Garrett: The ongoing fight against GPL enforcement
The real problem here is that the [Software Freedom Conservancy's] reliance on Busybox means that they're only able to target infringers who use that Busybox code. No significant kernel copyright holders have so far offered to allow the SFC to enforce their copyrights, with the result that enforcement action will grind to a halt as vendors move over to this Busybox replacement. So, if you hold copyright over any part of the Linux kernel, I'd urge you to get in touch with them. The alternative is a strangely ironic world where Sony are simultaneously funding lobbying for copyright enforcement against individuals and tools to help large corporations infringe at will."
Posted Jan 31, 2012 15:23 UTC (Tue)
by dskoll (subscriber, #1630)
[Link] (103 responses)
I don't really understand Garrett's complaint about this project. If someone wishes to write a Busybox replacement from scratch under a different license, that's his or her right. It sucks if it makes GPL enforcement harder, but that's life.
Posted Jan 31, 2012 15:26 UTC (Tue)
by mjg59 (subscriber, #23239)
[Link] (57 responses)
Posted Jan 31, 2012 15:38 UTC (Tue)
by fb (guest, #53265)
[Link] (13 responses)
I am glad you posted this clarification because I had read your blog post, and IMHO you didn't make this point explicitly enough there (I actually missed it in a 'superficial reading'). I mean this is the whole point of your complaint, but it is buried somewhere in the 5th or 6th paragraph.
Posted Jan 31, 2012 19:22 UTC (Tue)
by landley (guest, #6789)
[Link] (12 responses)
They never resulted ina single line of code added to the busybox repository. They HAVE resulted in more than one company exiting Linux development entirely and switching to non-Linux operating systems for their embedded products, and they're a big part of the reason behind Android's "No GPL in userspace" policy. (Which is Google, not Sony.)
Toybox is my project. I've been doing it since 2006 because I believe I can write a better project than busybox from an engineering perspective. I mothballed it because BusyBox had a 10 year headstart so I didn't think it mattered how much BETTER it was, nobody would use it. Tim pointed out I was wrong about that, I _agreed_ with him once I thought about it, so I've started it up again.
Rob
Posted Jan 31, 2012 21:16 UTC (Tue)
by RiotingPacifist (guest, #68160)
[Link] (8 responses)
If they were violating the GPL and not giving code back anyway, what difference does it make to either developers of the GPL products in use or end users?
If a company has to do a lot more work in order to avoid using GPL code, then I'm much happier with that than allowing them to leach off a BSD style ecosystem.
Posted Feb 1, 2012 13:59 UTC (Wed)
by paulj (subscriber, #341)
[Link] (7 responses)
The previous paragraph, the first sentence particularly, is not meant to be judgemental - things just are the way they are. Perhaps Rob chose the wrong licence, and should have used BSD. Perhaps his initial choice of licence was made before contracting revenue was a consideration, and user freedom and/or getting other developers on board was a higher consideration.
Again, no value judgement intended. Licence choice is a personal thing. But our motivations & interests can change over time.
Posted Feb 1, 2012 19:18 UTC (Wed)
by dlang (guest, #313)
[Link] (6 responses)
He has said that he sees the 'fix' of lawsuits being worse than the problem it's trying to solve.
In particular, he's annoyed because he was hired by a company to work on Linux, including making sure that there was license compliance, and then the company was sued, in his name, while he was working there.
Frankly, I would be rather annoyed in that situation myself.
Posted Feb 2, 2012 11:14 UTC (Thu)
by paulj (subscriber, #341)
[Link] (5 responses)
In other words, what Rob really wants is to use the BSD-no-advert-clause licence.
Posted Feb 2, 2012 11:26 UTC (Thu)
by Trelane (subscriber, #56877)
[Link] (3 responses)
If what you're saying is true, then what he is wanting is public domain.
Posted Feb 2, 2012 11:32 UTC (Thu)
by Trelane (subscriber, #56877)
[Link] (2 responses)
Or maybe there's a minimal, only-no-warranty license out there somewhere that requires nothing except to agree to the no warranty thing.
Posted Feb 2, 2012 12:57 UTC (Thu)
by gioele (subscriber, #61675)
[Link] (1 responses)
Posted Feb 3, 2012 8:22 UTC (Fri)
by bronson (subscriber, #4806)
[Link]
Posted Feb 3, 2012 1:34 UTC (Fri)
by dlang (guest, #313)
[Link]
He is not saying that there is never a case for lawsuits, but he is saying that the way the SFC is handling the lawsuits is not something he agrees with, and he has directed them to stop doing so on his behalf.
In other words, he tried doing it their way and didn't like the result. This isn't just armchair quarterbacking from him
Posted Jan 31, 2012 21:38 UTC (Tue)
by job (guest, #670)
[Link] (2 responses)
Posted Jan 31, 2012 21:59 UTC (Tue)
by BrucePerens (guest, #2510)
[Link] (1 responses)
Posted Jan 31, 2012 23:06 UTC (Tue)
by Kluge (subscriber, #2881)
[Link]
So why muddy the enforcement waters (by selective or lackadaisical enforcement) in order to please them?
Posted Jan 31, 2012 18:09 UTC (Tue)
by tbird20d (subscriber, #1901)
[Link] (36 responses)
This is conjecture on your part, and I can say with 100% certainty that it is untrue. I am the Sony engineer you referenced in your article, and this is not my intent.
Posted Jan 31, 2012 18:12 UTC (Tue)
by mjg59 (subscriber, #23239)
[Link] (24 responses)
Posted Jan 31, 2012 19:16 UTC (Tue)
by tbird20d (subscriber, #1901)
[Link] (22 responses)
Posted Jan 31, 2012 19:29 UTC (Tue)
by mjg59 (subscriber, #23239)
[Link] (21 responses)
Posted Jan 31, 2012 19:41 UTC (Tue)
by landley (guest, #6789)
[Link] (20 responses)
Stop trying to leverage MY code to promote YOUR political agenda. Write your own darn code.
(And complaining about ME writing NEW code because obsoleting my own previous work hurts YOUR agenda is just _sad_.)
Posted Jan 31, 2012 20:08 UTC (Tue)
by BrucePerens (guest, #2510)
[Link] (19 responses)
Posted Jan 31, 2012 20:15 UTC (Tue)
by landley (guest, #6789)
[Link] (18 responses)
http://busybox.net/~landley/forensics.txt
If I'd found any code in the project that was under your copyright, which you objected to shipping GPLv2 only, I would have removed it. That's why I did the search, to remove such code and thus satisfy your objections: there wasn't any.
You also didn't come up with the idea of a "swiss army knife" executable, the first busybox contained gzip/gunzip which already did that upstream (and Red Hat's nash did it too). You never posted on the busybox list once in the 10 years between when Erik Andersen created it and when you started trolling about GPLv3. As far as I can tell, you haven't written any actual code _anywhere_ in 15 years.
Go away, you're not relevant.
Posted Jan 31, 2012 20:18 UTC (Tue)
by corbet (editor, #1)
[Link] (16 responses)
Thanks.
Posted Jan 31, 2012 20:32 UTC (Tue)
by BrucePerens (guest, #2510)
[Link]
Posted Jan 31, 2012 23:05 UTC (Tue)
by landley (guest, #6789)
[Link] (14 responses)
A) I stopped working on busybox in the first place because he made doing so intolerable.
B) I started Toybox in part to have a clean untainted environment without any possibility of his claim over it.
C) I never would have considered doing a BSD licensed project if GPLv2 hadn't been undermined by people who made GPLv3 intolerable. (I didn't leave the GPL, it left me.)
I'm working now to fill a market vacuum (mainframe -> minicomputer -> microcomputer -> smartphone, an "android self-hosting project" if you will), but I'm in a _position_ to do so because I was driven out of my old comfort zone by a variant of SCO's old "communicable taint" IP claims making my old project Unclean. What follows is me making the best of the hand I was dealt.
Rob
Posted Feb 1, 2012 0:22 UTC (Wed)
by Trelane (subscriber, #56877)
[Link] (13 responses)
I'm curious what, in particular, of the GPLv3 and LGPLv3 you object to, in contrast to {L,}GPLv2.
Thanks!
Posted Feb 1, 2012 1:13 UTC (Wed)
by landley (guest, #6789)
[Link] (2 responses)
Eh, screw it. I'm taking the "no replying to bruce" thing to mean _all_ FSF zealots, and not replying to them.
Back when GPLv3 came out there was a giant linux kernel thread about this topic, and a position statement:
http://lwn.net/Articles/200422/
But long before GPLv3 shipped, Linus said he wasn't gonna, and to most of us Linux developers GPL was "the linux kernel license". Nobody cared what the FSF said, and some people collected Linus's public statements on that:
http://yarchive.net/comp/linux/gpl.html
Then when GPLv3 happened we all looked over it and went "you're crazy, you know that?" And the FSF went "you'll come around. You have no choice. Bwahahahaha."
I'm pretty sure I participated in that thread at the time, a quick Google finds the tip of an iceberg:
But there was more. Oh so much more. The FSF zealots WOULD NOT SHUT UP ABOUT IT, no matter how many different ways we said "no"...
I've blogged about it too, intermittently over the years:
In a nutshell it wasn't needed, is far more complicated, tries to control how the code is USED on the target and not just how it's distributed...
Ok, let's go back to the elephant in the room: the FSF had really bad advocates try to cram it down our throats until we went "death first" and stuck our fingers in our ears until they got bored and went away. (Really, the flamewar on the mailing list lasted MONTHS. If you're wondering why "sue them until they see things our way" and "just wait, they'll come around" don't seem like viable tactics to most of the Linux crowd, it's because we've been on the receiving end of them, and didn't like it.)
We do have actual technical reasons. Specifically in the embedded space, the _easy_ way to comply with GPLv3 ("If you can upgrade it, I must be able to, so give me the root password to the world of warcraft server I have an account on") is to cut the jtag traces on the board and burn your code into ROM, so the vendor can't upgrade it either. Is this really something we want to _encourage_?
GPLv2 had 17 years of analysis when GPLv3 shipped, and nobody ever found anything _wrong_ with it. The busybox suits are still enforcing GPLv2, not v3. The FSF went "I am altering the bargain, pray I don't alter it any further", and the rest of us cried "foul".
We don't trust the FSF, it keeps pulling dirty tricks to try to get its way: http://landley.net/notes-2011.html#15-08-2011
I preferred GPLv2 over GPLv3 for a number of reasons, but I don't want to CONSIDER using GPLv3 because I don't want to get any of the FSF on me. They're crazy, and far more interested in persecuting heretics than heathens.
Rob
Posted Feb 1, 2012 1:32 UTC (Wed)
by Trelane (subscriber, #56877)
[Link]
Posted Feb 1, 2012 18:16 UTC (Wed)
by dashesy (guest, #74652)
[Link]
I wish you can always make good money from your programming skills.
Posted Feb 1, 2012 1:38 UTC (Wed)
by BrucePerens (guest, #2510)
[Link] (9 responses)
If you think Tivo-ization is OK, you will prefer GPL2 to GPL3.
If you think running Free Software inside of Google and never providing the source code (because it's never distributed) is OK, you will prefer the GPL class of licenses over the Affero GPL class.
Making free software, for me, was about empowering people, not giving welfare to the world's richest corporations. So, these days I put Affero GPL3 on my software, and I offer a commercial license for $$$ to folks who don't like that.
Some would have you believe that I am crazy or evil or trying to compel people to do something against their will, or some religious zealot.
But I see this as economics rather than politics or religion. I have chosen the economic structure that helps people who want to share most effectively, and lets people who don't want to share pay for the privilege and help to develop more software that is shared.
Posted Feb 1, 2012 1:42 UTC (Wed)
by Trelane (subscriber, #56877)
[Link] (8 responses)
I'd also be quite interested in finding out what this alleged veto mentioned below thing was all about. :) Preferably with links to the supporting evidence.
Posted Feb 1, 2012 2:01 UTC (Wed)
by BrucePerens (guest, #2510)
[Link] (7 responses)
The whole "veto" thing (that's Best Buy's language, not SFC's) is that if you settle with SFC, they want you to provide them with copies of new products that contain Free Software before you release them, for a period of three years after you settle. You pay them about $5000 per product to audit the product (which is really cheap). If they say it's infringing, you have to fix the infringement before you release the product. If you and SFC can't agree, you can fall back on the court. In practice, the court hasn't been needed, but I have had to help out a customer when SFC was too slow to respond.
Posted Feb 1, 2012 2:07 UTC (Wed)
by Trelane (subscriber, #56877)
[Link] (6 responses)
Regarding the "veto" thing (yes, their wording): What is common for proprietary settlements, generally speaking? (Definitely open question to all)
Posted Feb 1, 2012 2:22 UTC (Wed)
by BrucePerens (guest, #2510)
[Link] (5 responses)
The parties and the court had not agreed to close the case to public view at that time. They agreed to seal as part of the settlement.
Very large damage payments.
Posted Feb 1, 2012 2:31 UTC (Wed)
by Trelane (subscriber, #56877)
[Link] (1 responses)
IMHO, this is likely an easier thing for a company than ongoing compliance verification and potential litigation.
Posted Feb 1, 2012 3:13 UTC (Wed)
by BrucePerens (guest, #2510)
[Link]
I am not getting that impression from the companies I work with. They express worse sentiments about their industry partners (one company calls them "frenemies") than they do about us. And you've never seen a truly messed-up work situation for engineers until you've worked in a company that is highly intellectual-property oriented. When they bring me in, I feel more like their therapist than their consultant.
Posted Feb 1, 2012 22:11 UTC (Wed)
by jiu (guest, #57673)
[Link] (2 responses)
Posted Feb 2, 2012 1:31 UTC (Thu)
by Trelane (subscriber, #56877)
[Link]
Posted Feb 2, 2012 5:16 UTC (Thu)
by BrucePerens (guest, #2510)
[Link]
Posted Jan 31, 2012 21:24 UTC (Tue)
by RiotingPacifist (guest, #68160)
[Link]
It's a shame Bruce has better things to do because I would love to see your "forensics" stand up in court.
Posted Jan 31, 2012 19:23 UTC (Tue)
by landley (guest, #6789)
[Link]
Rob
Posted Feb 1, 2012 6:06 UTC (Wed)
by shmget (guest, #58347)
[Link] (10 responses)
and yet you said in that wiki page:
The 'Linux kernel' is part of the 'unrelated products', hence by your own admission the 'main reason for this project is avoid having the SFC gain review authority over' the Linux kernel.
Posted Feb 1, 2012 6:52 UTC (Wed)
by tbird20d (subscriber, #1901)
[Link] (9 responses)
What I'm saying is that the legal risk far outweighs the value of busybox.
Posted Feb 1, 2012 7:37 UTC (Wed)
by nim-nim (subscriber, #34454)
[Link] (8 responses)
And at the same time, the very same companies engage in mobile patent wars (sometimes ridiculous design patents) and seize or block each other's products in warehouses to force their opposition in settling. And they find this perfectly reasonable and normal cost of doing business.
Colour me unimpressed.
The only reason they find SFC and GPLvx intolerable is that they're used by little guys that dare asserting legal rights against big corps. And that they can not buy them out. Why should we help them have their ego trip?
Posted Feb 1, 2012 17:55 UTC (Wed)
by tbird20d (subscriber, #1901)
[Link] (7 responses)
No. I never wrote that. We do audit our products before release to check that they're in compliance, and I would argue we do it as well as anyone in the industry. But Sony is a large place with a lot of different independent product groups. I can attest that, for every product my team works on (which includes set-top boxes, TV sets and cameras, among other things), we are fully compliant and we have no supplier issues or source code release issues.
What I can't be sure of is whether this is true for every Sony product. People keep asserting that it's trivial to perform compliance. It is, for a single group. Sony has standards in place that product teams are supposed to follow for GPL compliance. Unfortunately, I can't be sure that every team is following them, or won't make a mistake. In particular, I can 't be sure of this for sub-contractors. Sub-contractors may claim they have given you corresponding source, but have not. It happens.
What is intolerable is having a 3rd party hold your entire product line hostage, based on some issue with an unrelated product.
Posted Feb 1, 2012 18:34 UTC (Wed)
by raven667 (subscriber, #5198)
[Link] (6 responses)
That seems like an irrational fear, I can't imagine the copyright owner getting an injunction against or even pursuing code that you can trivially show the provenance and licensing for. The issue is that, for an organization that is ignorantly shipping code in violation of copyright, the problem is likely not just one software on one product but probably all software on all products and instituting comprehensive license compliance is the simple and efficient option.
Would it be any different if the problem was, for example, the copying of images off of websites for product art rather than properly licensing images from iStockphoto. Just because you can download something off the Internet doesn't mean you can ignore copyright, which is a common misconception for many businesses.
Posted Feb 1, 2012 19:31 UTC (Wed)
by tbird20d (subscriber, #1901)
[Link] (5 responses)
Well, since the SFC requests audit rights for all of a company's products that include GPL, I don't think the fear is irrational.
I keep hearing this suggestion. Sony HAS a comprehensive license compliance policy, and a compliance committee (which includes me!), and to my knowledge all of our products are compliant. See my mayor metaphor on the other thread for why this is not enough to address the risk.
Posted Feb 1, 2012 20:01 UTC (Wed)
by raven667 (subscriber, #5198)
[Link] (4 responses)
If you think that the SFC would start arbitrarily trying to shut down products, and that a court would enforce those actions, well I think that's nonsense. Based on the written statements by the SFC I don't see them as a bunch of moustache twirlers who are itching to screw companies over using their compliance agreements as a lever, and I don't see any reasonable court enforcing injunctions against unrelated copyright (see RightHaven for how well this would go down in court)
In fact, judging by the SFCs written statements, their whole goal is to work themselves out of existence by getting compliance programs instituted at manufacturers and pushed up the supply chain so that these kind of casual violations don't happen because everyone knows the rules. The problem is that many people think that just because you can download something off the Internet that copyright doesn't exist, convincing your supply chain that this is not the case can fix the problem.
And about your Mayor Metaphor, you can plainly see from the SFCs tax documents that they are not asking for million dollar fines. If we presume this is just a convenient round number for the sake of argument then I guess I don't understand what the complaint is, that spending a thousand dollars on compliance efforts as in your example is somehow a bad thing relative to ignorance until you are caught.
Posted Feb 1, 2012 20:30 UTC (Wed)
by tbird20d (subscriber, #1901)
[Link] (3 responses)
In the case of a busybox violation, I don't know. The information I have seems to indicate that the SFC will want to audit all of my products, going on a fishing expedition for GPL violations. I'm willing to expend resources to avoid finding out if that's the case.
That's not what they ask for, but if you total up all the tangible and intangible costs (product delays), that's what a big company hears.
That's a simple ballpark placeholder for engaging in any litigation at this level.
I should have clarified that the $1000 dollars is not spent on compliance - that's already being covered by our compliance policies. That money in the metaphor refers to the amount we'd spend on re-implementing busybox with a BSD license. It's not insurance in the traditional sense. It's more like a payment to someone else, to make the person requesting a million dollars go away permanently. And no, I don't think we can reimplement busybox for $1000. But 10 companies could implement something usable for $10,000 a-piece.
I think this really comes down to the fact that you trust the SFC to behave reasonably, and I don't.
Posted Feb 1, 2012 20:50 UTC (Wed)
by raven667 (subscriber, #5198)
[Link]
Yes, I think that is part of our disagreement, also I have the (maybe unfounded) belief that they really don't have the ability to enforce unreasonable actions. If they tried to veto software in bad faith for example then I would ignore their request and punt it to the courts to sort out. It seems likely that the SFC would lose badly if they tried anything in bad faith such as ignoring evidence of license compliance. I don't really have any reason to believe they would try something in bad faith though as it would be all cost and no upside for them.
I guess I don't think there is a need to "trust" the SFC to not turn into a copyright troll and the courts have been showing very little patience with copyright trolls recently.
Posted Feb 3, 2012 12:13 UTC (Fri)
by dwmw2 (subscriber, #2063)
[Link] (1 responses)
"In the case of a busybox violation, I don't know. The information I have seems to indicate that the SFC will want to audit all of my products, going on a fishing expedition for GPL violations. I'm willing to expend resources to avoid finding out if that's the case."
Have you avoided attending any of Bradley Kuhn's presentations in the last year, and reading his description of the things that SFC actually does request?
As it is, though, this hand-wringing just seems like a crude manipulating tactic to discourage copyright holders in other projects from joining with SFC, so that the cynical approach of silencing busybox developers actually does achieve the overall goal of letting GPL violations go completely unpunished.
Posted Feb 3, 2012 19:05 UTC (Fri)
by raven667 (subscriber, #5198)
[Link]
I think something that could make understanding this difference of opinion clearer is that they _did_ withdraw support form SFC for enforcing their copyrights on Busybox but SFC has other authors who continue to consent to SFC enforcement and so were unable to stop the enforcements after they lost trust.
Posted Jan 31, 2012 18:54 UTC (Tue)
by dskoll (subscriber, #1630)
[Link] (2 responses)
People want a Busybox replacement in order to make it easier to infringe the kernel's license.
That's your supposition, not a fact. Even if it is the case that people are replacing Busybox to avoid copyright holders who vigorously go after GPL violations, the solution isn't to decry the replacement of Busybox. The solution is to lobby other copyright holders to defend their copyrights more vigorously or to assign them to the Software Freedom Conservancy.
Posted Jan 31, 2012 18:55 UTC (Tue)
by mjg59 (subscriber, #23239)
[Link] (1 responses)
Posted Jan 31, 2012 19:38 UTC (Tue)
by landley (guest, #6789)
[Link]
The last time Sony gave me any money was travel expenses for speaking at CELF two years ago. I've never received a dime from ANYBODY for doing toybox.
Sony was considering sponsoring the work because they'd like to use the result and for-profit corporations only understand things they're either paying for or being paid for, but whether that would be paying _me_ for my weekends or paying another developer to contribute code to me... who knows? Unlikely to happen now, since you've made it a political hot potato. (Once again, an FSF zealot reduces the amount of code written for Linux with a license tantrum. Driving developers away since 1983!)
But I've been doing Toybox since 2006 for free, and I've been doing it as BSD-licensed project since November for free, and I intend to keep doing it. For reasons that I've blogged about rather a lot, on and off for YEARS:
http://landley.net/notes-2008.html#12-12-2008
And I was doing it because my infrastructure is BETTER:
http://lists.busybox.net/pipermail/busybox/2010-March/071...
And I mothballed and unmothballed it for years because it was fun to work on but I didn't think it could displace an existing project with a 10 year headstart no matter how much better it was:
http://landley.net/notes-2010.html#05-01-2010
Tim pointed out there was a demand for a BSD-licensed version. My decision to relicense toybox was back in November:
http://landley.net/notes-2011.html#13-11-2011
Since then I've written a number of commands, entirely hobbyist development:
http://lists.landley.net/pipermail/toybox-landley.net/201...
Sigh. I have to go do day job things now, but I'll try to write up a comprehensive blog entry on on this tonight. In the meantime, I've commented rather a lot on the original blog, pointing out that Garrett's welcome to do his own darn license enforcement if he wants to, and if he hasn't written any code anybody actually _uses_ that's NOT MY PROBLEM.
Posted Jan 31, 2012 23:01 UTC (Tue)
by HenrikH (subscriber, #31152)
[Link] (2 responses)
Not only that, but that is exactly the courts reason for sentencing the founders of The Pirate Bay to jail, a case in where Sony took part on the accuser side.
Posted Jan 31, 2012 23:12 UTC (Tue)
by armijn (subscriber, #3653)
[Link] (1 responses)
Posted Jan 31, 2012 23:34 UTC (Tue)
by khim (subscriber, #9252)
[Link]
No, I don't buy this idea. Companies like to pretend they are humans. Well, Ok, but if so then they should be judged by human morals. If they use the same logo and name then that means that they want an association between them. Every large company is slightly schizophrenic (which is easy to understand: there are multiple personalities involved), but if it's to the point where you want to claim that deals of entity A should not affect deals of entity B then it's time to give them different names, logos, etc. Even if they have one parent company. Like FIC, HTC and VIA, for example.
Posted Jan 31, 2012 16:19 UTC (Tue)
by wookey (guest, #5501)
[Link] (43 responses)
If it is then there is something wrong in the world.
I agree they are perfectly withing their rights to do this, but it only works for a relatively small codebase like busybox, not the kernel. Are they going to rewrite the kernel rather than provide source too? Or just use the kernel, not provide source, and then rely on the fact that kernel hackers have not been enthusiastic enforcers of the licence?
So this is essentially an amoral, but practical, outcome of the desire to use Free Software but not pay the price (of sharing). I think any decent person is quite right to be rude about it. And Tim Bird really ought to know better. I shall bend his ear next time I see him.
Posted Jan 31, 2012 17:02 UTC (Tue)
by arjan (subscriber, #36785)
[Link]
Posted Jan 31, 2012 18:50 UTC (Tue)
by tbird20d (subscriber, #1901)
[Link] (41 responses)
That's not it. Everyone I know wants to provide sources (but admittedly, I don't know everyone). Occasionally, among what I'd call the "good compliance players", there are mistakes made which make it difficult to provide the exact busybox sources to match a shipped product. Usually, this involves a naive component supplier. We'd rather rewrite busybox from scratch and avoid any possibility of facing the wrath of the SFC. I think most people here would be surprised at the demands the SFC makes to remedy busybox compliance failures. The demands are especially problematical for large companies with multiple Linux product lines and complex supply chains.
I believe the idea that this project would be used to remedy an existing compliance problem is completely off-base. I don't see how that could happen in practical terms.
Posted Jan 31, 2012 18:58 UTC (Tue)
by rahulsundaram (subscriber, #21946)
[Link] (9 responses)
I am prepared to be surprised. Pray tell us, what they are.
Posted Jan 31, 2012 19:12 UTC (Tue)
by tbird20d (subscriber, #1901)
[Link] (7 responses)
Posted Jan 31, 2012 21:56 UTC (Tue)
by ewan (subscriber, #5533)
[Link] (6 responses)
And really - Sony coming out and saying that it's too hard to comply with copyrights? There is just no way that's anything other than rank stinking hypocrisy.
Posted Feb 1, 2012 20:35 UTC (Wed)
by Wol (subscriber, #4433)
[Link] (5 responses)
It's that if the SFC *THINK* you are infringing, they can stop you shipping the product.
What happens if the SFC are mistaken? What comeback does the victim have? Especially if, all along, the victim has been acting in good faith?
THAT is the problem - the SFC (quite reasonably) wants to make sure there is no future infringement. But the victim doesn't want to risk a (quite possibly time sensitive) product being delayed.
So Rob's attitude of "let's provide a product that doesn't give rise to that risk" is a very pragmatic, and in the circumstances sensible, approach.
Cheers,
Posted Feb 1, 2012 20:58 UTC (Wed)
by raven667 (subscriber, #5198)
[Link] (4 responses)
> What comeback does the victim have?
Aside from the silly tactic of characterizing the company as being a victim I would say the comeback for a bogus infringement suit would be to take it to court and smack the crap out them for wasting everyones time. If the SFC tried this they would probably go out of business instantly.
Posted Feb 1, 2012 23:24 UTC (Wed)
by Wol (subscriber, #4433)
[Link] (3 responses)
Are YOU squeaky-clean absolutely-white in all your dealings?
At the end of the day, we all make mistakes, we all do things we shouldn't. And if, at the end of the day, some company decides that rewriting busybox is cheaper than risking a mistake, then they'll rewrite it.
That's my personal attitude to life as well - if I can, I *avoid* risk, I *avoid* temptation. Rob is seeking to provide a risk-free alternative, and Tim - whether on behalf of his employer or off his bat - sees it to his advantage to help.
At the end of the day, most Free Software people write software to scratch an itch. Rob and Tim are scratching their itch - who are we to complain?
Cheers,
Posted Feb 2, 2012 2:32 UTC (Thu)
by raven667 (subscriber, #5198)
[Link] (2 responses)
The "itch" that is being scratched here is the existence of the GPL and it's requirement for reciprocity. Many people are offended by the implicit assumption that enforcing the reciprocity terms of the GPL is a bad thing, that we should look other way if the offender is a big vendor. It's also offensive to suggest that the GPL is dangerous and that its license terms are too onerous or risky when that is clearly not true. There are many reasons to choose other licenses like BSD but I think in this case its not really a positive thing.
Posted Feb 3, 2012 19:18 UTC (Fri)
by Wol (subscriber, #4433)
[Link] (1 responses)
As Tim points out, they are a big company. They have hundreds of products that use linux. It only takes ONE supplier to make a mistake, and ALL of those products could be vetoed and off the market.
Yes I know Sony Entertainment and Sony Hardware are totally separate divisions, and the hardware side is tarred with the entertainment brush, but the fact appears to be that the hardware side want to play fair.
Let me use a footballing analogy. I have no qualms with a sending off for a deliberate foul (and indeed, think that that should be the *automatic* penalty!). But I DO have an issue with a player getting sent off for an innocent mistake - for example if the keeper is out of his area and gets hit on the arm by a ball he may not even have seen coming...! As I understand the rules, if your hand or arm makes contact then it's handball. And if a keeper commits handball it's an automatic red card. Why should the keeper get sent off for that?
THAT is Tim's point. One player makes a mistake, and the entire team cops a penalty. And THAT is why I'm quite happy to describe them as a victim. (Sony as a whole, well... I was one of the people who's PC was trashed by the rootkit, so they are on my "do not buy" list, but just because I don't like them is no reason to ignore them when they are victims of what I perceive as manifest unjustice!)
Cheers,
Posted Feb 3, 2012 19:24 UTC (Fri)
by raven667 (subscriber, #5198)
[Link]
I don't think that is a legitimate statement of risk although clearly some people believe it.
> I'm quite happy to describe them as a victim.
I think that to be a victim requires a the abuse of a power imbalance of the stronger against the weaker which is obviously the opposite as the described situation. That's just my opinion though and reasonable people could disagree.
Posted Jan 31, 2012 23:54 UTC (Tue)
by BrucePerens (guest, #2510)
[Link]
Posted Jan 31, 2012 19:03 UTC (Tue)
by piman (guest, #8957)
[Link]
While I'm not *surprised* by the demands Sony makes when you infringe their copyrights, I think on average they're much harsher than those made by the SFC.
Posted Jan 31, 2012 20:40 UTC (Tue)
by donbarry (guest, #10485)
[Link] (21 responses)
It beggars the imagination to claim that a large corporation, which undoubtedly will have a full administrative infrastructure to handle proprietary licensing and compliance, cannot abide by the same care and due diligence when dealing with copyleft free software.
Others have clearly established the motivations corporations have to take what they can and give only what they must (and that is not always governed by legal dicta). Yet few would risk that sort of gamesmanship when the licenses are themselves controlled by a large predatory proprietary software corporation.
I suspect the perception that many of the licenseholders are not willing to enforce the copyleft licenses to the same degree of strictness that proprietary corporations are is at the root of this issue. And when enforcement *is* done, apologists for those corporations crawl out of the termite mound which has been thwacked with the stick.
Posted Jan 31, 2012 22:40 UTC (Tue)
by zyga (subscriber, #81533)
[Link] (20 responses)
In proprietary world if company A licenses something from company B then company A does nothing wrong and all the fault for what company B did falls on company B. This is because licenses say nothing about distribution (other than, say, per unit/volume price).
In libre/copyleft world this is reversed. If company A licenses/acquires something from company B and company B is a crappy/shady license violator _ALL_ of the legal problems fall on the large and complex company A. This is because our beloved copyleft licenses are distribution licenses.
In that case you must control all your suppliers (and in a typical large company that list seems infinite, often including a bag of tiny/small shops). What if a supplier goes out of business. Do you really think they have all the legal paperwork for each piece? In the world that chases time-to-market that is utterly impractical.
Hence, the less of this copyleft license 'risk' in your business the better for you. It's not about being evil, it's about covering your bases. Less exposure to potential legal issues == cheaper == better product.
Posted Jan 31, 2012 22:59 UTC (Tue)
by HenrikH (subscriber, #31152)
[Link] (4 responses)
Posted Jan 31, 2012 23:33 UTC (Tue)
by zyga (subscriber, #81533)
[Link] (3 responses)
With GPL, company A also need a tarball from company B. They have an obligation to put it somewhere and keep it there for a few years after their product ships. If the tarball does not match the binary they are in trouble. This applies recursively.
Now multiply that by each piece of copyleft code in a typical distribution (I can understand why Android wants to get rid of much of GPL). See, that _is_ more complicated.
As for your Windows 8 example. Sure I'm certain if you started selling laptops with pirated Windows you'd get a call from Microsoft legal. My reasoning was about how licensing product component works.
Now, if Microsoft purchases an asset from a third party, do you see Microsoft getting sued for something the third party did illegally?
Posted Jan 31, 2012 23:59 UTC (Tue)
by BrucePerens (guest, #2510)
[Link]
Posted Feb 1, 2012 0:47 UTC (Wed)
by Duncan (guest, #6647)
[Link]
Actually, yes. That's what has the smartphone market in such chaos ATM. The penalty is banning the product from being sold in whatever market where the laws were violated.
And in that regard, yes, the FLOSS world tend to be softies when it comes to license violations. I'm glad a few folks are standing up for their rights.
Meanwhile, a couple other points made well by others are worth repeating:
1) Whose copyright would /you/ choose to be found guilty of infringing, if it came to the choice, Sony's or SFC's? Sony doesn't exactly have a reputation of being soft on copyright infringement when it's there's, so why are folks trying to get them some slack for infringing that of others? (And the separate subsidiaries argument doesn't cut it either; if they wanted to be identified separately they'd not be using the same Sony brand name. Obviously they want the reputation that goes with the name, so they got it! Sony, the rootkit people! Sony, the people who sell a product with a set of services, then rip one of them away, after purchase! Sony, the folks known for making the lives of various customers a living hell, due to copyright infringement suits. THAT Sony!)
2) Never-the-less, if someone wants to create a BSD styled Busybox replacement to be free of the GPL obligations or for fun or for any other reason, as long as it's not using the same code, great! Let them do it! But, others in the community can note it and ask people with rights interest in other projects to step upto the plate, which is exactly what's happening. And if those people decide to or not, well, they're the ones with the copyright interest in the other projects, it's their decision to make.
So IOW, everything seems to be moving along pretty much as one might expect. An obstacle to the proprietary interests of some company becomes too much a thorn in the flesh for them and they move to avoid it. Normal and expected. Someone else doesn't like the way enforcement on a project they were involved in went and decides to create a new one with a licence that avoids the problem as they see it. Normal and expected. (Actually, that applies both to Landley and toybox, and the FSF and GPLv3.) This new project happens to fill the need created by that proprietary interests company looking for another alternative. What's unexpected about that? Other people in the community calling attention to all this and asking people who hadn't yet stepped up to the plate enforcement-wise with their copyright interest in other projects to do so. Well, that would be normal and expected as well.
What remains to be seen is if some of these other people /do/ decide to step up to that plate. If they weren't doing so before, perhaps they still won't, and violations will get more egregious. OTOH, perhaps it was just easier to let someone else take the heat, and now that they're not as effective any more, various other people with interests will fill the need.
Either way, it's their decision. And if they do enforce, then we'll see the cycle start again. And if they don't, well, perhaps at some point almost everything will be Tivoized and there won't be enough open products at a low enough cost to continue development, at which point the tragedy of the commons will prevail and all those proprietary companies will end up paying more for proprietary solutions. After all, they wouldn't have been using the FLOSS solutions if the FLOSS solutions weren't a good cost/benefit to them, so if they cause them to disappear thru locking everything up, they'll only have themselves to blame when their own costs go thru the roof due to FLOSS dying out because everything /is/ locked up.
But in practice, there does seem to be a dynamic balance that has seemed to tilt toward FLOSS. There's always the danger of reversals in various areas, but they haven't stopped the FLOSS train yet, and with vigilance, I don't believe they'll stop it now. IOW, I expect others to step up, now that they're needed, and continue the fight.
Duncan
Posted Feb 1, 2012 11:48 UTC (Wed)
by HenrikH (subscriber, #31152)
[Link]
Of course they do, Company A infringes on the copyright regardless of the license deal they have with Company B. The only "thing" that they have is that they can sue Company B for the damages that Company A suffered due to Bs infringement.
Posted Jan 31, 2012 23:08 UTC (Tue)
by nybble41 (subscriber, #55106)
[Link] (10 responses)
> In libre/copyleft world this is reversed. If company A licenses/acquires something from company B and company B is a crappy/shady license violator _ALL_ of the legal problems fall on the large and complex company A. This is because our beloved copyleft licenses are distribution licenses.
That makes no sense. If the license says nothing about distribution then, per copyright law, no distribution is permitted. B thus had no legal right to provide the software to A, and A has no legal right to keep it (although, as mere recipients, they are not culpable provided they were not aware that B lacked a distribution license).
The libre/copyleft case is very similar. If B does not follow the license then it has no legal right to distribute it, which means B is in trouble for making unauthorized copies, not A. Under normal circumstances this would mean that A also has no legal right to keep the software, but most libre/copyleft licenses include the provision that anyone receiving the software has a direct license to the original, unmodified version from the original copyright holder, which they retain even if some intermediate distributor is found to be in violation. In other words, A is somewhat shielded from B's violations compared to situation with proprietary licenses.
Since libre/copyleft licenses typically restrict only distribution, not use, A only needs to ensure that A is compliant with the licenses in the event that A redistributes the software. That includes checking that B actually gave them everything they are required to provide to others per the redistribution terms, but that does not seem like a particularly onerous requirement.
Posted Jan 31, 2012 23:52 UTC (Tue)
by zyga (subscriber, #81533)
[Link] (4 responses)
You don't have to do anything more to comply with such a license. If the agreement includes GPL/LGPL code in the mix you need to do additional steps to stay compliant. You have to retain the source for a period of two (AFAIR) years. You must have the infrastructure to offer it to your customers. You have to allow re-linking of your binaries with different version of LGPL-covered code. You may have licensing conflicts (Apache + GPL + something else end up in one binary by accident).
If someone motivated comes along, peels through those 'open source' tarballs associated with a product made by company A and finds some problem then company A has to deal with it. They may risk loss of distribution rights. You just don't get those issues with proprietary licensing.
While Your reasoning is correct (it sounds better to use copyleft) the practical ramifications that copyleft licenses have for production say otherwise. From my experience they add new steps that companies are not familiar with and are not equipped to comply with, with the same ease as they are equipped to comply with proprietary licensing.
Posted Feb 1, 2012 1:07 UTC (Wed)
by rahvin (guest, #16953)
[Link] (1 responses)
You're saying one cost (proprietary) is acceptable and expected, but the cost of GPL compliance is this big unexpected completely unreasonable thing.
It's the cost of compliance, if you can't comply don't use GPL code. And again, although the steps might be different this is no different than all the expense and tracking that commercial software requires. Sure you might find a company out there willing to cut you a pile of commercial source of a fixed one time fee but the contract WILL include auditing, tracking and other requirements. Maybe there is a single software vendor out there that doesn't but I'd wager that the chances of compliance with commercial being easier and less work than the GPL being near zero.
Just because companies are lazy and don't track, document and perform due diligence on their requirements for compliance with GPL does not excuse that behavior. It's incompetence on their part, even GPL software has a cost to use.
Posted Feb 1, 2012 12:42 UTC (Wed)
by sorpigal (guest, #36106)
[Link]
It's not reasonableness. Upfront costs are predictable and well understood. GPL compliance costs are variable and not well understood. Once you're out of some executive's comfort zone it's a hard sell.
In addition, compliance failure for proprietary stuff tends to be "monetary damages" and, rarely, an injunction preventing further sales. Again, lump sum payments and nothing further to worry about. For GPL you move again outside of the comfort zone.
Posted Feb 1, 2012 20:39 UTC (Wed)
by davide.del.vento (guest, #59196)
[Link] (1 responses)
I'm sure you won't use these tarballs to create the production stuff you ship, but that stuff doesn't come out of the blue either. You must have a prototype first, which at a given time you freeze.
Your excuses sound pathetic.
Posted Feb 2, 2012 9:27 UTC (Thu)
by zyga (subscriber, #81533)
[Link]
Now suppose a tarball you got does not properly match the binary (which you don't really care about as long as it works, you also don't have the time expertise or time to rebuild and test all components). Now you have a license compliance issue that puts your product at risk.
Posted Feb 1, 2012 0:02 UTC (Wed)
by dlang (guest, #313)
[Link] (4 responses)
If the supplier paid for the component, you don't have to even think about any issues related to that component.
Posted Feb 1, 2012 0:15 UTC (Wed)
by nybble41 (subscriber, #55106)
[Link] (2 responses)
If course, if you still think proprietary licenses are easier, you're welcome to avoid GPL software. It's your loss.
Posted Feb 1, 2012 0:23 UTC (Wed)
by dlang (guest, #313)
[Link]
yes, there are conflicting cases on this that have weakened first sale, but there's still teeth in it.
Posted Feb 1, 2012 5:52 UTC (Wed)
by dlang (guest, #313)
[Link]
yes, first sale applies to GPL code as well.
If it didn't you would see people sueing wallmart, best buy, etc instead of Cisco (after all, you probably didn't buy the netgear access point directly from Cisco.
Looking at this from another way.
If someone doesn't copy anything, then there is no way for a copyright license to apply.
So if you were to buy devices with GPL code in them, not copy anything, and sell them again, there is no way that a copyright license can force you to do anything as you are not making any copy.
What "first sale" would _not_ give you is any right to make copies of the GPL code
This doesn't help the supplier problem because the supplier isn't providing you with a separate copy of the binary for each device, they are giving you source code (or a file binary) that you then copy on to each device.
Posted Feb 1, 2012 0:15 UTC (Wed)
by BrucePerens (guest, #2510)
[Link]
Posted Feb 1, 2012 7:46 UTC (Wed)
by nim-nim (subscriber, #34454)
[Link] (3 responses)
That's why Apple is suing Google for the features it does not like in Android, and Microsoft is shaking up kernel devs for FAT patents.
Oh, wait. They're not doing that. They're going after the manufacturers of the final end-user products.
So how do things work differently in the proprietary world again?
Posted Feb 1, 2012 8:33 UTC (Wed)
by zyga (subscriber, #81533)
[Link] (2 responses)
Posted Feb 1, 2012 11:03 UTC (Wed)
by nim-nim (subscriber, #34454)
[Link]
They don't. It's all of a big 'IP rights' soup for them (the latest Oracle vs Google complaint is a good example; we make the distinction because we want to be clean and tidy, proprietary houses stuff all in the same bag).
For the practical use case presented here (assemble bits sourced elsewhere in an hardware appliance, without checking legalities) there is *no* distinction between patents (for hardware components) and free software licenses (for software). They behave the same way. If you put unclean parts in your products you can be sued directly.
Posted Feb 1, 2012 11:17 UTC (Wed)
by pboddie (guest, #50784)
[Link]
I agree with all those people who find astonishment in the apparent inability of large corporations to properly account for the origins of their code, especially given those complicated supply chains those companies have for everything else. But then large corporations also seem to only have a pretty vague idea of where their raw materials come from, especially when those materials come from places where the extraction or production of such materials is damaging to the environment and harmful to the people involved in the actual extraction or production.
I guess it's a case of "could try harder but won't".
Posted Jan 31, 2012 21:17 UTC (Tue)
by wookey (guest, #5501)
[Link] (7 responses)
I guess the underlying problem here is that Free Software people are royally fed up of peristent failure to ship sources for hundreds, probably thousands of products over the last decade. The reasons for this are usually little to do with whoever is selling you the box but some board/chip/subsystem supplier/ODM back down the supply chain. This does make it extremely difficult for the seller to fix things retrospectively.
And it is no doubt very annoying to some corp/company to be told that money will not fix the problem, only software they don't have will.
On the other hand I can see why SFC want audit rights in an attempt to reduce the whack-a-mole nature of the problem and force suppliers to actually fix the supply chain issues by putting proper processes in place.
A great deal of distrust and frustration is being built up by the continued failure to fix the problem. And there is a mutual lack of understanding between the more uncompromising types on both sides.
I don't personally have enough to do with the supply chain to understand why it's so hard to fix, but it does seem that trying to fix it by enforcement at the top end is making BSD licenced code increasingly popular. I'm not sure that's a great outcome.
Posted Jan 31, 2012 22:55 UTC (Tue)
by landley (guest, #6789)
[Link] (6 responses)
Then they can do their own enforcement action and stop complaining about me rendering the one I started irrelevant.
> On the other hand I can see why SFC want audit rights
In the name of freedom, we must have a court-imposed compilance officer as a full-time permanent position.
What was that line about redoubling your efforts after losing sight of your goals?
Rob
Posted Feb 1, 2012 0:08 UTC (Wed)
by josh (subscriber, #17465)
[Link] (2 responses)
Posted Feb 1, 2012 1:16 UTC (Wed)
by landley (guest, #6789)
[Link] (1 responses)
The case dragged on for _seven_years_.
Posted Feb 1, 2012 2:20 UTC (Wed)
by josh (subscriber, #17465)
[Link]
Also, SCO had a vested interest in dragging the lawsuits out as long as possible, because they had no hope of winning but they could keep FUDding and extorting as long as the lawsuit continued. By contrast, those enforcing the GPL just want companies to come into compliance, and they don't seem to have any problem with that occurring quickly and quietly. Also, unlike SCO, the companies enforcing the GPL actually have a case, and a fairly open-and-shut one at that.
Posted Feb 1, 2012 1:19 UTC (Wed)
by rahvin (guest, #16953)
[Link] (1 responses)
Posted Feb 1, 2012 3:43 UTC (Wed)
by rahvin (guest, #16953)
[Link]
Fool me once, shame on you, fool me twice, shame on me.
Posted Feb 1, 2012 9:54 UTC (Wed)
by robert_s (subscriber, #42402)
[Link]
Only if you're a company that has already proven it is incapable of complying (or unwilling to comply) by your own means.
Posted Jan 31, 2012 19:43 UTC (Tue)
by shmerl (guest, #65921)
[Link]
Posted Jan 31, 2012 15:54 UTC (Tue)
by dwmw2 (subscriber, #2063)
[Link] (10 responses)
Posted Jan 31, 2012 16:09 UTC (Tue)
by karim (subscriber, #114)
[Link] (2 responses)
Posted Jan 31, 2012 19:51 UTC (Tue)
by Wol (subscriber, #4433)
[Link] (1 responses)
Firstly, the two companies were already in court because the defendant had copied, and used commercially, an image belonging to the plaintiff. This is a criminal offence (I know it isn't in the US, but it is over here).
Secondly, the defendant studied the original picture, and set out to produce a replacement. In literature, this would be a clear case of copyright violation - producing a derivative work without permission. I know "photography is different", but as somebody on GL pointed out, people who use clean-room re-implementation to avoid copyright violation make a point of *avoiding* intimate knowledge of the product they are copying. The defendants *studied* the product they were copying.
So that's why Judge Birss ruled the way he did. Anybody trying to build on this to claim "your photo is similar to mine" is likely to find themself on a sticky wicket.
Cheers,
Posted Jan 31, 2012 20:12 UTC (Tue)
by BrucePerens (guest, #2510)
[Link]
Posted Jan 31, 2012 19:59 UTC (Tue)
by landley (guest, #6789)
[Link] (6 responses)
Oh, and Bruce Fscking Perens got the idea of a swiss-army-knife executable from gzip, it was not original with him:
http://busybox.net/~landley/forensics.txt
I started toybox in 2006 in part because Bruce's GPLv3 trolling made busybox unpleasant to even _look_ at for me (http://lwn.net/Articles/202106/), but I still wanted to work on that _kind_ of thing because I felt I could do a BETTER JOB, from an engineering standpoint. Which means a radically different implementation.
I solved the _technical_ challenges, but then had to figure out whether or not to continue the project in context with busybox. I explicitly mentioned "undermining my hand-picked successor" on busybox as a reason NOT to continue:
http://landley.net/notes-2008.html#30-06-2008
And didn't... until the market vacuum on android was pointed out to me by Tim. Toybox was all my code, which I could BSD license if I wanted to, and I thought it over fairly extensively before doing so:
http://landley.net/notes-2011.html#13-11-2011
Years ago I wouldn't have considered doing so, but now?
http://landley.net/notes-2011.html#16-12-2011
Bring it.
Posted Jan 31, 2012 20:20 UTC (Tue)
by BrucePerens (guest, #2510)
[Link] (3 responses)
You've repeated this one for years, and it's wrong, wrong, wrong. I did not get the idea of linking all of the names to one executable from gzip, and I never claimed that particular element of busybox as an invention.
I first worked on Unix at the NYIT Computer Graphics Laboratory, the predecessor of Pixar, in 1981. At the time we had Version 6 Unix on PDP-11 and we were just getting the first VAX to be released from DEC. The device of linking multiple names to one executable was present in the command line tool set of Version 6 Unix, and you can probably go to a V6 source archive and find it there today. It was not invented as part of gzip.
Posted Jan 31, 2012 20:25 UTC (Tue)
by landley (guest, #6789)
[Link] (2 responses)
Posted Jan 31, 2012 20:41 UTC (Tue)
by BrucePerens (guest, #2510)
[Link]
What I did was make a tiny replacement of the entire Unix command line toolkit necessary for a limited purpose that ran like the command line programs it replaced, not like the "stand-alone shell" programs that people were making around then. I made the first, what follows are destined to be clones and copies.
Posted Jan 31, 2012 20:45 UTC (Tue)
by donbarry (guest, #10485)
[Link]
Posted Jan 31, 2012 20:47 UTC (Tue)
by welinder (guest, #4699)
[Link] (1 responses)
That idea is older than BusyBox. Much, much older. I was doing that
Posted Feb 1, 2012 1:21 UTC (Wed)
by landley (guest, #6789)
[Link]
I didn't mean that nobody had ever used it before that.
Posted Jan 31, 2012 16:13 UTC (Tue)
by karim (subscriber, #114)
[Link] (4 responses)
I've put software under the GPL and will continue doing so, but choosing it also means that I'm implicitely activating the low-level "this is my pissing ground" parts of my brain; and, while I can't speak for others, I suspect it screws with other peoples' brains in a similar way. BSD on the other hand has a more zen-monk thing to it: here, profit if you can, but just don't bother me.
Posted Jan 31, 2012 20:10 UTC (Tue)
by landley (guest, #6789)
[Link] (3 responses)
http://sf.geekitude.com/content/pros-and-cons-gnu-general...
Then GPLv3 came out, and undermined GPLv2 like a sinkhole. I used to have a tagline on my emails, "GPLv3: as worthy a successor as the Phantom Meanace, as timely as Duke Nukem Forever, and as welcome as New Coke."
GPLv3 was a "han shot first" moment, showing that the original creator had suffered massive brain rot and come out with the Jar-Jar Binks of licenses. I spent YEARS unhappy about GPLv2 and the way it split the community.
The FSF pushing GPLv3 and FUD-ing GPLv2 goes to insane levels sometimes. Did you know they replaced the Binutils 2.17 tarball on their website with one that contains GPLv3 source files? Yup, they've RETROACTIVELY relicensed binutils 2.17, in a sneaky manner that requires examining the top of each source file to see what license is on each one.
My loyalty to GPLv2 eroded because the FSF _worked_ agianst it, but it's done. The GPL is no longer one thing, it's GPLv2 and AGPL and GPLv3 and none of them can share code. I'm not going to sit here and defend the old thing against moronic attempts to redo it by a creator who clearly lost his marbles along the way. GPLv2 was great, and I'm sad that it's no longer viable as a license for new projects, but I didn't do it.
And the revival of toybox is not creating demand, it's responding to it.
Posted Jan 31, 2012 21:32 UTC (Tue)
by nix (subscriber, #2304)
[Link] (1 responses)
Either you are arguing in bad faith or you are just not paying attention. I don't know which and I don't much care.
Posted Jan 31, 2012 23:11 UTC (Tue)
by landley (guest, #6789)
[Link]
Are you claiming these new files are "mere aggregation"? The FSF is claiming that the old files weren't "complete source", and that they had to add GPLv3 files to make complete source, and that if you add GPLv3 files to a GPLv2 or later program the result is that the whole can only be distributed under the terms of GPLv3.
How is this interpretation wrong?
Rob
Posted Feb 1, 2012 10:07 UTC (Wed)
by robert_s (subscriber, #42402)
[Link]
Except you've argued again and again in this thread and others that it shouldn't be enforced.
Really, reading your arguments has just made me want to make a donation to the SFLC.
Posted Jan 31, 2012 17:09 UTC (Tue)
by hingo (guest, #14792)
[Link] (12 responses)
(http://perens.com/blog/2009/12/15/23/ ...hmm, that one seems to be down now, anyway here's an article about the blog post where Perens granted permissive license to his parts of busybox: http://www.osnews.com/story/22618/BusyBox_Author_Bruce_Pe... )
Posted Jan 31, 2012 18:55 UTC (Tue)
by BrucePerens (guest, #2510)
[Link] (2 responses)
Posted Jan 31, 2012 19:55 UTC (Tue)
by hingo (guest, #14792)
[Link] (1 responses)
Thanks for the clarification. As the blog post was unavailable I was left to rely on my memory of reading it 2+ years ago.
It seems that also anwers my question then :-)
Posted Jan 31, 2012 20:00 UTC (Tue)
by BrucePerens (guest, #2510)
[Link]
Helping these folks solve their compliance problem is not too difficult. Getting them to allow me to help often is.
Posted Jan 31, 2012 19:55 UTC (Tue)
by Wol (subscriber, #4433)
[Link] (6 responses)
So no, Rob is probably NOT "writing from scratch" - he has a major stake in either the original or a later version of busybox and can re-use his old code.
Cheers,
Posted Jan 31, 2012 20:01 UTC (Tue)
by dlang (guest, #313)
[Link] (4 responses)
Rob is being extremely careful about the source of all code that he re-uses.
Posted Jan 31, 2012 20:28 UTC (Tue)
by BrucePerens (guest, #2510)
[Link] (3 responses)
Posted Jan 31, 2012 20:41 UTC (Tue)
by dlang (guest, #313)
[Link] (2 responses)
I'm not sure that's a significant distinction.
Posted Feb 1, 2012 1:28 UTC (Wed)
by landley (guest, #6789)
[Link] (1 responses)
Rob
Posted Feb 1, 2012 1:50 UTC (Wed)
by BrucePerens (guest, #2510)
[Link]
Posted Jan 31, 2012 20:02 UTC (Tue)
by BrucePerens (guest, #2510)
[Link]
Posted Jan 31, 2012 20:22 UTC (Tue)
by landley (guest, #6789)
[Link] (1 responses)
http://landley.net/notes-2006.html#28-09-2006
I get annoyed when people who _don't_code_ tell people who _do_ how they should be doing it. Especially when they won't go away when you tell them to write it themselves.
This is the opposite of "shut up and show me the code". They're telling me that I should stop coding so I can listen to them talk.
Posted Feb 1, 2012 13:43 UTC (Wed)
by ekj (guest, #1524)
[Link]
Heated debate is okay, and infact aslong as it's constructive and adds actual arguments, can even be welcome.
But name-calling does not add anything to the discussion. Please stop it.
Posted Jan 31, 2012 18:01 UTC (Tue)
by tbird20d (subscriber, #1901)
[Link] (71 responses)
First and foremost, I need to clarify that this is not a "Sony project". I am working on this in my role as an embedded Linux industry advocate, who tangentially happens to be a Sony engineer. Those who see some Sony conspiracy here can take off their tinfoil hats.
It is NOT the goal of this to help people violate the GPL, but rather to decrease the risk of some nuclear outcome, should a mistake be made somewhere in the supply chain for a product. For example, it is possible for a mistake made by an ODM (like providing the wrong busybox source version) could result in the recall of millions of unrelated products.
As it stands, the demands made by the SFC in order to bring a company back into compliance are beyond the value that busybox provides to a company. I also believe they are wrong from both a legal and moral perspective.
I recognize full well that some companies are not living up to their GPL obligations. At the same time, everyone I work with and talk to is working hard to comply with the GPL. In particular, I am proud of Sony's track record of GPL compliance. See Sony's Source Code download site.
However, companies and people do sometimes make mistakes. In my own experience, the remedies requested by other agents and organizations working for GPL compliance are much more productive than those of the SFC. Given the current situation, it makes sense to reduce the probability of mistakes, and their legal repercussions.
It is a shame that such a project is needed. But it is primarily needed, in my opinion, due to the overreach of the busybox litigators. I believe the project represents an ethical and pragmatic solution to this particular legal challenge.
Posted Jan 31, 2012 18:10 UTC (Tue)
by epa (subscriber, #39769)
[Link] (3 responses)
Posted Jan 31, 2012 23:24 UTC (Tue)
by landley (guest, #6789)
[Link] (2 responses)
Posted Feb 1, 2012 10:20 UTC (Wed)
by rvfh (guest, #31018)
[Link]
When there is a will, there is a way :-)
Posted Feb 1, 2012 11:18 UTC (Wed)
by epa (subscriber, #39769)
[Link]
Posted Jan 31, 2012 18:34 UTC (Tue)
by rahvin (guest, #16953)
[Link] (21 responses)
According to what I just read you are doing exactly what you claim you aren't doing. By your own words this is being developed so that if "someone" violates the GPL they can avoid infringement discussions with the SFC, or in other words to avoid enforcement of the GPL.
It would seem from this that the original call to have Kernel developer step forward and allow their code to be used for enforcement is a very valid call to the development community as your work is specifically to allow people to use GPL software without having to worry about the legal consequences of non-compliance. IMO there should be a bite to non-compliance, regardless of intent. What the SFC asks is nothing in comparison to the millions you would have to pay for violating the licenses of any commercial product.
It's be really nice is one of the major developers of the Kernel stepped forward.
Posted Jan 31, 2012 18:58 UTC (Tue)
by armijn (subscriber, #3653)
[Link] (15 responses)
Search for 'veto' on pages 6, 13 and 25.
I can very well understand that a company would decide to *not* use BusyBox in future products when confronted with such claims.
Posted Jan 31, 2012 19:12 UTC (Tue)
by rahvin (guest, #16953)
[Link] (12 responses)
Personally I have no objection to what the SFC does as they are simply asking people to comply with the license they agreed to when they used the code to begin with. That they were using BusyBox as a lever on all GPL code doesn't change the fact that the infringing companies in question would have NEVER opened that door had they no infringed the license to begin with. As others have pointed out, if they are violating the GPL on Busybox they are likely violating it on all the GPL code.
It's pretty darn simple, if you can't comply, or can't make your suppliers comply with the license don't use GPL code in your product. There's no altruism here, the companies are using GPL code because it saves them a bundle of money. That they can't comply with the extremely simple requirements of code availability speaks volumes to the incompetence of the companies involved. Let them instead go license a commercial software that they can't modify and if they violate the license they will be on the hook for millions per infraction with a supplier that is guaranteed to sue them. I bet they keep using the GPL give the other option.
Posted Jan 31, 2012 19:48 UTC (Tue)
by armijn (subscriber, #3653)
[Link]
I think we all agree on the fact that complying with the licenses is extremely simple and I do think that enforcement to have this corrected is actually a good thing, since it often serves as a wake up call to companies to fix their processes.
Asking for fixing things that are outside of your own copyright (and which is unlikely you could enforce easily anyway) like binary kernel modules, review rights and veto rights for future firmwares and devices, plus asking to be reimbursed for that review (again, this is not just something that Best Buy said) sounds like a clever hack, but they are overreaching and shooting themselves in the foot here, because it is asking for your software to be replaced.
I would also be surprised if these claims would hold up in courts in Europe. I very much doubt it (but IANAL, I just like to hang around them and ask them lots of questions). I should ask more lawyers about this.
Posted Jan 31, 2012 21:33 UTC (Tue)
by dskoll (subscriber, #1630)
[Link] (10 responses)
It's pretty darn simple, if you can't comply, or can't make your suppliers comply with the license don't use GPL code in your product.
So then... isn't that what the developers of the Busybox replacement are doing? They're making it possible to not use GPL code in your product at least as far as Busybox is concerned.
Posted Jan 31, 2012 21:40 UTC (Tue)
by mjg59 (subscriber, #23239)
[Link] (9 responses)
Posted Jan 31, 2012 21:51 UTC (Tue)
by dskoll (subscriber, #1630)
[Link] (8 responses)
But they'll still be using the kernel,
Assuming they're using the Linux kernel. Busybox can be used on a BSD kernel, no?
Posted Jan 31, 2012 21:56 UTC (Tue)
by mjg59 (subscriber, #23239)
[Link] (7 responses)
Posted Feb 1, 2012 0:01 UTC (Wed)
by landley (guest, #6789)
[Link] (6 responses)
That said, board support packages usually provide kernel source because it's one package and you usually have to rebuild it to tailor it to the hardware. They don't necessarily rebuild the base userspace.
For example, at my day job the "bringup" department I'm working for has built kernels for three different new product boards since I got here. I build kernels every day. And each time they use a binary arago root filesystem tarball that hasn't been recompiled since I got here, with a toolchain they got from code sourcery in 2009. (The bringup department then hands said kernels off to the Android guys, who replace the root filesystem with Android stuff they get from Google, and layer their own stuff on top of it as android packages. Neither the kernels nor root filesystems actually _ship_, I'm just trying to make the hardware work and then they put android on it.)
Google's already excluding all GPL code from userspace, and android developers are happy to go along with it. I'm building a package the android guys might actually get to _use_. Busybox has existed since before android shipped, and doesn't get used on android, and isn't going to. Arguing whether or not it _should_, or how they'll come around if we wait for the sun to go out, has nothing to do with reality.
Linus Torvalds stopped waiting for the android developers to come around to his way of thinking, and started merging their code. I've usually considered Linus a good model. (Remember how he used a non-GPL license for Sparse because he was fed up with the FSF? I suspect git was only GPLv2 to quiet the "oh no bitkeeper"! hysteria, but haven't asked.)
I keep hearing people go "what, are they going to rewrite the kernel next if we make a big enough fuss about it"? And I keep going "MacOS X is BSD based became the most profitable company in the world using that; you think Google can't switch to that in a single development cycle if they really wanted to?"
Linux has stayed unified because of _LINUS_. Thinking that "oh it can't fork, it's GPL"... Android kernel anyone?
Red Hat almost standardized on Alan Cox's kernel back when Linus overloaded and spent months dropping patches (anybody remember my old "Patch Penguin" rant?), and Alan took a year off to go back to grad school to FORCE everybody to work with Linus (who took up bitkeeper to solve the scalability issue). The license has _helped_ keep Linux unified, but it's the community that's actually done it. The community of kernel developers who _REJECTED_ GPLv3, sidelined Richard Stallman, and never BOTHERED to launch widespread license enforcement lawsuits because they are a BAD IDEA. There's some saber rattling, but suing potential allies generally doesn't bring them closer to you. This isn't a defeat = friendship world.
Me, I reinvent the wheel a lot (hence working on busybox). I had to prove for myself that they're a bad idea. So I ran the experiment, and I reported the results, and whadaya know: It's a bad idea.
(I can't help it if other people want to repeat my mistakes and insist on finding out for themselves that fire is hot, but telling the guy with firsthand experience that you know more about it than he does gets old after a while.)
Posted Feb 1, 2012 1:50 UTC (Wed)
by Duncan (guest, #6647)
[Link] (2 responses)
In practice, that remains to be determined in a court of law -- the Oracle case. What happens if Oracle wins? Google would have to pay penalties for past shipments, sure, but that doesn't resolve the future shipment problem.
What happens if they can't agree on a solution for future shipments? Google would have two alternatives, either quit shipping something they're doing 700K activations a day of, or suddenly reverse course on a GPLed userspace and keep shipping. Of course they /might/ have a third option lined up too, an independent replacement. But that would be a compatibility nightmare.
What I've been hoping for all along is pretty much just this scenario. There's a large enough Android ecosystem out there that any way this scenario plays out would set the whole tech world ringing with the implications. Would google and the rest of the ecosystem simply quit shipping? OUCH! Or would they bite the bullet and gamble that whatever the anti-GPL case was before, Android's too big to stop now just because it ends up being GPLed userspace? How much of the ecosystem would stay with them if they did?
Of course, that would put the ball back in Oracle's court as well, effectively calling their bluff on their GPLed Java. The risk is a toppling of the entire copyleft ecosystem and community, but imagine what a reputation the GPL would have if it survived THAT, regardless of how the rest of it plays out, Oracle trying to reverse course on Java's GPLing, OR challenging its patent provisions so that bit gets settled, OR folding and allowing Google to continue shipping, of course with rather zealous enforcement of the GPL provisions from someone with the money to do so, in an attempt to discourage everyone else from taking that same out.
That's still an unlikely scenario, but the first part of it, Google continuing to build Android shipments to the point where it /might/ be practical to force a GPLed userspace, and have people actually accept it, has certainly happened. Thus, the odds are far better than they were when that whole feud started.
And if Oracle /did/ choose the patent challenge route, it could very easily result in the whole tech world "going patent nuclear", thus very possibly settling the patent wars once and for all once all the dust settles, as well. Even if it didn't result in the patent world "going nuke", it should at least resolve the patent issues one way or another for the GPLv2, thus resolving all sorts of GPL community issues in that regard. If the GPLv2's patent provisions such as they are hold, it's solve a lot of Linux patent issues, and if they don't, well, the predictions leading to the GPLv3 would have been demonstrated to be true, and the GPLv2 licensed Linus kernel will end up being far closer license-wise to the BSDs than it is now, at least for anyone with patents.
So, yeah, while Google has to date taken a hard line on a GPLed Android userspace, that could yet change. I guess we'll see how this Oracle/Google case plays out at the trial court level at least, pretty quickly, now. There will certainly be appeals and it's likely to play out for years either way, just as SCO did, but the Android ecosystem and even the larger mobile computing ecosystem is I think way bigger already than the entire Linux ecosystem was when SCO started, and the waves could thus be MUCH MUCH bigger... either way!
Duncan
Posted Feb 1, 2012 21:52 UTC (Wed)
by Wol (subscriber, #4433)
[Link]
Firstly, Oracle launched this as a patent suit. Unfortunately for them, the patents have been comprehensively gutted.
Secondly, they threw in the copyright stuff as a side dish. Unfortunately, it seems to be all they've got left. And it's pretty irrelevant, because Google (a) never used the code in question, and (b) only distributed it by accident. It's a few lines of code (measured in hundreds of LOC if that), and it's part of the test suite that should NEVER get onto any shipping device.
Cheers,
Posted Feb 1, 2012 21:57 UTC (Wed)
by Wol (subscriber, #4433)
[Link]
But, as you'll see from my other post, they DID choose the patent challenge route. And it seems the nuke detonated on launch ...
I can't remember all the figures, but they tried to sue over about 250 claims. The Judge said "that's too much, whittle it down to your best 15" or something like that. Google returned a major broadside and it seems out of those 250, Oracle is unlikely to find 15, or whatever it was the Judge said, to bring to trial! They might even get to trial only to find they don't have any valid patents to claim!
Cheers,
Posted Feb 1, 2012 11:41 UTC (Wed)
by mitchskin (guest, #32405)
[Link] (1 responses)
Posted Feb 2, 2012 12:58 UTC (Thu)
by simonkelley (guest, #17525)
[Link]
Posted Feb 2, 2012 10:50 UTC (Thu)
by paulj (subscriber, #341)
[Link]
Hmm, Android's bluetooth support relies on Bluez, which is GPLv2+. Google stuck some IPC in between the Android stuff and the Bluez libraries, but I doubt that achieves the GPL-washing effect that Google are trying for, should BlueZ copyright holders ever care to do something.
So unless that's changed, your statement above appears to be incorrect.
Posted Feb 1, 2012 0:41 UTC (Wed)
by Trelane (subscriber, #56877)
[Link]
The allegations are there, but not the exhibits. Where is the original text that requested the alleged veto?
Posted Feb 1, 2012 13:34 UTC (Wed)
by k3ninho (subscriber, #50375)
[Link]
Coercion? Is anyone involved with SFLC a parent? Anyone know what 'positive reinforcement' looks like?
It boils down to this: the winning play has to be that non-compliant companies get help to remake their internal processes in such a way that they comply with the licence, then they get help to communicate how easy that is to other organisation with whom they do business.
Trying to coerce, hamstring, or force collusion seems to me to be contrary to the advocated 'freedom' behind the original software projects (not to mention the prospect of skewing market competition and the negative publicity that would bring). You just can't let that kind of bullying go. Perhaps there's a reply which claims 'this is all these corporations know and the only way we can interact with them': don't forget that the opportunity to do it differently is still there and can set an example of the better way to do things that is collaborating with the free and open source software development communities.
Take care.
Posted Jan 31, 2012 19:03 UTC (Tue)
by tbird20d (subscriber, #1901)
[Link] (4 responses)
In practice, it would make things easier if my suppliers didn't ship any GPL user-space code to me. At Sony, we'll put on our own user-space GPL code. We have good practices in place for managing our GPL responsibilities in this case, thank you very much. In the case of kernel code, to my knowledge we've never had a problem with a supplier providing correct sources for this.
I understand why this is sub-optimal in the grand scheme of things, because it detracts from the community value of GPL user-space code.
Posted Jan 31, 2012 20:38 UTC (Tue)
by landley (guest, #6789)
[Link] (3 responses)
Did you guys not NOTICE?
http://www.itworld.com/it-managementstrategy/233753/gpl-c...
Google's "No GPL in userspace" thing is very much _not_ an isolated incident. Those of us who were big GPLv2 advocates and don't like GPLv3, what did you EXPECT us to do when you tried to shove v3 down our throats?
Posted Jan 31, 2012 20:58 UTC (Tue)
by mjg59 (subscriber, #23239)
[Link] (2 responses)
Posted Jan 31, 2012 23:18 UTC (Tue)
by landley (guest, #6789)
[Link] (1 responses)
Posted Jan 31, 2012 23:47 UTC (Tue)
by mjg59 (subscriber, #23239)
[Link]
Posted Jan 31, 2012 19:13 UTC (Tue)
by BrucePerens (guest, #2510)
[Link] (27 responses)
BSD-like licenses can be enforced as well as the GPL, as we showed in Jacobsen v. Katzer. Many, many companies fail to follow the license presentation requirements of the BSD license. There are a great many copyright holders out there, GPL and BSD both, and we need just one who is represented in code on the device to enforce. So, I don't think you can achieve your legal goal by replacing Busybox.
As a representative of the companies that have been contacted by SFC, I have experienced the settlement terms of SFC firsthand. Those requirements are:
I've also had to pay SFC for the technical work on the audit. They charge a lot less than I do, and less than any sane legal-technical practitioner in New York City should charge.
The only unfair thing SFC does, as far as I'm aware, is that they don't involve me in the busybox cases, although I'm the original developer and my code is still present. And this is the requirement of their clients Eric Andersen and Rob Landley. So, I went to work for the other side, helping them to cure the infringement. Frankly, that side pays better anyway.
I think you're off base regarding the legal and moral stance of SFC, and your own moral position stinks. Help your clients perform due diligence, rather than helping them avoid enforcement. Bruce Perens
Posted Jan 31, 2012 19:35 UTC (Tue)
by tbird20d (subscriber, #1901)
[Link] (2 responses)
Posted Jan 31, 2012 19:54 UTC (Tue)
by BrucePerens (guest, #2510)
[Link]
Avoid "infractions"? I guess you mean avoid unintentional infringement. Yes, they're all unintentional. But when I get to work with these companies I find that they are building multi-billion-dollar product lines and have no compliance program, little concept of due diligence, and no working connection between engineering and legal. They get their engineering from small software or chip companies who don't communicate their due diligence requirement and don't stay around to provide source code.
Or, in the case of Best Buy's Insignia line, they buy a run from a factory and don't ever have a relationship with the engineering department.
The only moral, ethical solution is to help them with due diligence.
What you are now attempting to arrive at is a situation like Android, in which the entire user-mode is under a gift license but you still have the Linux kernel. So, SFC will have to work harder to find kernel developers. And then you'll scrap Linux for BSD, and SFC will end up enforcing attribution requirements in BSD, using the precedent from the appeal in Jacobsen v. Katzer.
Posted Jan 31, 2012 23:30 UTC (Tue)
by landley (guest, #6789)
[Link]
Hindsight, eh?
Posted Jan 31, 2012 20:32 UTC (Tue)
by landley (guest, #6789)
[Link] (16 responses)
B) Bruce? Show me your code still being present in busybox. I did http://busybox.net/~landley/forensics.txt and you've never actually refuted any of it. You keep repeating that you have code, but you'll never do The Thing:
"Shut up, and show me the code"
Posted Jan 31, 2012 21:39 UTC (Tue)
by BrucePerens (guest, #2510)
[Link] (15 responses)
You're not fully apprehending the context of Judge Walker's guidelines. Altai's re-implementation of CA's software in a different language was non-literal copying. On the other hand, all versions of Busybox later than mine have been directly derivative. They start with the entire body of source code that I created and the overall design, and then later versions have incremental changes. So, you could probably remove every exact line that I wrote, and I would still have an excellent case that the result remained a derivative work and that I have an actionable interest in the work.
You misuse 17.102(b) to say that certain code is not my work because you believe it's functional and thus not copyrightable.
You don't consider that I have a compilation copyright as well. You think I will have no actionable interest in toybox, or whatever you call it, after your extensive involvement in Busybox. I could assert such an interest if provoked. I could probably enlarge this list if I took the time. But that would be engaging with you, which isn't desirable or necessary.
Posted Jan 31, 2012 22:01 UTC (Tue)
by deater (subscriber, #11746)
[Link] (1 responses)
Posted Jan 31, 2012 22:22 UTC (Tue)
by BrucePerens (guest, #2510)
[Link]
Posted Jan 31, 2012 22:27 UTC (Tue)
by dlang (guest, #313)
[Link] (12 responses)
this is handing power to copyright intrests that big media only dream of right now.
Posted Jan 31, 2012 22:42 UTC (Tue)
by BrucePerens (guest, #2510)
[Link] (6 responses)
Yes. This sort of stuff happens. But it's a lot more complicated than your one-sentence summary. I could discuss it for at least an hour.
Posted Feb 1, 2012 0:27 UTC (Wed)
by josh (subscriber, #17465)
[Link] (5 responses)
Posted Feb 1, 2012 0:40 UTC (Wed)
by BrucePerens (guest, #2510)
[Link] (2 responses)
Posted Feb 1, 2012 4:16 UTC (Wed)
by josh (subscriber, #17465)
[Link] (1 responses)
Posted Feb 1, 2012 4:36 UTC (Wed)
by BrucePerens (guest, #2510)
[Link]
Posted Feb 1, 2012 0:44 UTC (Wed)
by nwnk (guest, #52271)
[Link] (1 responses)
Posted Feb 1, 2012 0:52 UTC (Wed)
by BrucePerens (guest, #2510)
[Link]
Posted Jan 31, 2012 22:47 UTC (Tue)
by RiotingPacifist (guest, #68160)
[Link] (4 responses)
Posted Jan 31, 2012 22:58 UTC (Tue)
by dlang (guest, #313)
[Link] (3 responses)
This is like classic car restoration. If you take a Ford Model T and replace every piece of it, is it still a Model T? or is only inspired by one. At some point the car becomes a kit car with some Model T parts bolted on, and then as those are replaced it becomes just a kit car.
Posted Jan 31, 2012 23:32 UTC (Tue)
by RiotingPacifist (guest, #68160)
[Link] (1 responses)
If you built your kit car while looking at the Model T and never depend on it for either structural integrity or functionality then it would be more complicated. And obviously if you went further still and only took the spec of the Model T and reimplemented it from that then it would be "inspired" and count as clean room reverse engineering.
The real problem is that this isn't a car and the term "derivative work" has real legal meaning and precedent in the world of copyright.
I'm not saying Bruce would have any claim on Toybox purely because Langley has seen Busybox, but I would be careful.
Posted Feb 1, 2012 11:37 UTC (Wed)
by coriordan (guest, #7544)
[Link]
Whether broad copyright is good or bad for us is another debate, but we have to acknowledge that it is today broader than just exact words.
Posted Jan 31, 2012 23:37 UTC (Tue)
by landley (guest, #6789)
[Link]
I used to refer to it as "SCO disease". For a couple years there, I got paid to help prove it wasn't true. This was shortly before you-know-who tried it.
Posted Jan 31, 2012 20:42 UTC (Tue)
by tytso (subscriber, #9993)
[Link] (5 responses)
So when he uses a busybox breach to try to enforce his view of the GPLv2 license on code that *I* own, I'm naturally going to object and consider his actions wrong from a moral and ethical point of view. Which is why I'm completely supportive of the Toybox effort.
That's not to say that I support blatant violations of the GPL; if there are manufacturers of Android devices that aren't coughing up source code, then we should go after them. But using busybox as a backdoor way of enforcing an anti-Tivoization effort as it applies to the Linux Kernel is Just Wrong. And as a result, if I were going to go after someone who was abusing the copyright on the Linux Kernel, the SFC wouldn't be my first choice as lawyers...
(Speaking only for myself, and not for any of my current or previous employers...)
Posted Jan 31, 2012 21:56 UTC (Tue)
by BrucePerens (guest, #2510)
[Link] (4 responses)
You're over-stating their request for "scripts". I have represented a client where SFC made this request, and they asked for a non-encrypted version of the binary from a step just before encryption. They never asked for keys.
Posted Feb 1, 2012 0:20 UTC (Wed)
by tytso (subscriber, #9993)
[Link] (3 responses)
You're correct that Bradley with his SFC hat on doesn't ask for encryption or signing keys; that was my misunderstanding. However, they *do* ask for a firmware image that contains the binary in question and ideally the ability to install that image onto the device. Merely creating a binary executable and including the makefile that does the "make install" step isn't enough from them. They want a firmware image that looks similar to what is in the original ROM image. If, hypothetically speaking, that firmware image (say, pre-encryption) also happens to include content-protecting DRM encryption keys where disclosure of said keys would result in the Content Cartel's legal sharks to come after a defendant --- which trust me are way more scary than the SFC lawyers --- it can leave the recipient of that enforcement action in a very tight place. Personally, I wouldn't have pushed as hard in the settlement talks, given my limited knowledge of the case, but that's neither here nor there. I'm also guessing that part of the problem was once the adversarial legal approach was invoked, it's very hard to avoid lawyers misunderstanding technical terms, which just draws things out once you try to negotiate remediation steps.
On a more constructive side of things, I think the best way forward is to focus on education vis-a-vis how not to get into this situation in the first place. i.e., make sure you have clean separation between your proprietary and non-proprietary binary content (i.e., put things like Blu-ray keys in separate protected partitions or hardware, and don't mix it with GPLv2, and especially not with GPLv3 licensed code).
It also seems that given that the SFC has become the "bad cop", they have acquired a reputation of being litigation-happy, which from my conversations with Bradley, is an unfair rap. The question is whether they can assuage Tim's fear that an "accidental mistake" by a downstream user of some device incorporating Busybox or other GPL'ed code won't result in the SFC going nuclear on them, without companies trying to game the system by knowing how close to the line they can get. As one example, consider the HTC loophole (i.e., "as long as we respond in 3-6 months, we don't have to be afraid of getting sued") --- although the reality is if you're going to litigate, it's probably going to be 3-6 months minimum, since the wheels of justice grind slowly. And of course, litigation has many other costs other than just the legal fees. One of them is it increases the FUD involved with using your software project.
At the end of the day, it's a question of how can we make using open source code in general, and busybox in particular, not scary. My big concern from the general perspective is that people will get scared enough by the perception that there are over-zealous, litigation-happy parties out there, that they decide to not to use the Linux Kernel, and either (a) decide to use a pure proprietary solution, such as QNX, or (b) go to a BSD or Apache-licensed OS or userspace, such as FreeBSD.
One approach (at least for busybox; fortunately the Linux kernel developers don't have this litigation-happy reputation) is of course to re-implement a BSD-licensed equivalent, and that's the approach Tim has taken. Another approach is to educate the embedded manufacturers and tell them here are the bright lines which will allow them to be safe, even if they want to use Linux to implement a Blu-ray player that needs to have very stringent DRM requirements. And, that staying in bounds of these bright lines really isn't that onerous. That is, use the carrot and not the stick. Ultimately, I think that's the much more productive approach compared to litigation, and to the extent that the SFC (from my conversations with Bradley) views litigation as a last resort, I think they would agree with this latter approach of education of the embedded vendors.
-- Ted
P.S. Not that I'm in favor of that kind of DRM; in fact I generally refuse to buy Blu-ray DVD's (there are cases where both the DVD and Blu-Ray DVD are included in the same case, where I might decide to buy said combined package). I just don't believe in using the heavy club of Copyright and the GPL as a way of imposing my beliefs on others. That's a philosophical belief for which men and women of good will have disagreed about, though, so I respect that other people may feel differently about things like GPLv3's anti-Tivo clause.
Posted Feb 1, 2012 1:32 UTC (Wed)
by landley (guest, #6789)
[Link] (2 responses)
http://lists.busybox.net/pipermail/busybox/2008-October/0...
It didn't help in the slightest.
Rob
Posted Feb 1, 2012 4:40 UTC (Wed)
by tytso (subscriber, #9993)
[Link] (1 responses)
Posted Feb 10, 2012 12:45 UTC (Fri)
by khim (subscriber, #9252)
[Link]
And I doubt it'll rule on it any time soon. SFC does not sue companies which tried to comply with GPL and just forgot to include couple of scripts in a tarball. It sues companies who blatantly violate it (that is: they neither give you source with binaries nor give you a written offer to provide such sources). When SFC is involved GPLv2 terms are no longer in play: offenders violated it, lost their rights and now must beg for forgiveness. Of course it does not mean that the your question (is it fair to demand scripts used to build the image with GPLed component?) suddenly evaporates. But at this point it's morphed to the area of moral and conscience, not law. How to avoid this problem? It's simple: publish the sources of the GPLed components. Toybox is not a solution. It may be first step on the path to the "true solution" (abandonment of all the GPLed components), sure. But if the plan is to remove all the GPLed components altogether, then I'd like to see the project with milestones and roadmaps.
Posted Feb 10, 2012 10:40 UTC (Fri)
by laf0rge (subscriber, #6469)
[Link]
Posted Jan 31, 2012 20:37 UTC (Tue)
by HelloWorld (guest, #56129)
[Link] (5 responses)
Posted Feb 1, 2012 13:45 UTC (Wed)
by masoncl (subscriber, #47138)
[Link] (4 responses)
But, I'd certainly be more comfortable with a project to ensure compliance in the providers. It's easy to assume the suppliers would be willing to prove compliance if they didn't get paid until it was proven.
I admit this is a simple view of a very complex supply chain (sorry Tim). The suppliers still must prove the replacement is used instead of busybox. Why not just check the sources provided instead?
This is a fixed R&D cost (not a per-unit cost), and big electronics companies force suppliers to conform to all kinds of rules and specifications. They also do a range of tests on the fully assembled devices.
It's fair for us to expect compliance to be one of those tests.
Posted Feb 1, 2012 16:03 UTC (Wed)
by HelloWorld (guest, #56129)
[Link] (3 responses)
Posted Feb 1, 2012 21:30 UTC (Wed)
by bronson (subscriber, #4806)
[Link] (2 responses)
I guess a similar approach to software quality would be, "just don't write bugs."
Posted Feb 1, 2012 21:42 UTC (Wed)
by HelloWorld (guest, #56129)
[Link] (1 responses)
Posted Feb 2, 2012 23:13 UTC (Thu)
by bronson (subscriber, #4806)
[Link]
Posted Jan 31, 2012 22:00 UTC (Tue)
by RiotingPacifist (guest, #68160)
[Link]
I don't know if any of the devices I've seen were as a result of direct action against the vendor, but the actions of the SFC, FSF and others surely helped encourage vendors to comply.
Now for a bad analogy: If a Sony caught somebody downloading one track, I'm sure they would insist on checking everything else the copyright violator owned for further violations and the SFC's aggressive litigation demanding to review other products for more GPL'd code is no worse. Only in this case the defendant's tend to be large corporations who can afford to go the distance instead of college kids and grandmothers!
P.S I know you are suggesting the project outside of your work for Sony but surely you can't expect to take the moral high ground against the SFC while working for such a litigious and ethically bankrupt company.
Disclaimer:I know nothing and no-one, this is just my opinion as an end user!
Posted Feb 1, 2012 9:49 UTC (Wed)
by niner (subscriber, #26151)
[Link] (8 responses)
You are working for Sony, a company that sues teenagers over several times their lifetime incomes for copyright violations while at the same time breaking the law by installing rootkits on customer's computers and which likes to break products after they sold them.
Sony has no moral standing whatsoever. None.
> I am proud of Sony's track record of GPL compliance.
Being proud of Sony sometimes not breaking the law? Yes, that's certainly impressive.
> However, companies and people do sometimes make mistakes
Tell that to Sony's lawyers. They somehow see matters not as lenient.
Posted Feb 1, 2012 11:55 UTC (Wed)
by anselm (subscriber, #2796)
[Link] (7 responses)
Hang on. The Sony company that does these things (Sony BMG/Sony Music Entertainment) and the Sony company that sells gadgets with Linux inside (Sony Electronics) aren't the same.
Posted Feb 1, 2012 12:22 UTC (Wed)
by niner (subscriber, #26151)
[Link] (2 responses)
It's like "let's put all our questionable businesses into a separate corporation, so we share all the income but not the blame".
Sorry, I just don't buy your argument. It's a Sony.
Posted Feb 1, 2012 12:49 UTC (Wed)
by anselm (subscriber, #2796)
[Link] (1 responses)
Right. So having a brother who's a sleazy lawyer automatically makes you sleazy, too.
Incidentally, Sony BMG, of the 2005 rootkit scandal, wasn't even a 100% Sony subsidiary – it was a joint company, half of which consisted of Bertelsmann Music Group (hence the »BMG«), a subsidiary of Bertelsmann AG. Sony bought Bertelsmann's share in the venture only in 2008, to (re-)make Sony Music Entertainment.
Posted Feb 1, 2012 13:04 UTC (Wed)
by ekj (guest, #1524)
[Link]
If Sleazy Inc owns companies A and B, then yes, A doing something evil does reflect poorly on B, and it makes total sense to (for example) consider B without moral standing, based on the actions of A.
It makes sense because the same single board controls both A and B.
If your left hand engages in aggression towards me, I'm totally going to consider your right hand a potential threat: because I'm aware that both of your arms are controlled by the same entity.
Posted Feb 1, 2012 14:41 UTC (Wed)
by leoc (guest, #39773)
[Link] (2 responses)
Posted Feb 1, 2012 15:54 UTC (Wed)
by anselm (subscriber, #2796)
[Link] (1 responses)
This is something the original poster might justifiably have criticised but didn't.
One thing to take away from this is that huge companies like Sony (or for that matter Microsoft) may employ people who are reasonable if not downright nice, and whose actions have no bearing on the actions of their colleagues in other parts of the company (or related companies). Refusing to talk to these people, or calling them names, on the grounds that they have sleazy colleagues who ultimately answer to the same CEO (probably with seven tiers of different intermediate managers in-between) doesn't lead us anywhere.
Posted Feb 1, 2012 21:41 UTC (Wed)
by khim (subscriber, #9252)
[Link]
Sorry, but this is exactly how we've ended in this mess: reasonable if not downright nice people work for nasty companies with justification that it's Ok because it's big company and they can not do anything means that companies feel free to continue to harass customers, lobby for draconian laws, etc. Sorry, but no. Justification that you just have sleazy colleagues who ultimately answer to the same CEO does not make it Ok even you personally have done nothing atrocious. Now, I'm not saying everyone should forget about their life, family and declare jihad against nasty companies despite onerous personal costs. If you have no reasonable choice and are forced to work for the nasty company then noone will condemn you. And if you were just offered 50% bigger compensation - then that's fine, too (if companies will know that their nastiness can cost them real money they will adjust, they are not stupid). But in all cases you should be slightly ashamed and look for the other opportunities if possible, not try to explain that "this SONY is not like that other SONY, no, they are totally different". This is your SONY and your actions will be viewed in light of "that our SONY" decisions.
Posted Feb 1, 2012 16:20 UTC (Wed)
by bpearlmutter (subscriber, #14693)
[Link]
Posted Feb 2, 2012 10:41 UTC (Thu)
by paulj (subscriber, #341)
[Link]
Are you saying that this work is not approved of or funded in any way by Sony (i.e. the corporate management infrastructure that oversees you)?
Otherwise, if you're doing this as part of a role funded by Sony, then you're acting in Sonys' interests as their agent. And in which case, you can't seriously think you can divorce what you do for your work from those who fund it?
Posted Jan 31, 2012 18:06 UTC (Tue)
by paravoid (subscriber, #32869)
[Link] (3 responses)
Posted Jan 31, 2012 19:01 UTC (Tue)
by rsidd (subscriber, #2582)
[Link] (1 responses)
Posted Feb 1, 2012 0:09 UTC (Wed)
by vegge (guest, #6926)
[Link]
> Thanks for that link. I believe it should be mentioned in the main article.
Yes, definitely. Landley's comment provides a good counterpoint.
Posted Feb 1, 2012 10:59 UTC (Wed)
by fb (guest, #53265)
[Link]
Thanks for the link. Very informative. I also think it should be linked from the LWN news item.
[...]
On a side note, while this news item has become quite a flame party, as a heavy user of embedded Linux devices I still find it very interesting.
Posted Jan 31, 2012 19:18 UTC (Tue)
by landley (guest, #6789)
[Link]
Posted Jan 31, 2012 21:06 UTC (Tue)
by alvieboy (guest, #51617)
[Link] (1 responses)
How many of those devices really require (meaning, have a real hard dependency on) busybox or any of it's replacements (or the ones replaced by busybox in the first place) ?
For a long time busybox infringements have been exposed in public, but other components (probably much more important, like kernel and some core libraries) have not had the same mediatism (most of them are LGPL, but that also has some obligations).
I agree with mjg59 on this. As an author, I give rights and I expect those rights to be not only understood, but to be fulfilled.
However, Bruce does have a point. Some companies are so complex that this obligations are lost along the path, and, perhaps due to bad technical management issues (and lack of proper configuration management) hard to comply.
I do work on a non-free (commercial) product, based on many individual licenses (GPL included). All our modifications, derivatives, or otherwise anything that we know it's based on GPL or has strict dependencies on GPL products [or other non-permissive licenses] is kept on a "public" folder, which we do indeed make public. The design of our VCS, our build system, our package management system, was since the very beginning designed to allow for a quick extraction of licences and code bellowing to 3rd parties. This eases our GPL-compliance (and other licenses compliance), and, since it's deeply embedded in our process, avoids making mistakes. Mistakes can happen, we just have to make sure we do everything to minimize them.
Again, why is busybox so important here ? [disclaimer: we do not use busybox at all :P ]
Alvie
Posted Feb 1, 2012 0:46 UTC (Wed)
by BrucePerens (guest, #2510)
[Link]
It's important to note that SFC is also a plaintiff in these cases, not just the provider of pro-bono legal counsel. They hold enough copyrights for projects they support that they usually have something that is infringed.
Posted Feb 1, 2012 1:01 UTC (Wed)
by tialaramex (subscriber, #21167)
[Link] (3 responses)
And so today when a halogen heater in Dundee catches fire, it can be traced back to see which which assembly line, in which Chinese factory made that heater. Records of every change to the manufacturing process, every change of parts supplier, and so on, must all be kept for the lifetime of the product. Because that way they can figure out which other heaters have the same fault, and recall them. If it can't be traced back, the importer may be on the hook to replace every single heater they imported, which will almost certainly mean bankruptcy.
But when a huge entertainment giant ships software to someone, they still say "Oh, we don't know where all the code in there came from. We don't keep proper records of any of that stuff, our procedure is just to slap things together until we get something that works". The product from that supplier who are known to use unlicensed material? Nobody will ever know. The software someone found on github and merged in without checking the license? Ditto.
And it seems there are even people who have sympathy for this bullshit and feel it's an imposition, a infringement of liberty, to insist that _multi-billion dollar software suppliers_ get their act together as much as my local bakery.
Posted Feb 1, 2012 1:53 UTC (Wed)
by rahvin (guest, #16953)
[Link]
Violations should have penalties so that companies realize GPL code has a compliance cost that needs to be accounted for, tracked, and followed up on including putting those same requirements in their supply contracts. It's simply negligence for them not to comply then claim it's not their problem. Not a single case has gone to the jury because once legal actually gets involved and runs the cost they realize that failing to settle will cost them far more than any of the costs SFC ask for. When you want to pay nothing SFC's costs might seem high, but in comparison to those proprietary solutions or a jury ruling of infringement it's pennies.
Posted Feb 1, 2012 4:42 UTC (Wed)
by josh (subscriber, #17465)
[Link]
Procedures like the Linux kernel's Developer Certificate of Origin and Signed-off-by/Reviewed-by system, and more recently the use of signed tags, go a long way towards the kind of auditability you suggest. More to the point, developers need to actually understand the licenses and conventions around the software they use.
Going with the lowest bidder and not reviewing their work will cost you dearly when you find out they've screwed up. That applies whether they introduced a bug that gets you bad PR, or a license violation that gets you sued.
Posted Feb 1, 2012 11:58 UTC (Wed)
by pboddie (guest, #50784)
[Link]
Even the more manageable and transparent work of remembering where you got your code from is something the corporations seem unwilling to do themselves, so one might initially think that the burdens of auditing and administering monopoly grants would be a problem for the likes of Sony, but in the event of patent litigation, their defence is just to wave their own patent portfolio at the aggressor or to dip into a damages fund that represents the "cost of doing business" and is deep enough to make most opportunist litigators go away.
Patents also serve as another line of defence for these organisations when caught doing something wrong. If someone accuses them of copyright infringement, their response is to just threaten the accuser with some patent that the legal department can dig up. That's another reason why some corporations don't want you to share your work under certain licences, with the GPL being one of them. It doesn't surprise me that corporations want us to make things easier for them. People should realise that this comes at a cost to us.
Claiming that a reduction in the vendor popularity of copyleft-licensed projects is a bad thing means nothing when the corporations in question would switch to using permissively licensed works and still not share their contributions.
Posted Feb 1, 2012 3:04 UTC (Wed)
by BrucePerens (guest, #2510)
[Link]
Posted Feb 1, 2012 17:18 UTC (Wed)
by tbird20d (subscriber, #1901)
[Link]
If this project proceeds, Sony may decide to support it or not. I haven't really pitched it to management yet, but I will likely recommend that they support it. It's not as critical to us, since our compliance record has been good, and I believe the risk of litigation is somewhat small. However, it's not going to cost very much, and I think it would be beneficial to the industry.
Posted Feb 1, 2012 18:59 UTC (Wed)
by jra (subscriber, #55261)
[Link] (1 responses)
http://sfconservancy.org/blog/2012/feb/01/gpl-enforcement/
From the horse's mouth, as it were :-).
Posted Feb 1, 2012 19:16 UTC (Wed)
by jra (subscriber, #55261)
[Link]
Jeremy.
Posted Feb 2, 2012 13:18 UTC (Thu)
by etienne (guest, #25256)
[Link]
OTOH, maybe some Linux distributions should more take care of the license of the software they are using, even if that bothers their users (startup messages telling where the BSD code is coming from...)
Garrett: The ongoing fight against GPL enforcement
Garrett: The ongoing fight against GPL enforcement
Garrett: The ongoing fight against GPL enforcement
Garrett: The ongoing fight against GPL enforcement
Garrett: The ongoing fight against GPL enforcement
Garrett: The ongoing fight against GPL enforcement
Garrett: The ongoing fight against GPL enforcement
Garrett: The ongoing fight against GPL enforcement
Garrett: The ongoing fight against GPL enforcement
Garrett: The ongoing fight against GPL enforcement
> Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
)
Garrett: The ongoing fight against GPL enforcement
Or maybe there's a minimal, only-no-warranty license out there somewhere that requires nothing except to agree to the no warranty thing.
The Unlicense license (<http://unlicense.org/>), derived from the SQLite license.
This is free and unencumbered software released into the public domain.
Anyone is free to copy, modify, publish, use, compile, sell, or
distribute this software, either in source code form or as a compiled
binary, for any purpose, commercial or non-commercial, and by any
means.
In jurisdictions that recognize copyright laws, the author or authors
of this software dedicate any and all copyright interest in the
software to the public domain. We make this dedication for the benefit
of the public at large and to the detriment of our heirs and
successors. We intend this dedication to be an overt act of
relinquishment in perpetuity of all present and future rights to this
software under copyright law.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR
OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
OTHER DEALINGS IN THE SOFTWARE.
For more information, please refer to <http://unlicense.org/>
Or the MIT License, a personal favorite. It looks basically the same.
Garrett: The ongoing fight against GPL enforcement
Garrett: The ongoing fight against GPL enforcement
The point argued in the article is not regarding code contributed to Busybox, of which there may indeed be none as you point out. But there has been a lot of contributed code elsewhere, mainly a lot of hardware support, that we wouldn't have seen otherwise. I fail to see how this isn't a good thing. A vendor who leaves Linux development because of copyleft wouldn't have contributed anyway.
Garrett: The ongoing fight against GPL enforcement
It's necessary to balance having complying vendors who contribute code against having all possible vendors and a lot of them non-compliant and not contributing anything. This means that you will lose a company like Cisco, who uses you for an excuse to do something they wanted to do anyway. Surely Cisco has enough lawyers and engineers to do compliance correctly if they want to.
Garrett: The ongoing fight against GPL enforcement
Garrett: The ongoing fight against GPL enforcement
People want a Busybox replacement in order to make it easier to infringe the kernel's license.
Garrett: The ongoing fight against GPL enforcement
Garrett: The ongoing fight against GPL enforcement
Garrett: The ongoing fight against GPL enforcement
Garrett: The ongoing fight against GPL enforcement
Garrett: The ongoing fight against GPL enforcement
Hm, it seems to me that you've leveraged my code for just such purposes.
Garrett: The ongoing fight against GPL enforcement
Garrett: The ongoing fight against GPL enforcement
There is a lot of interesting discussion happening in the comments to this article. I would sure hate to see it get overrun by a Bruce-vs-Rob name-calling session. Your disagreements in this area are well understood, well documented, have not changed in years, and are not really relevant to the subject at hand. Could I ask, please, that they not be rehashed now?
Can we stop this sub-thread?
As it happens, multiple lawyers I've discussed this with say he's wrong about my work having been removed from the program. But we can't stop him from perpetuating this.
Can we stop this sub-thread?
Can we stop this sub-thread?
Can we stop this sub-thread?
Can we stop this sub-thread?
https://lkml.org/lkml/2007/6/14/567
http://lkml.indiana.edu/hypermail/linux/kernel/0706.1/287...
http://landley.net/notes-2006.html#03-12-2006
http://landley.net/notes-2009.html#02-03-2009
Can we stop this sub-thread?
Thanks a lot for the links, and all the useful comments. It was fun to read and very informative. I had stumbled upon your website before, just to get Aboriginal Linux, but this time I find it a valuable resource not only for software, but also for the history of computing.
And the best part; it is written with the mindset of a programmer who has not turned to the dark side :)
Can we stop this sub-thread?
If you are OK with corporations doing whatever they want with your code and never returning anything, you will prefer BSD over GPL.Can we stop this sub-thread?
Can we stop this sub-thread?
The interesting thing is that after writing that stuff, Best Buy settled with SFC. They accepted those terms they're complaining about.Can we stop this sub-thread?
Can we stop this sub-thread?
Sealed
If it's settled, I'd assume it's sealed, so why is the PDF of the defendant's side available?
What is common for proprietary settlements, generally speaking?
Sealed
Sealed
IMHO, this is likely an easier thing for a company than ongoing compliance verification and potential litigation.
Sealed
Sealed
Bradley wrote today about what the terms are, in this blog posting. It is unfortunate that most defendants are more willing to settle if the terms are sealed. But you can look at the IRS filings which Bradley linked to from his blog posting, and find out what money there was, and where it went.
Sealed
Garrett: The ongoing fight against GPL enforcement
Garrett: The ongoing fight against GPL enforcement
Garrett: The ongoing fight against GPL enforcement
"As part of their request to remedy a busybox GPL violation, the SFC does ask for source code unrelated to busybox. Personally, I believe this is improper. However, the main reason for this project is to avoid having the SFC gain review authority over unrelated products produced by a company."
Garrett: The ongoing fight against GPL enforcement
Garrett: The ongoing fight against GPL enforcement
So you write that companies like Sony think auditing their products before release to check they're in compliance with free software licences (and risk being forced to do it systematically) is intolerable?
Garrett: The ongoing fight against GPL enforcement
Garrett: The ongoing fight against GPL enforcement
Garrett: The ongoing fight against GPL enforcement
That seems like an irrational fear, I can't imagine the copyright owner getting an injunction against or even pursuing code that you can trivially show the provenance and licensing for.
The issue is that, for an organization that is ignorantly shipping code in violation of copyright, the problem is likely not just one software on one product but probably all software on all products and instituting comprehensive license compliance is the simple and efficient option.
Garrett: The ongoing fight against GPL enforcement
Garrett: The ongoing fight against GPL enforcement
What do you think is actually going to happen if some random product your company makes were to be found in violation of copyright?
And about your Mayor Metaphor, you can plainly see from the SFCs tax documents that they are not asking for million dollar fines.
that spending a thousand dollars on compliance efforts as in your example
Garrett: The ongoing fight against GPL enforcement
Garrett: The ongoing fight against GPL enforcement
"What do you think is actually going to happen if some random product your company makes were to be found in violation of copyright?"
I'd be very interested in how you came about this "information", and just what lengths you've been going to already to avoid finding out whether it's accurate."I think this really comes down to the fact that you trust the SFC to behave reasonably, and I don't.
I do. But I also have the option to withdraw their authority to act on my behalf, if they violate that trust. If all the unfounded hyperbole about the SFC's behaviour did turn out true, I would do so.Garrett: The ongoing fight against GPL enforcement
Garrett: The ongoing fight against GPL enforcement
Garrett: The ongoing fight against GPL enforcement
Garrett: The ongoing fight against GPL enforcement
http://landley.net/notes-2009.html#15-12-2009
http://landley.net/notes-2011.html#16-12-2011
Garrett: The ongoing fight against GPL enforcement
Garrett: The ongoing fight against GPL enforcement
Garrett: The ongoing fight against GPL enforcement
You know, there are actually many separate companies named Sony. They all share the same logo and parent company, but they are legally separate. Blaming a person working for one Sony for actions of another Sony, that's just completely off-topic :-)
Garrett: The ongoing fight against GPL enforcement
Garrett: The ongoing fight against GPL enforcement
...it seems to me that the reason this is objectionable is that they'd rather rewrite busybox from scratch than provide sources
Garrett: The ongoing fight against GPL enforcement
Garrett: The ongoing fight against GPL enforcement
Garrett: The ongoing fight against GPL enforcement
Garrett: The ongoing fight against GPL enforcement
Garrett: The ongoing fight against GPL enforcement
Wol
Garrett: The ongoing fight against GPL enforcement
Garrett: The ongoing fight against GPL enforcement
Wol
Garrett: The ongoing fight against GPL enforcement
Garrett: The ongoing fight against GPL enforcement
Wol
Garrett: The ongoing fight against GPL enforcement
Having been on the receiving end of those demands on behalf of my customers, I can tell you with complete confidence that they are not unreasonable at all. If you want to see how much money they asked for, look at their IRS filings. They're public. All other terms are designed to cure present infringement and to make sure there is no future infringement for a period of three years.
Garrett: The ongoing fight against GPL enforcement
Garrett: The ongoing fight against GPL enforcement
Garrett: The ongoing fight against GPL enforcement
Garrett: The ongoing fight against GPL enforcement
Garrett: The ongoing fight against GPL enforcement
Garrett: The ongoing fight against GPL enforcement
Garrett: The ongoing fight against GPL enforcement
If company B sells a library for 0.01$ per unit and company A incorporates that in their next product that sells by the million they don't have to worry about people suing them for whatever B did. They have a contract, a library and some header files.
Actually, this is not the case. Users of infringing software (both patents and copyright) can be sued for the infringement even if they didn't create it. This is not unusual for big-ticket commercial software. They may have indemnification as part of their contract. But in general an indemnification term from a small company is tantamount to a promise to go bankrupt upon lawsuit.
Garrett: The ongoing fight against GPL enforcement
Garrett: The ongoing fight against GPL enforcement
Garrett: The ongoing fight against GPL enforcement
Garrett: The ongoing fight against GPL enforcement
Garrett: The ongoing fight against GPL enforcement
Garrett: The ongoing fight against GPL enforcement
Garrett: The ongoing fight against GPL enforcement
Garrett: The ongoing fight against GPL enforcement
Garrett: The ongoing fight against GPL enforcement
Garrett: The ongoing fight against GPL enforcement
Garrett: The ongoing fight against GPL enforcement
Garrett: The ongoing fight against GPL enforcement
Vernor v. Autodesk limits the doctrine of first sale with regard to software.
Garrett: The ongoing fight against GPL enforcement
Garrett: The ongoing fight against GPL enforcement
> company A does nothing wrong and all the fault for what company B did
> falls on company B.
Garrett: The ongoing fight against GPL enforcement
Garrett: The ongoing fight against GPL enforcement
The purposefully inept corporation
Garrett: The ongoing fight against GPL enforcement
Garrett: The ongoing fight against GPL enforcement
> people are royally fed up of peristent failure to ship
> sources for hundreds, probably thousands of products
> over the last decade.
> in an attempt to reduce the whack-a-mole nature of the problem
Garrett: The ongoing fight against GPL enforcement
Garrett: The ongoing fight against GPL enforcement
Garrett: The ongoing fight against GPL enforcement
Garrett: The ongoing fight against GPL enforcement
Then they can do their own enforcement action and stop complaining about me rendering the one I started irrelevant.
There is this saying in the English Language that goes:
Fool me once shame on me, fool me twice shame on me.
If a company is unable and unwilling to fix compliance issues with past GPL violations why on earth should they be trusted to follow the license the second, third or forth time around. All this supplier discussion is just a red herring. Companies have the ability to force their suppliers to comply, through contract language, future contracts and just cutting a check to the former supplier. If CISCO of all companies (was at one time the largest company by market capitalization in the world) is unwilling to spend the time and money it takes to comply not only with future but past distribution why on earth should they be allowed to get away with it? They fooled us once.
In the name of freedom, we must have a court-imposed compilance officer as a full-time permanent position.
Much like a Felon is required to see a parole officer, a proven license violator should have to submit to periodic reviews for a period of time to prove that their past violations are behind them.
Garrett: The ongoing fight against GPL enforcement
Garrett: The ongoing fight against GPL enforcement
Garrett: The ongoing fight against GPL enforcement
Under British copyright law, at least until Temple Island vs. New English Teas gets overturned by someone with half a brain, any reimplementation of Busybox would probably still be considered to be an infringement of the original copyright of Busybox ☺
Garrett: The ongoing fight against GPL enforcement
Garrett: The ongoing fight against GPL enforcement
Garrett: The ongoing fight against GPL enforcement
Wol
CAI v. Altai isn't all that dissimilar, and is in U.S. courts, and is about software.
Garrett: The ongoing fight against GPL enforcement
Garrett: The ongoing fight against GPL enforcement
Garrett: The ongoing fight against GPL enforcement
Oh, and Bruce Fscking Perens got the idea of a swiss-army-knife executable from gzip, it was not original with him:
Garrett: The ongoing fight against GPL enforcement
This is the straw man fallacy. I never claimed to invent it, you argue that I didn't invent it.Garrett: The ongoing fight against GPL enforcement
Garrett: The ongoing fight against GPL enforcement
Garrett: The ongoing fight against GPL enforcement
> from gzip, it was not original with him.
in the mid-80s and I am certain it wasn't original.
Garrett: The ongoing fight against GPL enforcement
Garrett: The ongoing fight against GPL enforcement
Garrett: The ongoing fight against GPL enforcement
Garrett: The ongoing fight against GPL enforcement
Did you know they replaced the Binutils 2.17 tarball on their website with one that contains GPLv3 source files? Yup, they've RETROACTIVELY relicensed binutils 2.17, in a sneaky manner that requires examining the top of each source file to see what license is on each one.
You've been told this is wrong and pointed at links indicating just why it is wrong.
Garrett: The ongoing fight against GPL enforcement
Garrett: The ongoing fight against GPL enforcement
Garrett: The ongoing fight against GPL enforcement
I didn't grant a permissive license. I do grant a waiver of my own rights to my customers, but those customers have hired me to help them cure their infringement by providing the correct source code.
Garrett: The ongoing fight against GPL enforcement
Garrett: The ongoing fight against GPL enforcement
No problem, Henrik.Garrett: The ongoing fight against GPL enforcement
Garrett: The ongoing fight against GPL enforcement
Wol
Garrett: The ongoing fight against GPL enforcement
Oddly enough, I didn't so much leave Busybox as I finished the project. It was complete for my needs, implementing the Debian installer.
Garrett: The ongoing fight against GPL enforcement
Garrett: The ongoing fight against GPL enforcement
Garrett: The ongoing fight against GPL enforcement
This is so ignorant of the context of stuff that was already discussed today, like the multiple people who told you that gunzip is not the first applet multiplexer, and that I haven't claimed it as an invention, that I am wondering if you have just smoked a doobie big enough to erase your short-term memory.
Garrett: The ongoing fight against GPL enforcement
Busybox was my creation.
Garrett: The ongoing fight against GPL enforcement
Garrett: The ongoing fight against GPL enforcement
Garrett: The ongoing fight against GPL enforcement
Reasonable people can disagree on whether this is a good idea or not. As the un-named Sony developer mentioned in the article, I hope I can give some perspective that will help explain the issues better.
Clarification on a few points
Clarification on a few points
Clarification on a few points
Clarification on a few points
Clarification on a few points
Clarification on a few points
Clarification on a few points
Clarification on a few points
Clarification on a few points
Clarification on a few points
Clarification on a few points
Clarification on a few points
Clarification on a few points
Clarification on a few points
Clarification on a few points
Clarification on a few points
Wol
Clarification on a few points
Wol
Clarification on a few points
GPL in Android userspace
Google's already excluding all GPL code from userspace,
Clarification on a few points
Clarification on a few points
Clarification on a few points
K3n.
Clarification on a few points
Clarification on a few points
Clarification on a few points
Clarification on a few points
Clarification on a few points
I'm the original author of Busybox, and the person who placed the GPL upon it. I am not a party to the lawsuits regarding it. Instead, I offer my services to the infringing companies, to help them cure their infringement to the satisfaction of all developers.Clarification on a few points
I know who you are Bruce. I was the one at Lineo who approved paying Erik to work on Busybox, way back when. I know the Busybox history.
Clarification on a few points
Help your clients perform due diligence, rather than helping them avoid enforcement.
I want to help people avoid infractions, not avoid enforcement. I think this is pretty moral.
Tim,Clarification on a few points
Clarification on a few points
Clarification on a few points
Off the top of my head:Clarification on a few points
Clarification on a few points
Clarification on a few points
so by your argument, the various BSDs are still derivative of the original AT&T codebase, despite all of the AT&T code being removed?
There are a lot of circumstances to the AT&T and BSD case that don't apply here. AT&T didn't maintain their copyright correctly, in a different legal context than we have today. There was no copyright by default back then, as we later got from a Berne copyright convention. They didn't properly assert their copyright. So, when they went to enforce against BSD, they found they could not do so for reasons that had nothing to do with the nature of derivative works. And Ray Noorda brokered a settlement between the parties (yes, the SCO Ray Noorda, before he went senile). We might otherwise have no BSD today.
Clarification on a few points
You mean the way they can't change the advertising terms in the license on SSL because of something that happened to Eric Young 20 years ago?Clarification on a few points
Clarification on a few points
Eric was compelled to sign an agreement that he not touch the software again. He might be able to say why today, or not. I've not heard from him in a long time.
Clarification on a few points
Clarification on a few points
Yes. Eric appears to still be with RSA although his blog is gone.
Clarification on a few points
Clarification on a few points
I suspect that it's more that RSA bought his company than that he just got hired. But you'd have to ask him.
Clarification on a few points
Clarification on a few points
Clarification on a few points
Clarification on a few points
Translations share no lines, but original author has copyright
Clarification on a few points
Clarification on a few points
Ted,Clarification on a few points
Clarification on a few points
Clarification on a few points
http://busybox.net/license.html
Clarification on a few points
Clarification on a few points
Whether or not this is really required by the GPL is a question which (as far as I know) no court has ever ruled on point.
Clarification on a few points
Clarification on a few points
As Bruce Perens pointed out earlier, SFC's settlement terms have always been very reasonable, so there's no "nuclear outcome" to be expected. Given the current state of affairs, the only conceivable purpose of your project is actually what you deny it to be: avoiding GPL enforcement. So I'm sorry, but I believe you're lying to us.
Besides, it's a really, really lame excuse anyway. It really isn't that hard to just read and follow the bloody license. If people fuck it up nevertheless, they deserve to be punished.
Clarification on a few points
Clarification on a few points
Sure, the busybox copyright holders might make you jump through all kinds of hoops if you violate their copyright. Well, don't do that then!
Clarification on a few points
Clarification on a few points
Clarification on a few points
Attacks on the SFC for being too aggressive
Clarification on a few points
Clarification on a few points
You are working for Sony, a company that sues teenagers over several times their lifetime incomes for copyright violations while at the same time breaking the law by installing rootkits on customer's computers and which likes to break products after they sold them.
Clarification on a few points
Clarification on a few points
Clarification on a few points
Please correct me if I am wrong but it is your Sony that made the PS3, widely advertising its support for running Linux and then retroactively removed the function after many people bought it just for that purpose?
Clarification on a few points
Clarification on a few points
Nothing personal, just business ?
Clarification on a few points
I am working on this in my role as an embedded Linux industry advocate, who tangentially happens to be a Sony engineer.
Clarification on a few points
Garrett: The ongoing fight against GPL enforcement
http://mjg59.dreamwidth.org/10437.html?thread=301509#cmt3...
Garrett: The ongoing fight against GPL enforcement
Garrett: The ongoing fight against GPL enforcement
Garrett: The ongoing fight against GPL enforcement
http://mjg59.dreamwidth.org/10437.html?thread=301509#cmt3...
Garrett: The ongoing fight against GPL enforcement
Garrett: The ongoing fight against GPL enforcement
Busybox is important because it is a proxy for other software, usually the Linux kernel but there's always 10 or 20 other Open Source programs in the typical Linux-based product too. The same plaintiff also has rights in uClibc and has asserted those through SFC, especially in regard to static linking.Garrett: The ongoing fight against GPL enforcement
My /bread/ is batch coded and traceable, but the software on your WiFi router probably isn't
My /bread/ is batch coded and traceable, but the software on your WiFi router probably isn't
My /bread/ is batch coded and traceable, but the software on your WiFi router probably isn't
My /bread/ is batch coded and traceable, but the software on your WiFi router probably isn't
The SFC financial filings are here.
SFC Financial Filings
Not a Sony project
Garrett: The ongoing fight against GPL enforcement
Garrett: The ongoing fight against GPL enforcement
Garrett: The ongoing fight against GPL enforcement
The closed source stuff is known to be non compliant, but has been acquired, with the hardware, under a NDA - so the company producing that tablet has no right to show the driver to a SFC representative (who probably will not sign a NDA).
So the only solution for the company targeted by SFC is to stop selling the tablet.
IHMO the result will be that some other third party company will start producing a graphic chipset which can have a GPL driver/module, that will be slower (difficult to display HD MP4 movies) but at least legal (to sell, use or buy a tablet).