Abusing the GPL? 771
"How, you may ask?
Integrate the highly useful GPL code we're eyeing into our only slightly more complex (but much more lucrative) project, thereby saving us at least 30% of the coding involved. The company then go all the way to production with it, but instead of finally compiling the actual project for distribution, they instead compile a bunch of incomprehensible gobbledygook that just happens to compile to the same bytecode. You know the game: globally replace every function name, variable name, and so on from our code with nonsensical names (or random characters), remove all of the comments, and any other form of obfuscation they can introduce. They will then GPL the obfuscated gobbledygook, which isn't much more useful to anyone than reverse-engineered bytecode would be (it is a complex project). 'Voila!' All the benefits of a huge GPL project and countless thousands of volunteer hours and unreadable, incomprehensible source tree.
For the record: I do not think this is right yet, I have not been able to find any precedent for why the GPL should protect against this kind of abuse.
I'm not trying to snitch on my company -- or lose my job, which is why I am posting anonymously -- but hopefully some lawyers out there could point out some iron-clad legal reason preventing this sort of thing. I've read the GPL through at least a dozen times since yesterday, and so far it looks like our lawyer is right. I have not found any relevant linkage either, as I have mentioned. Links to extended legal analyses of the GPL from a technical standpoint (if any exist) would be the most helpful. All help is appreciated."
Sounds wrong to me (Score:2, Insightful)
What you should do is put it as "What would Microsoft do". If you too microsoft's code and decompiled it and then changed a few names and recompiled it would they sue?
Would you company risk taking on Microsoft? If they would then tell them to go ahead and violate the GPL. If they wouldn't ask them why they feel they can get away with taking on someone smaller.
If you find another job please let us know who it is is doing this.
Cut and dried Copyright violation (Score:3, Insightful)
If you take some code and switch out all the variable names and change the spacing around, it's still the same code. If your lawyer is advising you differently, I'd be very suspicious of his motiviations.
"viral license" (Score:2, Insightful)
Personally, I feel that the GPL should be enforced when the work is actually DERIVED FROM a GPL'd work. The example of the IDE is a prime example. Look at KDevelop. If I write a console-based program which doesn't use the Qt or KDE libraries, I am allowed to release the program under whatever license I choose. No argument.
If we squabble about license issues and what constitutes a "dervied work" then it only gives MS a better case against the GPL. While I'd personally rather see packages like Qt released under the LGPL, the GPL is certainly the most valuable license in the furtherance of Linux.
Is it just me? (Score:2, Insightful)
Are you saying that using the GCC compiler means that you will then have an executable which you have to GPL the source code for?
Are you saying you are going to integrate GPL source code into a project?
I don't quite understand. Someone else enlighten me?
Possible problem (Score:5, Insightful)
Your lawyer is a fucking retard (Score:1, Insightful)
I think what your lawyer meant to say was 'you probably won't get caught, and if you do those damned GPL hippies can't afford lawyers anyway'.
By not being willing to put public pressure on your employer to stop this, you're as culpable as they are. The crime is being commited with your full knowledge of the action and the fact that it's illegal. Failure to report your company could leave you personally liable in the future.
Re:Spirit of the law (Score:2, Insightful)
If there is any "spirit of the GPL", it should be explicitly stated as part of the license.
Legal Loopholes (Score:3, Insightful)
Nowhere does it say that that code has to be non-obfuscated. Nor do I think it should. Do we really want to try and formalize that gray area between "obfuscation" and just plain "sloppy code?"
Not all of the code released under the GPL is what we would consider "good code." By that, I mean people release all sorts of toy projects and junk code under the GPL, for learning purposes. They use bad variable names and inefficient algorithms, but when do we start to consider code "obfuscated?" And more importantly, do we want to leave it to a lawyer to make that decision for us?
I say if you're really concerned about it, then leave the company. Otherwise, just write it off as mean-spirited. There's no law against being mean. :(
Total obfuscation is not possible (Score:4, Insightful)
Pretty boring stuff, but the overall point is that once the end product is GPL'd, it won't take long for someone in the bazaar to figure out a meaning for "asdfgh", and do a s/asdfgh/meaningfulName/g through the whole thing. Or even figure a way to diff it with the original source.
As long as it's GPL'd, the source will be available, and it'll be figured. You're wasting a lot of your time (and the rest of the community's) for very little reason.
No matter how complex your obfuscation, it's likely much less complex than, say, CSS or DES was.
Re:Can't do it. (Score:1, Insightful)
Re:Cut and dried Copyright violation (Score:3, Insightful)
Afraid not - the GPL gives you the right to change the code as long as you release the changes; the fact that it's changed to code that won't make any sense without a truckload of aspirin and coffee doesn't matter. It's not very sporting of them to do this, but I have a feeling it'll even out in the end - they'll lose the comprehesible copy of this, they'll want to come out with a new version and be faced with the awful task of trying to remember what the hell they did.
Re:Cut and dried Copyright violation (Score:3, Insightful)
1. maintain the GNU licensing that was there when you got it.
2. if you (re)distribute changes, you must at least distribute those changes as source code.
I understand that their actions make the source "unfriendly" but if it compiles, then I can fire up (g)cc and recreate the same binary that you have. Maybe even compile on a different platform. I don't see how this violates the spirit of the GPL, since there are no provisions in it for the quality or readibility of code. It's primarily designed to protect the openness of the code, not to protect the usability of it.
Re:From the GPL (Score:2, Insightful)
Oh well, go ahead, Mod me to hell -- I never had any karma to begin with
Dirty Pool! But also confusing. (Score:3, Insightful)
I mean when was the last time you looked at the source of a project that you just wanted to use, not develope.
Re:"viral license" (Score:5, Insightful)
...
While I'd personally rather see packages like Qt released under the LGPL...
Your opinion is perfectly valid but I'll just post the counter-argument for people to compare. If Qt released as LGPL, they would not make any money as anyone could use their library for free. An alternative is to make it closed source and sell their binary library to make money. That's fine but they wouldn't get much exposure.
GPL provides a middle ground for Qt. They say along the lines of, "You can use Qt for free so long as your produce is free (as in GPL) but if you want to make a commercial product, you will have to buy a license". IMHO, I think this is a good business model
Microsoft considers the GPL viral because if you use any GPL code for free, your produce must be GPL too. Fine, but look one step further. If they didn't make it GPL, you would be buying a license off a piece of closed source of software which wouldn't be any different to what MS does. At least with a business model like Trolltech's, you have a choice. For this reason I like Qt under GPL so that Trolltech could make money they wouldn't otherwise be able to under LGPL
Re:Your lawyer is a fucking retard (Score:5, Insightful)
From my reading, that is not the problem. It appeared that the company did release the code with source as GPL along with their product. They just obfuscated it before releasing it. That is not directly a GPL violation.
There have been cases before of obfuscated GPL code (Some video drivers in the Linux Kernel I believe) but those were original source from the manufacturer.
This article is about taking someone elses GPL code, obfusacting it, then re-releasing it with GPL intact.
Re:No Ethics == Outathere (Score:1, Insightful)
1) Based off of his first sentence, it kinda seems either he hasn't slept in a long time or he isn't a native speaker. Either he is in another country. So what can the FSF do. That would be VERY costly to go after then in court in another country.
2) He is now out of a job. He held up his beliefs and can be proud of that while waiting in the un-employment line. Given the state of the economy. What if he can't find a decent job for months. I wouldn't doubt he would wish he kept his trap shut in the past.
I'm not saying what the company did was right, but taking the moral high-ground can be fairly costly and not always easy to do.
Re:Cut and dried Copyright violation (Score:2, Insightful)
Obfuscation Is A Red Flag (Score:1, Insightful)
You don't understand the spirit then. (Score:5, Insightful)
The "spirit" of the GPL is about being able to make modifications to the code. That is one of the rights that the GPL is trying to preserve. It isn't just about being able to get a free copy of the code you can compile (and if you're lucky for different platforms).
As at least a dozen other posts under this article have already said, there is language in the GPL providing for quality -- or at least editability. The source must be in the "preferred form" for editing. Because releasing a
The authors of the GPL understood that "openess" depended on at least the level of usability that was present when the code was written. Hopefully we've cleared this up (and this guy's company lawyer has been sacked).
Re:Cut and dried Copyright violation (Score:3, Insightful)
I guess the chances of this AC blowing the whistle are slim, and if he/she doesn't do it, it's likely that this place will get away with this bullcrap. There are times to stand up for your principles, and while I don't fault him/her for not wanting to lose a job, I hope that if I'm ever in that situation I'll be strong enough to do the right thing.
Couple of points... (Score:4, Insightful)
IANAL, etc... etc... yadda, yadda, yadda.
The company then go all the way to production with it, but instead of finally compiling the actual project for distribution, they instead compile a bunch of incomprehensible gobbledygook that just happens to compile to the same bytecode.
You know the game: globally replace every function name, variable name, and so on from our code with nonsensical names (or random characters), remove all of the comments, and any other form of obfuscation they can introduce.
They will then GPL the obfuscated gobbledygook, which isn't much more useful to anyone than reverse-engineered bytecode would be (it is a complex project). 'Voila!' All the benefits of a huge GPL project and countless thousands of volunteer hours and unreadable, incomprehensible source tree.
Here is my take:
Other things to take into account:
Conclusion?
Bad idea. VERY bad idea. Release code under GPL, play nice, and nobody gets hurt... (wink! wink!)
IMHO, any company who tries that kind of stunt is going to end up on the trash-pit of dot-coms faster than you can say "GNU General Public License".
Re:Don't be so sure. (Score:5, Insightful)
'The source code for a work means the preferred form of the work for making modifications to it.'
Incomprehensible gobbledygook does not the preferred form make, any more than machine code.
What a lot of people appear to miss a lot of the time is that the GPL is _not_ one of those 'thrown together in a week' opensource licenses. It was developed over several years, and reviewed and rereviewed by the FSF legal counsel. It doesnt have holes like this.
Newbie lawyers looking at it for a few hours always misinterpret it. They dont have the technical savvy, nor the persistence to grasp the actual meaning and how thorough the GPL actually is when it comes to accomplishing its task.
The current MySQL AB/Nusphere legal issue isnt the first court case on the GPL because nobody has tried to violate the GPL before. It's because everyone else has realized they dont have a chance in court, and have given up rather than trying to persue a case which their lawyers have eventually realized they will lose.
Re:Cut and dried Copyright violation (Score:2, Insightful)
They're not saying that they're taking someone else's GPL code and changing and redistributing it.
They're saying that they're taking THEIR OWN CODE, linking it with GPL code, making THEIR OWN CODE unreadable, and then GPLing their own code.
IANAL, but this sounds legal.
Re:Cut and dried Copyright violation (Score:2, Insightful)
Well. But the question is why the $company wastes it's resources with obfiscating the GPLed code just 'cause they don't want to publish their own code. Wouldn't it make more sense to modify the GPLed code (under respect of the GPL) to support plugins or offer an command line/streaming interface and then to infect the GPLed program by closed source plugins or let the propritary program use the GPLed program by pipes? Wouldn't those efforts be more valueable for the $company simply since they give the $company some reputation in the community (for contributing some fsking code) instead of ruining the reputiation for abusing the GPL?
Guess if your $company really plans such things the management should be fired for burning money instead of earning some. Did you try to inform your $company's shareholders?
Re:You don't understand the spirit then. (Score:4, Insightful)
"The source code for a work means the preferred form of the work for
making modifications to it. For an executable work, complete source
code means all the source code for all modules it contains, plus any
associated interface definition files, plus the scripts used to
control compilation and installation of the executable. However, as a
special exception, the source code distributed need not include
anything that is normally distributed (in either source or binary
form) with the major components (compiler, kernel, and so on) of the
operating system on which the executable runs, unless that component
itself accompanies the executable."
I interpret this to mean something equivalent to ASCII, depending on platform. Or the form of source that is usually sent to the compiler, or the form of source that the (original) developer is accustomed to working on. In other words, C source code, not XORed EBCDIC, nor a JPEG of the ASCII source, nor a stereogram, nor a t-shirt with a poetic interpretation of the algorithm used(ala DeCSS).
IANAL, so it's really up to a judge to decude what exactly this means. But i think that obfuscated source is just as good as well-documented cleanly formatted code for satisfying the GPL. Obviously the clean source is preferred, but not required.
Re:Dirty Pool! But also confusing. (Score:2, Insightful)
Re:Why did it take so many posts? (Score:2, Insightful)
There is nothing other than the GPL (ignoring dual licensed situations here) that allows you to distribute the code and/or binary that resulted from creating a derived work from a GPLed source, so by distributing that code, you must be agreeing to the GPL. If you don't agree to the GPL and still distribute that derived work, you are violating the copyright owner's rights to control distribution.
That's the argument, and from my point of view (IANAL), it has nothing to do with EULA's. Even companies with paid lawyers manage to get that wrong, in that they sometimes display the GPL as if it were a EULA (i.e, click to "Accept" during the installation or first run of a program...)
Blow the whistle. (Score:3, Insightful)
Then, later, you can sleep like a baby, knowing you did the right thing.
I think that you've got it, they're dead. (Score:2, Insightful)
In order to get away with this, they'd have to demonstrate that the released code is what their own grunts have actually been using while making their mods, at least. If not, it is obviously not the "preferred form".
Save your email (Score:2, Insightful)
If you find this distasteful, make sure you keep copies (hard copies) of all internal emails and documents pertaining to this issue.
That will probably protect you and make the case a slam dunk if it ever goes to trial.
Send your boss an email objecting to the shaky legal ground and save his response where he asks you to go ahead with it. If you get fired for making noise look into the whistleblowers statutes.
Chuck
Re:The GNU GPL has a clause against this (Score:2, Insightful)
What if a bunch of Burmese programmers take the Linux kernel and convert all the variable and function names and comments to Burmese (which should make it easier for them to work on). Then, after adding all sorts of whizzo features, they release UltraLinux and sell it in the US. Since it's GPL'd they obviously release the source too.
Would this contravene the GPL?
It's such a hopelessly grey area I don't see any legal weight behind that statement in the GPL. They are going to have to add something much more explicit, but good luck finding something that works.
This is all certainly against the spirit of the GPL but I don't see that it's against the letter of it.
You are not anal enough either. (IAAL) (Score:5, Insightful)
In order to impart meaning to the GPL distinction between source vs. object/executable, one must go on a fact-finding parade to measure industry practice, and other wishy-washy standards. In the context of a dispute over a GPL'd bit of code, you can be damn sure that the GPL will collapse under the weight of this fact-finding process, and that the party with more patience and money will win that battle.
There are some things that lawyers understand better than geeks, believe it or not. We are (generally) excellent at spotting weakness in prospective arguments. In the case of the GPL, there are drafting holes big enough to drive a Trident submarine through. I've said it before, and I'll say it again: the GPL won't hold water in a dispute. The reason no one has given you any precedent (as per your request) is that the GPL has not been truly tested in court. Since the GPL eschews the lessons that lawyers have learned about drafting in the past (largely in order to score points with geeks by being colloquial in manner and sounding un-lawerly), it cripples itself with imprecision and ambiguities. The weakness in its core definition of source vs. object/executable is merely one of many fatal flaws in the document. To be perfectly frank, the GPL is a POS contract and I would arguably be liable for malpractice if I advised a client to use it for reason other than their unbending adherence to open source dogma.
In conclusion, you are likely to see many companies "abusing" the GPL. Rather than use the loaded term "abusing", I would prefer to characterize this behavior as "exploiting" the unsophisticated and niave drafting of the GPL's language.
Since I said "IAAL", I must also say that the above does not represent a formal legal opinion, that I do not represent you (the reader) as your lawyer, and that you should not treat this message as my legal advice to you. Laugh all you want -- I'm just sticking to my ethical directives, kids.
Re:You don't understand the spirit then. (Score:2, Insightful)
No, it's the form that the company in question would prefer itself to have. What is preferred is demonstrable by their programming practices.
I know that this is not the same but if I want to edit your GPL program in APL (my preferred form) but it is only available in C does that mean that you are violating the GPL? Does the original author always get to decide what the preferred form for all future uses of the code is? In some ways that doesn't seem very open to me.
Good question. I think the answer is -- if the author wrote it in C, he can distribute it in C. If you convert it to APL, your can redistribute it in APL.
Re:Why did it take so many posts? (Score:3, Insightful)
Yacc has a BSD license, not GPL, and so this was never an issue at all for yacc. You can do whatever you want with BSD licensed code.
Bison makes a specific exception to the GPL for the code that it includes in your parser. You can compile your
misc thoughts, but im not a lawyer.... (Score:4, Insightful)
First arent all the copyright notices inside comments ?
Removing comments with the copyright notices would immediately violate T&C section 1. (while indicating acceptance of the whole document as per section 5), but then you aren't allowed to remove the comments. The obfusciation is seemingly permitted so long as the copyright comments still remain along with additional comments documenting the changes as required by section 2.
The obfusciation is seemingly a process of derivation, that is you start with GPL product and do some M-x replace-string's... This derivation process means that the "proprietary intellectual property" is still GPL'ed...
The GPL does NOT apply to sections not derived from GPL code, but only when they are published apart from the GPL portion. when the whole package is published it is still GPL'ed by inclusion of the GPL code (does anyone remember the Nvidia driver issues?)
Also according to section 5 the fact that you edited the GPL code at all indicates acceptance of GPL terms and conditions. Failure to accept prohibits you from making modifications (such as the string search and replace described)
The whole process seems expressly in violation of section 4, but i am no expert...
What I fail to see is how anyone can avoid GPL except by producing clean-room-code. I seem to recall Nvidia having this problem with their drivers a while back.
As an aside, isnt "chicken noodle soup" less than 30% chicken by volume? (but it is still considered a chicken product.) Your company's project might be 30% GPL code that was heavily edited (IMHO the only real weakness in the GPL is no "real" definition of "derived", however the common meanings of derive include "to trace the deveolpment of", which has been done...)
A couple of questions: Is it possible to write a perl/awk/sed script (or otherwise algorithmically describe the obfusciation? (since global replaces are used i would dare way yes...) If this is true then an argument can certainly be made that the work was "translated" from "ANSI c++" to "ANSI c++" (hasnt anyone done english-to-english translation between say a lawyer and an engineer? or perhaps heard of such things?). This translated copy would seemingly be covered by section 0 and all other sections (as incorporated into the defitition of modification)
just a few cents worth
-j.
Re:Cut and dried Copyright violation (Score:1, Insightful)
> The poster says they intend to release the obfusicated source code under the GPL. In this case the first person to buy the product has the right to obtain the source, re-compile it and re-distribute it. The fact the source is obfusicated does not prevent anyone from re-compiling and distributing it.
True, but anyone who tries to use that obfuscated source for ongoing development or maintenance (or trying to build a better competing product) would have a Hell of a time; better to just contract with the company and not go to all that trouble, yes? At least, that's what I'd expect the company's sales force to say when asked about this issue.
Re:You are not anal enough either. (IAAL) (Score:3, Insightful)
I think that this is a distinction that is much easier to make than the previous one you mentioned. All you have to do is to go to the computers where the people are actually writing the code and see what form of the program they are modifying. If they're working on the code in a format different from what is distributed, it's an easy case that the form that's being distributed isn't the preferred form for making modifications. That's especially true if you can find:
You're correct that this is not an open and shut thing, but it's not an intractable one, either. Most people have fairly sensitive BS detectors, and they're going to be able to tell that code that's been deliberately messed with to make modification more difficult is not in the preferred format for making modifications. All you have to do is show that a deliberate attempt has been made to obfuscate with the code and you're set.
Re:"viral license" (Score:0, Insightful)
> BZZZZZZZT! Almost all, if not every, SDK you download from MS allows you unlimited binary distribution of code that links the library. You can't Open Source the SDK, but most MS developers aren't interested in that anyway.
Keywords here are "derive" and "binary". Parent post was using "derive" in its Open Source meaning, where the operative word is "source", not "binary". Doing subclassing based on a header file is not the same as deriving a new work based on all the source files, not just headers.
Hire your own lawyer (Score:1, Insightful)
I would also recommend that you make your own paper copies of all the internal documentation that you can find regarding this decision process. It would be useful, at a future date, if the copyright owners whose rights are being violated can find these papers through the discovery process. Talk to your lawyer about a good way to do this.
Totaly bad (Score:1, Insightful)
Second: If this happens you can cont me in for the RI team that will turn the ofced souce back to the real form. The DCMA dosn't apply where I live (and if we ever get such stupid law i will move)
Third: Allso if your product is GPL you can still make mony from it (belive me). Theres no need to make a big PR of the GLP, just put it in your licence which nobody ever reads and put somewhere that the source code is avalible at and thats all (we sold over 4000 copis of our program and got only one request for the source code)
Re:Source code = preferred form for modification (Score:5, Insightful)
Excellent. So, to the original question: All your company needs to do is develop a text editor that works with obfuscated binary "source files", and add a step to the make routine that turns those obfuscated binary source files into obfuscated, yet compilable C, and there you go. Source files that you actually use to do modifications with, and are difficult or impossible to read (since nobody says you have to GPL your proprietary text editor that works with the obfuscated binary source files, or the program thats part of the build routine that turns them into C, because its not a derivative work of the GPL'd code in question, no more than Windows Notepad needs to be GPL'd because I looked at some Linux source in it).
No legal action possible until violation occurs (Score:3, Insightful)
Several posters have pointed out that obfuscation is a violation of GPL, or at least the spirit of the GPL.
Unfortunately, until your company actually releases a product based on obfuscated GPL code (commits a violation), you can't take legal action in the courts; you can only get a GPL-friendly lawyer to send nasty cease-and-desist letters.
In other words, you can't stop it until it's too late. And if you do sue, the copyright holder (the creator of the GPL code which was borrowed) will probably have to be named as a plaintiff, as the violation was commited against HIS copyright, or possibly the FSF as a plaintiff's representative yadda yadda yadda. YOU probably will not be able to file suit as a plaintiff directly, unless somehow you can do it as a representative of the party claiming loss.
If you do nothing else, inform the writer(s) of the original code of your company's intentions.
Re:Um... (Score:2, Insightful)
It is not a DIRECT violation because the GPL says nothing specific about obfuscation. Nor does it say anything more specific about what "source code" is other than the quote that has already been thrown around here already. Whether it is an indirect/interpreted violation is still up for grabs.
At best, you might get a comment from FSF or RMS as to the nature of "source code", followed by a favorable ruling from a judge in court. Perhaps they could change the GPL Version X+1 to more clearly define "source". At worst, this is perfectly valid and nothing can be done about it.
But either way, it has NOT been decided yet.
If it's GPL'd, can't YOU distribute it? (Score:2, Insightful)
Re:Dirty Pool! But also confusing. (Score:3, Insightful)
This is why the GPL defines what source code is. And source code is HUMAN READABLE. Thast the point of source code. Code that has been preprocessed in some way, even if it is not a machine readable binary, is NOT source code unless it is in a human readable and inteligable language.
I do believe that this issue is specifically addressed in the GPL (along with a few other situations, which is why the GPL is so damned long).
This is definitly a violation of both the letter and the spirit of the GPL, and I urge the person who asked this question, or anyone else working for this corperation to blow the whistle on this project. It is a direct attempt to subvert the free software community.
-Steve
Why do we need to buy your program? (Score:2, Insightful)
Now I can give away the program I built from GPL'ed source code.
How does your company sell a second copy of the program?
Re:Maintenance issues (Score:3, Insightful)
I recall a friend of mine who worked on a project that was designed obfuscated in the first place. Var names like vEh45c01, etc.
all proprietary, all aobscure, god forbid if the guy who designed it were to have an accident.
That said, would keeping the clear code represent a legal obligation? Since after all, the clear code is really the source, not the obfuscated stuff that you compile from.
Re:You are not anal enough either. (IAAL) (Score:5, Insightful)
I went across the hall at work yesterday and asked two lawyers who I often see over lunch about this. They said that while "preferred" and such terms are often fairly vague and cases hinge on those, in this case, where you can simply show the inability of the company to use the obfuscated code, and the obfuscating programs used, that it's dead simple.
Too bad modern judges can't hand down rulings that really cut to the heart of the problem...
Ruling that the company must delete all other source code and forever maintain the project using only this source code and other code in this form would quickly show if this was the preferred method.
(With creative and honest judges we could get by with a lot less of your type.)
Re:Why did it take so many posts? (Score:2, Insightful)
No it isn't. (Score:3, Insightful)
Re:Dirty Pool! But also confusing. (Score:3, Insightful)
So while you are right, they could defend people without assigning copyright to them, they are trying to protect the interests of Free Software, and protect hemselves from being abused.