Slashdot Log In
Is Linksys Violating The GPL?
Posted by
timothy
on Sun Jun 08, 2003 01:18 PM
from the could-just-be-a-glitch dept.
from the could-just-be-a-glitch dept.
jap writes "According to this post on LKML, Linksys is shipping firmware for (at least their) 802.11g access-points based on Linux - without any sourcecode available or mentioning of it on their site. This could be interesting: it might provide the possibility of building an ueber-cool accesspoint firmware with IPsec and native ipv6 support etc etc, using this information!"
This discussion has been archived.
No new comments can be posted.
Is Linksys Violating The GPL?
|
Log In/Create an Account
| Top
| 524 comments
(Spill at 50!) | Index Only
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Cisco IOS ? (Score:5, Funny)
Re:Cisco IOS ? (Score:5, Interesting)
(http://web.novalis.org/)
Re:Cisco IOS ? (Score:5, Interesting)
(http://web.novalis.org/)
Re:Cisco IOS ? (Score:5, Informative)
(http://web.novalis.org/)
Re:Cisco IOS ? (Score:5, Informative)
and what would that acomplish? (Score:5, Insightful)
I'm not sure (Score:5, Insightful)
(http://forums.boiledfrog.us/ | Last Journal: Friday February 21 2003, @01:08PM)
Re:I'm not sure (Score:5, Funny)
(http://www.phcomp.co.uk/)
Man... (Score:5, Insightful)
ER
Re:Man... (Score:5, Insightful)
(http://www-jcsu.jesus.cam.ac.uk/~mjg59)
Does it matter ? (Score:3, Interesting)
Re:Does it matter ? (Score:5, Insightful)
Yes it does. It means that until now noone has had the guts to risk a legal confrontation to free themselves from the requirements the GPL imposes.
And even if the GPL has no valid legal meaning, what remains? Standard copyright law. So without the GPL you don't even have the right to download the source, let alone modify and republish it!
Re:Does it matter ? (Score:5, Informative)
(http://www.ganymeta.org/)
That's silly, and wrong. The GPL is an affirmative grant of rights, providing you comply with its terms. If you don't want to comply with its terms, no problem, you just don't have any rights to copy someone else's stuff. That prohibition on copying someone else's stuff isn't a consequence of the GPL, it's a consequence of copyright law in this country.
The only way for the GPL to lose all effectiveness in the way that you imply would be if a court someplace were to rule that the GPL's terms were ridiculously onerous, and that by handing it out to everyone for public download without requiring a click-through license, the stuff had effectively been placed in the public domain.
This is about as likely as a court someplace declaring that Microsoft's software was licensed with unduly onerous terms, and that their stuff was therefore public domain as well.
I.e., not likely at all. I don't think copyright is like trademark law, where if you don't take steps to protect your mark, you can lose it.
IANAL, but the guy who drafted the GPL [columbia.edu] is.
Re:Does it matter ? (Score:4, Interesting)
IIRC, that can't really happen accidentally. About the only way something of significance can enter the public domain, sans copyright expiration, is an explicit statement of the legal copyright holder to that effect. i.e., "this work is entered into the public domain."
C//
Better drivers? (Score:4, Interesting)
Anyone who have one must have noticed it.
The one thing to say to their defence is that they are usually "driver friendly" with their PCMCIA WiFi cards.
I just hope that now they will wake up, straighten up the mess, and start helping the community with supporting 802.11g in Linux for their NIC's.
At least they're using Linux (Score:3, Insightful)
It could be argued that GPL compliancy will make it better, but as far as I can see it's still much better than what it could potentially have been.
In case gets /.ed (Score:5, Informative)
Sorry for the very lengthly posting, but I want to be as precise as possible in describing this problem.
Awhile ago, I mentioned that the Linksys WRT54G wireless access point used several GPL projects in its firmware, but did not seem to have any of the
source available, or acknowledge the use of the GPLed software. Four weeks ago, I spoke with an employee at Linksys who confirmed that the system did use Linux, and also mentioned that he would work with his management to ensure that the source was released. Unfortunately, my e-mails to this
individual over the past three weeks have gone unanswered. Of course, I also tried contacting Linksys through their common public e-mail accounts (, ) to no avail.
However, it is hard for me to know if my contact in the company has just gone on a three week vacation (and not set an auto-responder), or has been asked to not answer anymore mail on this subject. Also, I should note that I don't own this product, so I can't determine if the source is shipped with it.
However, I have gone through all the available information on the Linksys website, and can find no reference to the GPL, Linux (as it relates to this product), or the firmware source code. Also, the firmware binary (see below) is freely available from their website. There is no link from the download page to the source, or any mention of Linux or the GPL. Finally, it would be
strange if the source was included in the physical package, as my contact at Linksys was initially unaware Linux was used in this product.
The following steps can be used to determine the exact nature of the possible GPL violation.
1. Go to the following URL:
http://www.linksys.com/download/firmware.asp?fwid= 178
2. Download the "firmware upgrade files":
ftp://ftp.linksys.com/pub/network/WRT54G_ 1.02.1_US _code.bin
(MD5SUM: b54475a81bc18462d3754f96c9c7cc0f)
3. While it is downloading, confirm that there is nothing on the webpage to indicate that this binary contains GPLed software.
4. Once the download is complete, copy the contents of the file from offset 0xC0020 onward into a new file.
dd if=WRT54G_1.02.1_US_code.bin of=test.dump skip=24577c bs=32c
5. Notice that this file is an image of a CramFS filesystem. Mount it.
6. Explore the filesystem. You will notice that the system appears to be based on Linux 2.4.5. Incidentally, there is at least one other GPLed project in the firmware: the BusyBox userland component: (http://www.busybox.net/)
7. The Linux kernel (I think) is mixed up with a bunch of other stuff in: bin/boot.bin
You might want to know why I am interested in getting the code for the kernel used in this device.
There's been some discussion here about Linux's lack of wireless support for a few of the newer 802.11b and (nearly?) all 802.11g chips. Incidentally, Linux has excellent support for at least one manufacturer's wireless family.
The following Broadcom chips all appear to be supported under Linux -- if you happen to be running Linux on a MIPS processor in a Linksys router:
Broadcom BCM4301 Wireless 802.11b Controller
Broadcom BCM4307 Wireless 802.11b Controller
Broadcom BCM4309 Wireless 802.11a Controller
Broadcom BCM4309 Wireless 802.11b Controller
Broadcom BCM4309 Wireless 802.11 Multiband Controller
Broadcom BCM4310 Wireless 802.11b Controller
Broadcom BCM4306 Wireless 802.11b/g Controller
Broadcom BCM4306 Wireless 802.11a Controller
Broadcom BCM4306 Wireless 802.11 Multiband Controller
This list was produced by running strings on:
lib/modules/2.4.5/kernel/drivers/net/wl/wl.o
I am trying to determine exactly how tightly coupled these drivers are to the kernel.
As an aside, I know that some wireless companies have been hesitant of releasing open source drivers because they are worried their radios might be pushed out of spec. However, if the drivers are alre
Cool. (Score:5, Insightful)
The Linux kernel license says you can code proprietary modules, as long as the interface is part of the stock kernel (in other words, GPL)
So you can make a proprietary network driver, as long you don't haev to modify the main kernel to get it to work; you are under no obligation to release that source at all. If you have some way of hacking an entire realtime OS to look like a network drive to the kernel, that would comply.
So, linksys should be redistributing the linux sources, however, if their custom work is confined to modules & userland code, they are under no obligation to release the source to those drives. And as linux already has a kernel interface for network & wireless network, there is no reason to expect them to release that code.
Re:In case gets /.ed (Score:5, Interesting)
(Last Journal: Thursday September 13, @12:15PM)
I could imagine quite possibly that they've signed some NDAs that won't allow them to release all their source code. Then this GPL stuff means that they have to release all their source code -- or so it seems.
So now they've got to figure out what to do, and while they're figuring, it's legally safer to say nothing to anyone.
Probably their best way out is either get the NDAs released [unlikely], or find out the individual authors of their modules, and work out individual licensing agreements [difficult, but possible] that keep it outside the GPL. At that point, though, you won't have your information.
That said, I have to think about SCO, and think that one shouldn't take a "All your codebase are belong to us" approach. My feeling is that trying to knock others out to get what you want, is kindof evil. And that goes in both directions.
So I think persistance is key, here, but if they made a mistake, (1) don't gloat -- rather, be meek (2) still be persistent, and try to get FSF's help pursuing this (3) hopefully get the FSF to offer them help in finding for themselves a legally sound position.
P.S. Good hacking job [and yes, that's hacking not cracking, though I hope that they don't just decide 'hit him with the DMCA -- he's too small to fight it.' Ugh. This DMCA gives all the power to big criminals, it seems to me, and takes power away from little law abiders.
Re:In case gets /.ed (Score:5, Interesting)
It's too late for that: whether they do or do not release the source code at this point, they have already lost their right to release the binary. And their GPL violation is not that they haven't put up the source code for FTP somewhere, the GPL violation is that they didn't identify the product as using GPL'ed code in the first place, accompanied by an offer to make the source code available.
That said, I have to think about SCO, and think that one shouldn't take a "All your codebase are belong to us" approach. My feeling is that trying to knock others out to get what you want, is kindof evil. And that goes in both directions.
If someone has violated SCO's copyright in the way they claim, they should be punished severely: copyright violations like those claimed by SCO threaten not only companies, they threaten the very existence of open source software. (However, I believe that SCO's claims are bogus, so I don't see much danger of that happening.)
Likewise, if Linksys has violated the terms of the GPL, they should be punished severely. Linksys's behavior, shipping GPL'ed code without identifying it as such, is a fundamental violation of the GPL, and if the only consequence is that companies have their wrists slapped when found out (and it has taken years to find this out about Linksys), it undermines the whole idea of the GPL.
Requirements (Score:5, Informative)
It would be nice if they included at least a copy of the GPL and a linux installation CD in the back of their manual though, since that would be a way of distributing the code, if not more than the code, and would probably make them in compliance.
Hell, TurboLinux install CDs came with hardware that Linux couldn't even use, for a while...
More From the Kernel List (Score:5, Interesting)
(Last Journal: Tuesday September 11, @01:41PM)
A very interesting bit from the busybox maintainer, who has evidently already sent linksys two letters [lkml.org]
A post outlinging the possibility that Belkin is also shipping GPL'd code [lkml.org]
A few other people are throwing their two cents in, but those were the most interesting, code be an interesting test of corporate policey, and the ability of the GPL to withstand a court battle.
Alternate browser support (Score:5, Funny)
(Last Journal: Sunday June 29 2003, @08:38PM)
Here's their reply:
--K.
Only if they changed something... (Score:5, Insightful)
(Last Journal: Monday April 03 2006, @07:23PM)
I worked eight years as a firmware engineer. In the last three, I dealt almost exclusively with Linux.
And I can assure you that we didn't need to change any GPL'd code to get what we wanted. Even on fairly custom hardware, we could find preexisting GPL'd code to do 99% of what we needed (and wrote user-space drivers where possible, and modules where not). No need to release anything if you don't change anything, to comply with the GPL.
Whether ethical or not, plenty of legal ways of circumventing the intent of the GPL exist. And, like it or not, eliminating those loopholes (which would basically require forcing any program that runs under linux to use the GPL) would kill Linux in the business world.
Re:Only if they changed something... (Score:5, Interesting)
You may be thinking of the LGPL [gnu.org] instead, which relaxes redistribution requirements.
Agreed. (Score:5, Informative)
You can (section c) simply pass along the written offer YOU received, if you are simply redistributing, and not modifying, but only if it's NON-COMMERCIAL, and only if you yourself received the written offer. IF they are using stock linux kernels, there is no written offer, so
3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following:
* a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or,
* b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or,
* c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.)
Re:frankly, this seems stupid (Score:5, Insightful)
Think of this as a check on honesty of GPL adherents. If you don't make the offer or even admit that there is GPLed code in your product, you are probably doing it for a reason (i.e. you are hiding something). If they really aren't hiding anything, and it was a simple oversight, then why don't they reply to emails about it and just point out that no modifications were made, and stick a source mirror up on their FTP site? The cost is practically nil to them to adhere to the license, assuming they are playing by the rules, so what's the big deal?
It might be available (Score:5, Informative)
(http://spf.pobox.com/)
Re:How did this work for the Tivo? (Score:4, Informative)
Even before they had an FTP site, they would ship promptly and for a very reasonable fee, source on CD-R.
The real guts of the product, including all substantial video-related drivers, are in loadable modules. The kernel and provided source have just enough hardware-specific code to calm the hardware down enough to allow the kernel to get started.
As far as I can tell, Tivo have done everything they need to under GPL.
[Disclosure of interests: I own a small amount of Tivo stock. When I ordered the source code way back when, they included a nice Tivo hat along with the CD.]
Would source be interesting? (Score:5, Insightful)
(http://www.tzs.net/)
If Linksys did things right, however, those drivers will be compiled as modules, which they don't have to release source for (well...unless they started from GPL'ed driver source, of course).
Aside from the drivers, everything else interesting should be implemented as applications, which can be closed source on Linux.
So, don't get too excited: becoming fully GPL-compliant might consist of them simply putting up source for a stock kernel, and putting something about the GPL in their documentation.
Obligatory "not a GPL violation" post. (Score:5, Interesting)
First, as someone else already said, just becuase it uses a linux kernel doesn't mean they modified anything, it could be a stock kernel. If they wrote userspace drivers and/or kernel modules using existing interfaces for their custom hardware, they are not obligated to release anything.
Secondly, if they weren't abiding by terms they had to according to the GPL, it would be COPYRIGHT violation, not license violation, as if you don't comply with the license, copyright law says they can't redistribute it. I know it seems like a silly point, but it's not.
People talk about the GPL being "tested in court" and whatnot.. but the fact is: If you don't accept the GPL as valid, then copyright law still stands, and says you can't redistribute, or make derivitive works. A judge can rule the GPL as invalid, but that would mean that nobody had any rights to redistribute anything.
It's not a license you had to accept and agree to in order to use the product.. so you can't "violate" it.
Linus, or any other kernel developer could go to linksys, and say "I have not granted you permission to use my copyrighted work, please demonstrate why you think you are allowed to do this". They can then either cite how the GPL allows them to do what they do, or concede that they have no right to distribute.
So as unclear as I can be.. it's not a GPL violation... and people are not forced to release code because of a nonexistant GPL violation... although that might be an acceptable remedy to all parties in most cases. They could also be forced to simply stop doing it.