[HN Gopher] "Tivoization" and Your Right to Install Under Copyleft
___________________________________________________________________
"Tivoization" and Your Right to Install Under Copyleft
Author : pabs3
Score : 86 points
Date : 2021-07-24 02:19 UTC (20 hours ago)
(HTM) web link (sfconservancy.org)
(TXT) w3m dump (sfconservancy.org)
| reflexe wrote:
| Bash and readline are both gpl-3. In theory, in some cases, you
| can force the company to give you the option to replace them with
| your version. Cleaning up gpl-3 is not fun.
| bb88 wrote:
| The original Tivo land-line modem would die, making it impossible
| to dial out to get guide data.
|
| Interesting though there was a card edge connector on the mother
| board. Some enterprising person made an adapter that allowed an
| ISA ethernet card to be plugged in, and then the Tivo would use
| the network instead of the modem.
|
| Further Tivo not only allowed this, but tacitly encouraged it by
| including the network driver needed to make this happen on tivo
| firmware upgrades.
|
| https://www.samba.org/~tridge/tivo-ethernet/
| bkallus wrote:
| I'm surprised to see that installation is a requirement of the
| GPLv2. Does this mean that Android phones with bootloaders that
| can't be unlocked violate the GPL?
| singpolyma3 wrote:
| Yes, but virtually every Android phone is a cornicopia of GPL
| violations anyway so this is just cherry on top
| kmeisthax wrote:
| Yes, but given that most of the copyright owners of Linux do
| not believe GPLv2 to have such a requirement (and explicitly
| _abhor_ the idea that v3 adds one, even though it didn 't add
| it) I doubt anyone with standing is interested in enforcing
| said requirement.
| ajklsdhfniuwehf wrote:
| You are missing the point. or the forrest for the trees as
| some say.
|
| Yeah the installation requirement is silly. But android in
| general is plagued by GPL violations in that every single
| piece of it is linux based (or other GPL code based), and yet
| no user will ever get the source no matter how much they ask.
| MereInterest wrote:
| > Yeah the installation requirement is silly.
|
| Is it? From my reading, much of the GPL v2/v3 divide comes
| from different expectations of what GPL is intended to
| achieve. One camp (e.g. Linus) believes that the goal is to
| ensure that the freely available product is the best
| product, that all improvements that are distributed can
| make their way back to the freely available repo. The other
| camp (e.g. Stallman) believes that the primary goal is to
| ensure that end users have control over their computers.
| That any software distributed to them can be modified to
| suit the end user's needs.
|
| These are both valid viewpoints, and both camps thought the
| GPLv2 fit their needs, at the time of its writing. When
| TiVo found a loophole that satisfied one interpretation of
| the letter of GPLv2, but violated the its spirit as seen by
| the second camp, the GPLv3 was made to make explicit what
| was previously potentially ambiguous in the GPLv2.
|
| That it all to say, I think it's premature to dismiss the
| viewpoint of Stallman's camp as "silly".
| kmeisthax wrote:
| Not necessarily. If the copyright owners of a license
| believe that the license is to be interpreted one
| particular way, _to the point of making public statements
| about it_ , that can be construed by a court to have
| amended the license. At the very least you probably could
| argue estoppel if the owner changes their mind and decides
| to start suing.
|
| In other words, if Linus says "GPLv2 doesn't require kernel
| installation on hardware it gets ported to and sold on",
| then GPLv2 doesn't _for the Linux kernel_ , or at least the
| parts of it Linus owns. (In practice, a good chunk of the
| core kernel dev team believes this and has said so, so this
| also applies for them, too.)
|
| That being said, you are correct that interpretation-
| related estoppels and/or implied license amendments
| probably wouldn't save most Android vendors, since their
| violations are not limited to just Installation
| Instructions. I know of nothing that Linus has said that
| would make statically linking all your drivers into a
| kernel with no source release OK. However, the post I was
| replying to was specifically talking about locked
| bootloaders; not that.
| singpolyma3 wrote:
| The software freedom conservancy (publishers if this article)
| have standing but not many resources and a policy to do
| things as slow and expensive as possible so as to avoid
| pissing anyone off.
| whoknowswhat11 wrote:
| Seriously, the idea that after losing this fight clearly with
| GPLv3 that they are going to force this down folks with a re-
| write of history / language / intent and practice is
| appalling.
|
| Hopefully someone like Linus can make absolutely clear this
| is total garbage.
| kmeisthax wrote:
| You have this backwards. GPLv2 had a clear history and
| language, TiVo worked around it, and then _the FSF_ rewrote
| history by saying v2 had no prohibitions on installation
| instructions (so they could convince people that v3 was
| necessary). It _did_ have those prohibitions, they just
| were insufficient for what Stallman intended.
|
| Hell, even _v3_ is insufficient for what Stallman wants; it
| _only_ requires being able to install new versions of the
| covered code. It doesn 't cover other proprietary programs
| that can see if you've modified the Free program and refuse
| to work. You can't actually prohibit that with a license
| unless you want to go full Ethical Source and start
| impinging on Freedom Zero.
|
| Yes, this may not mesh with _Linus 's_ intent, but Linus
| already has a very specific idea of how the GPL works that
| applies to Linux and only Linux. The whole "you can load
| proprietary kernel modules as long as they don't touch
| internals" thing springs to mind.
|
| Also, I'd like to point out that people haven't "lost the
| fight" with GPLv3. There's plenty of libraries out there
| that use it - they're just not particularly relevant to
| Linux, so nobody's really pushing for a relicensing effort.
| bkallus wrote:
| What I think is total garbage is the fact that I have a
| drawer full of potentially useful computers (EDIT: by
| computers I mean mostly phones, routers, e-readers, etc)
| stuck running insecure OSes. Can you give me an argument
| for why installation should not be required? It seems
| pretty clear to me that if release of "the scripts used to
| control compilation and installation of the executable" is
| required by the GPLv2, then those scripts should have to be
| functional.
| whoknowswhat11 wrote:
| They are functional on hardware you build.
|
| The source code is released.
|
| No one disagrees there.
|
| Buy unlocked hardware if you care about this. Most PC's
| can disable secure boot paths through BIOS settings
| unless you are in a corp environment and they lock that
| out.
| djur wrote:
| Locked hardware is itself objectionable, anti-consumer
| and anti-freedom. "Free software works in a narrowing
| ecosystem of semi-free hardware" is not an acceptable
| position for advocates of free software.
| 20after4 wrote:
| We are quickly headed to a future where it won't be
| possible to buy unlocked hardware. It may not be long
| before (very nearly) 100% of the hardware on the consumer
| market is locked and it will only be able to acquire
| unlocked hardware through NDA agreement, huge costs or by
| "illegally" unlocking it via an exploit.
| bkallus wrote:
| It isn't always possible to build my own hardware,
| especially in the embedded world. I buy unlocked hardware
| now, but I learned that lesson the hard way from Verizon
| and Samsung.
| whoknowswhat11 wrote:
| God - the GPLv3 folks basically totally lost the debate on
| tivoisation - and now are trying to retrofit this war into GPLv2.
|
| Are they serious??
|
| Many OSS developers always want to get a copy of the software and
| mods back, but are OK if others USE that software in diverse
| ways, including making locked down hardware that is rented,
| radios that are power limited and more. In this way the GPL
| preserves everyone's freedom to do what they want with the
| software. The GPLv2 has served a wide range of needs, from Linus
| and Linux to plenty of industry efforts.
|
| Linus was asked about this in a talk and he said he a)gets value
| in terms of forcing vendors to release code even from players
| like Tivo and b) is not interested in setting lots of additional
| restrictions on how folks use the code.
|
| The FSF / Conservancy keep on re-assuring folks that encryption
| keys don't have to be released. Ubuntu went through an analysis
| and basic result was that this is a lie, lots of things may force
| secure boot key disclosures, so they avoided that by avoiding
| GPLv3.
|
| Can we just leave GPLv2 as it has been. If the FSF or whomever
| wants another bite at the GPLv3 apple create a GPLv4 and let
| folks adopt it if they want.
| geokon wrote:
| Why have Linus and company not embraced some version of AGPL
| based on GPLv2? I really don't understand why such a license
| doesn't exists. It sounds like it'd be right up their alley.
|
| Companies use and modify his code, building their businesses on
| them, and then are not distributing their changes back.
| Arguably the whole cloud revolution has been built on this.
| Better make a SaaS and freeload on other people's work than
| make client side software and be forced to share your work (and
| technical advantage)
| singpolyma3 wrote:
| Linux is only GPL because of a historical quirk. If the Lines
| of today had been deciding license back then it would be BSD-
| style
| MaxBarraclough wrote:
| No, Torvalds is strongly in favour of the GPLv2. [0][1][2]
| He's not fond of the GPLv3 though, at least not in the
| context of kernels. [2][3]
|
| [0] https://www.zdnet.com/article/linus-torvaldss-love-
| hate-rela...
|
| [1] https://www.cio.com/article/3112582/linus-torvalds-
| says-gpl-...
|
| [2] https://www.youtube.com/watch?v=PaKIZ7gJlRU
|
| [3] https://www.zdnet.com/article/torvalds-battle-with-
| gplv3/
| pabs3 wrote:
| What Linus wants is apparently to have people contribute
| back to Linux mainline, but the GPLv2 license he chose
| doesn't even have that requirement. So any sharing that
| does happen is down to culture, not to the license. PS:
| the requirement to share upstream wouldn't be Free
| Software, since it would exclude dissidents, people on a
| desert island etc.
|
| https://en.wikipedia.org/wiki/Debian_Free_Software_Guidel
| ine...
| dwaite wrote:
| It's a question of motivations.
|
| Linus likely believes in the benefits of collaborative
| development, and that the GPLv2 creates a legal framework to
| allow for that development.
|
| However he also likely cares more about the software aspects
| (getting contributions to make better kernel versions and
| have them be widely used) than the more philosophical aspects
| of software freedom.
|
| The philosophy on binary drivers for example is one where the
| Linux kernel does not guarantee a stable binary interface -
| it isn't that you can't legally distribute a binary driver
| (with caveats), but he has stated he would like those
| developers to occasionally "wake up in a cold sweat" over
| their linux binary drivers breaking on minor releases.
|
| Additionally - because of the velocity of the linux kernel,
| maintaining a substantial vendor fork is not simple. This
| creates an atmosphere where maintaining functionality outside
| the mainline kernel could be a technical/financial burden
| that justifies any IPR release needed for a L-K contribution.
|
| The number of contributions also means that such forks are
| likely not a significant fractional contribution compared to
| the contributions which people are willing to make in the
| open. The success of the project no longer depends on
| enforcement of the publication clauses.
|
| Finally, clauses in the GPLv3 and AGPLv3 do influence and
| even force technology choices. The community likely does not
| want to lose contributions by pushing people to other
| kernels, and the commercial interests contributing to Linux
| would have to account for lost customers.
|
| AGPLv3 is often chosen by commercial entities to force
| distinct commercial licensing of a published-source code
| base, rather than an effort to protect a community of
| contributors. As none of the commercial interests in Linux
| have exclusive copyright assignment to do a non-AGPLv3
| license, there is significantly less commercial benefit for
| them to support such a move.
| josephcsible wrote:
| > In this way the GPL preserves everyone's freedom to do what
| they want with the software.
|
| Except the freedom of the people who bought a TiVo and want to
| modify Linux on it.
|
| > Ubuntu went through an analysis and basic result was that
| this is a lie, lots of things may force secure boot key
| disclosures, so they avoided that by avoiding GPLv3.
|
| Can you link to a source for this?
| whoknowswhat11 wrote:
| Except the DEVELOPERS of linux - who are the ones that get to
| set license terms not users - have been clear - they want
| users / companies etc to have freedom to use software how
| they want to. This might be locked down devices -> yes, and
| Linux is used in plenty (medical equipment, vehicles etc).
| Plenty of folks ONLY use it in these cases because they can
| control a root of trust.
|
| This is an old fight. The GPLv3 came out to allow developers
| who wanted anti-tivosation to get it. Practically it's really
| dead.
|
| Sure on Ubuntu
|
| Ubuntu Can't Trust FSF's Secure Boot Solution
|
| https://linux.slashdot.org/story/12/07/06/1525240/ubuntu-
| can...
|
| I followed this reasonably closely, and it was a total lie on
| FSF's part - Ubuntu looked at it and agreed. Sadly for those
| of us running Linux they had to adopt MICROSOFT's UEFI secure
| boot. Ugh.
| josephcsible wrote:
| Your link says Ubuntu dropped GRUB 2 for being GPLv3, but
| Ubuntu includes GRUB 2 today despite it still being GPLv3,
| so presumably they realized the FSF was right after all at
| some point between 2012 and now.
| whoknowswhat11 wrote:
| My understanding is that they basically got FSF to
| provide them a statement that regardless of what GPLv3
| might be read to require, the FSF indicates it could not
| be used to force key disclosure in the Ubuntu situation.
|
| This worked, because FSF _ALSO_ owned the copyright to
| Grub2 - so was allowed to modify (if needed) the
| copyright license or give up rights. So by having FSF as
| copyright owner provide them this statement - I think
| they (reasonably) felt covered in case FSF later changed
| their mind.
|
| The FSF I think also had to do this with GCC - didn't
| they do a runtime license exception or something because
| there were lots of concerns about using GCC when license
| moved up (CLang benefited at the time).
|
| I think FSF realized it was just a terrible look if the
| GPLv3 drove a group like Ubuntu onto a microsoft
| solution.
|
| Illustrates a bit how tricky / scary the (relatively
| long) GPLv3 can be.
| comex wrote:
| > This worked, because FSF ALSO owned the copyright to
| Grub2 - so was allowed to modify (if needed) the
| copyright license or give up rights.
|
| Oh? Ubuntu's blog post at the time [1] doesn't
| characterize the discussion as involving a license
| exemption. Are you saying this happened behind the
| scenes?
|
| > The FSF I think also had to do this with GCC - didn't
| they do a runtime license exception or something because
| there were lots of concerns about using GCC when license
| moved up (CLang benefited at the time).
|
| The existence of a runtime exception, itself, dates to
| least 1997 [2], probably earlier. The original idea was
| to allow using GCC to compile proprietary software, even
| if the compilation process caused runtime bits to be
| statically linked into the output executable, which would
| otherwise force it to be GPLed.
|
| Along with GCC's switch to GPLv3 around 2009, the runtime
| exception was updated to try to leverage it as a
| workaround to an unrelated problem: the possibility that
| someone would incorporate proprietary bits into GCC.
| Doing that the normal way, by modifying GCC and not
| releasing the source code to the modifications, would
| just be a GPL violation. But people observed that someone
| could hypothetically work around the license as follows:
| write a proprietary optimizer or code generator as a
| separate executable, then modify GCC to dump its
| intermediate representation to disk (this modification
| itself would be distributed under the GPL), and write a
| wrapper that combines GCC and the proprietary executable
| into one Frankenstein compilation process. To prevent
| this, the runtime exception gained an exception of its
| own, that it would not apply to a program compiled using
| such a process, so that the franken-compiler would be
| hobbled by having all of its output licensed under the
| GPL.
|
| As far as I know, the runtime exception change itself
| never really caused any drama, because there were never
| any major compilers that attempted the "dump to disk"
| workaround (although some obscure examples allegedly
| existed prior to the license change [3]).
|
| However, GCC also had a longstanding policy of trying to
| discourage GPL workarounds by technical means: by (a)
| forbidding functionality that would dump an intermediate
| representation to disk and (b) intentionally making it
| difficult to combine GCC with other code. In particular,
| the updated runtime exception was a prerequisite for GCC
| adding support for plugins [4], and even once plugin
| support was added, it wasn't very nice to use compared to
| LLVM/Clang (and still isn't). LLVM was designed from the
| start to be used as a library. Its clean-slate design
| would have already given it a leg up on GCC for that use
| case, but GCC's active reluctance to be used that way was
| the nail in the coffin.
|
| Anyway, that situation has nothing to do with people
| being scared of the GPL - if anything the opposite,
| Richard Stallman being worried that the GPL was not scary
| enough.
|
| On the other hand, LLVM and Clang being developed at
| Apple into a production-quality compiler _was_ a direct
| result of Apple being scared of the GPLv3, but that 's a
| different issue and not related to the runtime exception.
|
| [1] https://ubuntu.com/blog/quetzal-is-taking-flight-
| update-on-u...
|
| [2] https://github.com/gcc-
| mirror/gcc/blob/6599da043e22e96ac830f...
|
| [3] https://www.fsf.org/news/2009-01-gcc-exception
|
| [4] https://gcc.gnu.org/wiki/GCC_Plugins
| the_why_of_y wrote:
| Historical franken-compiler example:
|
| https://en.wikipedia.org/wiki/Solaris_Studio#GCCFSS
| ohazi wrote:
| My biggest problem with the GPL (any variant) is that I don't
| believe that any organization that exists today (including the SF
| Conservancy and the Linux Foundation) is capable of enforcing it
| to the degree desired by the software freedom die-hards. I say
| this as a software freedom die-hard myself.
|
| In theory, you can cook up any license terms you want, but in
| practice, you need money and resources and the will fight in
| court if you actually want to enforce it. If you can't or won't
| enforce it, your silly terms may as well not exist.
|
| Unfortunately, the nature of how proprietary software is
| distributed makes discovery of a violation _inordinately_
| difficult, and even when you do discover a violation, challenges
| are rare, and victories in court even moreso.
|
| I don't see the point of debating the minutia of what you think
| the GPLv2 requires in one very specific instance, when there are
| probably 2-5 orders of magnitude more violators than anybody's
| best estimate.
|
| Who cares what you think the _letter_ of the license requires
| when it takes you ten years to get _one_ company to make a
| passive-aggressive change to a now obsolete product, when
| thousands of violators don 't even follow the _spirit_ of the
| license?
|
| This feels like such a wasted effort. Get your priorities in
| order.
| ajklsdhfniuwehf wrote:
| > as a software freedom die-hard myself.
|
| > gpl is too difficult to enforce. _throw hands up in the air_
|
| riiiigth.
| michaelmrose wrote:
| A minority of rich companies with lawyers to spare violate the
| GPL on some occasions without consequences. A fact you want to
| quantify by just making up a number and your conclusion is that
| based on your guess its not working and we ought to do what
| exactly? Reduce the barrier to nothing based on you not feeling
| actual enforcement would be too expensive or hard to obtain?
| You didn't really say.
| lakecresva wrote:
| Commercial users still take copyright issues pretty seriously
| because of the remedies available to copyright holders under
| title 17. Even if an author doesn't register the copyright
| until they want to begin the suit (you lose statutory damages
| and attorneys fees this way), they can get an injunction
| against further distribution and disgorgement of profits from
| the infringing work, so if you get caught, your product is dead
| and has made (you) no money. This is also why the FSF/SFLC has
| like a 100% success rate when it comes to extracting highly
| favorable settlements.
|
| Without a doubt people still infringe, but it's not a complete
| free for all.
| pabs3 wrote:
| BTW, SFLC (Software Freedom Law Centre) != SFC (Software
| Freedom Conservancy).
| singpolyma3 wrote:
| Definitely not a 100% success rate and I question "highly
| favorable" when settlements almost never result in a complete
| end to infringement by even the one entity settling and are
| so slow and expensive to get that thousands more spring up in
| the meantime...
| lakecresva wrote:
| If you have access to legal databases like Westlaw/Lexis,
| you can look up the lawsuits the FSF and SFLC have been a
| party to. All of those suits were settled and the
| plaintiffs secure monetary compensation, disclosure of the
| source code, and in some cases the ability to pre-screen
| future releases to make sure they're complying with the
| GPL. The reason why many shops take copyright seriously or
| ban the use of GPL software (you can argue either way that
| the latter is or is not a victory for the GPL) is because
| this creates a deterrent effect.
| pabs3 wrote:
| Conservancy recently got a grant for compliance work, and are
| working on an enforcement action in the IoT space:
|
| https://sfconservancy.org/copyleft-compliance/firmware-liber...
|
| The bigger problem is that outside of the FSF and Conservancy,
| large amounts of the Linux developer community and several
| ostensibly Free Software companies/organisations do not want
| the GPL to be enforced at all.
| singpolyma3 wrote:
| And even tbe FSF hasn't really done any enforcement in years.
| And major copyright holders on large GPL codebases ( _cough_
| Linux) oppose any and all enforcement actions.
| whoknowswhat11 wrote:
| There has been relatively high levels of support for normal /
| standard GPLv2 enforcement.
|
| That said, the FSF and Conservancy like to pick more edge
| cases and go to absolute war on them. That doesn't generate
| as much support it is true and a lot of parts of the GPLv3
| push also rubbed folks the wrong way.
|
| "Linus says says GPL v3 violates everything that GPLv2 stood
| for"
|
| https://www.youtube.com/watch?v=PaKIZ7gJlRU
|
| is but one of many many examples here.
| michaelmrose wrote:
| Linus isn't much qualified on any other topic that software
| development. For example what he describes as his "take" on
| GPL v2 and its purpose is at odds with what the people that
| actually wrote it have written and even a basic reading of
| the text.
|
| What he is mistating is he liked the fact that you could
| for practical purposes ignore much of the idealogy that a)
| he has never cared for and b) has always clearly
| underpinned both v2 and v3 of the GPL license.
|
| Pretending otherwise is only not a lie because charitably
| he doesn't know what he is talking about or isn't
| expressing himself very well.
|
| If you want a useful opinion on law ask a lawyer not a
| programmer. Linus is not only unqualified he doesn't know
| he is unqualified.
| pabs3 wrote:
| Even relaxed "we only care about source release" GPLv2
| enforcement is not desirable to Linus and other Linux
| developers.
| NavinF wrote:
| And for good reason!
|
| Linus and Greg KH's reasoning for avoiding lawsuits:
| https://lists.linuxfoundation.org/pipermail/ksummit-
| discuss/...
| pabs3 wrote:
| The principles used by FSF/Conservancy operate their
| copyleft compliance efforts under are eminently
| reasonable and make it clear that lawsuits are a last
| resort that are only used when the violator is being
| unreasonable and blatantly violating the licenses.
|
| https://www.fsf.org/licensing/enforcement-principles
| https://sfconservancy.org/copyleft-
| compliance/principles.htm...
| cycomanic wrote:
| Yes it's incredibly difficult for someone to understand
| something if their salary depends on not understanding
| it. It's important to note that Linux would likely not
| exist if PC makers had used the same lockdown methods as
| used today.
|
| Moreover when GKH and Linus talk about how GPL
| enforcement has done nothing good, they conveniently
| leave out the success of WRT enforcement, which caused
| one of the biggest Linux offshoots, largely based on
| volunteer work.
|
| Finally, the audacity of saying "let's talk about legal
| things without lawyers present" is such a typical
| software engineer thing, just imagine the reaction
| someone was proposing to talk about kernel programming
| without any kernel programmers present
| AstralStorm wrote:
| BSD as in the software distribution almost didn't get to
| exist thanks to a lawsuit, but once that was cleared it
| was out. It Linux didn't exist, it would have taken over
| the niche.
|
| Linux itself is not that special - it mostly is a case of
| right place and right time.
| pabs3 wrote:
| The focus of FSF and Conservancy is on freedoms; obtaining
| the code, reading the code, building the code, modifying
| the code, installing the modified code and running the
| modified code are essential freedoms and if they aren't
| possible for a person with the necessary skills and
| resources, then the license and the enforcement of the
| license are not achieving the goals of the Free Software
| and Open Source movements.
|
| If anything, I would say that the amount of freedoms
| intended to be upheld by these licenses is not expansive
| enough, considering the SaaSS world that we live in now.
| goodpoint wrote:
| > I don't believe that any organization ... is capable of
| enforcing
|
| Big companies are very capable, and often happy, to sue each
| other for reasons including breach of patent, copyright,
| trademark and much more. This includes GPL breaches.
|
| The point of GPL is to build an ecosystem and create "herd
| immunity" against bad actors.
|
| Protecting the rights of a lone developer VS a large
| corporation can be expensive and difficult - not because of the
| GPL - but because of how the legal system works in most parts
| of the world.
|
| But that is besides the point.
|
| What matters is building an ecosystem where 99% of the
| important entities do not systematically violate the license,
| and this is already happening.
| singpolyma3 wrote:
| Can you name a major tech company not actively violating the
| GPL (not to mention untold MIT and BSD licenses on
| JavaScript...) I'm not sure I can
| AstralStorm wrote:
| Oh, many don't violate GPL by avoiding it like the plague
| (esp. GPL 3) and complying with the terms when they cannot.
|
| BSD tends to be easier to comply to by including a license
| note somewhere within the manual or software. MIT has even
| fewer terms.
| arminiusreturns wrote:
| To be fair, if you listen to Eben Moglen and some of the other
| big minds behind gpl(v3), it becomes readily apparent they have
| been working to build up strong methods to deal with this very
| problem by using a delaying tactic.
|
| I think they might be onto something.
|
| Regardless, Eben is such a mind you owe it to yourself to
| listen to some of his talks.
| whoknowswhat11 wrote:
| For those not interested in reading this long arguement the
| actual license simply says you must release the source code to
| your application
|
| "Complete source code means all the source code for all modules
| it contains, plus any associated interface definition files, plus
| the scripts used to control compilation and installation of the
| executable."
|
| This is relatively routine.
|
| The major new claim here is that releasing source code requires
| folks to unlock secure boot / root of trust / DRM type
| implementation on HARDWARE they sell. So release a complete work
| no longer (as plain language would read) means releasing the
| source code - but now ALSO requires that developers add various
| features to HARDWARE to bypass root of trust security measures
| which may include things around power limits or management on
| equipment or for things like phones sold on installment plans
| with a vendor lock would let folks pick up the phone on plan,
| root it to avoid vendor lock and then stop paying on phone.
| infogulch wrote:
| I mean it's right there:
|
| "scripts used to control compilation and installation of the
| executable"
|
| If the installer source code is missing the bit that enables
| installation of the GPL binaries on your device, then I guess
| it's not in compliance. The fact that the scope of these codes
| also include device keys seems somewhat irrelevant.
| [deleted]
| josephcsible wrote:
| > phones sold on installment plans with a vendor lock would let
| folks pick up the phone on plan, root it to avoid vendor lock
| and then stop paying on phone.
|
| You realize that bootloader unlocking and carrier unlocking are
| totally separate, orthogonal things, right?
| whoknowswhat11 wrote:
| Do you understand the GPLv3? It made clear that any of this
| locking on hardware was prohibited. Vendors of products that
| had these locks have to provide the security / encryption
| keys to bypass them if they use GPLv3. As a result, they do
| not.
| josephcsible wrote:
| There's two separate sets of keys. One controls what OS the
| phone's CPU will boot, and the other controls what SIM
| cards the phone's baseband will use. Nothing would require
| releasing the second set of keys.
| whoknowswhat11 wrote:
| Have you talked about this with the FSF? I can sell a
| GPLv3 device that ships with unmodifiable locks?
|
| If this is true (it is not) than we can do all sorts of
| dongle type locks on devices.
|
| GPLv3 is not just about the bootloader. They are very
| clear actually that vendors must release anything that is
| needed to bypass locks or integrity checks.
|
| " It will depend on how the hardware was designed--but no
| matter what information you need, you must be able to get
| it."
| josephcsible wrote:
| Can you copy and paste the exact sentence(s) from the
| GPLv3 that support your position? Because that's not my
| reading of it at all.
|
| EDIT: This?
|
| > " It will depend on how the hardware was designed--but
| no matter what information you need, you must be able to
| get it."
|
| The key word there is "need". You don't need the baseband
| unlock information to replace the stock kernel with a
| modified one.
| comex wrote:
| The GPLv3 requires that if you distribute GPLv3 software
| as part of a consumer product, users must be able to
| install a modified version of the software in its place.
|
| If _the baseband_ has GPLv3 software on it, then that
| implies the user has the right to run custom software on
| the baseband (at least at the same privilege level as
| said software), which probably implies the ability to
| connect it to arbitrary networks.
|
| If only the application processor has GPLv3 software,
| then there is no requirement with respect to the
| baseband. The GPL isn't _that_ viral.
| pabs3 wrote:
| BTW, the PinePhone baseband runs Linux on the non-DSP
| part of the baseband. There are folks reverse-engineering
| the proprietary programs running under the Linux kernel
| on the baseband.
| drran wrote:
| > or for things like phones sold on installment plans with a
| vendor lock would let folks pick up the phone on plan, root it
| to avoid vendor lock and then stop paying on phone
|
| The solution is simple: develop your own OS, make it
| bulletproof, then do whatever you want. Nobody will ask to open
| source code of Symbian device, because it's not a GPL'ed OS.
| RHSeeger wrote:
| > phones sold on installment plans with a vendor lock would let
| folks pick up the phone on plan, root it to avoid vendor lock
| and then stop paying on phone.
|
| To be fair, the fact that they signed a contract saying they
| would pay for the phone is what's supposed to be what keeps
| them paying for the phone. There's already laws around paying
| for things you buy, so the whole "well, people wouldn't pay for
| their phones" argument is completely invalid.
| singpolyma3 wrote:
| Also what street level theif is rooting a phone? This is not
| a normal-person kind of operation
| whoknowswhat11 wrote:
| It is not completely invalid. This is a ridiculous statement.
|
| The stats are actually pretty clear. T-mobile in particular
| got hit with plenty of fraud and others did too before they
| got better at locking things down.
|
| Activation locks were also a control put in place to reduce
| what was for a while an epidemic of street crime where phones
| were stolen. The locks are critical and pretty popular, many
| DA's and cities demanded Apple put them in to try and reduce
| street crime - and they did.
|
| So the idea that locks prevent theft / crime is not
| completely invalid. In fact, there are laws against stealing
| from houses and many people still lock their house. Their are
| laws against steeling cars and people still use keys for
| their cars.
| thatguy0900 wrote:
| From working at a att store for a while, I'll say that
| there is far more fraud than most would think. Perhaps it
| was because I worked in a little bit of a poorer area, but
| we actively turned away 25-40% of customers on any given
| day out of suspicion of fraud. If a customer stopped paying
| for their phone we would have that commission taken back
| next month. Even with that many people being turned down
| you still lost a lot of commission every month.
| infogulch wrote:
| This is more an indication that the problem is being
| solved at the wrong level of abstraction. The problem is
| that phone companies are handing out loans with no way to
| enforce collateral and without tying to some real persons
| credit. Being able to install your own OS on a phone is
| orthogonal to being able to use it as a secure
| collateral.
| thatguy0900 wrote:
| Well, you can once the phone is paid for. We could give
| out codes to unlock it from our network after that. Noone
| wants to buy phones outright or put money down, though. I
| agree you should be able to install whatever os you want
| once it's paid for as well, but I was under the
| impression that's a manufacturer thing not a carrier
| thing.
| drran wrote:
| > In fact, there are laws against stealing from houses and
| many people still lock their house. Their are laws against
| steeling cars and people still use keys for their cars.
|
| It looks so unsecure. It will be much better if Apple will
| lock your house and car instead, so you will just ask Apple
| to unlock your house. If you violate Apple rules, e.g. by
| storing inappropriate content in your house, they will just
| ban you, so your city will be a much better place to live.
| ineedasername wrote:
| _> The major new claim here_
|
| Per the article and its citation of decade+ old precedent, that
| is not a new claim. Whether these requirements of the license
| are reasonable or not is irrelevant. If OEM's don't like the
| license terms then they can buy/build something else.
| AceJohnny2 wrote:
| Apple has explicitly chosen to stay away from anything GPLv3.
| It's the reason Bash and other tools bundled with macOS are so
| old (they're the last version that were still GPLv2), and why
| they chose to switch to Zsh as a default.
| cma wrote:
| Aside from that stuff it is hard to use Mac seriously as a unix
| anymore after they started wiping out /etc/ changes every
| update (with insecure ssh defaults like password
| authentication).
| [deleted]
| IntelMiner wrote:
| That's shot them in the foot many times over the years.
| Especially when they tried to replace Samba with their own SMB
| implementation in I believe 10.7 Lion?
| bb88 wrote:
| Yeah, I find it weird that considering that homebrew is what
| makes macs acceptable for software development, you'd think
| apple would want to support things like bash as first class
| citizens on their os.
| whoknowswhat11 wrote:
| I think you underestimate how much traction Samba lost with
| GPLv3.
|
| You used to have a system that was just wonderful across
| Linux / Mac / Windows. Seriously, you'd run Samba on server
| and Mac would work great with it because under the hood the
| Mac was running Samba. Windows would work fine too for what
| most folks cared about. That was lost when Samba went v3.
|
| One thing - the hosting loophole is still there I think with
| GPLv3, so you can offer HOSTED services with Samba. I think
| some folks have done things there maybe.
| smoldesu wrote:
| Samba still works like a charm on my network, but only
| because I'm sharing between Linux/Android/Windows devices.
| josephcsible wrote:
| There's no clause in the GPLv3 that says "Apple may not use
| this software". Apple could use the new Samba if they
| wanted to, but they choose not to because they like being
| able to do the bad things that the GPLv3 prohibits doing.
| ribit wrote:
| What ,,bad things"?
| ajklsdhfniuwehf wrote:
| sliping in divergencies in the protocol so that you can
| only connect to Apple-Active-directories or something.
|
| Microsoft wrote the book in the 90s about this. https://e
| n.wikipedia.org/wiki/Embrace,_extend,_and_extinguis...
| ribit wrote:
| Right. And implementing their own SMB server (smbd)
| allowed them to do these "bad things"? What is the
| evidence that they did anything like that?
|
| Anyway, how about a much simpler explanation: Apple
| doesn't want to get stuck with a viral license that might
| open them to lawsuits and force them to open up their
| proprietary code they want to keep closed source? GPL
| doesn't work for everyone and there is nothing wrong
| about that. To suggest that anyone who rejects GPL plans
| something "bad" is naive and immature.
| dwaite wrote:
| My understanding is it is the patent licensing clause
| which prevents several companies (like Apple) from using
| GPLv3.
|
| Companies may not distribute GPLv3 under an exclusive
| patent arrangement, but rather need to negotiate a patent
| arrangement for all derivatives of the software. This
| puts them in a bad situation if someone manages to get an
| injunction based on their inclusion of say Samba.
| ajklsdhfniuwehf wrote:
| > Companies may not distribute GPLv3 under an exclusive
| patent arrangement
|
| what is that even supposed to mean?
| MereInterest wrote:
| The goal of GPLv3 (and GPLv2 as intended by several of
| the authors, for that matter), is to ensure that end
| users have freedom to use the devices they have purchased
| as they see fit. Suppose a company has patented some
| algorithm, and has implemented that algorithm in a
| software project that also uses GPLv3 code. When
| distributing the software, they make the code available,
| but only license the patent on the condition that the
| code is run without user modifications. This infringes on
| user freedom, because there is no way for the end user to
| control the software they are running.
|
| For GPLv3, it is important to remember that the primary
| goal is to protect user freedom. Everything else follows
| from that goal, specifically in closing several loopholes
| that were unintentionally present in GPLv2.
| bumblebritches5 wrote:
| Google too, hence Fuscia.
| varajelle wrote:
| The "tivoization" was not the only change in GPLv3. It also has
| patents related changes, which I think is what scared apple.
| swiley wrote:
| Apple has convinced me of the need for FOSS more than RMS ever
| could have.
| jsbdk wrote:
| Just by reading the first paragraph I can see how unbiased this
| article will be.
|
| The gplv3 has been an utter failure. Trying to rewrite history so
| the gplv2 works like the gplv3 is pathetic and will be the last
| nail in the coffin of the GPL.
| selfhoster11 wrote:
| I doubt it. There is no way I'm releasing valuable FOSS
| software as anything less restrictive than GPL. No feeding the
| corporate behemoths.
| pabs3 wrote:
| The article makes it clear that this is _always_ how GPLv2 has
| worked and been enforced in entire history of its existence.
___________________________________________________________________
(page generated 2021-07-24 23:02 UTC)