Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Piracy Software

Hamstersoft Ebook App Rips Off GPL3 Code, Say Calibre Devs 283

Nate the greatest submits news of a claim that a recently released ebook application from Hamstersoft is actually built from code lifted from calibre, the ebook library app. He writes "It turns out that one calibre contributor is now reporting that his code was pirated for Hamstersoft. You can find the full details over on John Schember's blog. It's technically complicated and quite long. You can also find a non-technical summary. The short-short version is that Hamstersoft needs to give away a complete source code for the Hamstersoft Ebook Converter because that app uses parts of calibre, which is licensed under GPL v3. John gave Hamstersoft a month to comply and they did not. Now that app is clearly a GPL violation."
This discussion has been archived. No new comments can be posted.

Hamstersoft Ebook App Rips Off GPL3 Code, Say Calibre Devs

Comments Filter:
  • Sigh... (Score:2, Insightful)

    Queue the GPL critics praising the BSD license. The short-short-short of it is that if these fuckers didn't want to have to abide by the GPL3 license, they shouldn't have been lazy pieces of worthless stealing shit and wrote their own fucking code.

    I hope they get sued into fucking oblivion.

    • Re: (Score:3, Insightful)

      by Anonymous Coward
      Um what? GPL, BSD, WTFPL whatever, it's still a license breach and GPL vs. BSD has nothing to do it. We argue that GPL doesn't achieve it's stated goals regarding freedom, how does that relate to someone breaching a license? That it wouldn't have occurred under BSD? So what? It's not BSD licensed and it's clear by picking the GPL that the author wants the things the GPL provides which the author has every right to do, even a BSD fanboi can't argue with that. You're post is flamebait.
    • Re:Sigh... (Score:4, Informative)

      by Stiletto ( 12066 ) on Sunday August 14, 2011 @02:15PM (#37087820)

      "Queue" the GPL critics?

      Really? "Queue"?

    • With the BSD license it would be a non-issue because people can do what they want with it.

      That's not to say that people like like the BSD license think it's OK to violate the licensing agreement.

  • It looks like they do offer the code for the product?

    http://ebook.hamstersoft.com/en/support [hamstersoft.com]

    Link to a ZIP file at the bottom of the page above.

    So, is this a non-issue or did the company throw the code up quickly to avoid the DMCA?

    • by Nate the greatest ( 2261802 ) on Sunday August 14, 2011 @02:12PM (#37087794)
      I'm told that it's not a complete set of source code. - signed, guy who submitted the story.
    • by Zocalo ( 252965 )
      Hamstersoft doesn't appear in the Wayback Machine, but Google's cached version [googleusercontent.com] is dated August 6th and includes the download link. Both the linked accusations are from the last couple of days, so it looks very much like while John Schember may have correctly accused Hamstersoft over a month ago he forgot to check the download page before publicly spouting off on his blog.
      • by Zocalo ( 252965 )
        Scratch that. You need to go to the original blog post to get the facts, but John's post claims Hamstersoft hasn't posted all the code, as required by GPL3. I guess that means it's torches and pitchforks after all.
    • Re: (Score:2, Informative)

      by galaad2 ( 847861 )

      i think you're right, this is not a gpl violation, according to their server the source code zip archive was uploaded (and possibly also made available) on july 21. This includes the source code for that dll file.

      media.hamstersoft.com/hamster.ebookconverter.project.zip

      HTTP headers returned by media.hamstersoft.com:
      [...snip...]
      Content-Type: application/zip
      Content-Length: 64444164
      Last-Modified: Thu, 21 Jul 2011 07:53:35 GMT

      • by galaad2 ( 847861 )

        actually...scratch that.. i looked through the zip file again, the source code for the UI dll (HamsterEbookConverterUI.dll) doesn't appear directly as a source file... maybe it's generated by another source file?

  • Why Do We Care? (Score:2, Insightful)

    by RobinEggs ( 1453925 )
    We all know you shouldn't steal public property for personal profit, and this theft wasn't unique or creative in any way. Where's the news?

    This isn't really any different than stories about random violent crimes or bad weather in other states. It's not relevant to your life, it doesn't teach you anything you didn't know already, and it's only purpose is to generate page views. It's not like I don't care about protecting GPL or preventing corporate malfeasance, I just question how this story tells me anyth
    • Re: (Score:3, Insightful)

      by Shyfer ( 1875644 )

      Well this is still news, not really surprising or important but still news. Sometimes stories like this generate interesting discussions (along with troll and flamebait shitstorms), so I'm ok with it.

    • I like news that tells me something...new.

      Son, I've got some bad news for you. This is Slashdot. We aren't into that sort of thing around here.

      But whatever floats your boat.

    • It's important because, while we know that ripping off GPL software is a rampant practice, it is not always so easy to bring the people who do that back into compliance. We've had numerous stories posted on /. about people who know that their code is being stolen, but they don't have the legal and/or financial resources to fight back.

      What use is the GPL to people who don't have the resources to enforce it? That's why this is an important story.

    • Because the only way to combat stuff like this is through vigilance, and you cannot be vigilant if you don't know it is happening.

      One of the reasons the world isn't better than it is, is because of people like you who think that if it doesn't have some kind of novel entertainment value, then it's not important. Maybe if people tried a little harder to care about things in between episodes of American Idol, our cities and countries wouldn't be ruled by obnoxious tools.

      • Oh shove off you self righteous little twit. I'm hardly demanding that news be entertaining. I'm simply saying that seeing the same damn story five times a week isn't necessary; I remember that license violations are rampant without slashdot shoving down my throat every god damn day.
    • by mysidia ( 191772 ) *

      This isn't really any different than stories about random violent crimes or bad weather in other states.

      Random crimes that are significant for the open source community are Slashdot news.

      There aren't that many so brazen GPL violations reported. There are a heck of a lot more violent crimes in the world than brazen GPL violations.

  • by Fnord666 ( 889225 ) on Sunday August 14, 2011 @02:16PM (#37087830) Journal
    In response to a DMCA takedown notification

    Yahoo was the first to respond. They said they get all of their search results from Microsoft via Bing and referred me to Microsoft. So no luck there.

    I don't care who they get their search results from. They are the site provider and are responsible for following the DMCA. Failure to do so will strip them of their safe harbor provisions and open them up to liability alongside Hamstersoft.

    • Unless Yahoo is hosting the files, why on Earth should they be responsible for refusing to change their search results? The last thing we need is for search providers to drop results just because they're illegal.

  • by kwikrick ( 755625 ) on Sunday August 14, 2011 @02:22PM (#37087886) Journal

    From their EULA: (http://hamstersoft.com/eula)

    RESTRICTIONS

    The source code, design, and structure of HAMSTER free software are trade secrets except software licensed under GNU GPL 3.0, LGPL, MPL, BSD-licensed or Free components used to compile. You will not disassemble, decompile, or reverse engineer it, in whole except to the extent expressly permitted by law or except GNU GPL 3.0, LGPL, MPL, BSD-licensed or Free components used to compile HAMSTER free software. You will not use HAMSTER free software for illegal purposes. You will comply with all export laws. HAMSTER free software is licensed, not sold.

    ---

    Sorry guys, you can't have GPL'd code and trade secrets in one piece of software.

    • Not to mention trade secrets have no protection under law, in fact that's why copyright exists in the first place

      • Not to mention trade secrets have no protection under law, in fact that's why copyright law exists in the first place.

        Never say never.

        Approximately 40 states have adopted the model Uniform Trade Secrets Act (USTA). The USTA defines a trade secret as "information, including a formula, pattern, compilation, program device, method, technique, or process, that: (i) derives independent economic value, actual or potential, from not being generally known to, and not being readily ascertainable by proper means by, other persons who can obtain economic value from its disclosure or use, and (ii) is the subject of efforts that are reasonable under the circumstances to maintain its secrecy."

        The USTA specifies remedies for violation of trade secrets including injunctions, damages, and attorney's fees. It also gives courts the authority to grant protective orders to ensure the secrecy of a trade secret during the discovery phase of litigation, and prevents disclosure of confidential information by witnesses.

        Federal Protection for Trade Secrets

        The Economic Espionage Act of 1996 federally criminalizes the theft or misappropriation of trade secrets under two key provisions. The first makes it illegal to steal trade secrets for the benefit foreign powers; the second, makes it illegal to steal trade secrets for commercial or economic purposes regardless of who benefits.

        Trade Secrets [justia.com]

        The reverse engineering of software faces considerable legal challenges due to the enforcement of anti reverse engineering licensing provisions and the prohibition on the circumvention of technologies embedded within protection measures. By enforcing these legal mechanisms, courts are not required to examine the reverse engineering restrictions under federal intellectual property law. In circumstances involving anti reverse engineering licensing provisions, courts must first determine whether the enforcement of these provisions within contracts are preempted by federal intellectual property law considerations. Under DMCA claims involving the circumvention of technological protection systems, courts analyze whether or not the reverse engineering in question qualifies under any of the exemptions contained within the law.

        Frequently Asked Questions (and Answers) about Reverse Engineering [chillingeffects.org]

    • Sorry guys, you can't have GPL'd code and trade secrets in one piece of software.

      AND distribute the software AND not commit copyright infringement. You can of course use GPL'd code to build software that you use only internally without distribution; there is no requirement to give the source code to anyone, so the source code could contain trade secrets. And you can of course keep the source code secret and distribute the application; the distribution is of course copyright infringement.

  • by zx2c4 ( 716139 ) <SlashDot@zx2c 4 . c om> on Sunday August 14, 2011 @02:32PM (#37087990) Homepage

    I'm a good friend of John, the blog post author, and have been working with him throughout this process in trying to unravel Hamstersoft's deceit. I want to make a few things pretty clear:

    Yes, they posted a zip of code on a hard-to-find link. But they did something sneaky. They included the very short and trivial C# wrapper around Calibre, but they only included a compiled (well, .NET dll) binary blob of the bulk of the application code -- the user interface. And of course, since all the heavy lifting is in Calibre itself, this code is the most important part of the application. They went through pains to extract the source of the UI components and only include it publicly as already compiled. They even packaged it up in a nice Visual Studio Solution so that you can load it up and hit "compile" and you get the software. It looks, at first, like they've complied. But then you dig into the source code actually provided, and it becomes obvious that they haven't provided the majority of the code at all, but only the wrapper code and a few call outs to the provided compiled DLL.

    Cheap trick.

    The other thing to take notice of in John's post is that in fact the search engines and Facebook have hardly complied -- there are still search results and Facebook pages for this company. Now, you can debate and troll and bikeshed and argue the validity and ethics of the DMCA all you want, but the fact of the matter is that when the big companies want to use it against the small, it seems to work, but when some OSS devs want to take the case up with giant companies, the response is exceedingly lackluster. (Likely, this being on /. will change things, we'd hope...)

    The final point to consider is what this all means for GPL and OSS. Hamstersoft is Russian, so good luck trying law suit or anything. But at the very least, shouldn't the OSS community have an army of lawyers willing to work probono, or financed by various foundations, for this kind of thing exactly? John mentioned he tried contacting one such organization, and was unsuccessful. He's told me that at another point, he got in contact with a lawyer from another place who didn't offer to do any work for him but vaguely suggested he send these notices to Google, Facebook, etc. That's pretty lackluster. I don't want to complain to loudly, but instead I just want to suggest that this issue call our attention to the bigger issue -- what institutions do we have in place to protect OSS software effectively as small OSS devs? Do such institutions work? In this case, thus far, they don't seem to be working.

    • what institutions do we have in place to protect OSS software effectively as small OSS devs? Do such institutions work?

      Someone correct me if I'm wrong, but I thought this is why some projects assign their copyright to the FSF, so that there is a dedicated group that will pursue violations: http://www.gnu.org/licenses/gpl-violation.html [gnu.org]

      At any rate, since this seems to be getting a lot of attention and could turn into a high-profile case, you may want to contact the FSF or SFLC or both.

    • by man_of_mr_e ( 217855 ) on Sunday August 14, 2011 @03:22PM (#37088424)

      This looks to me like the exact same situation of an application shelling out to a gpl'd app. This is allowed by the GPL, and is even explicitly allowed in the GPL faq IIRC.

      There is a huge debate in the open source legal community as to whether DLL's are considered "derived works", and there's lots of law on both sides to support their case. This probably won't be solved until a legal case decides the issue. So, until that time, it's just a case of everyone having an opinion, and it's not a clear cut case of violation.

      • by ByteSlicer ( 735276 ) on Sunday August 14, 2011 @05:10PM (#37089194)
        If Calibre was a library ditributed under the Lesser GPL then you would be right.

        But it's not, it is the normal GPL that applies here, and even v3, which was specifically designed to eliminate the grey areas from the v2.

        Hamstersoft has two options: either immediately cease all distribution of the infringing binaries, or provide the full sources under one of the methods specified in the GPL.
        • by pavon ( 30274 )

          Not necessarily. Copyright law gives copyright holders certain exclusive rights, and (being a pure copyright license, not a EULA) the GPL can only restrict people from doing those things. One them is creating derivative works, however it is the courts (not the GPL/LGPL) that draw the line between what constitutes a derivative work and what is fair use. Like many fair use situations, that line is pretty fuzzy. The general consensus within the tech community is:

          Incorporating a significant amount of source cod

          • Derivative works is one of these grey areas that are improved in v3.
            Section 5.c of the GPL v3 [gnu.org] states:

            c) You must license the entire work, as a whole, under this License to anyone who comes into possession of a copy. This License will therefore apply, along with any applicable section 7 additional terms, to the whole of the work, and all its parts, regardless of how they are packaged.

            So even if you keep the original work in a separate DLL, the whole must still be released under the GPL3.

            • by pavon ( 30274 )

              So even if you keep the original work in a separate DLL, the whole must still be released under the GPL3.

              ...assuming the new work is covered by the GPL3, in which case it is the whole for which the old code is a part. However, if something is determined to be fair use then you don't need any license to do so, and no license can trump your fair use rights (a contract/EULA sometimes can).

              This caveat is specifically spelled out in the definitions section of the GPL3:

              To "modify" a work means to copy from or adapt all or part of the work in a fashion requiring copyright permission, other than the making of an exact copy. The resulting work is called a "modified version" of the earlier work or a work "based on" the earlier work.

              If the adaptation does not require copyright permission (ie is fair use), then section 5 (actually the whole license), does not apply.

        • by mysidia ( 191772 ) *

          Hamstersoft has two options: either immediately cease all distribution of the infringing binaries, or provide the full sources under one of the methods specified in the GPL.

          No.... Hamstersoft has two options that would please the open source community.

          Hamstersoft has a third option until forced to do otherwise: keep what they are doing; give it to their lawyers. Dispute any infringement claims or wait to be sued/ordered by a judge to do something different.

      • One of my free (as in beer) desktop applications will create a calibre-friendly html export from a project. I leave it up to the user to download and install Calibre, and to manually import and convert this exported html file to their ebook of choice. It's not that hard to work things like this, even if it's another step for the user. (Exporting to ebook is a very minor feature in my software, and I'm planning a proper epub export soon in any case.)
    • by pavon ( 30274 ) on Sunday August 14, 2011 @03:23PM (#37088434)

      The DMCA take-down notices are to be sent to the providers that are hosting the content. The search engines are not hosting this content, and sending them take-down notices is a heavy-handed abuse of the law.

      So either John misunderstands the DMCA or is willfully abusing it. Either way it makes it a lot harder to sympathize with his attempt to address violation of copyright law, when he himself is willing to resort to the very behavior of other copyright abusers.

      But at the very least, shouldn't the OSS community have an army of lawyers willing to work probono, or financed by various foundations, for this kind of thing exactly?

      What exactly do you expect them to do? The offender is in Russia and is hosted in Russia. How is a small donation-funded organization supposed to enforce copyright in situations where even large well-funded companies like Microsoft have been unable to do so?

      People sometimes get away with breaking the law, especially far away countries. It sucks, but it's life and you have to learn to accept it. The people who won't are exactly the ones that drive us further and further into a police state in their unending drive to "decrease crime", not understanding the trade-off they are making.

      • by Kjella ( 173770 )

        The DMCA take-down notices are to be sent to the providers that are hosting the content. The search engines are not hosting this content, and sending them take-down notices is a heavy-handed abuse of the law. So either John misunderstands the DMCA or is willfully abusing it.

        Or perhaps you're the one without a clue. DMCA takedowns apply to both hosting and search engines. Read it yourself here [cornell.edu], I'll quote the most important bits:

        (d) Information Location Tools. -- A service provider shall not be liable (...) for infringement of copyright by reason of the provider referring or linking users to an online location containing infringing material or infringing activity (...) if the service provider (...) upon notification of claimed infringement (...) responds expeditiously to remove, or disable access to, the material that is claimed to be infringing or to be the subject of infringing activity (...)

    • I don't want to complain to loudly, but instead I just want to suggest that this issue call our attention to the bigger issue -- what institutions do we have in place to protect OSS software effectively as small OSS devs? Do such institutions work? In this case, thus far, they don't seem to be working.

      They're the same institutions which protect copyrights in general. So the answer is an emphatic "NO"! What did you expect?

      You really want to get to them? Reverse-engineer their code and post the reconstruct

    • "in fact the search engines and Facebook have hardly complied -- there are still search results and Facebook pages for this company"

      The DMCA doesn't require that links to the company be removed - it requires that the service provider stop their distribution of a copyrighted work. From TFA, it sounds like only Facebook had a direct download link to the copyrighted work, and that they assisted in its removal. As someone else mentioned, to make the download completely unavailable you would need to send a DMC

  • They can not be forced to disclose the source code. This is a common misconception about the GPL.

    If a GPL violation goes to court, the judge can order the infringing party to stop the distribution and pay damages to the copyright owner, but he will not order the disclosure of the source code. The disclosure of the source code is only a gesture that most FOSS developers will accept to drop the charges.

    Of course, if the software is only a thin layer of sugar around a core of GPL code, stopping the distributio

    • by bk2204 ( 310841 )

      It depends on what you sue for. There is a thing called "specific performance," which is basically forcing the defendant to comply with the terms of the license or contract in cases where there is no adequate remedy in monetary damages. An injunction is also possible, and even likely, in copyright infringement cases.

      • by mysidia ( 191772 ) *

        They may claim they never signed/agreed to the GPL, and therefore aren't bound by any requirements of it. Specific performance remedy is a type of equitable relief and requires a valid contract/agreement between the parties.

        In that case, the plaintiff would have little choice but to pursue a copyright infringement claim, and specific performance would be off the table.

        Without agreeing to the GPL, with the code copyrighted, and no license, there would be infringement... so the remedy options would basic

        • Without agreeing to the GPL they are in intentional violation of copyright. The means (under US law) max statutory damages of several hundred thousand dollars PER distribution (which if they even distributed it a dozen times could be several million dollars) and the court will probably award punitive damages of up to 9 times the statutory damages for intentional infringement. If they sold a hundred copies of the software they could conceivably be hit with a hundred million dollars in statutory damages and p

  • Now that app is clearly in violation of the GPL.

    FTFY. An app cannot be a violation, the violation was the act of noncompliance! /pedantry

The first 90% of a project takes 90% of the time, the last 10% takes the other 90% of the time.

Working...