PDA

View Full Version : The GPL - does it really make a difference?



Eisenwinter
August 9th, 2009, 05:19 PM
I posted this in another forum, and wanted to see what you guys in here think:




We all know that those who participate in the development of Free Software do it for fun, coding practice, ideology, the feeling of contributing something, and many more reasons.

We also know that virtually all proprietary software is released simply to get money.

And, we also know that when a piece of code is licensed under the GPL, its user must include the source code and the GPL notice, if he or she decides to redistribute the code.


Now, how do we know when someone actually uses code which has been licensed under the GPL?

I could go and download a source for some program, from my personal computer, and you'd think I'm just another Free Software user.

Companies (such as Microsoft) can also download, and look at the code, but how do we know they're not going to use it without permission? It's impossible to know.

Therefore, the only effect of the GPL is "Well, I could use it and redistribute the code in proprietary manner, but it's possible that I'll be caught, so I'm not going to".

How exactly can someone be caught using GPL'ed code, if when that person/company distributes his/her/its program, without including the source? Is there a way?

Share your thoughts on the subject.

Viva
August 9th, 2009, 05:24 PM
You might find this interesting. http://gpl-violations.org/

Oh and there is a lot of money in FOSS. FOSS is a 40 billion dollar(I think) industry.

gnomeuser
August 9th, 2009, 05:47 PM
The GPL is just one of many Open Source licenses, I doubt it makes more of a difference as compared to any other OSI license. It's fairly fundamentalist compared to other choices but the ideas embodied by the GPL and its fellow OSI licenses have had a big impact on the software industry as a whole.

I think it's not so much about the GPL but about the Open Source movement. Till that came about nobody managed to make non developers understand and trust the open model as a viable business and development tactic.

HermanAB
August 9th, 2009, 07:47 PM
Since I'm not the totally paranoid type, I prefer the LGPL over the GPL.

raronson
August 9th, 2009, 08:40 PM
I'm an amateur programmer and musician, and these two activities have a lot in common concerning their code-based underpinnings. Pick any song you like and chances are someone has figured out the music and posted it online. It may not be correct, but it's close enough most of the time, and there are probably multiple versions uploaded by other people who have transcribed the song as well. Though this isn't copyright infringement, unless someone miraculously nails it exactly. Alternately, the real sheet music can be purchased if there's a need to see exactly how things were done, or if a song needs to be faithfully reproduced. Admittedly there are problems with that analogy (yes, this is a disclaimer for people not to start picking it apart), but software is really not that much different.

Huge commercial applications are almost assuredly black boxed or reversed engineered by an army of curious people around the world. If someone were making money off of GPL'd code, it'd be caught and identified by the first competent person who started poking around. Even without doing so, things that work hauntingly like a given Linux application are easily identifiable due to familiarity. Similarly, a professional musician may stumble across a hit new song and say, "hey, that's my guitar riff!" Keith Richards from the Rolling Stones springs to mind.

But how do you catch a programmer who doesn't just copy and paste? That's a good question, since no self-respecting programmer would do such a thing, and most code thieves do a better job of changing things around. In the past I've looked at code to see how someone did this-or-that, but I don't just cut and insert into my own program. I'll get familiar with it and rewrite it to suit my needs, and this is the way it should be--if I'm not attempting to sell or redistribute. If I did though, I might end up in court having to submit my code, and that's where the hair-splitting comes in as things are viewed through the legal lens. So I think for that reason, the GPL has teeth.

Though I get what you're saying: isn't it ultimately unfair that someone can look at GPL'd code and then go make their own product after having seen it? Maybe, but I don't see this as a big problem either. Any programmer worth their weight in special characters writes their own code. I'm not sure that a code-thief would make it far in the proprietary world due to teamwork and peer review; and at that point, it'd have to be a conspiracy to knowingly commit fraud. I'm not saying that it can't or doesn't happen, but it's just that, what's the point of doing so, since it would take as much effort to steal and obfuscate outside code, and then face legal ramifications and PR nightmares if found out?

I'd have to imagine that most of the violations amount to things like startups using the Linux kernel for electronic devices--and that's easy enough to spot.

Eisenwinter
August 10th, 2009, 02:01 AM
raronson: thank you, you have taught me something.

One thing though:

You have said that programmers across the world reverse-enginner code. Is that not illegal for virtually ALL proprietary code? I believe it violates most proprietary licenses.

If you did reverse-engineer some code, and then said "Hey, this acts like some code I wrote and licensed under the GPL", would the company/person be able to take legal action against you reverse-engineering their code?

nobodysbusiness
August 10th, 2009, 03:02 AM
In order to detect someone using GPL code illegally, someone with the right skills could simply compile the GPL source code into machine code, and then compare the machine code binaries that are included in the commercial product. So, in this case, the "reverse engineering" would simply consist of comparing two binary files for similarities.

The company could take measures to try to hide the original source of the code, but that would take a lot of effort, and the whole point of stealing was originally to *reduce* the amount of effort.

madjr
August 10th, 2009, 03:08 AM
it does make a difference if you educate at the same time.

i.e. not too many like/agree with the BSD license, except people who want to profit without giving anything back..

that's why many programmers prefer to licence under gpl

i like GPL and specially v3

anyway, if you don't educate people about contributing and sharing, then there's no point to open source licences.

With more and more denunciation and law suits people are getting the message to not steal community/public code

but, you can split a proprietary program in parts and use gpl code (like safari... is not FOSS, but they do contribute back to the engine: webkit)

raronson
August 10th, 2009, 11:14 PM
I think that's right on, education is what's called for. The GPL violations site that Viva pointed out makes this pretty clear, and also shows that I was somewhat wrong about the last statement I made.

Companies like Motorola, Asus, Gigabyte, D-Llink, and more have had suits filed against them (mainly for electronic devices that use netfilter/iptables). In most of these cases, it's just ignorance on the part of the development team, since they clearly didn't understand the terms of the GPL'd code they were using in their commerical products. However, there are cases where companies are intentionally defiant, and that's what's the courts are for.

The cases like Asus and TomTom that have happy endings make future victories all that more attainable, as the plaintiffs could easily reference those decisions in each new case.

raronson
August 10th, 2009, 11:44 PM
I forgot to address Eisenwinter's question...

"Black Boxing" is undoubtedly easier than reverse engineering, and not illegal. When you black box something, you're just using it normally and probing it for predictability to see how it works without taking it apart.

Going back to my music analogy, people who transcribe songs are essentially doing the same thing. They hear the music and then try to work out and reproduce the sound. They might hear the intro guitar riff, for example, and say, "Oh, that's a G-chord followed by E, A, D." By doing so, the "code" can be figured out without having actually seen it.

Reverse engineers on the other hand have any number of motivations for breaking down commercial applications, but some of them could be thought of as anonymous tipsters. Though I'm just speculating here. I'm not aware of a case where something was reverse engineered and then reported on--but then again, we probably wouldn't know that, as the plaintiff would be reluctant to mention it.

Most of these devices that use GPL'd code is easy enough to spot. Take a router for example that offers web administration, or ssh for remote access. Let's say you open up the web configuration page and make a changes only to be greeted by this error message along the way:



Not Found

The requested URL /apache error/examples.html was not found on this server.
Apache/1.3.34 Server at www.somewhere.com Port 80



You say, hmm, they're using Apache. Wonder if they're complying with the GPL. This is not a great example since Apache has it's own license (which is GPL compatible), but you get the idea.

Viva
August 10th, 2009, 11:46 PM
I forgot to address Eisenwinter's question...

"Black Boxing" is undoubtedly easier than reverse engineering, and not illegal. When you black box something, you're just using it normally and probing it for predictability to see how it works without taking it apart.

Going back to my music analogy, people who transcribe songs are essentially doing the same thing. They hear the music and then try to work out and reproduce the sound. They might hear the intro guitar riff, for example, and say, "Oh, that's a G-chord followed by E, A, D." By doing so, the "code" can be figured out without having actually seen it.

Reverse engineers on the other hand have any number of motivations for breaking down commercial applications, but some of them could be thought of as anonymous tipsters. Though I'm just speculating here. I'm not aware of a case where something was reverse engineered and then reported on--but then again, we probably wouldn't know that, as the plaintiff would be reluctant to mention it.

Most of these that use netfilter/iptables though, is easy enough to spot. Take a router for example that offers web administration, or ssh for remote access. Let's say you open up the web configuration page and make a changes only to be greeted by this error message along the way:



Not Found

The requested URL /apache error/examples.html was not found on this server.
Apache/1.3.34 Server at www.somewhere.com Port 80

You say, hmm, they're using Apache. Wonder if they're complying with the GPL...

They need not, because apache is not under GPL:P

raronson
August 10th, 2009, 11:49 PM
:)

You caught that right while I was editing it.

LunaticHiatus
August 10th, 2009, 11:54 PM
just look up eben moglen in youtube. He is very educational concerning the law and the gpl.

Viva
August 10th, 2009, 11:58 PM
just look up eben moglen in youtube. He is very educational concerning the law and the gpl.

And visit Groklaw (http://www.groklaw.net) or Software Freedom Law Center (http://www.softwarefreedom.org/)