. The key they used to create that signature is in fact part of the source code for that executable.
It is a violation of the GPL to offer incomplete source code.
TiVo violated the existing GPL2 when they deliberately offered a source code package that the knew and deliberately intended to be incomplete and insufficient to compile the complete working executable that they distributed.
The same issue applies to this case with the iTunes store. You cannot legally distribute GPL software on the iTunes store unless you include any keys or other materials that you used in compiling that executable for the iTunes store. As I understand it, iTunes contractually prohibits you allowing anyone else access to your unique developer compilation key. Distributing GPL software on iTunes would either be a violation of the GPL if you fail to include the developer compilation key you used, or a violation of your iTunes contract. To quote the GPL "If you cannot convey a covered work so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not convey it at all".
I really wish the of the Linux contributors (and copyright holder!) would take up this issue and sue TiVo or anyone else using this tactic of offering useless incomplete TiVoized source.
Which raises an interesting question for the "copyright violation is theft" crowd.
That's not me, but I do have an exceptional amature expertise in copyright law (primarily US copyright law) and would like to take a shot at giving you the correct-by-law answers to your questions.
The first thing I would like do is start with some choice quotes from the US Supreme Court: infringed, but not stolen" "It follows that interference with copyright does not easily equate with theft, conversion or fraud. The Copyright Act even employs a separate term of art to define one who misappropriates a copyright: 'Anyone who violates any of the exclusive rights of the copyright owner,' that is, anyone who trespasses into his exclusive domain by using or authorizing the use of the copyrighted work in one of the five ways set forth in the statute, 'is an infringer of the copyright.'" "the property rights of a copyright holder have a character distinct from the possessory interest of the owner of simple 'goods, wares, merchandise'" "While one may colloquially link infringement with some general notion of wrongful appropriation, infringement plainly implicates a more complex set of property interests than does run-of-the-mill theft, conversion, or fraud."
With that dealt with, on to your questions: Did the steal it when they land in the US? Did the steal it when the plane enters US airspace? Did the steal it when (if) they get caught? Did the steal it when they boarded the plane? Did the steal it when they (legally in Australia) downloaded the book? Is it sometime before, which was the reason they were sent to Australia anyway?
No, no, no, no, no, and no. Under US law there is no infringement there.
If your answer was going to be that the seller stole it, so the customer didn't steal but received stolen property, then lets assume that the seller travelled to Australia to download it: Did they steal it when they land in the US? Did they steal it when the plane enters US airspace? Did they steal it when (if) they get caught? Did they steal it when they boarded the plane? Did they steal it when they (legally in Australia) downloaded the book? Is it sometime before, which was the reason they were sent to Australia anyway? Did they steal it when they sold it?
No, no, no, no, no, no, and a 'yes'. Obtaining a public domain work in Australia, importing it into the US and selling it would constitute infringement.
If so, by what legal mechanism does selling a legally obtained copy become stealing?
A simplified explanation of copyright law is that there are basically three distinct righted granted by copyright. There is the (1) the right to create new copied (including derivative work copying), (2) the right to distribute copies, and (3) the right to public performance (or public display), and those three rights are subject to innumerable limitations and exceptions. Those are the only rights a copyright holder owns, the only rights he has available to license. There is no such thing as a 'right to read', a 'right to listen', any sort of 'right to use'. Companies sometimes make claims that they are 'licensing' you to play their music or licensing you to 'use' something, and many people believe it, but such claims are legally false. The law make an important distinction between the person who owns the copyright on a work and the ownership of particular copies of that work. When someone sells you a book or sells you a CD with music on it, you become the legal owner of that physical medium, and you become the legal owner of the particular copy of the work stored on that media. That particular physical copy is indeed a piece of physical property, and you are in fact the legal property owner of that particular copy. You have the the basic property right to ready your copy, play it, listen to it, watch it, or 'use' it in virtually any way you wish, with the exception of the three exceptions listed above.
Since neither me or you are USA copyright lawyer it is not safe to draw conclusions
I am not a lawyer, however I do have a exceptional level of amature expertise in this subject. It is one of my fields of geek-interest and geek-expertise. I have read the entire Title 17 US Copyright law, and I have have read many US Supreme Court copyright rulings, I have read many lower court copyright rulings, and I have read many other sources on the subject, and I have spend a fair amount of time on the international aspects of copyright. One does not need to be a lawyer to understand the law. If one understands the law then one can draw pretty strong conclusions.
Since there is not database law in USA it might fall under copyright there.
The most relevant US Supreme Court ruling here is Feist Publications, Inc., v. Rural Telephone Service Co., 499 U.S. 340 (1991). Facts and information are *not* protected under US copyright law. Only creative expression can be protected by copyright, although the minimum threshold for a creative contribution is quite low. This is not only true under US law, but generally much the same internationally. The fact that the EU needed to pass a special law in order to extend protection to databases confirms that their own copyright law did not cover databases in this manner.
The fundamental point is that the thermodynamic data we are talking about here is not protectable under copyright. Anyone wanting to claim copyright on it has to get creative. I spend most of my post addressing the available means to make such a claim. If the database contains something like free form descriptive text fields or graphical artwork, then those are protectable under copyright. If something (such as a database) has protected elements and unprotected elements, then the court has explicitly ruled that the unprotected elements can be extracted and freely copied. The next way to try to claim copyright on it s to claim some creative work in the selection, formatting, or arrangement of the contents. So again I explained how to extract the unprotectable data by stripping it out of the original arrangement and formatting. A unique ordering such as "alphabetical" has zero room for creativity, and it is explicitly excluded from protection under copyright.
One thing I perhaps should have addressed is the selection of what data elements to include or exclude from the compilation. It is a bit of a stretch, but someone could try to claim creative judgment in which data to include or to exclude. Such a claim fails completely for a uniquely-complete list like a phone book, but this dataset is obviously incomplete. Trying to claim copyright here on that basis would be a real stretch, and particularly so as this database presumably has the non-creative goal of aiming towards completeness. The best way to deal with that is simply to find as much more data to add into your new database as you can.
I'm not a lawyer, but I am analyzing it as a lawyer would. The basic point is that this sort of data is not protectable, and the analysis then turns to lawyerly-ways someone can try to work around that "problem" in order to claim copyright infringement. You do need to be careful to dodge any extra "hook" someone could use to claim copyright, but the final conclusion is that it can be done. Non-creative data cannot be protected by copyright, and it *can* be freely copied.
The biggest complexity here is that the original question came from the EU. I have not spent much time on specifically EU law, but copyright is pretty tightly defined by international treaty. Most of copyright law works out the same in different countries, and I have a basic familiarity with where most such differences do crop up in international copyright. The most significant international issue here is the unique EU database directive. I checked, it explicitly excludes coverage for foreign databases unless that foreign country arrang
Uh, let's see now. You're going to expect all the idiots on the Internet to make precise measurements
No.
I'm thinking that if there is a community interested in this kind of software then *those* people may already have this sort of data already lying around somewhere.
Write your open source software to work with the data, and set up a website or something where people can contribute data points? There would obviously by no guarantee on any particular data contributed, but you could have some provision to flag data as wrong or dubious and store multiple conflicting values until you sort out the conflict somehow?
The EU database law specifically does not protect foreign databases unless that foreign country also creates a database a law and establishes mutual protection. The US has no such protection, in fact it seems no country outside the EU has established reciprocal database protection. It should be possible to do this open source project based on data from the US or from anywhere outside the EU.
The FAQ [nist.gov] claims that the US government has a copyright on the material.
The factual data in that database cannot be protected by copyright, it is not protected as a database in the US, and is not covered under EU law. The only copyright they could claim on it is either if it contains creative images or creative text or the like, then those particular elements could be protected, or they could perhaps claim a copyright on the creative arrangement and formatting of the data in the database. Both of those issued can be avoided.
What can be done is use this database and read out the needed factual data elements and then re-write it into the database for the open source project. Purely factual text-fields such as the name of an element or compound or whatever can be copied, just be careful not to copy any images or free-form text fields such as descriptive text or explanatory text. Then write the data out in your own arrangement. The best thing to do there is to arrange the data in some strict alphabetical or numerical order - there is no creativity and no copyrightability in that sort of unique ordering. That means not only storing the records in alphabetical order, but also order the data elements within each record in name-of-field alphabetical order. It might even be a good idea to rename any fields that care reasonably open to custom naming. There is no need to rename a field like "name" or "address" or "phone number", but a field like "work contact number" could easily be called "work phone".
The best way to go about it would be to create a mostly-empty, but functioning, database before even looking at your intended source material, that way by definition there is no copying of the formatting of the database. Once there is a functioning database design then the factual data elements can be copied from the source to fill the already-designed database.
I'm replying a second time because I just thought of a funny alternate explanation for "why".
We still need creators, but the need for a mass publication industry is largely obsolete. Who needs publishers when the public is eager preform that job for free? Internet technology, and particularly P2P, is essentially a terminal illness for the publishing industry.
The five stages of greif: 1. Denial 2. Anger 3. Bargaining 4. Depression 5. Acceptance
They spend several years in Denial, ignoring all the technology and ignoring the internet and refusing to permit music to be sold online or on computers at all. Then they entered the Anger stage with the Hulk-Smash-Everything routine. And now they seem to have entered Stage Three, the Bargaining phase, with "Will you come back and pay us if we promise to play nice and we do your P2P thing with you?" Chuckle. I guess in a couple more years they'll hit Depression.
That's the empression I got too but that still creates a massive "WHY?" in my head.
I think there's two different ways to answer that. First 'll give their rationalization for it, the reason they think they are working on it, second I'll give what I think is the real reason.
The rationalization is that P2P reduces distribution costs. They hear how the technology is revolutionizing content delivery with zero cost publication, and how they are supposed to embrace the new technology and how it's supposed to save the them money because they don't have to pay for bandwidth and servers to deliver the downloads, blah blah blah.
The economics of that rationalization don't really fly. The bandwidth costs and server costs to directly deliver downloads are already a negligible fraction of a cent for non-P2P. The servers and bandwidth they'd need to play "gatekeeper" managing their new P2P network would cost a fair percentage of what they'd have to spend just to send the download themselves. But the big killer is that they'd need to keep their old direct-download system anyway for people who cannot or won't-want-to run P2P to buy stuff. They'll need to run a P2P pay system side by side with direct download pay system, and run duplicate payment systems and duplicate marketing and duplicate management and duplicating other overhead costs. The "publishing revolution" of P2P is that it's supposed to completely eliminate those things, not cause them to duplicate. The magic of P2P is that there is no gatekeeper, that you can step into any random home and borrow a computer to host a file on P2P for a half hour, then you can just turn the computer off and go home, literally zero cost and zero effort once the file gets copied onto the P2P.
I think the real reason is that the content industries are beginning to recognize that their efforts to kill P2P are never going to succeed, they are recognizing that P2P is extremely popular with their target customer base and they are envious of that popularity, and message "they need to embrace new technology and update their business models" is seeping into their brains by sheer endless repetition, so they are desperately grabbing at any snake oil hope of taming the monster. The fantasy is that if they release their own "legal" version of P2P then maybe people who like using P2P will switch over to their network and maybe the "bad P2P" monster will shrink or maybe even die away.
They still don't understand P2P and the rest of this interwebby stuff(*), but I dunno, I guess maybe it's progress. Some dim touch of reality has reached their brains and they are at least making some confused attempt to deal with it. It's a step up from their living in complete denial and having nothing more than a "Hulk Smash!" reflex.
(*) I'm sure most executives have enough IQ points to reach a basic grasp of P2P and of the internet, but unfortunately people tend to be quite skilled in failing to understand things they don't want to understand. That goes double when people have a financial stake in not-understanding something.
There is no need for existing protocols to change. This paper cannot be used to attack them. This paper proposes a new paid-P2P network, one deliberately designed to give a central authority (the RIAA) the power to poison the system.
I think he has used torrent before. His complaint about "overseeded" torrents was that *you* get squeezed out from offering any upload on a torrent that has a large ratio of seeders-to-downloaders. If you download some old massively-seeded-and-few-downloaders file, it becomes almost impossible to meet private tracker upload ratios. You could seed for a month and end up with a 0.1 upload ratio.
I'm not sure if I missed the last line of the summary in my haste to read to the PDF file, or if the summary was updated, but the last line of the summary is correct and it pretty well refutes the rest of the summary-as-written. The earlier statements in the summary about success rates in blocking particular existing networks are wrong. Those blocking percentages are modeled results *if* those sorts of networks were to become paid access networks implemented this deliberate poisoning capability into their design.
I'm part way through the research paper, the article summary is just plain wrong.
There is no vulnerability here. They CANNOT poison Gnutella, KaZaA, and Freenet, eMule, eDonkey, Morpheus, or any other existing network with this technique. To quote the paper: Presently none of these P2P networks has built with satisfactory support for copyright protection.
The "problem" they want to "solve" is that existing networks to not possess adequate support for poisoning attacks. This paper proposes creating a NEW additional P2P network. They propose deliberately building in special support to ENABLE poisoning attacks.
While I'm sure the RIAA will eagerly read it over while dreaming of world conquest by releasing their own deliberately crippled "legal P2P network" where they get paid for each authorized client-to-client transfer. As far as most readers here are concerned, this is a completely non-newsworthy story, the contents of this paper are completely irrelevant and harmless. There is absolutely nothing new or surprising about the fact that you can deliberately make your software insecure and you can deliberately leave it vulnerable to poisoning. Yes, a P2P new network could be built Defective By Design.
Slashdot Mirror
a "leadership" test.
I'm suddenly picturing a couple having their fetus tested in the womb, it flunks the test, and they fix the problem with one of those in-the-womb surgeries to cut down this brain structure.
-
Yeah, Scientology too.
-
it's clear that the GPLv2 does not prohibit "tivoization".
That's the "common knowledge", but I think that only because no one has noticed or pursued this particular legal angle. It seems the general terms of the GPLv2 effectively defeat this TiVoization scheme, with no need for any special clause to target it.
Sega v. Accolade. It's a trademark/misrepresentation case
True. But as I said I was just citing a single case off the top of my head that essentially demonstrates that courts do treat this sort of thing as part of the program itself. I probably could have cited an even better case to make the point, but I think this case hits the nail pretty well on the head anyway. Both the SEGA text trademark and the TiVoized signatures are both platform specific checks of things that are not "conventional executable code" and which are a functional required part of the software's startup sequence. In this case as well as many others I've seen, the court explicitly considers it to be part of the program proper.
That being said, it's the need for a digital certificate that would be the functional part here, not the certificate itself.
That makes no sense. That's like saying the program header table in a Windows or Linux executable "would be the functional part", but the actual contents of that header table are somehow not part of the program. The operating system cannot and will not launch that program if these things are mot present.
In fact this is an absolutely perfect comparison - one of the things within the Windows executable file formate is a 32-bit CRC of entire contents of executable. This is generated and attached to the executable code during compilation. This is an absolutely amazing parallel to the signature added to the executable for iPhone executables. Both are mathematical hashes describing and validating the integrity of the rest of the executable. There is no possible dispute that it is not part of the executable.
I guess I should thank you. Without your challenge on this point I wouldn't have realized how this iPhone signature is such an exact match for things that already exist within the standard Windows executables. It just doubled the strength of my case that these executable-signatures really are part of the executable, exactly as executable-CRCs are a part of any Windows executable. Now the case is a slam dunk.
The iPhone OS isn't checking to be sure the application has a specific digital certificate, only that the certificate satisfy some requirement
I think the Windows executable startup sequence usually neglects to check the accuracy of the executable's CRC integrity value, but if and when it does, the Window "OS isn't checking to be sure the application has a specific [CRC32], only that the [CRC32] satisfy some requirement".
You are searching around for some way to make a distinction about these signatures, but you're just proving my point that there is no distinction.
But regardless of which definition you choose, it's only a definition.
We are attempting to define weather or not the TiVo signature and iPhone signatures are part of the executable being distributed. I am attempted to look at how it is defined as a legal issue. I'm a programmer not a lawyer, but I developed substantial amature expertise studying the law and reading court cases in relation to copyright and software. The court rulings I've read all seem clear and consistent on accepting this sort of thing as being part of the program itself.
Speaking both as a programmer and as someone who has looking into the law on this, once you specifically notice the issue it seems quite clear that these signatures are functionally and legally elements of the iPhone (or TiVo) executable file format.
It has no legal consequence except that which the GPL gives it, and the GPL doesn't use this term at all.
What term are you saying the GPL doesn't use?
It certainly uses the terms "program" an
People have been asking for legislation to decriminalize marijuana for ages, but it's only just now making real progress in California and in other legislatures because of the bad economy and the idea of using huge marijuana tax revenues to fix government budget problems.
I'd also see some legislation allowing the Federal Constitutional Courts to hand out savage beatings with the clue stick to everyone involved in drafting and passing unconstitutional laws. And they should broadcast it on TV, too.
No.
If you want to see legislators get savagely beaten for drafting and passing unconstitutional laws, I propose selling tickets.
-
I will literally shit myself if my government appoints a minister of puppies, pink ponies and day old baby ducklings.
Oh, it's not just minister titles. That happens with the titles of laws too.
I will literally shit myself if my government ever passes some law with an OMGPUPPIES!-title like Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act.
-
Let me clarify the "SDK license" thing. I was referring to the SDK license as represented by the license key. The unique developer signing key used to prepare the final executable for upload to the iTunes store.
I certainly wasn't suggesting the entire SDK package and tools had to be GPLed :D
some clever (and wrong, IMO) application of the term "functional code"
That may be your opinion, but I'm pretty sure the courts disagree with you. Courts consistently say that platform specific checks for things like this in order to successfully launch a program are functional code, and refer to them as part of the program. Just to cite one case off the top of my head, Sega Enterprises Ltd. v. Accolade Inc. consistently referred to "SEGA" text trademark as being functional code, and it being part of the initialization sequence of the program itself. That ruling and many others reach their conclusions in part upon the assumption or express assertion that platform-specific startup checks (like this signature) are part of the program itself.
It is not part of the source, and it is not required to execute the software (it runs in a simulator fine).
That software, a plain executable that "runs in a simulator fine", that he certainly could distribute without any key. He only has to supply the source for the executable that he is distributing. If the developer wanted to upload that plain unsigned executable to the iTunes store he is perfectly free to do so, that would be perfectly fine under the GPL. But that is completely irrelevant because that's not what we're talking about. I don't think we have any disagreement when that is what is being distributed.
If a developer compiles a "plain" executable and distributes it on iTunes (or elsewhere) then obviously it's fine under the GPL to not-include an unused key with the source. However in the case we're discussing, the developer does not consider that compilation complete. He does not yet have the executable he intends to distribute. Trying to upload it to the iTunes app store in this unsigned form would be Complete Fail. So the developer preforms an additional compilation step to generate a different executable with additional initialization code. That is the executable that is being distributed.
He's not distributing an executable for a simulator target platform. He's compiling and distributing an iPhone executable.
Releasing the key would be a logical way to comply with the GPL, but I suspect it's also a violation of your agreement with Apple.
I thought I had said that, but looking back I see I didn't make that point explicit. I was thinking that and implying it when I said: "In order to comply with the GPL he has to supply all of the source he used to compile that particular executable. If he cannot or will not do that then he cannot legally distribute that executable." I'm not very familiar with Apple's contract terms, but it's probably not possible to legally distribute GPL software in the iTunes app store under Apple's current contract terms.
-
the GPL only covers the release of the source code for the program itself
Right, and US courts have repeatedly stated that things like this are a functional part of the initialization sequence of the program. The courts consistently treat things like this as a functional and integral part of the program itself.
I replied in more detail to someone else over here.
-
That signing happens after linkage, which means that it's not part of the binary.
It doesn't matter when in the compilation process it it generated, if it is in fact part of the executable being distributed. It is intended to be, and in fact is, an essential functional part of the startup code of the executable they are distributing.
Console Game manufacturers have quite often required specific text or an image or other oddball things to appear at the beginning of a game cartridge to activate executable startup sequence for that platform. The courts have consistently said that such things are in fact a functional part of the executable. The courts consistently refer to them as functional startup code of that executable.
According to US Courts the English text "SEGA" is in fact initialization code of executables for the Sega Genesis console. The hardware specifically scans for that text signature when loading a game cartridge, and treats it as a functional command in the initialization sequence to run a game. If by your own intent you distribute an executable for the Sega Genesis console and you include the text signature "SEGA" along with that executable, then that is part of the executable and it would be a violation of the GPL to supply incomplete source lacking that text signature. It doesn't matter if there may exist some other hardware platform that could run a SEGA-free executable, because you are not distributing a SEGA-free executable for that other platform. By your own knowledge and intent you are distributing an executable that does include, and does require that SEGA text signature.
The binary produced (without the code) will run just fine.
No it won't, not from the point of view of the person utilizing the GPL and engaging in distribution of that executable. They are the ones who have to comply with the terms of the GPL, and they have to supply the source for the executable that they are distributing, by their own knowledge and intent.
As I said, you cannot distribute a spreadsheet executable and supply different tic-tac-toe source, nor can you distribute source for a Cray and supply different source for a Commodore64 version of the program. You have to supply the source for the exact executable that you are distributing.
TiVo is distributing an executable that they compiled for their TiVo hardware, and the signature required functional startup code of that executable they are delivering. Just consider if had left out signature when they distributed it. What would their own understanding of that situation have been? Their own understanding of the situation would be that they had accidentally distributed an incomplete and completely non-functional executable. From their own point of view, and that of their customers, the software would be incomplete and fail to run at all.
that is, an iPhone (in default configuration) will not run an unsigned app.
Exactly, and that "signed app" is the executable that, by the distributor's own intent, he is distributing. Again, imagine if he had accidentally omitted the signature. From his own point of view the executable he is distributing would be incomplete, defective, and completely non-functional. From his own point of view it is part of the intended initialization sequence for that executable.
That is hardly the developers fault.
Fault? This has nothing to do with any sort of "blame".
I am simply stating that he is distributing an executable, and that that he knows and intends that executable to have integral functional startup code in the form of that signature. In order to comply with the GPL he has to supply all of the source he used to compile that particular executable. If he cannot or will not do that then he cannot legally distribute that executable.
-
He's not obligated to provide the SDK license
Actually, I'm pretty sure he is.
Someone correct me here if I'm wrong, but as I understand it each iTunes developer receives some sort of unique identity key they need to use in compiling the final EXE for upload to the iTunes store. That unique developer compilation key would in fact be part of the source used to compile the executable. The GPL requires requires you to provide the complete source materials you used during compilation of that final executable.
-
While I basically agree the GPL3 wasn't really necessary, it's for the exact opposite reason as you.
TiVo did not violate the "spirit" of the GPL2, they literally violated the letter of the GPL2. TiVo distributed an executable, and according to the GPL2 they are required to supply the all of the they used to compile *that* executable. You cannot distribute an executable for complex photo-manipulation software and offer different source code sufficient to compile some tic-tac-toe executable. You cannot distribute a Cray-supercomputer executable and offer different source code sufficient to compile a same-purpose-but-different-executable for a Commodore64. The executable they created and distributed included a crypto-signature, and that signature was fully intended to be a functional element of that final executable. From their own point of view, their executable would have been incomplete and non-functional if they had left off that signature. The executable they created, the executable they intended to create, was intened to run on TiVo hardware by their own intent the crypto signature was a required functional component of that executable. That signature was in fact part of the executable, and creating that signature was in fact a part of their compilation process for the executable they distributed. Under the existing GPL2 they are required to provide all source materials they themselves needed and used to compile the executable they distributed. The key they used to create that signature is in fact part of the source code for that executable.
It is a violation of the GPL to offer incomplete source code.
TiVo violated the existing GPL2 when they deliberately offered a source code package that the knew and deliberately intended to be incomplete and insufficient to compile the complete working executable that they distributed.
The same issue applies to this case with the iTunes store. You cannot legally distribute GPL software on the iTunes store unless you include any keys or other materials that you used in compiling that executable for the iTunes store. As I understand it, iTunes contractually prohibits you allowing anyone else access to your unique developer compilation key. Distributing GPL software on iTunes would either be a violation of the GPL if you fail to include the developer compilation key you used, or a violation of your iTunes contract. To quote the GPL "If you cannot convey a covered work so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not convey it at all".
I really wish the of the Linux contributors (and copyright holder!) would take up this issue and sue TiVo or anyone else using this tactic of offering useless incomplete TiVoized source.
-
Guess what; you can't compile Linux without a computer either.
Sure you can. It'll just take a shipping-carton of pencils and a fuckload of paper.
-
Which raises an interesting question for the "copyright violation is theft" crowd.
That's not me, but I do have an exceptional amature expertise in copyright law (primarily US copyright law) and would like to take a shot at giving you the correct-by-law answers to your questions.
The first thing I would like do is start with some choice quotes from the US Supreme Court: infringed, but not stolen"
"It follows that interference with copyright does not easily equate with theft, conversion or fraud. The Copyright Act even employs a separate term of art to define one who misappropriates a copyright: 'Anyone who violates any of the exclusive rights of the copyright owner,' that is, anyone who trespasses into his exclusive domain by using or authorizing the use of the copyrighted work in one of the five ways set forth in the statute, 'is an infringer of the copyright.'"
"the property rights of a copyright holder have a character distinct from the possessory interest of the owner of simple 'goods, wares, merchandise'"
"While one may colloquially link infringement with some general notion of wrongful appropriation, infringement plainly implicates a more complex set of property interests than does run-of-the-mill theft, conversion, or fraud."
With that dealt with, on to your questions:
Did the steal it when they land in the US?
Did the steal it when the plane enters US airspace?
Did the steal it when (if) they get caught?
Did the steal it when they boarded the plane?
Did the steal it when they (legally in Australia) downloaded the book?
Is it sometime before, which was the reason they were sent to Australia anyway?
No, no, no, no, no, and no.
Under US law there is no infringement there.
If your answer was going to be that the seller stole it, so the customer didn't steal but received stolen property, then lets assume that the seller travelled to Australia to download it:
Did they steal it when they land in the US?
Did they steal it when the plane enters US airspace?
Did they steal it when (if) they get caught?
Did they steal it when they boarded the plane?
Did they steal it when they (legally in Australia) downloaded the book?
Is it sometime before, which was the reason they were sent to Australia anyway?
Did they steal it when they sold it?
No, no, no, no, no, no, and a 'yes'. Obtaining a public domain work in Australia, importing it into the US and selling it would constitute infringement.
If so, by what legal mechanism does selling a legally obtained copy become stealing?
A simplified explanation of copyright law is that there are basically three distinct righted granted by copyright. There is the (1) the right to create new copied (including derivative work copying), (2) the right to distribute copies, and (3) the right to public performance (or public display), and those three rights are subject to innumerable limitations and exceptions. Those are the only rights a copyright holder owns, the only rights he has available to license. There is no such thing as a 'right to read', a 'right to listen', any sort of 'right to use'. Companies sometimes make claims that they are 'licensing' you to play their music or licensing you to 'use' something, and many people believe it, but such claims are legally false. The law make an important distinction between the person who owns the copyright on a work and the ownership of particular copies of that work. When someone sells you a book or sells you a CD with music on it, you become the legal owner of that physical medium, and you become the legal owner of the particular copy of the work stored on that media. That particular physical copy is indeed a piece of physical property, and you are in fact the legal property owner of that particular copy. You have the the basic property right to ready your copy, play it, listen to it, watch it, or 'use' it in virtually any way you wish, with the exception of the three exceptions listed above.
Gee, and here I was beginning to think we'd never find any.
-
Since neither me or you are USA copyright lawyer it is not safe to draw conclusions
I am not a lawyer, however I do have a exceptional level of amature expertise in this subject. It is one of my fields of geek-interest and geek-expertise. I have read the entire Title 17 US Copyright law, and I have have read many US Supreme Court copyright rulings, I have read many lower court copyright rulings, and I have read many other sources on the subject, and I have spend a fair amount of time on the international aspects of copyright. One does not need to be a lawyer to understand the law. If one understands the law then one can draw pretty strong conclusions.
Since there is not database law in USA it might fall under copyright there.
The most relevant US Supreme Court ruling here is Feist Publications, Inc., v. Rural Telephone Service Co., 499 U.S. 340 (1991). Facts and information are *not* protected under US copyright law. Only creative expression can be protected by copyright, although the minimum threshold for a creative contribution is quite low. This is not only true under US law, but generally much the same internationally. The fact that the EU needed to pass a special law in order to extend protection to databases confirms that their own copyright law did not cover databases in this manner.
The fundamental point is that the thermodynamic data we are talking about here is not protectable under copyright. Anyone wanting to claim copyright on it has to get creative. I spend most of my post addressing the available means to make such a claim. If the database contains something like free form descriptive text fields or graphical artwork, then those are protectable under copyright. If something (such as a database) has protected elements and unprotected elements, then the court has explicitly ruled that the unprotected elements can be extracted and freely copied. The next way to try to claim copyright on it s to claim some creative work in the selection, formatting, or arrangement of the contents. So again I explained how to extract the unprotectable data by stripping it out of the original arrangement and formatting. A unique ordering such as "alphabetical" has zero room for creativity, and it is explicitly excluded from protection under copyright.
One thing I perhaps should have addressed is the selection of what data elements to include or exclude from the compilation. It is a bit of a stretch, but someone could try to claim creative judgment in which data to include or to exclude. Such a claim fails completely for a uniquely-complete list like a phone book, but this dataset is obviously incomplete. Trying to claim copyright here on that basis would be a real stretch, and particularly so as this database presumably has the non-creative goal of aiming towards completeness. The best way to deal with that is simply to find as much more data to add into your new database as you can.
I'm not a lawyer, but I am analyzing it as a lawyer would. The basic point is that this sort of data is not protectable, and the analysis then turns to lawyerly-ways someone can try to work around that "problem" in order to claim copyright infringement. You do need to be careful to dodge any extra "hook" someone could use to claim copyright, but the final conclusion is that it can be done. Non-creative data cannot be protected by copyright, and it *can* be freely copied.
The biggest complexity here is that the original question came from the EU. I have not spent much time on specifically EU law, but copyright is pretty tightly defined by international treaty. Most of copyright law works out the same in different countries, and I have a basic familiarity with where most such differences do crop up in international copyright. The most significant international issue here is the unique EU database directive. I checked, it explicitly excludes coverage for foreign databases unless that foreign country arrang
Uh, let's see now. You're going to expect all the idiots on the Internet to make precise measurements
No.
I'm thinking that if there is a community interested in this kind of software then *those* people may already have this sort of data already lying around somewhere.
-
Maybe you could crowdsource for the data points?
Write your open source software to work with the data, and set up a website or something where people can contribute data points? There would obviously by no guarantee on any particular data contributed, but you could have some provision to flag data as wrong or dubious and store multiple conflicting values until you sort out the conflict somehow?
-
The EU database law specifically does not protect foreign databases unless that foreign country also creates a database a law and establishes mutual protection. The US has no such protection, in fact it seems no country outside the EU has established reciprocal database protection. It should be possible to do this open source project based on data from the US or from anywhere outside the EU.
The FAQ [nist.gov] claims that the US government has a copyright on the material.
The factual data in that database cannot be protected by copyright, it is not protected as a database in the US, and is not covered under EU law. The only copyright they could claim on it is either if it contains creative images or creative text or the like, then those particular elements could be protected, or they could perhaps claim a copyright on the creative arrangement and formatting of the data in the database. Both of those issued can be avoided.
What can be done is use this database and read out the needed factual data elements and then re-write it into the database for the open source project. Purely factual text-fields such as the name of an element or compound or whatever can be copied, just be careful not to copy any images or free-form text fields such as descriptive text or explanatory text. Then write the data out in your own arrangement. The best thing to do there is to arrange the data in some strict alphabetical or numerical order - there is no creativity and no copyrightability in that sort of unique ordering. That means not only storing the records in alphabetical order, but also order the data elements within each record in name-of-field alphabetical order. It might even be a good idea to rename any fields that care reasonably open to custom naming. There is no need to rename a field like "name" or "address" or "phone number", but a field like "work contact number" could easily be called "work phone".
The best way to go about it would be to create a mostly-empty, but functioning, database before even looking at your intended source material, that way by definition there is no copying of the formatting of the database. Once there is a functioning database design then the factual data elements can be copied from the source to fill the already-designed database.
-
I'm replying a second time because I just thought of a funny alternate explanation for "why".
We still need creators, but the need for a mass publication industry is largely obsolete. Who needs publishers when the public is eager preform that job for free? Internet technology, and particularly P2P, is essentially a terminal illness for the publishing industry.
The five stages of greif:
1. Denial
2. Anger
3. Bargaining
4. Depression
5. Acceptance
They spend several years in Denial, ignoring all the technology and ignoring the internet and refusing to permit music to be sold online or on computers at all. Then they entered the Anger stage with the Hulk-Smash-Everything routine. And now they seem to have entered Stage Three, the Bargaining phase, with "Will you come back and pay us if we promise to play nice and we do your P2P thing with you?" Chuckle. I guess in a couple more years they'll hit Depression.
-
That's the empression I got too but that still creates a massive "WHY?" in my head.
I think there's two different ways to answer that. First 'll give their rationalization for it, the reason they think they are working on it, second I'll give what I think is the real reason.
The rationalization is that P2P reduces distribution costs. They hear how the technology is revolutionizing content delivery with zero cost publication, and how they are supposed to embrace the new technology and how it's supposed to save the them money because they don't have to pay for bandwidth and servers to deliver the downloads, blah blah blah.
The economics of that rationalization don't really fly. The bandwidth costs and server costs to directly deliver downloads are already a negligible fraction of a cent for non-P2P. The servers and bandwidth they'd need to play "gatekeeper" managing their new P2P network would cost a fair percentage of what they'd have to spend just to send the download themselves. But the big killer is that they'd need to keep their old direct-download system anyway for people who cannot or won't-want-to run P2P to buy stuff. They'll need to run a P2P pay system side by side with direct download pay system, and run duplicate payment systems and duplicate marketing and duplicate management and duplicating other overhead costs. The "publishing revolution" of P2P is that it's supposed to completely eliminate those things, not cause them to duplicate. The magic of P2P is that there is no gatekeeper, that you can step into any random home and borrow a computer to host a file on P2P for a half hour, then you can just turn the computer off and go home, literally zero cost and zero effort once the file gets copied onto the P2P.
I think the real reason is that the content industries are beginning to recognize that their efforts to kill P2P are never going to succeed, they are recognizing that P2P is extremely popular with their target customer base and they are envious of that popularity, and message "they need to embrace new technology and update their business models" is seeping into their brains by sheer endless repetition, so they are desperately grabbing at any snake oil hope of taming the monster. The fantasy is that if they release their own "legal" version of P2P then maybe people who like using P2P will switch over to their network and maybe the "bad P2P" monster will shrink or maybe even die away.
They still don't understand P2P and the rest of this interwebby stuff(*), but I dunno, I guess maybe it's progress. Some dim touch of reality has reached their brains and they are at least making some confused attempt to deal with it. It's a step up from their living in complete denial and having nothing more than a "Hulk Smash!" reflex.
(*) I'm sure most executives have enough IQ points to reach a basic grasp of P2P and of the internet, but unfortunately people tend to be quite skilled in failing to understand things they don't want to understand. That goes double when people have a financial stake in not-understanding something.
-
Eureka! A wind-powered helicopter!
-
You, OTOH, with a name like ArsonSmith, should stay the fuck away.
WTF are you babbling about, man? I'd pay to see that because it'd be a damn cool feat of pyrotechnics.
-
There is no need for existing protocols to change. This paper cannot be used to attack them. This paper proposes a new paid-P2P network, one deliberately designed to give a central authority (the RIAA) the power to poison the system.
-
I think he has used torrent before. His complaint about "overseeded" torrents was that *you* get squeezed out from offering any upload on a torrent that has a large ratio of seeders-to-downloaders. If you download some old massively-seeded-and-few-downloaders file, it becomes almost impossible to meet private tracker upload ratios. You could seed for a month and end up with a 0.1 upload ratio.
-
I'm not sure if I missed the last line of the summary in my haste to read to the PDF file, or if the summary was updated, but the last line of the summary is correct and it pretty well refutes the rest of the summary-as-written. The earlier statements in the summary about success rates in blocking particular existing networks are wrong. Those blocking percentages are modeled results *if* those sorts of networks were to become paid access networks implemented this deliberate poisoning capability into their design.
-
I'm part way through the research paper, the article summary is just plain wrong.
There is no vulnerability here. They CANNOT poison Gnutella, KaZaA, and Freenet, eMule, eDonkey, Morpheus, or any other existing network with this technique. To quote the paper: Presently none of these P2P networks has built with satisfactory support for copyright protection.
The "problem" they want to "solve" is that existing networks to not possess adequate support for poisoning attacks. This paper proposes creating a NEW additional P2P network. They propose deliberately building in special support to ENABLE poisoning attacks.
While I'm sure the RIAA will eagerly read it over while dreaming of world conquest by releasing their own deliberately crippled "legal P2P network" where they get paid for each authorized client-to-client transfer. As far as most readers here are concerned, this is a completely non-newsworthy story, the contents of this paper are completely irrelevant and harmless. There is absolutely nothing new or surprising about the fact that you can deliberately make your software insecure and you can deliberately leave it vulnerable to poisoning. Yes, a P2P new network could be built Defective By Design.
-