Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
GNU is Not Unix Your Rights Online

MPAA Forced To Take Down University Toolkit 292

bobbocanfly writes "Ubuntu developer Matthew Garrett has succeeded in getting the MPAA to remove their 'University Toolkit' after claims it violated the GNU GPL. After several unsuccessful attempts to contact the MPAA directly, Garrett eventually emailed the group's ISP and the violating software was taken down."
This discussion has been archived. No new comments can be posted.

MPAA Forced To Take Down University Toolkit

Comments Filter:
  • by garcia ( 6573 ) on Monday December 03, 2007 @10:07PM (#21567065)
    Linking to a LiveJournal post that reads:

    MPAA don't fuck with my shit.

    (And yes, I did attempt to contact them by email and phone before resorting to the more obnoxious behaviour of contacting the ISP. No reply to my email, and the series of friendly receptionists I got bounced between had no idea who would be responsible but promised me someone would call back. No joy there, either.)


    Awesome.
  • Duh (Score:5, Funny)

    by explosivejared ( 1186049 ) <hagan.jared@g[ ]l.com ['mai' in gap]> on Monday December 03, 2007 @10:10PM (#21567081)
    This is news?! What is up with that! Every body knows that the RIAA is a completely honest and upright organization. They practice what they preach. They obey everyone else's takedown notice, be it gpl or dmca, whatever, just like they expect you to obey their takedown notices. I can't wait to see the day that all these trolls on slashdot finally go the way of the dinosaur and the true intellectuals out there call the RIAA what it is! It is an honest, upright, artist first organization! IF YOU CAN'T HANDLE THAT GET OFF SLASHDOT!!

    ;)
  • by Oriumpor ( 446718 ) on Monday December 03, 2007 @10:11PM (#21567097) Homepage Journal
    Next they'll contract a russian ISP and put the torrent up on one of their trackers...
    • Re: (Score:2, Funny)

      by Anonymous Coward
      It's very common in pseudo-democracies for common citizens to contract ISPs. I lived in Moscow for several years in the eighties, and several of my acquaintances (I had no true friends, being a Serb), contracted ISPs. Sexual intercourse was rarely involved, but when it was, it was a bit more satisfying than your run-of-the-mill bar encounter.

      Since I was not a citizen (I was there illegally), I was unable to contract an ISP. I feel I missed out somehow, but I got over it after Glasnost.

      Anyway, my point is, y
      • Re: (Score:2, Insightful)

        by Sanat ( 702 )
        Your post is really interesting, however I feel that I am missing at least one of the points you made in it.
  • Explanation. (Score:5, Informative)

    by Whiney Mac Fanboy ( 963289 ) * <whineymacfanboy@gmail.com> on Monday December 03, 2007 @10:12PM (#21567103) Homepage Journal
    Explanation.

    As TFS & TFA have little info, here's some background:

    The MPA(A) released a Xubuntu derived livecd with a bunch of F/OSS tools to assist universities in monitoring their networks. *rolls*eyes*. More info about the software in this Washington Post article [washingtonpost.com].

    Unfortuntately the CD as shipped contained no source & no written offer for the source, so was in violation of the GPL (and hence, the MPAA are in violation of various software author's copyright).

    After several attempts to reach contact the MPAA, the ubuntu developer sent a takedown notice to the hosting ISP.

    I hope he now presses for copyright violation - as he so elequoently says: MPAA don't fuck with my shit.
    • by Aladrin ( 926209 )
      Wait, last I checked, you merely had to tell people where to get the source. As all (x|edu|k)ubuntu distros have that built into the package manager, they -had- told people how to get the source.

      Or are you suggesting that each distro made from Ubuntu must have its own separate repository for the source? That clearly flies in the face of what already exists.
      • Re:Explanation. (Score:5, Informative)

        by faedle ( 114018 ) on Monday December 03, 2007 @10:23PM (#21567203) Homepage Journal
        The MPAA was distributing "modified binaries" of GPLed software without distributing, or offering to distribute under the terms of the GPL, the modifications.

        Even if all you do is change a strcat(); line, you have to (at minimum) distribute that change's source.
        • Actually (Score:4, Informative)

          by p3d0 ( 42270 ) on Monday December 03, 2007 @10:40PM (#21567387)
          Even if you don't change a line of code, you still have to distribute (or offer to distribute) source if you're distributing the binaries.
          • Re: (Score:3, Informative)

            by faedle ( 114018 )
            They actually are "distributing the source", granted via the Ubuntu package system. You could argue in court (and probably get traction with the argument) that you were obeying the "spirit" of the license agreement.

            Where that breaks is when you change the code (like they did with ncat), and then not distribute the changes in the form of a diff. That's not a minor "technicality:" that's the whole purpose of the GPL, is to require that if you make those kinds of changes you distribute your code changes.
            • Re:Actually (Score:5, Insightful)

              by poopdeville ( 841677 ) on Monday December 03, 2007 @11:07PM (#21567551)
              I saw no indication that the MPAA was hosting their own apt repositories with source. If you mean that sources.list was pointing at Ubuntu's servers, that's not good enough. That's Ubuntu doing the distribution.
              • Re: (Score:3, Informative)

                by faedle ( 114018 )
                That theory has never been argued in a court of law, AFAIK.

                You could argue that, provided you do nothing to hinder the user from accessing it, that providing a URL to somebody who hosts the code IS distribution.

                That might not be the FSF's reasoning, mind you.

                But, I'm quite sure that the court would at least hear the argument: "While we personally didn't distribute the source code, we made arrangements for the source code to be obtained free of charge on the Internet through a third-party."

                In brief, you're m
                • Re: (Score:3, Informative)

                  by jonbryce ( 703250 )
                  The GPL is quite clear on this

                  You must do one of the following:

                  a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or,

                  [with the further clarification that: "If distribution of executable or object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution
            • Stop talking shit (Score:5, Informative)

              by Chuck Chunder ( 21021 ) on Monday December 03, 2007 @11:26PM (#21567659) Journal
              You do not have to distribute "changes in the form of a diff", or "distribute your code changes" in particular.

              You must distribute (or offer to) the complete source code corresponding to the binaries you distribute. The whole purpose of the GPL is that someone getting a binary can get the full source for the binary.
          • If you are distributing binaries non-commercially and you got those binaries as is from elsewhere (ie didn't compile it yourself from source) then you can simply pass on the offer that you were given, as per 3c of the GPL.

            Otherwise if I were giving a Ubuntu CD to a friend I'd have to be prepared to distribute the source to him too! As it is I can just refer him to the offer Ubuntu gave me.

            That may even apply to most of the packages aggregated on the Xubuntu CD the MPAA were distributing (I haven't see
            • Re: (Score:3, Informative)

              by Kadin2048 ( 468275 ) *

              For the changed packages it would be interesting to know what the changes were, to the extent that can be determined without the source.

              It would be interesting, I suppose, from an academic point of view, but it doesn't really matter. As long as they changed them, even the slightest bit, they're required to distribute (or offer / provide a method for users to obtain) the complete sources to the modified components -- specifically not diffs [gnu.org] -- or they're in violation of the GPL.

              Even if all they did was change a few strings or customize an interface, they have to distribute the changed components in source form along with the binaries.

              • It would be interesting, I suppose, from an academic point of view, but it doesn't really matter.

                It might matter. I don't know what they did (and there seems surprisingly little public analysis) but it's feasible to imagine a scenario where someone got the functionality they wanted by merely changing configuration files relating to the binary package rather than changing the actual source and recompiling.

                If that were the case I'm not sure that they would necessarily have to distribute because of the GP

                • this chaps comment [slashdot.org].

                  It would be nice to know precisely what went on. Obviously we don't have to be told, but if "MPAA don't fuck with my shit" is going to be splashed around the kernel/Debian/Ubuntu planets I think it's reasonable for people to be interested in the details.

                  Perhaps this story can get even wierder and the MPAA will post the DMCA notice on Chilling Effects [chillingeffects.org]
              • by dwater ( 72834 ) on Tuesday December 04, 2007 @12:35AM (#21568121)
                Well, it depends on what they changed. If they added code to phone home a lot with lots of personal information....that would be interesting from more than a purely academic point of view (IMO).
      • Re: (Score:2, Informative)

        by Anonymous Coward

        Wait, last I checked, you merely had to tell people where to get the source.

        Common misconception at least with regard to GPLv2 because when it's done that way, FOSS authors often let it slide but strictly speaking it's a license violation. Quoting from GPLv2 section 3:

        3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following:

        a) Accompany it with the com

        • Re:Explanation. (Score:5, Informative)

          by faedle ( 114018 ) on Monday December 03, 2007 @10:34PM (#21567321) Homepage Journal
          Additionally, it is my understanding they actually made some changes to ntop, and did not provide any instructions on how to obtain the changes.

          So, it's not even a technical violation in the letter of the license, it's a legitimate violation of the spirit of the license. They are distributing a change to the code without source.
          • Re:Explanation. (Score:5, Informative)

            by andy753421 ( 850820 ) on Tuesday December 04, 2007 @12:28AM (#21568087) Homepage
            I would be really interested in seeing some data to back up this claim. When the toolkit was first released I downloaded a copy and checked the md5sums on both the ntop binaries and the snort binaries. Both corresponded to the binaries I downloaded form the Ubuntu server.

            There was also a page on the 'monitor' site that stated the software was released under the GPL, but I don't recall if it included a copy of the license itself. The MPAA code seemed to be kept separate and the license on that was unclear, however there were Java Server Pages distributed as binary only as well as some shell scripts and maybe some python (again, i don't remember).

            Does anyone know of a mirror of the original ISO? I would like to look at it further but I deleted the one I originally downloaded.
      • Wait, last I checked, you merely had to tell people where to get the source.

        When did you last check? Prior to the GPLv2 at least. From gpl-violations.org's FAQ [gpl-violations.org]:

        Remember the license requires you make source available to your customers with the product or to include a written offer. Putting a zip of the relevant sources on the Documentation CDis a great way to do this.

        Or are you suggesting that each distro made from Ubuntu must have its own separate repository for the source? That clearly flies in the face o

      • Re: (Score:2, Insightful)

        by Anonymous Coward
        Wait, last I checked, you merely had to tell people where to get the source. As all (x|edu|k)ubuntu distros have that built into the package manager, they -had- told people how to get the source.

        I don't see the standard package manager anywhere in the MPAA UT Admin Guide [universitytoolkit.com] (PDF). It appears to go straight from the splash screen to the "Peerwatch" configuration.

        Besides, the GPL section 3 is pretty clear on this: if you're not distributing source code yourself (option a), or a written offer to sell it (option
        • then you must "Accompany [the program] with the information you received as to the offer to distribute corresponding source code". Unless you count disassembling the install CD, they haven't met this at all.

          Remember also: that's only an option for noncommercial distribution. I think what they're doing is pretty close to commercial distribution -- I'm not intimately familiar with how the GPL defines "commercial" but I wouldn't simply assume that because they're not charging for it directly that they're allowed to fall under non-commercial, particularly if they're using it in order to advance a business position or working on behalf of for-profit entities.

      • Wait, last I checked, you merely had to tell people where to get the source.

        No, each organization that distributes GPL binaries has to supply their own copy of the source. It's not sufficient to point out some other website that has it.

        I know this because I subscribe to the Cygwin mailing list, which has discussed this extensively. The Cygwin DLL is a POSIX emulation layer for Windows, and it's quite common for companies to port their *NIX apps to Windows with Cygwin, and then to bundle their app wit

    • Re:Explanation. (Score:5, Interesting)

      by zonky ( 1153039 ) on Monday December 03, 2007 @10:17PM (#21567145)
      Should also be made clear that the tools only identified torrent users, and didn't make any attempt to distinguish between 'naughty' and legal torrents.
    • The ISP will probably receive a nastygram from an MPAA lawyer soon and put the material back up. Then the fireworks will really begin.

  • Classic. Absolutely classic.
  • Encouraging result (Score:5, Interesting)

    by GroeFaZ ( 850443 ) on Monday December 03, 2007 @10:19PM (#21567171)
    but at the same time rather worrysome what a simple email to the ISP can do, even if it's for a good cause. Why not sue them and make things bullet-proof and at the same time strengthen the GPL in court, rather than sorting things out vigilantism-style? A pile of court-issued takedowns might be a more impressive repellant against future violations of the GPL (or any other such license) than a pile of social-engineering-issued takedowns. Don't associate "social engineering" with the negative connotation of spam/phising/etc. as I used it; instead, read it in its original meaning: someone requested a blocking of content from an ISP, essentially (TFA is void of details) only with convincing arguments but no hard proof that the GPL was indeed violated.
    • by ScrewMaster ( 602015 ) on Monday December 03, 2007 @10:26PM (#21567227)
      On the other hand, the MPAA should have had all it's ducks lined up in a row. They're big boys, they can afford to do things right. The fact that they didn't bother is another indication of their above-the-law attitude. They really just don't care. I'll bet they're caring now, and I'll bet there are some heads rolling in the legal department right now.

      The delicious irony here is that the MPAA drafted the DMCA and were primarily responsible for pushing it through Congress.
      • by GroeFaZ ( 850443 )
        I'll bet they're caring now, and I'll bet there are some heads rolling in the legal department right now.

        No shit. And, since this Livejournal entry made slashdot front page, the entire world and beyond knows. The only logical conclusion: the MPAA is preparing self termination out of shame and drafting the necessary papers as we speak.
      • by dbIII ( 701233 ) on Monday December 03, 2007 @11:44PM (#21567777)
        They won't care. There's currently the idea that some people are above, below or completely outside the law. Since they were involved in drafting some copyright laws they are of the opinion that those laws are not for them and are only for the peasants.
      • by dwater ( 72834 )
        > and I'll bet there are some heads rolling in the legal department right now

        ...or at least some eyes...
      • Why is it ironic that the MPAA drafted the DMCA? This was a violation of copyright, which existed prior to the millennium.
    • "Simple email" (Score:5, Informative)

      by ucblockhead ( 63650 ) on Monday December 03, 2007 @10:31PM (#21567293) Homepage Journal
      DMCA takedown notice is exactly the legal action you are supposed to take in these situations. It is not "social engineering". He has every legal right to do it.
      • Re: (Score:2, Insightful)

        by GroeFaZ ( 850443 )
        Then let me ask in a different way. Was invoking the DMCA the only tool to achieve the goal? If not, then it was at least not a bad choice tactically, because it got the job done. But then it was also a bad strategic choice, because it honored the tool merely by using it.
        • Re: (Score:3, Insightful)

          by ucblockhead ( 63650 )
          Yes, and if instead he sued the MPAA and won damages in court, he'd be validating the MPAA tactic of suing individual users for posting copyrighted movies for damages.
          • Don't be ridiculous. If the GPL is never enforced or threatened to be enforced in court, you will continue to see violations such as this.
    • Why not sue them and make things bullet-proof and at the same time strengthen the GPL in court, rather than sorting things out vigilantism-style?
      He asked the offending party, the MPAA, to take it down, they ignored him. He asked the ISP to deal with it, they took it down. How is that "vigilantism-style"? Dealing with it himself rather than running to a lawyer? I don't get it.
    • Because now the ball is in their court,they either admit they violated copyright law and leave it down, or counter and puting it back up and letting the legal chips fall where they may by take legal responsibility. It'll be impossible for them to say "sorry, we didn't realize we were infringing" if they counter claim.
    • by swillden ( 191260 ) <shawn-ds@willden.org> on Monday December 03, 2007 @11:42PM (#21567763) Journal

      but at the same time rather worrysome what a simple email to the ISP can do, even if it's for a good cause... A pile of court-issued takedowns might be a more impressive repellant against future violations of the GPL (or any other such license) than a pile of social-engineering-issued takedowns.

      We're not talking about a "social-engineering" takedown, but about a takedown notice defined and authorized by federal law, and enforceable in any court in the land.

      IMO, the takedown notice defined in the Digital Millenium Copyright Act is one of the few good things in that law. It says that if someone is publishing your copyrighted materials on the Internet, all you have to do is send a notice to the ISP, stating that the material is yours. The ISP is then *required* to take it down, or else be considered guilty of infringement. On the other hand, if the ISP does take it down, they are granted a "Safe Harbor" status, meaning that they're absolutely free of any liability for the infringement.

      If something you've published on-line is taken down as a result of a DMCA takedown and it is not infringing, all you have to do is send the ISP a notice stating that the material is not infringing. The ISP can then put the material back on-line, without losing the "Safe Harbor" status. The system is set up so that the ISP doesn't end up trying to determine what is infringing and what is not.

      Both the DMCA takedown notice and the counter-notice are sworn affidavits, meaning that when the issue goes to court any untruths in the notices can be prosecuted as perjury. So there's a strong disincentive for someone to issue a DMCA takedown frivolously, as it will cost the publisher almost nothing to get the takedown reversed, and may land the issuer in hot water. Likewise, there's a strong disincentive for a publisher of infringing materials to issue a counter-notice.

      And, above all, the ISP who is caught in the middle is shielded from any potential liability, and doesn't have to make any attempt to adjudicate the ownership of the materials (which, obviously, no rational ISP would do anyway -- if in doubt they'd just take it down and leave it that way).

  • by gillbates ( 106458 ) on Monday December 03, 2007 @10:21PM (#21567185) Homepage Journal

    for copyright infringement as well.

    Now that would be poetic justice.

  • by Esion Modnar ( 632431 ) on Monday December 03, 2007 @10:47PM (#21567425)
    Now THAT is the (accurate) headline I want to read!
  • Possible deterrent? (Score:5, Interesting)

    by sessamoid ( 165542 ) on Monday December 03, 2007 @10:49PM (#21567437)
    IANAL, but why don't OSS developers offer a GPL-free version of their software for some really high price. That way, when big-media tries to steal (their words, not mine) their creative works, the developers can sue them for legitimate damages, citing a stratospheric market price per copy, then multiply the number of CDs they've distributed by their stratospheric market price to get damages from them?

    "The MPAA/RIAA has distributed 1500 copies of my work. I offer that software at $50,000 per copy. They owe me 75 million dollars in damages!"

    That's basically what they big media is trying to do to the consumers, isn't it?

    • by Endymion ( 12816 )
      Now, if you could only pull the money-exchange game that big-business likes to pull, I'd think this strategy would actually work. (well, at least as well as the MPAA's version)

      With a lot of "IP" issues, big business loves to sell these highly-priced items (patents, probably) back and forth. In the end, it's not actually any significant profit for any one player, but a lot of money changes hands making "sales" of their stuff.

      So... if you could somehow get two Free Software groups to buy this commercial high-
      • "two Free Software groups to buy this commercial high-priced license from each other (net gain: $0)..."

        Or possibly net loss $30,000 in taxes on two $50,000 sales. Check with your tax accountant before trying this.

    • by forkazoo ( 138186 ) <wrosecrans AT gmail DOT com> on Monday December 03, 2007 @11:19PM (#21567617) Homepage
      You don't really need "actual damages" because you can go for statutory damages. If you can prove willfull infringement, you can get 150,000 per offense. If you skip proving willfullness, I think this is the section that applies:

      (1) Except as provided by clause (2) of this subsection, the copyright owner may elect, at any time before final judgment is rendered, to recover, instead of actual damages and profits, an award of statutory damages for all infringements involved in the action, with respect to any one work, for which any one infringer is liable individually, or for which any two or more infringers are liable jointly and severally, in a sum of not less than $750 or more than $30,000 as the court considers just. For the purposes of this subsection, all the parts of a compilation or derivative work constitute one work.

      $30,000 a pop ain't bad money if you can swing it. I'm not sure exactly what the result would be if you claimed "actual damages" on a zillion dollar price tag despite never having had an "actual sale." Judge might throw out the claim, I suppose. AFAICT, worst case would just be to get laughed at with the huge price tag and then just fall back to statutory damages instead.
    • IANAL, but why don't OSS developers offer a GPL-free version of their software for some really high price. That way, when big-media tries to steal (their words, not mine) their creative works, the developers can sue them for legitimate damages, citing a stratospheric market price per copy, then multiply the number of CDs they've distributed by their stratospheric market price to get damages from them?

      You jest, but the damages they arrive at are statutory. The ruse, technically, is unnecessary.
    • by syousef ( 465911 )
      Do this anyway. They sue for thousands of dollars per song downloaded and I've never seen a song being sold for that much per copy.
    • I don't know, something about "higher moral ground" or "don't stoop to their level" keeps going through my head when I read your post. Maybe it's just me though.
    • by deblau ( 68023 )

      The copyright owner is entitled to recover the actual damages suffered by him or her as a result of the infringement, and any profits of the infringer that are attributable to the infringement and are not taken into account in computing the actual damages.

      See here [cornell.edu]. If you charge a gazillion bucks for your non-GPL software and no one buys it, you'll have a hell of a time proving in court that you suffered any actual damages. You have to price it competitively, and then you might as well be selling it for

  • by Trailer Trash ( 60756 ) on Monday December 03, 2007 @11:23PM (#21567627) Homepage
    Instead of saying they "violated the GPL", let's keep this simple. They violated copyright law. By their own definition, they're "pirates". They stole. Etc.
    • The breached the license and violated the copyright.
    • Well, I'll go with you in saying that, if the allegations are true, they appear to have violated copyright law by breeching their license to distribute (i.e. the GPL), but I don't like distorting my speech to say that they "stole" anything, even if they do have that coming. Though you did say by "their own definition," it's still not a definition I can accept.

      That said, I think that'd make the blaggards filthy copyright infringers who deserve to walk the plank. I also think they are hypocrites who obvious
  • by VeryVito ( 807017 ) on Tuesday December 04, 2007 @02:26AM (#21568821) Homepage
    I read this post and immediately pictured Ewoks dancing in the forest as the Death Star burned above them. Sure, you know it's not over, but what a nice blow against the Dark Side.

The end of labor is to gain leisure.

Working...