Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Linux: Kernel

freebox possible GPL violation

  

 
First page Previous page 1 2 Next page Last page  View All Linux kernel RSS feed   Index | Next | Previous | View Threaded


helgehaf at aitel

Oct 5, 2005, 5:07 PM

Post #26 of 47 (891 views)
Permalink
Re: freebox possible GPL violation [In reply to]
On Wed, Oct 05, 2005 at 02:29:50PM +0200, Emmanuel Fleury wrote:
> Arjan van de Ven wrote:
[...]
> > they don't do a)
> >
> > they don't do b)
> >
> > c) is only for noncommerial distribution (not the case here) and only if
> > they got it in a type b) before, eg it allows you to transfer a type b)
> > in the non-commerical case.
>
> First, it is very arguable to say that they are "distributing" the
> software as it does not comes with the FreeBox but is automatically
> downloaded at each boot through the DSLAM network (which the user is not
> supposed to know about).

If the box downloads a linux kernel through the DSLAM network, then
someone is clearly distributing linux kernels through the DSLAM network.
I would guess it is the same guys, because relying on someone else providing
them with kernels is a risky business. But whoever is on the other end
of the DSLAM net have to offer the source as well, because they _are_
distributing kernels.

The fact that the user isn't supposed to know how this box work
doesn't change anything, of course. The GPL says those who
distribute the work - it doesn't matter that they don't tell the
customer that they're given a linux kernel. They still have to offer
the source if asked.


Helge Hafting
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo [at] vger
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/


david.lang at digitalinsight

Oct 5, 2005, 5:49 PM

Post #27 of 47 (893 views)
Permalink
Re: freebox possible GPL violation [In reply to]
On Thu, 6 Oct 2005, Helge Hafting wrote:

> If the box downloads a linux kernel through the DSLAM network, then
> someone is clearly distributing linux kernels through the DSLAM network.
> I would guess it is the same guys, because relying on someone else providing
> them with kernels is a risky business. But whoever is on the other end
> of the DSLAM net have to offer the source as well, because they _are_
> distributing kernels.
>
> The fact that the user isn't supposed to know how this box work
> doesn't change anything, of course. The GPL says those who
> distribute the work - it doesn't matter that they don't tell the
> customer that they're given a linux kernel. They still have to offer
> the source if asked.

the argument that they are making is that they are only moveing the kernel
within their own companies equipment, and therefor it doesn't count as
'distribution'

agree with this argument or not, but please acknowledge this point of view
rather then pretending that they have no argument at all and are just
plain refusing.

David Lang

--
There are two ways of constructing a software design. One way is to make it so simple that there are obviously no deficiencies. And the other way is to make it so complicated that there are no obvious deficiencies.
-- C.A.R. Hoare
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo [at] vger
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/


stesmi at stesmi

Oct 5, 2005, 6:12 PM

Post #28 of 47 (907 views)
Permalink
Re: freebox possible GPL violation [In reply to]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

>> If the box downloads a linux kernel through the DSLAM network, then
>> someone is clearly distributing linux kernels through the DSLAM network.
>> I would guess it is the same guys, because relying on someone else
>> providing
>> them with kernels is a risky business. But whoever is on the other end
>> of the DSLAM net have to offer the source as well, because they _are_
>> distributing kernels.
>>
>> The fact that the user isn't supposed to know how this box work
>> doesn't change anything, of course. The GPL says those who
>> distribute the work - it doesn't matter that they don't tell the
>> customer that they're given a linux kernel. They still have to offer
>> the source if asked.
>
>
> the argument that they are making is that they are only moveing the
> kernel within their own companies equipment, and therefor it doesn't
> count as 'distribution'
>
> agree with this argument or not, but please acknowledge this point of
> view rather then pretending that they have no argument at all and are
> just plain refusing.
>
> David Lang
>

If one turns it on, doesn't turn it off, pays the 400 EUR and
as a result OWNS it, then what one has is a box that at that point
in time is running Linux and one is the owner of it.

// Stefan
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32)

iD8DBQFDRHnpBrn2kJu9P78RApviAJ9AwjF8wU+6ao/L61AC7xW/QSBRZwCaA9u1
yDDXxWQ/0MHeAS7pSg4C4rg=
=oLR8
-----END PGP SIGNATURE-----
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo [at] vger
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/


david.lang at digitalinsight

Oct 5, 2005, 7:25 PM

Post #29 of 47 (885 views)
Permalink
Re: freebox possible GPL violation [In reply to]
On Thu, 6 Oct 2005, Stefan Smietanowski wrote:

> If one turns it on, doesn't turn it off, pays the 400 EUR and
> as a result OWNS it, then what one has is a box that at that point
> in time is running Linux and one is the owner of it.

as I said, feel free to argue against their point, but let's stop having
people getting on their high horse pretending that they have no argument
at all.

David Lang

--
There are two ways of constructing a software design. One way is to make it so simple that there are obviously no deficiencies. And the other way is to make it so complicated that there are no obvious deficiencies.
-- C.A.R. Hoare
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo [at] vger
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/


helge.hafting at aitel

Oct 6, 2005, 2:20 AM

Post #30 of 47 (911 views)
Permalink
Re: freebox possible GPL violation [In reply to]
David Lang wrote:

> On Thu, 6 Oct 2005, Helge Hafting wrote:
>
>> If the box downloads a linux kernel through the DSLAM network, then
>> someone is clearly distributing linux kernels through the DSLAM network.
>> I would guess it is the same guys, because relying on someone else
>> providing
>> them with kernels is a risky business. But whoever is on the other end
>> of the DSLAM net have to offer the source as well, because they _are_
>> distributing kernels.
>>
>> The fact that the user isn't supposed to know how this box work
>> doesn't change anything, of course. The GPL says those who
>> distribute the work - it doesn't matter that they don't tell the
>> customer that they're given a linux kernel. They still have to offer
>> the source if asked.
>
>
> the argument that they are making is that they are only moveing the
> kernel within their own companies equipment, and therefor it doesn't
> count as 'distribution'

Interesting argument, but it breaks for at least two reasons:
1. You can buy that box instead of just hiring it. That moves kernels
"outside the company",
for money even.
2. It doesn't matter if they only move kernels withing their own
companys equipment.
If they lend a customer equipment containing a linux kernel, then
they're lending
them a linux kernel. Lending is distribution!

>
> agree with this argument or not, but please acknowledge this point of
> view rather then pretending that they have no argument at all and are
> just plain refusing.

The argument might be fine, if they were moving linux kernels into
company equipment
used by company personell only. (I.e. linux-powered
desktops/servers/gadgets for their employees.)
And it might not. Maybe they actually have to distribute source to
employees too, if they
request it. The GPL only mentions recipients, no exceptions for
"internal company use". A company
may perhaps demand that the employees never request the source, though.
Or perhaps
"internal use" is covered by the company being a "legal unit".

People breaking the GPL should be taken seriously. Fortunately, the
solution is easy for
GPL-breakers. Break someone else's license, and they have to pay
damages. Break the GPL,
and all you need to do is to stuff some source code onto a public
(web/ftp)server - and all is fine again.

The situation is so cheap and _easy_ to rectify, that is one reason
people gets so pissed off at
a violation. It is not as if complying with the GPL would be any kind
of burden to them.

Helge Hafting
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo [at] vger
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/


fleury at cs

Oct 6, 2005, 2:51 AM

Post #31 of 47 (918 views)
Permalink
Re: freebox possible GPL violation [In reply to]
Helge Hafting wrote:
>
> Interesting argument, but it breaks for at least two reasons: 1. You
> can buy that box instead of just hiring it. That moves kernels
> "outside the company", for money even.

I might have misunderstood but I think that if you buy the hardware you
cannot connect it to the DSLAM network anymore. So that only the boxes
they own are connected to the DSLAM.

> 2. It doesn't matter if they only move kernels withing their own
> companys equipment. If they lend a customer equipment containing a
> linux kernel, then they're lending them a linux kernel. Lending is
> distribution!

Are you sure this point has been clarified in court in the past ?
If not, I would bet on it (for the specific case of settop boxes).

> The argument might be fine, if they were moving linux kernels into
> company equipment used by company personell only. (I.e.
> linux-powered desktops/servers/gadgets for their employees.) And it
> might not. Maybe they actually have to distribute source to
> employees too, if they request it. The GPL only mentions recipients,
> no exceptions for "internal company use". A company may perhaps
> demand that the employees never request the source, though. Or
> perhaps "internal use" is covered by the company being a "legal
> unit".

"internal use" is kind of a buzz word here and should probably be
clarified for this kind of cases.

For now, I really don't see the flaw in Free's argument.

I mentioned in another mail the case of a mobile phone network
infrastructure where the network nodes to which mobile phones are
connecting are running Linux. It seems to be an "internal use" (as it
never leak out of the company network) and yet providing a service to
customers.

The only difference in the Freeboxes case is that the node is at the
customer place (you can compare the customer's mobile phone to the
customer's computer plugged on the Freebox). But the fact that you don't
share your node with others and that you have it at home doesn't change
the fact that the company own it.

Has been any previous similar cases in the past which went in court ?

Maybe the best attack angle would be to say that if a GPL system is
interacting directly with a customer, then the source code should be
distributed. But I don't see if this requirement need changes in the GPL
(I'm ain't no expert).

Regards
--
Emmanuel Fleury

Always program as if the person who will be maintaining your program
is a violent psychopath that knows where you live.
-- Unknown
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo [at] vger
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/


fleury at cs

Oct 6, 2005, 2:53 AM

Post #32 of 47 (895 views)
Permalink
Re: freebox possible GPL violation [In reply to]
Emmanuel Fleury wrote:
>
> Are you sure this point has been clarified in court in the past ?
> If not, I would bet on it (for the specific case of settop boxes).

I _wouldn't_ bet on it....

Argh.

Regards
--
Emmanuel Fleury

Given that sooner or later we're all just going to die,
what's the point of learning about integers?
-- Calvin & Hobbes (Bill Waterson)
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo [at] vger
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/


helge.hafting at aitel

Oct 6, 2005, 4:39 AM

Post #33 of 47 (911 views)
Permalink
Re: freebox possible GPL violation [In reply to]
Emmanuel Fleury wrote:

>Helge Hafting wrote:
>
>
>>Interesting argument, but it breaks for at least two reasons: 1. You
>>can buy that box instead of just hiring it. That moves kernels
>>"outside the company", for money even.
>>
>>
>
>I might have misunderstood but I think that if you buy the hardware you
>cannot connect it to the DSLAM network anymore. So that only the boxes
>they own are connected to the DSLAM.
>
>
Well, but there still is a kernel in the box that was downloaded before
they bought it? Or does the box become unuseable when they buy it?

>
>
>>2. It doesn't matter if they only move kernels withing their own
>>companys equipment. If they lend a customer equipment containing a
>>linux kernel, then they're lending them a linux kernel. Lending is
>>distribution!
>>
>>
>
>Are you sure this point has been clarified in court in the past ?
>If not, I would bet on it (for the specific case of settop boxes).
>
>
Licencing rules applies when copying stuff for internal use.
Consider what would happen, if the company used windows
instead of linux on their boxes:
Everytime they copy windows onto a box they have to pay ms for another
licence. Big companies can't jsut buy a single windows licence and
copy it to all their desktops. BSA has definitely clarified that in court.
Now, the ms licence specifies payments to ms. The GPL is just another
licence,
with slightly different terms. Instead of a payment, it specifies source
availability as the "price".

There is clearly court precedent that companies have to comply with
software
licences when making copies for _internal_ use. GNUs licence or ms licence
shouldn't matter.

>"internal use" is kind of a buzz word here and should probably be
>clarified for this kind of cases.
>
>For now, I really don't see the flaw in Free's argument.
>
>
If "when do we invoke the GPL" is hard to see, try considering
"when do we have to pay" if using ordinary proprietary pay-per-instance
software. You will then find that the cases are similiar.

If the company makes and distributes an internal copy of windows, then
they pay ms.
If the company makes and distributes an internal copy of linux, then
they have to
provide an internal copy of the source as well.

If I make a business out of lending windows boxes, then I have to pay
licences
on each box. If I lend customers linux boxes, I should lend them the
source too if they
requests it. Remember, even if the average customer doesn't know what
software
is in the box, they still have the right to make a copy of the linux
kernel, because you
cannot take away that right.

>I mentioned in another mail the case of a mobile phone network
>infrastructure where the network nodes to which mobile phones are
>connecting are running Linux. It seems to be an "internal use" (as it
>never leak out of the company network) and yet providing a service to
>customers.
>
>
This is fine. Similiar to how I can run a linux-based webserver, without
having to provide people with linux source. This because I don't give
them the server that contains linux. But if you _sell_ one of those
network nodes, then you have to provide linux source along with it.

>The only difference in the Freeboxes case is that the node is at the
>customer place (you can compare the customer's mobile phone to the
>customer's computer plugged on the Freebox). But the fact that you don't
>share your node with others and that you have it at home doesn't change
>the fact that the company own it.
>
>
Interesting argument indeed. But consider: what would happen
if the phones (or freebox) were to run windows? The distributing
company would have to pay licencing fees, right?

>Has been any previous similar cases in the past which went in court ?
>
>
>
There have at least been cases where companies were selling
linux-powered products, and were told that they had to
provide the sources. I don't know if any of them bothered
going to court, simply making the source available (on a cd
or webserver) is so much cheaper than that.

>Maybe the best attack angle would be to say that if a GPL system is
>interacting directly with a customer, then the source code should be
>distributed. But I don't see if this requirement need changes in the GPL
>(I'm ain't no expert).
>
>
An interesting thing about the GPL is that it talks about
"distributing copies", not about "selling or otherwise changing ownership".

"Distributing" a linux kernel embedded in a product owned by the
company doesn't change that. Where the binary kernel go, the
source should go too (if requested).

Fortunately, this licencing term is so easy to satisfy that it'd be silly
to try to fight it. Stick the source on a webserver somewhere. Provide
the URL in the accompagnying paper (or a README file if appropriate.)
If distributing cd's, consider sticking a tarball there.

Helge Hafting
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo [at] vger
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/


pierre at no-spam

Oct 6, 2005, 5:01 AM

Post #34 of 47 (903 views)
Permalink
Re: freebox possible GPL violation [In reply to]
Hi,

>I might have misunderstood but I think that if you buy the hardware you
>cannot connect it to the DSLAM network anymore. So that only the boxes
>they own are connected to the DSLAM.

Again have you any proof that there aren't any Linux firmware in the
flash of the freebox ?
How do you explain that the boot sequence isn't stateless ?
Why in case of a firmware update, you have a special state of 10 seconds
were the freebox seem to download and write some data somewhere ?

So yes may be you can't connect anymore to the free DSLAM, but there is
may be still GPL data in the flash.

>Are you sure this point has been clarified in court in the past ?
>If not, I would bet on it (for the specific case of settop boxes).

For french law I don't know, but someone on gpl-violation this is true
for de and au.

>I mentioned in another mail the case of a mobile phone network
>infrastructure where the network nodes to which mobile phones are
>connecting are running Linux. It seems to be an "internal use" (as it
>never leak out of the company network) and yet providing a service to
>customers.

No the freebox is more like a dvb box that is lended by a satellite
provider and could do firmware update via satellite.

I don't know if there are similar case for dvb box.


Pierre
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo [at] vger
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/


fleury at cs

Oct 6, 2005, 6:05 AM

Post #35 of 47 (896 views)
Permalink
Re: freebox possible GPL violation [In reply to]
Helge Hafting wrote:
>
> Well, but there still is a kernel in the box that was downloaded before
> they bought it? Or does the box become unuseable when they buy it?

No idea, I don't have a Freebox yet.

> If I make a business out of lending windows boxes, then I have to pay
> licences
> on each box. If I lend customers linux boxes, I should lend them the
> source too if they
> requests it. Remember, even if the average customer doesn't know what
> software
> is in the box, they still have the right to make a copy of the linux
> kernel, because you
> cannot take away that right.

You got an extremely good point here. At least it shows why this way of
doing is not "moral", but, looking at the GPL text, there is nothing
stating any obligation to "pay" in any manner (money or contributions)
to use and/or modify GPLed softwares.

Just to illustrate my point, in the case of an webserver, if the
webmaster patch the code of his own webserver to provides his customers
with a new service. Has he the obligation to redistribute this code ?
Namely, his patched webserver will never get distributed. The only
interaction between the customers and his webserver will be through
exchanges of HTML files.

And anyway, to whom redistribute the code ? Indeed, what would do the
customers with such code ? As they are only using the service without
really touching the software.

Therefore, it would be nice from the webmaster to contribute with his
patch, but I do think that it is his own choice to do so.

Note: Originally, the redistribution of the code was mainly to avoid
customers or companies to get stuck with a "no more maintained"
binaries. In the case we are looking now, as the hardware is not
belonging to the customers, there is no such risk. So the protection
seems to be against something else... but what ?

> There have at least been cases where companies were selling
> linux-powered products, and were told that they had to
> provide the sources. I don't know if any of them bothered
> going to court, simply making the source available (on a cd
> or webserver) is so much cheaper than that.

LinkSys is an example. But the customers were owning the machine with
everything in it (including the OS). Again, the clause on distributing
the sources help to not get stuck with a piece of hardware that you own
with no possibility of upgrade (remembers me the famous story of RMS and
the laser printer).

> An interesting thing about the GPL is that it talks about
> "distributing copies", not about "selling or otherwise changing ownership".
>
> "Distributing" a linux kernel embedded in a product owned by the
> company doesn't change that. Where the binary kernel go, the
> source should go too (if requested).
>
> Fortunately, this licencing term is so easy to satisfy that it'd be silly
> to try to fight it. Stick the source on a webserver somewhere. Provide
> the URL in the accompagnying paper (or a README file if appropriate.)
> If distributing cd's, consider sticking a tarball there.

Well, I'm really sorry to play the Devil Advocate once time more, but as
far as I know all these DSL companies have big secrets because of
weaknesses in their security. Being hacked at the Internet level is one
thing, being hacked at the DSLAM level means a lot. Try to imagine if
anybody could upload to you his own modified kernel, this means that you
can tape all the internet traffic, all the phone calls, all the TV
programs that you are looking at, and also probably having an easy way
in to your local network (wired and wifi).

Regards
--
Emmanuel Fleury

Live as if your were to die tomorrow.
Learn as if you were to live forever.
-- Mahatma Gandhi
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo [at] vger
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/


fleury at cs

Oct 6, 2005, 6:06 AM

Post #36 of 47 (916 views)
Permalink
Re: freebox possible GPL violation [In reply to]
Pierre Michon wrote:
>
>>I might have misunderstood but I think that if you buy the hardware you
>>cannot connect it to the DSLAM network anymore. So that only the boxes
>>they own are connected to the DSLAM.
>
> Again have you any proof that there aren't any Linux firmware in the
> flash of the freebox ?

Helloooo !!! Have you proofs that they have ???

You're always assuming the worst from Free, this is really starting to
be annoying. Just stick to the FACTS and if you want to argue on
something, bring PROOFS !

And even if it was the case, you missed the point here, if they own the
Freebox their point is that they are using Linux for "internal use" only.

>>Are you sure this point has been clarified in court in the past ?
>>If not, I would bet on it (for the specific case of settop boxes).
>
> For french law I don't know, but someone on gpl-violation this is true
> for de and au.

Nonsense, you are talking about cases of softwares which were sold to
customers with GPL code inside. This is no such case here.

>>I mentioned in another mail the case of a mobile phone network
>>infrastructure where the network nodes to which mobile phones are
>>connecting are running Linux. It seems to be an "internal use" (as it
>>never leak out of the company network) and yet providing a service to
>>customers.
>
> No the freebox is more like a dvb box that is lended by a satellite
> provider and could do firmware update via satellite.
>
> I don't know if there are similar case for dvb box.

You obviously need a brain, try to get one and come back after you
learned to use it.

Regards
--
Emmanuel Fleury

Shut up and hack !
-- Theo de Raadt (OpenBSD Hackaton)
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo [at] vger
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/


mdpoole at troilus

Oct 6, 2005, 6:40 AM

Post #37 of 47 (891 views)
Permalink
Re: freebox possible GPL violation [In reply to]
Emmanuel Fleury writes:

>>>Are you sure this point has been clarified in court in the past ?
>>>If not, I would bet on it (for the specific case of settop boxes).
>>
>> For french law I don't know, but someone on gpl-violation this is true
>> for de and au.
>
> Nonsense, you are talking about cases of softwares which were sold to
> customers with GPL code inside. This is no such case here.

In the US, the law (17 USC 106) is very clear that renting, lending,
and leasing are "distribution" that is a protected right. The Berne
Convention says the same in article 11bis (remember that a later
revision explicitly included computer programs in "literary works").
Do you think this interpretation of "distribution" does not apply to
Free? If not, why not?

Michael Poole
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo [at] vger
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/


mdpoole at troilus

Oct 6, 2005, 6:42 AM

Post #38 of 47 (911 views)
Permalink
Re: freebox possible GPL violation [In reply to]
Emmanuel Fleury writes:

> Well, I'm really sorry to play the Devil Advocate once time more, but as
> far as I know all these DSL companies have big secrets because of
> weaknesses in their security. Being hacked at the Internet level is one
> thing, being hacked at the DSLAM level means a lot. Try to imagine if
> anybody could upload to you his own modified kernel, this means that you
> can tape all the internet traffic, all the phone calls, all the TV
> programs that you are looking at, and also probably having an easy way
> in to your local network (wired and wifi).

Lousy security is not an excuse to violate contract or copyright law.

Michael Poole
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo [at] vger
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/


helge.hafting at aitel

Oct 6, 2005, 7:19 AM

Post #39 of 47 (892 views)
Permalink
Re: freebox possible GPL violation [In reply to]
Emmanuel Fleury wrote:

>Helge Hafting wrote:
>
>
>>If I make a business out of lending windows boxes, then I have to pay
>>licences
>>on each box. If I lend customers linux boxes, I should lend them the
>>source too if they
>>requests it. Remember, even if the average customer doesn't know what
>>software
>>is in the box, they still have the right to make a copy of the linux
>>kernel, because you
>>cannot take away that right.
>>
>>
>
>You got an extremely good point here. At least it shows why this way of
>doing is not "moral", but, looking at the GPL text, there is nothing
>stating any obligation to "pay" in any manner (money or contributions)
>to use and/or modify GPLed softwares.
>
>Just to illustrate my point, in the case of an webserver, if the
>webmaster patch the code of his own webserver to provides his customers
>with a new service. Has he the obligation to redistribute this code ?
>
>
No, because he didn't distribute any binary code.

>Namely, his patched webserver will never get distributed. The only
>interaction between the customers and his webserver will be through
>exchanges of HTML files.
>
>
Correct, so only the licence on the html files (if any) will matter.

>Therefore, it would be nice from the webmaster to contribute with his
>patch, but I do think that it is his own choice to do so.
>
>
Indeed, because he didn't distribute the webserver binary
in any way. He still only got his own single (modified) copy.
So he has choice. But if he starts selling "improved webserver boxes"
then the GPL kicks in. Source too - the price of getting the sw for
no money in the first place.

>Note: Originally, the redistribution of the code was mainly to avoid
>customers or companies to get stuck with a "no more maintained"
>binaries. In the case we are looking now, as the hardware is not
>belonging to the customers, there is no such risk. So the protection
>seems to be against something else... but what ?
>
>
The point is forced open source. If you can do business using
open-source stuff, then you shall be unable to prevent others from
doing the same. This is the "price" of open source, and keeps the
sw prices way down. Nobody can charge much for the open software
component, because the source must be available for free so
anybody capable of compiling it can create their own product.

Competition and the ability to make money then, is not about
having the best sw (because it is forcibly not secret) but in
providing the best service and hardware.

>>There have at least been cases where companies were selling
>>linux-powered products, and were told that they had to
>>provide the sources. I don't know if any of them bothered
>>going to court, simply making the source available (on a cd
>>or webserver) is so much cheaper than that.
>>
>>
>
>LinkSys is an example. But the customers were owning the machine with
>everything in it (including the OS). Again, the clause on distributing
>the sources help to not get stuck with a piece of hardware that you own
>with no possibility of upgrade (remembers me the famous story of RMS and
>the laser printer).
>
>
Not getting stuck is one thing. Not needing to reinvent the wheel
is another. Nobody need to make another linux kernel from scratch, they
can instead grab the existing one and build on that. In the long run, this
saves a lot of reimplementation cost for society. Instead, whe can focus on
improving the software further.

>>An interesting thing about the GPL is that it talks about
>>"distributing copies", not about "selling or otherwise changing ownership".
>>
>>"Distributing" a linux kernel embedded in a product owned by the
>>company doesn't change that. Where the binary kernel go, the
>>source should go too (if requested).
>>
>>Fortunately, this licencing term is so easy to satisfy that it'd be silly
>>to try to fight it. Stick the source on a webserver somewhere. Provide
>>the URL in the accompagnying paper (or a README file if appropriate.)
>>If distributing cd's, consider sticking a tarball there.
>>
>>
>
>Well, I'm really sorry to play the Devil Advocate once time more, but as
>far as I know all these DSL companies have big secrets because of
>weaknesses in their security. Being hacked at the Internet level is one
>thing, being hacked at the DSLAM level means a lot. Try to imagine if
>anybody could upload to you his own modified kernel, this means that you
>can tape all the internet traffic, all the phone calls, all the TV
>programs that you are looking at, and also probably having an easy way
>in to your local network (wired and wifi).
>
>
Well, then they need to secure their DSLAM setup. If it is at all
vulnerable this way, then they need to fix it. Most users may be
"computer dummies", but there are enough experts among them too.
It only takes one leak, breakin, or reverse engineering session to
break through security-by-obscurity. And when the cat is out of the
bag, it is out forever.

The internet level is secure enough, when set up by competent people.
Surely the same can be done at DSLAM level. This reminds me of ethernet
many years ago, when people realized the possibilities of a hacked network
driver. (A simple way to sniff all traffic, and inject spoofed traffic.)
Easy to do these days, with a open-source kernel.
But these problems are solved - mostly with encryption to protect
what must not be sniffed, and firewall routers preventing the routing
of spoofed packets. With a good setup, spoofing is limited to
spoof other machines on the same network, and then the local
admin can set things straight.

Bad security is not an excuse for disobeying the GPL. The GPL itself states
that there are no exceptions. If "other concerns" means you can't obey
the GPL to the letter, then you _must_ refrain from distributing the
GPLed software altogether. In such cases, the open software is not a
legal option.

Very similiar to a company that cannot afford to pay licences - in that case
proprietary sw is not an option. They can't just pirate anyway and get away
with it because "otherwise their business model won't work and result in
bankrupcy".
If you can't take the "cost" of open sw, then don't use it.
Fortunately, the cost is
usually low. And they _can_ keep a linux device driver secret, they
merely have to offer
the source for the rest of the kernel.

Helge Hafting
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo [at] vger
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/


chaosite at gmail

Oct 6, 2005, 7:48 AM

Post #40 of 47 (908 views)
Permalink
Re: freebox possible GPL violation [In reply to]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Michael Poole wrote:
> In the US, the law (17 USC 106) is very clear that renting, lending,
> and leasing are "distribution" that is a protected right. The Berne
> Convention says the same in article 11bis (remember that a later
> revision explicitly included computer programs in "literary works").
> Do you think this interpretation of "distribution" does not apply to
> Free? If not, why not?

The argument seems to be that you're paying for the service, and not the box,
and that the box is owned by Free and therefore no distribution occurs here, as
the kernel moves from Free to Free.

The obvious example is web servers, where you aren't distributing anything (at
least not the server software) and still providing service.

The difference here is that the box is physically at the customer's house, which
could be considered "lending", but IANAL.

Anyway, I guess you'll have to ask a (preferably French) lawyer to find out.

BTW, the whole thing about the kernel being in ROM or RAM or whatever and how it
got there are moot - its still running Linux. And if lending is distribution,
then they need to offer the source code.

FYI: Needing to reboot to change firmware makes sense, and those 10 extra
seconds might involve upgrading the proprietary firmware... But thats irrelevant.

- --
[Name ] :: [Matan I. Peled ]
[Location ] :: [Israel ]
[Public Key] :: [0xD6F42CA5 ]
[Keyserver ] :: [keyserver.kjsl.com]
encrypted/signed plain text preferred

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDRTlGA7Qvptb0LKURAs9iAJ9NKgLPDkUl/BBeAMJBot0PGzIDBwCfY/SS
pxRwgjqVPlasdIPTG/kvp6U=
=uAEf
-----END PGP SIGNATURE-----
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo [at] vger
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/


stesmi at stesmi

Oct 6, 2005, 1:15 PM

Post #41 of 47 (911 views)
Permalink
Re: freebox possible GPL violation [In reply to]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Emmanuel Fleury wrote:
> Helge Hafting wrote:
>
>>Interesting argument, but it breaks for at least two reasons: 1. You
>>can buy that box instead of just hiring it. That moves kernels
>>"outside the company", for money even.
>
>
> I might have misunderstood but I think that if you buy the hardware you
> cannot connect it to the DSLAM network anymore. So that only the boxes
> they own are connected to the DSLAM.

Get the box, turn it on, don't turn it off, pay the 400 EUR, own the box
LEAVING IT ON.

Result: You have a box that is _NOW_ running Linux and YOU own it.

If them placing the box at your place isn't considered distribution
(re: your mobile phone thing) then you BUYING it would need to,
due to transfer of ownership.

The fact that the box can't do what it's supposed to after you buy it
is irrelevant.

// Stefan
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32)

iD8DBQFDRYXYBrn2kJu9P78RAkOWAJ9WpWueLnpxMJYNqzvP7iguD76VmwCgnbXC
M7HrIV7fM5vsNXNzP0FY7MI=
=Yeav
-----END PGP SIGNATURE-----
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo [at] vger
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/


pierre at no-spam

Oct 6, 2005, 4:26 PM

Post #42 of 47 (908 views)
Permalink
Re: freebox possible GPL violation [In reply to]
> Helloooo !!! Have you proofs that they have ???
Could you just reply on the simple question : why the boot is not
stateless ?

>Just stick to the FACTS and if you want to argue on
>something, bring PROOFS !
In the fact (first mail) I give :

On [1] you could see 7 steps.
Step 1 to 5 is network initialisation (adsl synchronization, dhcp,
check on the dslam, ...)
Step 6 is software update
Step 7 is operationnal

When there are no firmware update the sequence is 1, 2, 3, 4, 5, 6, 7.
When there is a firmware update it is 1, 2, 3, 4, 5, 6, 1, 2, 3, 4, 5,
6, 7.

But you haven't a freebox, so how could you have seen this that ?
Even other people agree that may be a GPL firmware stored in the freebox
(see https://linuxfr.org/~crevetor/19607.html and the author of
http://www.f-b-x.net/ told me the same thing by mail [2])

>Nonsense, you are talking about cases of softwares which were sold to
>customers with GPL code inside. This is no such case here.
Have you read the mailling ?
it was about case were hardware was lended...


>You obviously need a brain, try to get one and come back after you
>learned to use it.
You need one too, you failed to read :
"Please let's continue on legal gpl-violations.org ML."...



[1] http://forums.grenouille.com/index.php?showtopic=14659
[2]

>Tout laisse a supposer que la freebox contient bien un systeme linux
> >>minimal, elle telecharge le reste (/usr, ...) lorsqu'elle se
> >>connecte >au serveur et en cas de mise a jour du fimware le system
> >>minimal est >ecrasse et on reboot...
>
non je me suis mal exprimé, elle garde le systéme sur sa rom et le met a
jour en cas de nouvelle version, du moins c est ce que je pense.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo [at] vger
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/


davids at webmaster

Oct 10, 2005, 7:27 PM

Post #43 of 47 (889 views)
Permalink
RE: freebox possible GPL violation [In reply to]
> On Wed, 2005-10-05 at 14:02 +0200, Emmanuel Fleury wrote:
> > Arjan van de Ven wrote:

> > > that's not enough to satisfy the GPL conditions.

> > It is.

> 3. You may copy and distribute the Program (or a work based on it,
> under Section 2) in object code or executable form under the terms of
> Sections 1 and 2 above provided that you also do one of the following:
>
> a) Accompany it with the complete corresponding machine-readable
> source code, which must be distributed under the terms of Sections
> 1 and 2 above on a medium customarily used for software interchange;

The Internet is a medium customarily used for software interchange, in
fact, it is most likely the most popular medium for that purpose. At the
time the GPL was written (June 1991), it arguably was not. So you will see a
lot of arguments that including a URL was not sufficient. However, now that
the Internet is the most popular medium for software interchange, offering a
URL is actually the *best* way to make the source code available.

Anyone who argues otherwise is just looking to make trouble for no reason
whatsoever. There is no medium you could possibly include that is more
likely to be usable than a URL. The intent of this paragraph was that the
software be available and easily accessible. A URL does this better than
anything else.

DS


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo [at] vger
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/


graham at gmurray

Oct 11, 2005, 3:48 AM

Post #44 of 47 (888 views)
Permalink
Re: freebox possible GPL violation [In reply to]
"David Schwartz" <davids [at] webmaster> writes:

> However, now that the Internet is the most popular medium for
> software interchange, offering a URL is actually the *best* way to
> make the source code available.

As long as you can guarantee that the URL remains valid for the
required 3 years, and that the exact source code used to build each
released binary version is available, not just the latest source.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo [at] vger
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/


loic at gnu

Oct 15, 2005, 2:40 AM

Post #45 of 47 (891 views)
Permalink
Re: freebox possible GPL violation [In reply to]
Pierre Michon writes:
> 1) The freebox is an adsl gateway with VoIP, TV over ADSL and a optional
> wifi bridge. The box is built and lended by an ADSL provider 'free'[0].

I suggest you say :

"The box is built by an ADSL provider 'free'[0]. The box is located at
the user end of the ADSL line (i.e. in the appartement of an individual
or in the offices of a company). "

Later on you could expand on how the box gets there, how
it is installed (lended or not) and the claim of Free that it is
not lended in any ways.


> ==FREE and PRO-FREE CLAIMS (some claims could be find on [6])==
>
> A) The freebox is only lended, so the user can't ask for GPL source code.

I insist that free does not even claim to lend the Freebox. They
claim that the freebox is a terminal equipement of their local network.

> -> They forgot that for wifi feature, you have buy a pcmcia card and
> that is card works wifi Linux driver. So according to GPL you could ask
> for wifi driver source code and all the Linux source code ???
> Also some people that don't return the freebox in time had to
> paid 400 Euros and they became the owner of the freebox. Free send to a
> client a letter [7] saying that if the user don't return the freebox,
> free could bill it and then it becomes propriety of the user :
> 'Nous vous rappelons que conformément aux Conditions Générales de Vente ,
> en cas de non-restitution du modem, Free se réserve le droit de procéder
> à la facturation de l'équipement terminal, au prix mentionné dans les CGV,
> qui deviendra alors la *propriété* de l'Usager.'

I believe that a customer could ask for the corresponding sources
to Free if she/he got a copy of the binary out of the freebox. Does anyone
have such a binary ?

> the fimware. So we could assume that at least a mininal system (Linux
> kernel + some utils) is keep in rom).

Could someone provide a hard proof of this ?

> C) 'Free' is a network operator and needs to keep secret some informations
> in order to preserve security on its networks.
>
> -> Everybody know how security obscurity via is safe. Also I agree they
> don't want to give their script or their configuration, but I fail to
> see what could be a threat in the Linux kernel.

I'd say this is more a debatable justification than a claim.

Cheers,

--
Loic Dachary, 12 bd Magenta, 75010 Paris. Tel: 33 8 71 18 43 38
http://www.fsffrance.org/ http://www.dachary.org/loic/gpg.txt
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo [at] vger
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/


pierre.michon at gmail

Oct 19, 2005, 10:58 AM

Post #46 of 47 (912 views)
Permalink
Re: freebox possible GPL violation [In reply to]
Hi,

2005/10/15, Loic Dachary <loic [at] gnu>:
> I believe that a customer could ask for the corresponding sources
> to Free if she/he got a copy of the binary out of the freebox. Does anyone
> have such a binary ?
But those ISP does everything in order the user couldn't touch the
firmware because they are frightened that the user could modify it and
does things that wasn't planed (record live tv stream for example).

For that they :
- disable all debug functions on customers boxes (serial port, jtag, ...).
- download the firmware via encrypted protocol (https, ...)
- check the integrity of the bootloader, firmware server, firmware.
- encrypted all rescue firmware that could be present on user computer.

So one way of recovering the firmware could be to unsold the flash
chip and read it on another board.

An other way will be to try to renable debug functions by soldering
component on the board.

But it will be very expensive and need special competences (and
without the datasheet of the board could be very hard...).


>
> > the fimware. So we could assume that at least a mininal system (Linux
> > kernel + some utils) is keep in rom).
>
> Could someone provide a hard proof of this ?
>
No without reading the flash chip.

What I have seen for the boards like freebox in my company :
- the bootloader try to load the firmware in flash
- if it fails, it try to read a rescue firmware. That rescue firmware
is minimal and will only allow to enable ADSL line and download a new
firmware in the flash and reboot.
- if it fails, the bootloader will try to load a encrypted firmware
from local Ethernet LAN (bootp, ...) and reboot.

But there no way to know what exactly does the freebox (may be try to
find the flash chip and its size)...

Pierre

PS : Does we need the binary image in order to ask for the source code ?
In this case, with Embedded devices that hide the firmware it will be
very difficult to make GPL apply...
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo [at] vger
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/


loic at gnu

Oct 20, 2005, 8:29 AM

Post #47 of 47 (890 views)
Permalink
Re: freebox possible GPL violation [In reply to]
Pierre Michon writes:
> PS : Does we need the binary image in order to ask for the source code ?
> In this case, with Embedded devices that hide the firmware it will be
> very difficult to make GPL apply...

It is not mandatory, it's just easier in this specific case.
If we knew for sure what the firmware contains, the box would be
enough. But if someone is able to figure out exactly what the
firmware contains she/he will also be able to extract a tarball in
which case the box itself becomes useless to ask for the corresponding
sources ;-)

Cheers,

--
Loic Dachary, 12 bd Magenta, 75010 Paris. Tel: 33 8 71 18 43 38
http://www.fsffrance.org/ http://www.dachary.org/loic/gpg.txt
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo [at] vger
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

First page Previous page 1 2 Next page Last page  View All Linux kernel RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.