EFF Defends Bruce Perens In Appeal of Open Source Security/Spengler Ruling (perens.com) 132
Bruce Perens co-founded the Open Source Initiative with Eric Raymond -- and he's also Slashdot reader #3872. "The Electronic Frontier Foundation has filed an answering brief in defense of Bruce Perens in the merits appeal of the Open Source Security Inc./Bradley Spengler v. Bruce Perens lawsuit," reads his latest submission -- with more details at Perens.com:
Last year, Open Source Security and its CEO, Bradley Spengler, brought suit against me for defamation and related torts regarding this blog post and this Slashdot discussion. After the lower court ruled against them, I asked for my defense costs and was awarded about $260K for them by the court.
The plaintiffs brought two appeals, one on the merits of the lower court's ruling and one on the fees charged to them for my defense... The Electronic Frontier Foundation took on the merits appeal, pro-bono (for free, for the public good), with the pro-bono assistance of my attorneys at O'Melveny who handled the lower court case...
You can follow the court proceedings here
"Sorry I can't comment further on the case," Perens writes in a comment on Slashdot, adding "it's well-known legal hygiene that you don't do that." But he's willing to talk about other things.
"Valerie and I are doing well. I am doing a lot of travel for the Open Source Initiative as their Standards Chair, speaking with different standards groups and governments about standards in patents and making them compatible with Open Source."
The plaintiffs brought two appeals, one on the merits of the lower court's ruling and one on the fees charged to them for my defense... The Electronic Frontier Foundation took on the merits appeal, pro-bono (for free, for the public good), with the pro-bono assistance of my attorneys at O'Melveny who handled the lower court case...
You can follow the court proceedings here
"Sorry I can't comment further on the case," Perens writes in a comment on Slashdot, adding "it's well-known legal hygiene that you don't do that." But he's willing to talk about other things.
"Valerie and I are doing well. I am doing a lot of travel for the Open Source Initiative as their Standards Chair, speaking with different standards groups and governments about standards in patents and making them compatible with Open Source."
Re: (Score:2)
Well, at least somebody that can match the meaninglessness of his action in his personality got it.
Good job Bruce and EFF (Score:5, Insightful)
Re: (Score:2)
Indeed.
Re: (Score:2)
a) I know this is not APK, as I actually am able to communicate with people directly and openly, something you obviously have never mastered.
b) Is that all you have? A smart 12 year old can do better. I guess you based these "insults" on the defects and fears of your own person. Here is a hint: That does not work in me, I am way out of your league. Some sophistication is required (look it up).
c) You are pissed at me because I am not pathetic, unlike you? Nice! Makes my day. Thanks for that and keep the inep
Re: Perens Is A Leech And Scammer (Score:1)
Re: Perens Is A Leech And Scammer (Score:2)
Re: (Score:3)
Re: Good job Bruce and EFF (Score:2, Interesting)
Well, that's the thing, you see. Good security doesn't care about politics. From your perspective you've drawn the battle lines and ejected what you've been told is a threat to open source that won't go quietly. From another, you've been manipulated into removing a better alternative to the terrible security in the kernel as mandated and controlled by a few companies. I'm not saying what grsecurity ended up doing was right, but I am saying they were actively and aggressively forced into that corner, there
Re: (Score:2)
Re: (Score:2)
Re: (Score:1)
Re: (Score:2)
Both Europe and The US are big places. Both have many fine places to live.
Than you have places like Decatur Illinois and Scotland. Places where they would stick the tube to give the content an enema.
Bruce - YOU ROCK (Score:5, Insightful)
Giving up mod privs for this thread by posting in it and IT'S WORTH IT!
Bruce, I've been an FOSS advocate in every company I've worked in, for, managed, ran, owned, started, and directed.
YOU are the champion of living the word.
Thank you!
Ehud Gavron
Tucson AZ
FAA CPL-H
Who? (Score:2)
Not sure who this Bruce guy that everyone keep talking about but to assert my superiority, I demand to fight him in an epic battle for the ages! [popsugar-assets.com] ;)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
You’re confusing Vint Cerf with Al Gore. It’s easy to do, but try to remember: Al was the real inventor.
Another frivolous suit? (Score:4, Insightful)
The entire proceeding reads like a personal grudge unsupported by facts and yet executed in the public court system. That would be the very textbook definition of frivolous.
It's hard to be defamed by the truth. (Score:2)
You can't sue someone just because they made you look like a tool.
Especially if they're right. :)
Re: (Score:2)
You CAN sue the person, but your suit will be frivolous.
Re: It's hard to be defamed by the truth. (Score:3)
Re: (Score:2)
And they just might get SLAPPed by the judge. :-)
not a ruling on the copyright issue itself (Score:3)
This was a defamation lawsuit. It didn't settle the issue of whether the copyright issue itself is prohibited.
Perens' argument on the legal issue itself strikes me as dubious. He's claiming that GPL copyright automatically extends to separately distributed patches that, themselves, do not contain any of the GPL'ed code. I'm not sure why that would be the case, and I'm not convinced that that would be a ruling that would be in the interest of open source software, because it seems to put a lot of other open source software at risk of being considered "derivative works" of proprietary software.
Re: (Score:2)
But to Oligarchs like Larry Page, Jeff Bezos and Bill Gates it makes perfect sense.
Re: not a ruling on the copyright issue itself (Score:4, Insightful)
Re: not a ruling on the copyright issue itself (Score:3)
Look at it from their perspective: from what I can see, it was the only remaining avenue open to them to protect their business after Bruce *very* publically broadcast that people stay away from them. This isn't the normal reaction to GPL violations that I can remember. Usually we hear of the softly softly approach, with companies being handled with kid gloves over many years to achieve compliance. A full on publicity stunt with an iron fist - yeah, there were serious politics at play there I think.
Even if everything you said is right, that means that any restaurant reviewer can be sued for telling their listeners to stay away from a restaurant. Any movie reviewer on YouTube can be sued by telling people to avoid the movie. Also that presumes that any company looking to do business with them was turned away only by Perens' opinion and that they didn't consult with their own experts.
Let me quality all that by saying trying to EULA their patches at the end was certainly a big mistake. However, I can understand why they had that reaction. Ostracised by the mainstream kernel, they set up shop (without EULA) only to eventually find a project to reincorporate their code into mainstream minus authorship. Correct me if I'm wrong, but that reeks of hypocrisy, and is no less a copyright infringement as anything else in this sordid affair. It's certainly soured my view of Linux and the whole "Open Source" movement.
All of which as nothing to do with Perens being able to express himself. Richard Stallman has some very staunch opinions about how Open Source should be. No one is suing him.
Personally, I would have taken the lawsuit as a win, as what you basically have is a court saying Bruce was offering his opinion as Joe T Shlubb, not as a professional (correct me if I'm wrong?) I guess by then the damage was done, though.
You understand that Perens had to spend money to defend himself against a lawsuit that the court dismissed. Also the latest development is that now Perens has to defend against the appeal so he would have had to keep spending money after he won if he was not represent pro bono.
Re: (Score:2)
That would be the restaurant equivalent of saying "the place was knowingly serving up endangered species, and now that I've told you that you should consult a lawyer as you could be held as an accessory.
No it's not remotely similar. Your statement presents a fact which can proved as false or true. Your statement also alleges that the restaurant has done something illegal. Perens clearly stated his opinion on not what the plaintiff did or did not do (which plaintiff doesn't deny) but rather on his clear opinion on what he thinks it means.
This is my personal opinion, but I am a world renowned expert witness on endangered species law." I know that's a bit strained, but I hope you understand what I see as being the difference there. I did question Bruce over how exposed his comments made him at the time, but then I am obviously neither a lawyer nor have the faintest idea about the US legal system.
Again you are not using the same analogy. You've extended the analogy. A better analogy would have been if Perens said he thinks Nixon should have gone to jail for the Wate
Re: (Score:2)
We disagree over emphasis and analogy, so I doubt we'll get any further arguing back and forth. In addition, you misread part of my analogy as something you thought I claimed I was. You really should check your reading comprehension before opining further.
You introduced criminality into the analogy above thereby changing the whole analogy. You've also changed Perens' actual claims of his expertise. Specifically you failed to mention this part of Peren's blog: "I am an intellectual property and technology specialist who advises attorneys, not an attorney. This is my opinion and is offered as advice to your attorney. Please show this to him or her. Under the law of most states, your attorney who is contracted to you is the only party who can provide you with
Re: (Score:2)
Yes, that's correct, that was the entire point. What did you assume the issue was? Perhaps criminality instead of civil law is hyperbolic, but I'd have thought it would have been obvious enough to get the point across.
So you admit to changing the context of the conversation? Doesn't that makes your point moot then?
I most certainly have not. I gave a direct quote [perens.com] of the title and leading sentence of his blog post on the subject. I made no assertion of his claims of expertise whatsoever (see my comment below also)
What does "expert in [XXXX] law" mean to you? That means a lawyer. You'd be hard to find anyone who has an expertise in law not to be a lawyer. And Perens has stated that he is not a lawyer which you failed to mention.
I did not change what was written, anyone can verify that, and I'll ask you not to continue making false claims. You'll note I was extremely careful in making my analogy in that I explicitly mention an expert witness, and not an attorney; this being the closest analogy.
Again. An expert in law is generally a lawyer. You NEVER stated he was merely an expert witness which is not the same thing as an expert in "law". The word "law" being use changes the expertise si
Re: (Score:2, Insightful)
You're stating the obvious. I mean, Perens can obviously bloviate as much as he wants to on things he doesn't know anything about; god knows he's been doing that a lot throughout his career.
Now answer me this: if this is a GPL violation, why don't the Linux kernel developers actually sue?
Re: not a ruling on the copyright issue itself (Score:3)
Re: (Score:1)
I agree. I said so in my original posting. Do you find it hard to follow a couple of English sentences? Or do you go out of your way of inventing strawmen?
Re: (Score:2)
That's precisely what derived means (Score:3)
Suppose you write a novel. Perhaps, like Stephen King, you're living in a broken down trailer with no telephone when you're book sells 13,000 copies, netting you $2,500. Then someone turns your book into a movie. The movie doesn't have any pages of the book read aloud in the movie. It doesn't "contain" the book per session, it's a transformation, an adaptation, of the book. The author is entitled to a share of the movie revenue because it's his novel, adapted to the screen. That's a derivative work. "Deriv
Re: (Score:2)
A movie is a transformed version of the original novel.
A patched kernel is a transformed version of the original kernel.
A kernel patch is not a transformed version of the original kernel.
Under your standard, a commentary on a movie is "derived from" the movie even if it doesn't contain any content at all from the movie. I consider that undesirable.
Never seen a patch? (Score:1)
> A kernel patch is not a transformed version of the original
Actually that's EXACTLY what a patch is - the relevant section of code, with some lines marked out and the new version of those lines added. Here's a trivial patch as an example:
printk("comedi%d: ni_labpc: %s, io 0x%lx", dev->minor, thisboard->name,
Re: (Score:2)
Are you so inexperienced with UNIX that the only patch format you have ever seen is a context diff?
Re: (Score:2)
Please enlighten us oh great unix guru:
What type of patch does not specify which content is being deleted as part of the edit?
Re: (Score:2)
You don't have to come up with it, it has been around since V7 and since before context diffs: diff -e
If you wanted a context diff but didn't want to include the literal context, you could replace the context by a hash of the context.
Re: (Score:2)
"diff -e"
Re: (Score:2)
Ok, that is a fair point. I had not seen that option before.
So rewinding a couple of steps to the part of the argument that led here:
Assume that a patch is created as an ed script, it does not contain any of the kernel code. Its only use is to transform the kernel source. Who owns the coyright on the transformed source that results after the patch is applied?
Re: (Score:2)
Original Linux Kernel: Linux kernel authors hold the copyright and define copy terms for the kernel. Since that's the GPL, you can redistribute it under the GPL.
Patch: patch authors hold the copyright and define copy terms for the patch itself. If that prohibits redistribution, it can't be redistributed.
Patched kernel: both the Linux kernel authors and the patch authors ho
Re: (Score:2)
To understand, consider a patch that wouldn't be a derivative work: imagine NVidia writes a windows driver for their video card. It's 50,000 lines of code. Then they write a small compatibility layer to get the driver running on Linux. In that case, the driver would likely not be a derivative work, because most of it is orthogonal to the Linux kernel.
With the grsecurity patches, the entire reason the
Re: (Score:2)
So your criterion is that "if X wouldn't exist without Y then Y's copyright applies to X"? If that's the principle, then you can kiss FOSS goodbye.
Re: (Score:2)
Do you understand the very definition of the word "patch"? A patch is inherently a derived work.
And if X is a derived work from Y, then licensing terms of X apply. This has always been the case, it's not some new concept. Indeed, GPL (a large part of FOSS) is built on that concept.
Re: (Score:2)
As I was saying:
Do you?
Re: (Score:2)
Re: (Score:2)
Notice how you say "their work is released"? Thanks for proving my point.
Well, obviously they do, otherwise they wouldn't be applying the extra terms, since they obviously can't apply extra terms to someone else's GPL'ed code, but they can apply it to their own.
Actually they can't due to GPL trademark (Score:2)
You're not allowed to call just any license "GPL". Only the GPL license can be called by that trademark name. The GPL does not allow adding clauses. Therefore it cannot be licensed "GPL with additional clauses".
They have said their software is GPL licensed. Therefore if they try to say "no, we mean our own special 'GPL', with extra terms added", that would violate the GPL trademark.
PS could be similar to GPL license and not use GPL (Score:2)
PS I forgot to say they COULD legally use a license that is similar to thr GPL, but different, and call it by a different name. They haven't chosen to do that. At least, under trademark they could.
If they chose to do that, they wouldn't be violating trademark, but since they are distributing things copy-pasted from the GPL kernel, it's a derivative work and would violate the license.
Bottom line:
If you sell a modified version of GPL software, it as to be GPL licensed, and you can't change the GPL to whatever
Re: (Score:2)
But they aren't. They are neither selling kernel sources nor are they distributing kernel sources. All they are distributing is their own patches. It is the end user that creates the "modified version of GPL software".
How do you know what license they distribute their kernel patches under to paying customers
It's easy to find on their web site (Score:2)
> How do you know what license they distribute their kernel patches under to paying customers?
It's stated quite plainly on their web site. It'll be the top result if you Google "grsecurity license". (Kinda sad you didn't bother to Google it before arguing about it.)
> They are neither selling kernel sources nor are they distributing kernel sources. All they are distributing is their own patches. A patch IS modified kernel sources. Here's a trivial kernel patch so you can see what they look like:
Re: (Score:2)
I'm way ahead of you. That is what they distribute public patches under.
Most people assume that context diffs consider fair use, just like quotations, and hence do not fall under the G
Re: (Score:2)
That might be the case, but that's a different claim from what Perens claims. Perens claims that they violate the GPL on the kernel.
Now, I have no reason to believe that they distribute their patches to paying customers under the GPL; do you know?
Re: That's precisely what derived means (Score:2)
Re: (Score:2)
Discussing who the software "belongs to" is a red herring and legally irrelevant. What matters is that if you distribute the derivative work, you must comply with all legal obligations you have, under the original GPL, under the patches, and under any other legal agreements you have entered.
The GPL only imposes obligations when you distribute, not w
Re: (Score:2)
Grsecurity has no obligations under the kernel GPL because they aren't distributing the GPL'ed kernel code. All they distribute is patches. The derivative work is created by the people who are applying the patches to the original kernel. And those people then cannot redistribute the combined work under their legal agreement with Grsecurity. This is pretty much the same when you work for a corporation and use GPL code: you may be creating derivative works from the GPL'ed software as part of your job, but you cannot redistribute that because your employment contracts forbids it, even though the GPL allows it.
Yes, this is GRSecurity's argument. GRSecurity's contract doesn't even forbid you from redistributing it (which actually would be illegal). They merely say they will punish you if you redistribute it.
Bruce points out that actually they are actively discouraging people from redistributing, and he claims it is illegal. I think he's right on that point, if it went to court I don't think GRSecurity would win (but who knows). Bruce also suggests that anyone who uses GRSecurity would be liable for infringement
Re: That's precisely what derived means (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
The commentary itself is a new work with a new copyright; it is neither a copy of the original work nor a transformation of it.
As part of writing the commentary, you are allowed to copy parts of the work you are commenting on under the "fair use" doctrine. That is the sense in which "fair use" applies to commentary.
So much winning... (Score:2)
by lawyers I mean. It's really a shame that so much money is spent on things like this, and other frivolous legal actions. While hopefully the right people are vindicated by this (you know who you are, Bruce), the only ones who really win are the lawyers. Their profession is such a twisted self-fulfilling prophecy of sorts.