Re: Ethical question..
On Sun, 2006-12-17 at 11:01 +0200, Oded Arbel wrote: > On Thu, 2006-12-14 at 12:41 +0200, Geoffrey S. Mendelson wrote: > > 2. As I have said many times, there is a popular program which the owners > >released as GPL, solicited and added source code for new features > >and bug fixes provided as GPL'ed code and then sold closed source > >licenses to large companies. > > I while supposedly having vested interest in the thus > unnamed company, would like to point that this practice > - while it indeed makes some people very angry (see previous poster's > e-mail) - is perfectly legal After reading Geoffrey S. Mendelson's latest post (see: "GPL license from software in question") I understood that we are talking about two different companies and two different products, hence I'd like to retract everything I said above, and admit that I have no idea what he's talking about. That's what happens when everyone keeps referring to "unnamed" companies and people and what is commonly known in hebrew as "דו שיח של חרשים" ;-) -- Oded ::.. "on topic for #perl" is like "relevant to misc.misc" = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Ethical question..
On Thu, 2006-12-14 at 12:41 +0200, Geoffrey S. Mendelson wrote: > 2. As I have said many times, there is a popular program which the owners >released as GPL, solicited and added source code for new features >and bug fixes provided as GPL'ed code and then sold closed source >licenses to large companies. I while supposedly having vested interest in the thus unnamed company, would like to point that this practice - while it indeed makes some people very angry (see previous poster's e-mail) - is perfectly legal and all people who contributed source code under the GPL have also specifically and before hand agreed that their source code will be used in the company's commercial offerings under a non-open source license and so they have no one to complain to but themselves. -- Oded ::.. Dream as if you'll live forever. Live as if you'll die today. = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Ethical question..
Quoting Gilad Ben-Yossef, from the post of Wed, 13 Dec: > > > This might be a good time to mention that Ravia offices and Codefidence > have launched a service centered about providing commerical product yup, saw it on the DailyMuchta and told them about it of course. -- Karma Police Ira Abramov http://ira.abramov.org/email/ = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Ethical question..
On Thu, Dec 14, 2006 at 11:41:34AM +0200, Shachar Shemesh wrote: > While this may or may not be the case, I do believe that a lot of people > WILL, in fact, be angry if this route is abused. The problem is that anger is nothing in a court of law, or in the normal business world. Two examples: 1. If you have a well published interface that will give you all sorts of goodness where a string is included in the code at a certain point, such as "GPL", then it is perfectly legal to include that string at that point and get the goodness. It's not a violation of the DMCA as it's not reverse engineering, it's not a violation of the license because the interface is well published. If for example, the docs say you must have "GPL Licensed Source Code" in the program, but it only checks for "GPL", since the source code is open source, you can claim that the documentation is not in sync with the code and "GPL" is all that is required. That would make a lot of people angry, but it would very likely stand up in court (I am not a lawyer). BTW, is "GPL" a trademark? Where? You could also have a programmer(s) named George Paul Linus, use his/their initials, or I could abbreviate "Geoff's Private License" as "GPL". If it is a registered trademark the holders of it are required to defend it, if they ignore it, the trademark is void. If it is not registered in Israel, then I can use it, other people may or may not. STFW "Sony Australia Walkman trademark". 2. As I have said many times, there is a popular program which the owners released as GPL, solicited and added source code for new features and bug fixes provided as GPL'ed code and then sold closed source licenses to large companies. There was a big stink, several of the developers quit the project, but no one has sued to stop them, and the program is still being used by many people, the company is still in business, and people are contributing code under the GPL, knowing it may not stay that way. In short, no one really cares. When it comes to convenience and money people look the other way. Geoff. -- Geoffrey S. Mendelson, Jerusalem, Israel [EMAIL PROTECTED] N3OWJ/4X1GM IL Voice: (07)-7424-1667 Fax ONLY: 972-2-648-1443 U.S. Voice: 1-215-821-1838 Visit my 'blog at http://geoffstechno.livejournal.com/ = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Ethical question..
Sorry for reopening this. Gilad Ben-Yossef wrote: > There is no need for this. Kernel module communicate with user space > applications (open or otherwise) via the system call interface (IOCTL, > mmap, open...). > > Linus has made is specifically clear, in comment placed in the Linux > kernel source COPYING file, that program making use of the kernel > function via standart system call interface are NOT derived work. The comment says this: >NOTE! This copyright does *not* cover user programs that use kernel > services by normal system calls - this is merely considered normal use > of the kernel, and does *not* fall under the heading of "derived work". The question is whether "custom communication via ioctl" would fall under "normal system calls". I'd at least suggest that the question is not clear cut. For example, I do believe that a lot of the reliance on this is due to the belief by kernel developers that a user-space export of the kernel functions would do much good for performance reasons. While this may or may not be the case, I do believe that a lot of people WILL, in fact, be angry if this route is abused. Which brings us to: > So much as Linus can speak for the entire gang of kernel copyright > holders (and probably even if not because of estopel) Actually, estoppel, while indeed not requiring discussion in court (contrary to my previous doubt), is still no method for you to make claims on my behalf. This is not exactly so, because people who contributed code to the kernel usually did this after the above statement was made, and so will have a bit of a hard time ignoring the estoppel binding. This does not, however, apply to person A contributing B's GPLed code. I have no info how frequently that happens. Shachar -- Shachar Shemesh Lingnu Open Source Consulting ltd. Have you backed up today's work? http://www.lingnu.com/backup.html = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Ethical question..
Shachar Shemesh wrote: Gilad Ben-Yossef wrote: So much as Linus can speak for the entire gang of kernel copyright holders (and probably even if not because of estopel) Isn't estopel only relevant once you tried to trial such claim and fail? I doubt any such thing has happened (i.e. - a kernel developer trying to sue for GPL violation over an IOCTL and losing). Even if it did happen, that same developer couldn't sue again over that claim, but for another developer that would merely be precedence, not estopel. I'm not lawyer, but I believe estoppel is not limited to claims raised in a court case. That is indeed one form of estoppel, but not the only one. Gilad -- Gilad Ben-Yossef <[EMAIL PROTECTED]> Codefidence. A name you can trust(tm) Web: http://codefidence.com | SIP: [EMAIL PROTECTED] IL: +972.3.7515563 ext. 201 | Fax:+972.3.7515503 US: +1.212.2026643 ext. 201 | Cel: +972.52.8260388 Resistance was futile. -- Danny Getz, 2004. = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Ethical question..
On Wed, 13 Dec 2006, Oron Peled wrote: On Wednesday, 13 בDecember 2006 21:51, Peter wrote: Speaking of sheduler, RTLinux took out some patents on just such a sheduler and restricted RTLinux distribution based on that This is 'solved' in that the RTLinux code is dual licensed. You mixed patents with copyrights. RTLinux code is pure GPL, the specific patents are dually licensed. FSMLabs (RTLinux creators) gave an automatic non-revocable patent license to GPL'ed code (so it won't infringe on the GPL). Other companies that try to use the patented techniques in non-GPL code (e.g: in non-Linux kernels) need to negotiate a *patent* license. Let's clarify this: I mixed and am mixing and will be mixing copyrights, licenses and patents because they are aspects and results of the same system. The set of these affects open source development and a cost can be assigned to it. As the guy who would get to pay the lawyer in case of oops, I have no intention to do his job. There is no difference which part of what is used how, the end effect matters. Not being a lawyer I would ask a lawyer about the details when the time comes. I prefer to be blissfully ignorant of these matters. The little I know so far gives me headaches as is. If I need a degree in law to write open source software in my spare time then I should move somewhere where this is not necessary. The problem is that, as it happened to Jon in Norway, and to others more recently when visiting the states, being ignorant of the laws of another country can be dangerous. Peter = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Ethical question..
On Wed, 13 Dec 2006, Micha Feigin wrote: Question is, is it enough that there is one non-GPL implementation I can link against exporting the same API, does this now make the work non-derived of the GPL API? More to the point, does the API fall under the GPL or the results. The answer is: it depends. If your intentions are GD then maybe it's ok. If your intentions are BD then not. If your intentions are BD but your product serves the current interest of the DHS^H^H^H nation, then you win. If your intentions are GD but you step on the toes of someone who can copyright dictionary words then you are an alien suspect of anti-american activity. If you are not rich enough to afford the lawsuit(s) then it does not matter, because it means that you have lost, and you might even have to change your name even if you win. Common sense says that an API established by someone and released as a standard for other's use is open and legit, as opposed to an in-house API that was stolen by a spy from a locked safe (the status of reverse engineered APIs is gray even in common sense scenarios). Then, both the library implementor and the application implementor write against the API (they don't even need to talk to each other). This is programming by contract (nothing to do with law) at its best. The GPL as applied to the kernel is using these terms of common sense imho. With the exception of the aggregation clause which is gray-ish but defendable (if the aggregate uses parts and functions of the kernel then it is not a mere aggregate - this is the position of Linus himself afaik). However common sense plays no role in law as you know. Trying to apply simple logic here fails because the system is not consequent (notice how I keep saying this - one could say that the determinant of the solution matrix is negative ... and fluctuating). APIs are not licensable/patentable, but ink cartridges and their innards function (as in API) are, while their refilling is not. Yet licenses that stipulate what can or cannot be done with software or other licensed work (like music recordings or books) after sale are enforced (to the point where the US copyright office had to issue a specific time-limited waiver so the blind can hear closed caption from encrypted dvds while they prepare for emigration in view of the expiry of the waiver), while licenses that stipulate what can or cannot be done with other recipients and devices and their refurbishing are striken down. It depends on whence the winds of pre-election (or post-election, for a change) populism and Franklin effigies are blowing on that day. To be fair, there is also the third kind of cause that affects the establishment of 'precedents': on those days when neither populism nor Franklin effigies affect the 'logic' 'true' legal logic affects it. This obviously adds a third unknown to the previous two since no difference is made between legal precedents established during populism, Franklin winds and 'just' logic. The end effect is a soup. Legal minestrone a la usa. I think that if someone would try to program the current set of precedents in a computer as Horn clauses (as it was done with tax laws afaik) and check for consistency then the machine would lock up hard immediately. I do believe that I venture here to the very gray areas of the GPL that would be rather difficult to defend in court, much more then making a non-GPL program impose as a GPL one though and is much more an ethical or theological question than the original one. Yup. The idea that a published API is not patentable/licensable while it is an otherwise ordinary publication (printed on paper etc) is one of the many departures from consecvence and logic in the current patent/legal system which I hold for secret marketing ploys by Alka-Selzer (who make the relevant stomach pills to required relieve the effects of trying to understand this 'logic'). Talking about 'logic' in a license and its application under these circumstances is a sort of a recursive negative definition a la GNU (GNU is not Unix). As a short appetizer (I want percentage from Alka for this) did you know that the RIAA was formed as a consortium of patent holders in radio and telecommunications technologies for the purpose of exploiting said patents without litigation, which litigation had stifled the development of radio until then (in the 1920s) ? So the patent holders formed a non-corporation whose members agreed not to sue each others over patents and intellectual property. That would be a pretty close definition of a cartel, but the powers that be looked the other way for the common good (see under populism ?). Thereafter radio flourished and the RIAA patents were used by everyone for the common good (of the RIAA members). The MPAA is organized along very similar principles. And guess what ? Now they sue others for using competing technology in various ways (
Re: Ethical question..
On Wednesday, 13 בDecember 2006 21:51, Peter wrote: > Speaking of sheduler, RTLinux took out some patents on just such a > sheduler and restricted RTLinux distribution based on that > > This is 'solved' in that the RTLinux code is dual licensed. You mixed patents with copyrights. RTLinux code is pure GPL, the specific patents are dually licensed. FSMLabs (RTLinux creators) gave an automatic non-revocable patent license to GPL'ed code (so it won't infringe on the GPL). Other companies that try to use the patented techniques in non-GPL code (e.g: in non-Linux kernels) need to negotiate a *patent* license. -- Oron Peled Voice/Fax: +972-4-8228492 [EMAIL PROTECTED] http://www.actcom.co.il/~oron ICQ UIN: 16527398 First we take Manhattan , then we take Berlin...(Leonard Cohen). Linux and Open Source - The Revolution of Choice = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Ethical question..
On Wednesday, 13 בDecember 2006 11:30, Ira Abramov wrote: > the company in question (and those of you who know who they are, know), > Has promissed me to solve the issue. the problem was a proprietary > kernel module that should have tainted the kernel and recieved a > restricted set of symbols, but instead has a license string of "GPL is > not the license of this module" with a null character after the "GPL", > which is an ugly and unethical hack. LinuxAnt did this circa 2004. It was trivial to patch the MODULE_LICENSE() macro so it would detect this (several patches were sent by people including Linus). IIRC the general feeling was that an "arms-race" with drivers that try to hack the kernel GPL tests are not the right course of action and these patches were not applied. However, if you want to stress how stupid this hack is, you may want to clarify to these people several facts: - Putting this string in the module is a public proof that the company *deliberately* missrepresented their license. AFAIK, this in itself is a criminal offense in many countries. - If the copyright dispute ever get to court, there are usually big difference in penalties for "willfull infringement" vs. unknowingly infringement (I think in the US it's triple damages and up to 5 years in prison). "... Oh sir, we didn't know we had any problem with the GPL string, we normally put NULL in our strings every 3'rd charater..." - At least in the US, trying to circumvent the EXPORT_SYMBOL_GPL may trigger the ugly DMCA, only this time it would work for free software instead of against it. Your clients may want to be informed that at least one foreign programmer was arrested and held in a US prison for 1.5 months because of claims about DMCA infringement raised against his (foreign) employer. Cheers, -- Oron Peled Voice/Fax: +972-4-8228492 [EMAIL PROTECTED] http://www.actcom.co.il/~oron ICQ UIN: 16527398 "Don't worry about what anybody else is going to do. The best way to predict the future is to invent it." -- Alan Kay = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Ethical question..
> > If you DO NOT write plain vanilla C code to Posix libc specs and expect > to fully use the advanced features offered by GPL-ONLY licensed > extensions to libraries, and distribute binary that links against these, > then you are in trouble even if there are 24 different implementations > of said libraries (again, the API must not originate outside the GPL > community for this to be true - because you are linking against an API > in fact, not against a library - it can be said that the implementors > of the library built it to the API specs - which API is not GPL if not > originated by the GPL community). > Question is, is it enough that there is one non-GPL implementation I can link against exporting the same API, does this now make the work non-derived of the GPL API? More to the point, does the API fall under the GPL or the results. If there are to libraries implementing the exact same algorithm one GPL and one free (LGPL for arguments sake), but with different API. If I allow linking also against the GPL one (in whatever manner, #ifdef or whatever), does this make the code derived work? If I write the code so that it can link only against the GPL version but it's possible without changing anything but the API (same algorithm and everything) to link against the LGPL version, does this make it derived work? I do believe that I venture here to the very gray areas of the GPL that would be rather difficult to defend in court, much more then making a non-GPL program impose as a GPL one though and is much more an ethical or theological question than the original one. = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Ethical question..
The purpose of a license is to prevent the visit to a judge. Therefore most of the discussions around licenses elaborated by comitee revolve around what a judge *would* do and not around what he will do. Because the chances to win a lawsuit are directly related to the depth of the parties pockets and their endurance measured in years, legal recourse is not such a good idea in most cases. Look at the kafkaesque SCO/IBM/Novell lawsuit: 3 years and still going strong. The us licensing and patent system is not consistent with itself and it is not such a good idea to adopt is as is, or to use it as a benchmark. USA is litigation country. No other system could withstand the continuous I-sue-you that takes place there, nor the kafkaesque lawsuits that take place from time to time (see SCO/IBM/Novell for one). That system works by precedent and it seems to take pride in creating precedents by breaking its own precedents (imho this is only advancing in the direction of greater entropy). Interested people can read a little about some of these things: http://www.eff.org/legal/cases/Lexmark_v_Static_Control/ http://www.eff.org/legal/cases/ACRA_v_Lexmark/ (read noly the rulings if you are inpatient, see right sidebar for more). You will see that in both cases a license that stipulated what can or cannot be done after sale (or distribution) with a product defined by an API (the cartridge) was striken down. The GPL is such a license. I don't think that there is any similarity with the cartridges, I just want to point out that one would seek consequence and logic in vain in the courts. What one could seek and find, would be financial ruin and wasted years. A sheduler is a more essential part of a timesharing machine than a kernel. A scratch-written sheduler aggregated with a kernel is not a derivative work, it is an aggregation. The GPL stipulates rules for aggregation but in doing so it may exceed the limits of what a license can stipulate. Incidentally, so does the EULA on certain software products when it stipulates what emulators they can run on or not, and on whether aftermarket resale is possible, among other things. Speaking of sheduler, RTLinux took out some patents on just such a sheduler and restricted RTLinux distribution based on that, and that is definitely definitely an aggregate work of the kernel: http://www.linuxjournal.com/article/5791 This is 'solved' in that the RTLinux code is dual licensed. But when it is not dual licensed, then how come it can be aggregated with a GPL codebase ? Because while RTLinux then becomes a non-GPL licensed piece of code, it is still aggregated with the remainder of the kernel source tree, which is GPL, and then *IT* forbids this aggregation. Huh ? I am not a legally trained person but most of what is going on there defies my logic, the same logic which I use to solve technical problems in electronics and programming. They do not have a consistent system. The only thing that is consistent is the constant suing, and the legal costs. Peter = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Ethical question..
Gilad Ben-Yossef wrote: > So much as Linus can speak for the entire gang of kernel copyright > holders (and probably even if not because of estopel) Isn't estopel only relevant once you tried to trial such claim and fail? I doubt any such thing has happened (i.e. - a kernel developer trying to sue for GPL violation over an IOCTL and losing). Even if it did happen, that same developer couldn't sue again over that claim, but for another developer that would merely be precedence, not estopel. Shachar -- Shachar Shemesh Lingnu Open Source Consulting ltd. Have you backed up today's work? http://www.lingnu.com/backup.html = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Ethical question..
Shachar Shemesh wrote: I offered instead that they write a GPL module that allows access to what they need in the kernel through IOCTLs and move their binary-only blob to userspace. This was acceptable to them and I believe it's the correct legal solution myself (correct me if I'm wrong) Well, if you want to be sure, I would suggest that they try to do a couple of things: 1. Set in stone the kernel<->userspace API, and document it inside the kernel module. This also means that the API must not change when the kernel interfaces they export do. This is both a QA thing and a legal thing. > 2. Try to make it as much a complete self-contained API as possible, > preferably one that is useful to other people. > There is no need for this. Kernel module communicate with user space applications (open or otherwise) via the system call interface (IOCTL, mmap, open...). Linus has made is specifically clear, in comment placed in the Linux kernel source COPYING file, that program making use of the kernel function via standart system call interface are NOT derived work. So much as Linus can speak for the entire gang of kernel copyright holders (and probably even if not because of estopel),your employers seems to be in the clear. This might be a good time to mention that Ravia offices and Codefidence have launched a service centered about providing commerical product makers that utilize Open Source software with the legal and technical tools they need to uphold the Open Source licenses while maintaining control over their own generated software and other IP = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Ethical question..
Peter wrote: It's nice to see that you are as polite as ever. Always refreshing to see someone who spends so much time in understanding what others say, and effort in making his objections so elegantly and tactfully heard. > The intention is clear: It is indeed. > So I think that your thinking is not quite ok and the GPL is quite ok > and strong enough in this area. But what matters is not what you or I think, but what will a judge think. That is why the intentions, clear though they may be, also matter not. The GPL derives its legal status from being a copyright license. Any time you need the copyright holder's permission to do something (distribute, derive work from, etc.), the GPL embodies that permission. Therein also lies the limitation - any time you do not need the copyright holder's permission, the GPL has no effect. The law is very clear on this point. You need the copyright holder's permission when you create derived works (and other stuff, which is not in the focus of this discussion). In order to answer the question of whether I can do X that needs Y, where Y is GPL and X is not, we need to answer one important question - is X "derived work" of Y? If it is, I'm not allowed. If it's not, I am allowed. Simple. Well, not so simple. There is no clear cut definition of what constitutes, and what does not constitute, derived work. We have some clear cut cases at the fringes. It's obvious that Word is not derived work of Wine. It's obvious that a modified scheduler is derived work of the kernel. Practically anything in between is open to interpretation. I have mine, the FSF has theirs. You have yours, but the only one that matters is the judge's. > again, the API must not originate outside the GPL community for this > to be true Leaving all practical problems of what a "GPL community" is, there is one binding precedence that is applicable, at least for US jurisdiction. It says this: APIs are not copyrightable. In other words, a functional description of a set of functions with their semantics cannot be protected by copyright. It follows that it cannot have a GPL license, and it's easy to see from there that your above statement will, likely, not hold water should it be tested in court. You simply cannot GPL an interface (and an API is an "Application Programmer Interface"). > - because you are linking against an API in fact, not against a library Which is precisely why, if you add to it the above paragraph, the GPL does not apply to you, even if there is only one implementation around and it is GPL. > If this p***es you off, go buy an island and write your own version of > causality ;-) (starting at about $40,000): That's ok, I refuse on principle to be p-asterisk-asterisk-asterisk-ed off by rude language, and I have other uses for $40K (though the idea is tempting for unrelated reasons). Shachar -- Shachar Shemesh Lingnu Open Source Consulting ltd. Have you backed up today's work? http://www.lingnu.com/backup.html = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Ethical question..
On Wed, 13 Dec 2006, Shachar Shemesh wrote: To my thinking - yes. If you create an interface that is independent of the implementation, no-one using that interface can be said to be derived work of the implementation. Yes, that does mean that the GPL isn't as strong as we may hope/wish it to be. This is, I think, a direct result of it being a *copyright* license. When the copyright protection ends - so does the GPL protection. What has this got to do with the GPL ? The act of connecting two pieces of software at runtime using linking defines the parts as distinct. If the connection is established in a way specified by a published standard (like Posix for libc calls or iBCS2 or X11 protocol or others which are used commonly) then one can put whatever one wants in each 'half'. There is nothing to discuss about this part. What is negotiable is the use of proprietary extensions. Such extensions are in the kernel, in libcs supplied with open source systems and in other places. Those extensions specifically forbid linking against non-GPL programs. The intention is clear: to limit access to advanced functions provided such that non-GPL abiding people cannot use them without soliciting a non-exclusive non-GPL license for their use. Using them anyway is theft. Period. So I think that your thinking is not quite ok and the GPL is quite ok and strong enough in this area. In English: It you write plain vanilla C code to Posix libc specs (recommended reading: 'POSIX programmer's guide', Lewine, O'Reilly - I am selling a copy of this book at http://p226.dyndns.org/books) then you will have no trouble to a) link against any compatible library (like libc, glibc, tinylibc, GPL or LGPL it does not matter) and b) port your app to any *nix out there in a few hours at most. Even if you distribute a binary and link it against a GPL-only libc you can claim (rightfully) that your program does not use any GPL features. Because it's compatible with a published standard. If you DO NOT write plain vanilla C code to Posix libc specs and expect to fully use the advanced features offered by GPL-ONLY licensed extensions to libraries, and distribute binary that links against these, then you are in trouble even if there are 24 different implementations of said libraries (again, the API must not originate outside the GPL community for this to be true - because you are linking against an API in fact, not against a library - it can be said that the implementors of the library built it to the API specs - which API is not GPL if not originated by the GPL community). The kernel in particular and its ENTIRE syscall interface is in its ENTIRETY a GPL product, TOGETHER with ANY modules linked into it (because said modules must use symbols and APIs defined by someone in the GPL community). That settles the question, yes ? The exceptions made for binary modules for certain drivers are to be regarded as temporary yields to user convenience. If this p***es you off, go buy an island and write your own version of causality ;-) (starting at about $40,000): http://www.privateislandsonline.com/sale-price-under-250K.htm http://www.privateislandsonline.com/first-hand-island-living.htm http://www.privateislandsonline.com Peter = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Ethical question..
Usual disclaimers apply. I am not a lawyer. This is not legal advice. Micha Feigin wrote: > On Wed, 13 Dec 2006 13:26:46 +0200 > Shachar Shemesh <[EMAIL PROTECTED]> wrote: > > >> They manage 1 and 2, they have a very good case for claiming that the >> userspace tool is not a derived work of their kernel space driver, and >> thus not bound by the kernel module's license. >> >> Shachar >> > > This goes into another legal question, at what point does "uses" becomes > "derived work". > > For example, if I have a program that uses a GPL library, but could just as > well have used a LGPL of non-free library, possibly with a slight api change, > is > it derived work or not? > I'm assuming here that all three libraries have the same interface. In other words, they export exactly the same functions, named the same, and having the same semantics, so that replacing one with the other is, at worst, a case of recompilation with no code changes. The FSF would have you believe that this is derived work. As I have stated many times in the past, I don't buy this. The ultimate counter example I can give is Wine. The simple fact of the matter is that NOTHING will cause MS Word to become derived work of Wine. I think we would all agree that it doesn't matter what the Wine license might be, nor that any Windows program running under wine is, in fact, dynamically linking to it. If three different implementations provide the same interface, it's fairly obvious that your program depends on the interface, rather than on the implementation of the libraries. If that is the case, it's pretty clear to me that you cannot claim that your program is derived from the library, and thus the library's license does not affect you. As I stated above, the FSF have a pretty different view, but I actually that this view is self contradicting. For reasons why, check out the license for a program called "rsyncrypto" (this is not someone else supporting my view, as I wrote rsyncrypto. This is merely me being lazy re-typing what I said there) - http://rsyncrypto.svn.sourceforge.net/viewvc/rsyncrypto/trunk/COPYING?revision=174&view=markup. > (I have a debate of which mathematical libraries to use at the moment). > If they are not of identical interfaces, and you cannot have your own program be GPL, everything else being equal, I'd go with the LGPL version. > If I spilt the API into a module and bundle one that works with the GPL code > and one with the non-GPL code thus giving the option for both of them, does > that matter? > To my thinking - yes. If you create an interface that is independent of the implementation, no-one using that interface can be said to be derived work of the implementation. Yes, that does mean that the GPL isn't as strong as we may hope/wish it to be. This is, I think, a direct result of it being a *copyright* license. When the copyright protection ends - so does the GPL protection. Shachar -- Shachar Shemesh Lingnu Open Source Consulting ltd. Have you backed up today's work? http://www.lingnu.com/backup.html = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Ethical question..
On Wed, 13 Dec 2006 13:26:46 +0200 Shachar Shemesh <[EMAIL PROTECTED]> wrote: > They manage 1 and 2, they have a very good case for claiming that the > userspace tool is not a derived work of their kernel space driver, and > thus not bound by the kernel module's license. > > Shachar This goes into another legal question, at what point does "uses" becomes "derived work". For example, if I have a program that uses a GPL library, but could just as well have used a LGPL of non-free library, possibly with a slight api change, is it derived work or not? (I have a debate of which mathematical libraries to use at the moment). If I spilt the API into a module and bundle one that works with the GPL code and one with the non-GPL code thus giving the option for both of them, does that matter? = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Ethical question..
Ira Abramov wrote: > Quoting Ira Abramov, from the post of Thu, 30 Nov: > >> All Hypothetical... >> > > well, it was a little white lie, if you didn't suspect :-) > > After double checking my legal status in any case, it turns out I am not > under NDA at the time of this writing, but will be by the end of the > day, so I'll say this :-) > So you ignore my advice.. > the company in question (and those of you who know who they are, know), > Has promissed me to solve the issue. the problem was a proprietary > kernel module that should have tainted the kernel and recieved a > restricted set of symbols, but instead has a license string of "GPL is > not the license of this module" with a null character after the "GPL", > which is an ugly and unethical hack. > It's also, legally, on shaky grounds. They are, in essence, claiming that the module is GPL, while it isn't. I think that the whole GPL only exports issue was not thoroughly thought through by people who should have thought about the legal implications of doing it. > I offered instead that they write a GPL module that allows access to > what they need in the kernel through IOCTLs and move their binary-only > blob to userspace. This was acceptable to them and I believe it's the > correct legal solution myself (correct me if I'm wrong) > Well, if you want to be sure, I would suggest that they try to do a couple of things: 1. Set in stone the kernel<->userspace API, and document it inside the kernel module. This also means that the API must not change when the kernel interfaces they export do. This is both a QA thing and a legal thing. 2. Try to make it as much a complete self-contained API as possible, preferably one that is useful to other people. They manage 1 and 2, they have a very good case for claiming that the userspace tool is not a derived work of their kernel space driver, and thus not bound by the kernel module's license. Shachar -- Shachar Shemesh Lingnu Open Source Consulting ltd. Have you backed up today's work? http://www.lingnu.com/backup.html = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Ethical question..
Quoting Ira Abramov, from the post of Thu, 30 Nov: > All Hypothetical... well, it was a little white lie, if you didn't suspect :-) After double checking my legal status in any case, it turns out I am not under NDA at the time of this writing, but will be by the end of the day, so I'll say this :-) the company in question (and those of you who know who they are, know), Has promissed me to solve the issue. the problem was a proprietary kernel module that should have tainted the kernel and recieved a restricted set of symbols, but instead has a license string of "GPL is not the license of this module" with a null character after the "GPL", which is an ugly and unethical hack. I offered instead that they write a GPL module that allows access to what they need in the kernel through IOCTLs and move their binary-only blob to userspace. This was acceptable to them and I believe it's the correct legal solution myself (correct me if I'm wrong) -- Former Soviet spy Ira Abramov http://ira.abramov.org/email/ = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Ethical question..
Meir Michanie wrote: > How does checkpoint qualify in this matter. > "this matter" relates to binary kernel modules. As far as I know, it's just another binary kernel module. I am not aware that they are using any GPL only exports (though I really don't know). > They sale the splat that is redhat linux. Did anyone requested or got > their sources for the splat CD? > At least last time I checked, anyone that requested it got access to an FTP site with the sources for all modified user space utilities on SPLAT. This is technically a violation (GPL requires that commercial distribution offer the sources even if they are available elsewhere), but is not something that limits the actual freedom of said tools. As far as I can tell, the only controversial thing you can say about SPLAT is the binary kernel module. Shachar -- Shachar Shemesh Lingnu Open Source Consulting ltd. Have you backed up today's work? http://www.lingnu.com/backup.html = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Ethical question..
How does checkpoint qualify in this matter. They sale the splat that is redhat linux. Did anyone requested or got their sources for the splat CD? Shachar Shemesh wrote: > Ira Abramov wrote: >> This is not exactly a GPL violation, > I'm not sure you are right about this. > > Here's my take on things. The kernel is GPL, which means that all > derived work of it needs to be GPL too, or it is infringing on the > kernel's copyright. > > There are three approaches to understanding binary only modules: > > One is to say that merely using the interface does not make a module > derived work, and therefor the GPL doesn't apply. This claim is backed > up by the fact that interfaces are not considered copyrightable (or else > Wine, Samba and many others would be infringing work, and all user-space > programs would have to be GPL). The way I see it, this true ONLY if the > interface involved is well documented and stable. I believe you will > find that the kernel->module interface is neither. This is also why I > think that creating an "adapter module", that exports a well-documented > stable interface out of the kernel would allow perfectly legal binary > modules. Even if the kernel's interface was stable and documented (or > otherwise defined as "non-derived work"), I highly doubt their trick > uses the interface alone, and so this protection is highly likely not > relevant for this case. > > The second case is to say that the kernel export functions themselves > give permission. It's called "מכלל לאו יוצא הן". If you export 10 > symbols, and you tell me not to touch 3 of them unless I'm GPL, I have a > very good case for claiming that I am allowed to touch the other 7 > (despite all of Muli's claims to the contrary). Here, as before, the > moment their binary module links with symbols that are defined as "GPL > Only", it is, in fact, sidestepping the above permission, and is > infringing on the kernel's copyright. > > The third possibility (which I do not buy into) is to say that there are > no exceptions, and that binary only modules are not allowed. If that is > the case, this is no greater GPL violation, but it certainly is bringing > the copyright disregard to new levels. > > So I think that claiming that this is not a GPL violation is a bit naive. >> What would you do? >> > Now were talking about the real dillema. >> do you just protest but keep working there? >> > It's very easy to say "No!!" when it's someone else's money. It really > depends. If you can afford to lose the client, I'd consider stopping > working with them, but the details really depends. >> make that information public? >> > A professional lives by his/her reputation. You have to let your clients > know that they can trust you not to go behind their back. It may be a > big enough violation for you to stop working with the client, but unless > it's a life threatening neglect, I wouldn't go public with such things. >> Inform lkml how they fooled the kernel without revieling the identity of >> the violators, just to help them patch it for the future? >> > You already did so here, didn't you? > > No, the specifics of how to do the bypass don't really matter. I don't > think anyone has any interest in a cat-and-mouse game such as this. As I > have said above (in the "is this a GPL violation" part), it's the intent > that counts. >> spill the beans on Slashdot? >> > I fail to see what good that will do. >> and what would you do if it was a real GPL violation? >> > I think it is a GPL violation. All my answers above apply. I'd let them > know that, as far as I know, this is a GPL violation. I'll draw their > attention to the fact that they can lose all distribution rights. >> will a signed NDA with that company make a difference in your decision? >> > Absolutely not. I have clients that asked for a signed NDA as a > pre-condition to interviewing me to find out whether I'm good enough for > them. I have clients that asked for an NDA half a year after I already > started working with them. I have clients that never asked for an NDA at > all. As far as I'm concerned, my reputation is at stake here. NDA or > not, I have to have the trust of my clients, which means that anything > the client would really not like to be known, I keep confidential. The > only exception I can think of is life threatening neglect, and again, > then an NDA wouldn't change my actions one way or the other. >> Thanks, >> Ira. >> > Shachar > -- Meir echo "nfjsnAsjvoy/dpn" | perl -pe 's/(.)/chr(ord($1)-1)/ge' = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Ethical question..
Ira Abramov wrote: > This is not exactly a GPL violation, I'm not sure you are right about this. Here's my take on things. The kernel is GPL, which means that all derived work of it needs to be GPL too, or it is infringing on the kernel's copyright. There are three approaches to understanding binary only modules: One is to say that merely using the interface does not make a module derived work, and therefor the GPL doesn't apply. This claim is backed up by the fact that interfaces are not considered copyrightable (or else Wine, Samba and many others would be infringing work, and all user-space programs would have to be GPL). The way I see it, this true ONLY if the interface involved is well documented and stable. I believe you will find that the kernel->module interface is neither. This is also why I think that creating an "adapter module", that exports a well-documented stable interface out of the kernel would allow perfectly legal binary modules. Even if the kernel's interface was stable and documented (or otherwise defined as "non-derived work"), I highly doubt their trick uses the interface alone, and so this protection is highly likely not relevant for this case. The second case is to say that the kernel export functions themselves give permission. It's called "מכלל לאו יוצא הן". If you export 10 symbols, and you tell me not to touch 3 of them unless I'm GPL, I have a very good case for claiming that I am allowed to touch the other 7 (despite all of Muli's claims to the contrary). Here, as before, the moment their binary module links with symbols that are defined as "GPL Only", it is, in fact, sidestepping the above permission, and is infringing on the kernel's copyright. The third possibility (which I do not buy into) is to say that there are no exceptions, and that binary only modules are not allowed. If that is the case, this is no greater GPL violation, but it certainly is bringing the copyright disregard to new levels. So I think that claiming that this is not a GPL violation is a bit naive. > What would you do? > Now were talking about the real dillema. > do you just protest but keep working there? > It's very easy to say "No!!" when it's someone else's money. It really depends. If you can afford to lose the client, I'd consider stopping working with them, but the details really depends. > make that information public? > A professional lives by his/her reputation. You have to let your clients know that they can trust you not to go behind their back. It may be a big enough violation for you to stop working with the client, but unless it's a life threatening neglect, I wouldn't go public with such things. > Inform lkml how they fooled the kernel without revieling the identity of > the violators, just to help them patch it for the future? > You already did so here, didn't you? No, the specifics of how to do the bypass don't really matter. I don't think anyone has any interest in a cat-and-mouse game such as this. As I have said above (in the "is this a GPL violation" part), it's the intent that counts. > spill the beans on Slashdot? > I fail to see what good that will do. > and what would you do if it was a real GPL violation? > I think it is a GPL violation. All my answers above apply. I'd let them know that, as far as I know, this is a GPL violation. I'll draw their attention to the fact that they can lose all distribution rights. > will a signed NDA with that company make a difference in your decision? > Absolutely not. I have clients that asked for a signed NDA as a pre-condition to interviewing me to find out whether I'm good enough for them. I have clients that asked for an NDA half a year after I already started working with them. I have clients that never asked for an NDA at all. As far as I'm concerned, my reputation is at stake here. NDA or not, I have to have the trust of my clients, which means that anything the client would really not like to be known, I keep confidential. The only exception I can think of is life threatening neglect, and again, then an NDA wouldn't change my actions one way or the other. > Thanks, > Ira. > Shachar -- Shachar Shemesh Lingnu Open Source Consulting ltd. Have you backed up today's work? http://www.lingnu.com/backup.html = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Ethical question..
On Thu, Nov 30, 2006 at 06:29:36PM +0200, Ira Abramov wrote: > > say you had a client you worked for. One day over lunch, one of the guys > of the R&D of a different product at the company tells you how they > circumvent the kernel checks to load a non-GPL module and get all the > symbols a GPL module gets. I don't see what's wrong with that. It's a compromise that makes both parties win. The kernel stays GPL'ed, it loses nothing. The vendor makes his OCO (object code only) module available to whomever meets the critera he has, and they get to use it with Linux. If they don't want to use nonGLP'ed code with their Linux kernel, they simply don't load the vendor's module. It may mean a lost function for a customer, more likley it means a lost sale for the vendor. > This is not exactly a GPL violation, however it makes a stock RHEL > kernel be fooled to think this closed source module is actually GPL and > give it access to more info than the kernel team wanted. I think in the U.S. that would be a violation of the DMCA. Do you want such laws here? Is this any different than SAMBA? Printer ink cartridges? DeCSS? > What would you do? > do you just protest but keep working there? No, you congratulate them on a job well done. You convince them to make a case for releasing the module as open source and help them promote it to the managment. Offer to extend your contract (and compensation) to help them make the switch and promote it. > make that information public? No. > Inform lkml how they fooled the kernel without revieling the identity of > the violators, just to help them patch it for the future? No. They'll just work around it, abandon the product or go with BSD. > spill the beans on Slashdot? Those ~@@[EMAIL PROTECTED] They'll just make a fool of you. The truth is the last thing they care about. > and what would you do if it was a real GPL violation? Nothing. From my experience people in general and most of the people on this list only care when you are discussing it. If it affects something they want to use, or can make money on, the GPL is happily ignored. > will a signed NDA with that company make a difference in your decision? No. An NDA will just get you sued faster, but you will be sued in the end. Consider it a CLM. Geoff. -- Geoffrey S. Mendelson, Jerusalem, Israel [EMAIL PROTECTED] N3OWJ/4X1GM IL Voice: (07)-7424-1667 Fax ONLY: 972-2-648-1443 U.S. Voice: 1-215-821-1838 Visit my 'blog at http://geoffstechno.livejournal.com/ = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Ethical question..
To me, the dilemma would be about my corporate loyalty (to the company's success) and perhaps personal loyalty to the owners vs. loyalty to the community (can I even say "public good"?). Funny you mention an NDA here, cause I think that once you've set your mind about the community being more important, any juridical method to prohibit you from reporting the crime would be questionable, and anyhow it'd turn into a practical question for lawyers rather than an ethical question for hackers. On 11/30/06, Ira Abramov <[EMAIL PROTECTED]> wrote: and what would you do if it was a real GPL violation? will a signed NDA with that company make a difference in your decision? = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Ethical question..
On Thu, Nov 30, 2006 at 06:29:36PM +0200, Ira Abramov wrote: > say you had a client you worked for. One day over lunch, one of the > guys of the R&D of a different product at the company tells you how > they circumvent the kernel checks to load a non-GPL module and get > all the symbols a GPL module gets. Yuck. > This is not exactly a GPL violation, however it makes a stock RHEL > kernel be fooled to think this closed source module is actually GPL > and give it access to more info than the kernel team wanted. .. which means pretty much nothing from a technical POV. From an ethical POV... Yuck. > What would you do? Depends. > do you just protest but keep working there? Unlikely... as you can probably recall from a company we've both worked for in the past, people who don't respect licenses tend to not respect their employees or contractors either. > Inform lkml how they fooled the kernel without revieling the identity of > the violators, just to help them patch it for the future? The module GPL check is easily circumvented. It's not meant to defeat an attacker, just make the wishes of the kernel community with regards to licensing and external modules obvious. IMNEHO, if they're distributing a binary only module they're in violation of the kernel's license already. Circumventing the GPL check is just one more nail in the coffin. Cheers, Muli = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
