Hacker News new | comments | show | ask | jobs | submit login

All Dr. Tanenbaum is saying is that it would have been the classy thing to let him know, nothing more.

Professor Tanenbaum is one of the most respected computer scientists alive, and for Intel to include Minix in their chip and not let him know is kind of unprofessional and not very nice to say the least. That is his only (and quite fair) point.




> and for Intel to include Minix in their chip and not let him know is kind of unprofessional and not very nice to say the least.

I guess Minix' license, which allows this kind of behaviour, is the very reason Intel chose Minix in the first place. I imagine it would be very complicated to get management approval for informing Dr. Tannenbaum about the usage in Intel's ME.

IMHO if he has a problem with the way things worked out, he should have chosen a different license. For example the MIT license requires the copyright and license to be included in distributions.


> IMHO if he has a problem with the way things worked out, he should have chosen a different license.

This is a classic conflation of legalese and ethics/decorum/professional courtesy. Just because something is legal doesn't make it good, and just because something is good doesn't make it legal.

For example, I abhor those who take credit for other peoples' work. But I use a license on software I write that permits folks to do just that.


What license allows one to take credit for another's work?


Any license without required attribution like "The Unlicense" .


That's an extreme reading. If I make a library, don't require attribution, and then you use it in your project without attribution, that's emphatically not the same thing as "taking credit" for my work.


CC0 is another one.


The WTFPL for one.


Sure but polite is often not profitable. Instead make your licenses line up with your wishes. It's another way of saying, "Hey you didn't say you needed it".


The Minix 3 license contains [0]:

    * Redistributions in binary form must reproduce the above copyright
    notice, this list of conditions and the following disclaimer in the
    documentation and/or other materials provided with the distribution.
So it looks like Minix's license does require the copyright/license to be included in distributions.

[0]: https://github.com/Stichting-MINIX-Research-Foundation/minix...


The strict meaning of "Redistributions" in that clause means that Intel would have to be distributing the OS itself as a product in binary form. Deploying it in an embedded system, and selling that embedded system, particularly in a form where the user does not have access to the OS as a product, does not meet that definition. Tanenbaum himself concedes this point in this letter.


This is quite debatable, not something I'd bet a court case on.

One of my libraries with BSD 3-clause license was used in a U.S. government project. It did require particular hardware and couldn't really be deployed by any random user but they honored the mention clause without any prodding on my part.

My Bosch kitchen appliances came with a whole bunch of software licenses for embedded subsystems, even GPL ones. So it seems actual lawyers in a huge international corporation decided it constitutes distribution.


>So it seems actual lawyers in a huge international corporation decided it constitutes distribution.

I mean, they could also just assume that shipping three sheets of paper with each washer is just cheaper than finding out.


…which still supports my point is that it's hardly trivial and clear-cut issue.


GPL3 was practically created to cover this case, as FSF lawyers didn’t feel that GPL2 is enough to enforce that. Check out the TiVoization clause in GPL3 and its history.


No it didn't. GPLv3 was created to cover the case of hardware vendors not allowing to run modified code. They still have to abide by the terms of the license even if they use GPLv2 -- that is, releasing the source code.


I thought GPLv3 was for many issues, not a single issue.

For example, the software-as-a-service loophole that GPLv3 (and AGPL) closes. We actually had an exploitation of said loophole for the open source Space Station 13 game. People were making changes to the game (each server runs their own modifications, and, the game is pure client/server so the entire 'game' is server-side binary only with dumb clients connecting) and some people were making important modifications and not sharing them with the community AND it was intentional because their mods made them the most popular server to play on (because nobody else had the features). It was a big stink, and eventually someone "leaked" the code, but then nobody could tell if that was legal to use or look at and it became a big, confusing legal grey area. All because they didn't start with AGPL or GPLv3 (or some other SaaS-aware license). The original authors probably didn't think anything of it and just thought "GPL is 'good'. So GPL it is." and that was the extent of it.


What you said is irrelevant to the discussed topic. With GPLv2, the hardware vendors must ship source code -- that is, follow the license. GPLv3 doesn't change this fact nor was it created to make this requirement, as it was already present in GPLv2, which is what we discussing.


Aren't BIOS updates (which contain the ME code) considered binary distributions? me_cleaner woudn't work otherwise.

I suppose you could make the argument that the OEMs are the ones distributing the binaries, but they are out there.


IANAL and someone can correct me but I doubt you're right. Every IOT product I've purchased and even my car either has a printed version of open source licenses or you can access them somewhere within their GUIs.


This doesn't make any sense. For the opposite opinion of many lawyers from many companies, see the list of licenses that come with multimedia systems in automobiles or in your smartphone.


Is there case law to back this up?


In

> http://wiki.minix3.org/doku.php?id=faq&s[]=license#what_is_t...

you can read:

"What is the MINIX 3 license?

The MINIX 3 license is a clone of the Berkeley (BSD) license. In plain English, it says you can do whatever you like with the system provided that (1) you agree not to sue us under any conditions, and (2) you keep the credit lines in the source, documentation, and publicity unless other arrangements have been made. Specifically, you are free to modify the source code, redistribute it, incorporate it into commercial products with only the above restrictions."

Note the passage "unless other arrangements have been made". I am pretty sure Intel made such an agreement with the MINIX 3 developers for this reason.


this can be just a footnote in some manual coming with the cpu, which is likely the thing that actually made the information public.


So could he sue Intel for about a billion dollars now?

Also, my guess is this is part "security through obscurity", part Intel not wanting everyone to know that they used someone else's code for its chips' firmware.


IANAL, but assuming this is breaking the licence agreement, wouldn't suing for money only make legal sense if he could show that this infringement had cost him in some way?

Beyond the valid complaint of this being a personal insult, that is.


It does cost him. More people would know of MINIX and more would have heard of its creator. More people would buy his books, hire him for consulting on OS design, etc.


US copyright law lets you sue for either actual damages plus the infringer's profits OR statutory damages.

https://www.law.cornell.edu/uscode/text/17/504


The first good faith claim to do is to notice Intel to add the copyright notice.


It's rather late now, though, considering it's been around for years now without anyone knowing exactly because they did not include that copyright notice.

I have no idea what copyright law says about damages in a case where the infringing party tries to keep their large-scale infringement secret.


The statutory damages option discussed above does not require a showing of actualy damages. It's just x dollars times the number of instances of infringement. Also, while delay in providing notice of infringement can work against the copyright owner, in this case, because Intel is a sophisticated party (i.e., big company with many in house lawyers and outside law firms advising them), the delay in making a claim would likely not help Intel's case.


He did cover those points in the letter:

> I guess Minix' license, which allows this kind of behaviour, is the very reason Intel chose Minix in the first place. I imagine it would be very complicated to get management approval for informing Dr. Tannenbaum about the usage in Intel's ME.

Tanenbaum: Some people have pointed out online that if MINIX had a GPL license, Intel might not have used it since then it would have had to publish the modifications to the code. Maybe yes, maybe no, but the modifications were no doubt technical issues involving which mode processes run in, etc. My understanding, however, is that the small size and modular microkernel structure were the primary attractions.

> MHO if he has a problem with the way things worked out, he should have chosen a different license.

Tanenbaum: I don't mind, of course, and was not expecting any kind of payment since that is not required. There isn't even any suggestion in the license that it would be appreciated.

Tanenbaum: The only thing that would have been nice is that after the project had been finished and the chip deployed, that someone from Intel would have told me, just as a courtesy, that MINIX 3 was now probably the most widely used operating system in the world on x86 computers. That certainly wasn't required in any way, but I think it would have been polite to give me a heads up, that's all.

-----

All in all, I think Tanenbaum's open letter is partly an exercise in self promotion and partly venting a little frustration that his work has gone uncredited given the scale of its deployment. I might be reading between the lines a little here but I also wonder if he's venting little because he dislikes nature of this particular deployment:

Tanenbaum: Many people (including me) don't like the idea of an all-powerful management engine in there at all (since it is a possible security hole and a dangerous idea in the first place), but that is Intel's business decision and a separate issue from the code it runs.


Tanenbaum has clearly been updating and editing his later added note; I saw an earlier version that didn't include the parts in parentheses and a few other parts.


> partly an exercise in self promotion

if so i don't begrudge that, as it's not like intel was saying much about it. :P


He's one of the last people who needs to do self-promotion. Anyone here who studied CS in university probably did so using books Andrew Tanenbaum wrote.


Self promotion?? The guy is a legend!


Lots of other non-GPL FOSS projects suffer a similar situation. Here in Brazil, the Lua creators having a hard time finding out who is using the language as the license permits people to pick it up, patch, distribute without ever saying "hi!". They are always quite happy when they learn about usage in the enterprise, entertaiment and other cool uses.

Companies using such projects should be more courteous, if only to encourage more of such licenses...


There's a difference between publishing with attribution, and informing the original author.


MIT license only states:

> The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

This is weaker than what is in a BSD license:

> Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.

That is, BSD license explicitly requires copyright attribution for binaries, while MIT does not.


So ... Intel violated the BSD license?


That is a good point and explains the letter better. Apparently Intel cannot fulfill even minimal attribution requirements and the letter is a polite reminder for the company of its duties.


Which is pretty sad - even most crappy mobile apps have a page where they list all open source projects including links to source, license terms, copyright attributions, etc.


> So ... Intel violated the BSD license?

I wrote in

> https://news.ycombinator.com/item?id=15651860

that the MINIX 3 developers openly say in their FAQ that different agreements with them are possible. I would bet such an agreement exists - I don't believe Intel's lawyers would have tolerated such a legal liability.


Professional courtesy is not legally required. But it would have been the polite thing to do.


BSD 3-clause license requires that as well.


But as clearly indicated in the text, dr. Tannenbaum does not have a problem with how things worked out:

> I don't mind, of course, and was not expecting any kind of payment since that is not required. There isn't even any suggestion in the license that it would be appreciated.

> The only thing that would have been nice is that after the project had been finished and the chip deployed, that someone from Intel would have told me, just as a courtesy, that MINIX 3 was now probably the most widely used operating system in the world on x86 computers. That certainly wasn't required in any way, but I think it would have been polite to give me a heads up, that's all.

> If nothing else, this bit of news reaffirms my view that the Berkeley license provides the maximum amount of freedom to potential users. If they want to publicize what they have done, fine. By all means, do so. If there are good reasons not to release the modfied code, that's fine with me, too.


They could have sent Dr Tanenbaum MINIX chip #50,000,000 and politely requested he did not make the info public? A small gesture of appreciation I guess?


Nope.

His letter point is clearly about widely(1) known debate(2) between him and Linus Torvalds, and ego massage.

(1) widely, if you arent 25 years old proverbial "javascript developer" ;-) - as the debate took place in 1992.

(2) https://en.wikipedia.org/wiki/Tanenbaum%E2%80%93Torvalds_deb...


It's certainly a joking jab at that debate, and while I'm sure he can appreciate the irony of overtaking Linux this way, stroking his own ego is not what this is about. He doesn't need that.

I think the reason he posts this is that, just like everybody else, he's not happy about Intel secretly introducing a massive security hole in their processors. Telling him they were using Minix on such a massive scale would have been polite, but it would also have informed Tanenbaum that Intel was running a secret OS on their processors.

What Intel did was not only foolish and harmful, it was also impolite. Plenty of people are addressing the foolish and harmful parts already, but the impolite part can only really be addressed by AST.


"stroking his own ego is not what this is about. He doesn't need that."

Forgive me for interjecting politics into this debate, but we all know at this point that there is at least one highly successful egotist in this world who still needs to have his ego stroked on a regular (daily) basis. I admire Tanenbaum and doubt that he fits into this category, but the category does exist.


I honestly can't tell if you mean Trump or Torvalds.


It has to be Torvalds. They said "highly successful".


From your Wikipedia link:

"I would like to close by clearing up a few misconceptions and also correcting a couple of errors. First, I REALLY am not angry with Linus. HONEST. He's not angry with me either. I am not some kind of "sore loser" who feels he has been eclipsed by Linus. MINIX was only a kind of fun hobby for me. I am a professor. I teach and do research and write books and go to conferences and do things professors do. I like my job and my students and my university. [...] I wrote MINIX because I wanted my students to have hands-on experience playing with an operating system. After AT&T forbade teaching from John Lions' book, I decided to write a UNIX-like system for my students to play with. [...] I was not trying to replace GNU/HURD or Berkeley UNIX. Heaven knows, I have said this enough times. I just wanted to show my students and other students how you could write a UNIX-like system using modern technology. A lot of other people wanted a free production UNIX with lots of bells and whistles and wanted to convert MINIX into that. I was dragged along in the maelstrom for a while, but when Linux came along, I was actually relieved that I could go back to professoring. [...] Linus seems to be doing excellent work and I wish him much success in the future.

While writing MINIX was fun, I don't really regard it as the most important thing I have ever done. It was more of a distraction than anything else. The most important thing I have done is produce a number of incredibly good students, especially Ph.D. students. See my home page for the list. They have done great things. I am as proud as a mother hen. To the extent that Linus can be counted as my student, I'm proud of him, too. Professors like it when their students go on to greater glory."


Speaking of ego:

"if you arent 25 years old proverbial "javascript developer" ;-)"

Why is this necessary?


We all need a massage from time to time.


Gotta stroke that grey beard


The same reason Vi versus Emacs internet arguments are necessary.


ed all the way!

[this comment was written in Lynx]


Ed! Ed! Ed is the standard text editor!

https://www.gnu.org/fun/jokes/ed-msg.html


Why is this necessary? It's just a little joke.


I would think qualifying a claim of such scope as "widely known" would be very much necessary.


Is it close to being the most used OS with the IME embedding ? lots of mainstream devices don't use Intel chips...

I'm sure A.Tannenbaum is flattered (and duly so, Minix 3 is very interesting) but I'm feeling he's patting himself on the back here.



Maybe it's a smaller class OS compared to Minix though (even though Tannenbaum didn't specify in his letter)


Exactly. When I see something that my friend has found on facebook and I share it, I always acknowledge them for finding it. It's simply intellectual honesty/courtesy. A "thank you" would have been enough. Intel goofed; hopefully they'll make amends. This has nothing to do with legal requirements or financial compensation.


Learning about something from someone's social media post is completely separate from using someone's copyrighted work...

You have a legal and ethical responsibility to the creator of the work, not to whomever put it in your feed.

Of course, we should credit our grade school teachers each time we do arithmetic - Thanks, Mrs. Ashliman!


I'm not sure I follow you here. When a friend shares an article, for example, the article comes as the owner put it on the web- page, author, etc. When I share that article, I say something like "h/t to kbutler for the find" That give credit in my circle to the person in my circle who found it. It's just a courtesy.


> When I see something that my friend has found on facebook and I share it, I always acknowledge them for finding it. That's suggesting Intel should say, "We're using Minix in our chips - h/t Joe Random who posted about it on Facebook"

The courtesy they owe is to Andrew S. Tanenbaum, the /creator/ of the work they are using, not to some individual who happened to blog about it.


???? I don't even think we're talking about the same thing any more. Prolly should just move on.


This shows the cultural difference between private companies and scientists or open source developers.


People inside these big corps tend to have these exploitative mind, even more than in SMBs, because they have a big name to throw around and that opens almost every door.


So a large corporation does something non-classy. What else is new?


The licensee we're talking about here is a corporation, not a human who feels emotions like gratitude and respect. If he wanted them to be "classy" or "nice," he should have included that as a clause in the software licenses.


For the first time I would have hoped that Prof. Tanenbaum included a backdoor in the MINIX network stack. Now that would be kind of ... cool?


[save]


Wrong thread? Nothing you wrote has any relationship with what GP commented on.


[flagged]


Could you please not be rude to other users here? We're trying to have a civil conversation.

https://news.ycombinator.com/newsguidelines.html




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: