Well this is what was apparent for me on day one, and I genuinely did not understand people calling for "DON'T SUE THEM, YOU WILL SCARE THEM AWAY FROM LINUX!"
I see no goodwill from those types, and the simplest explanation for their stance is them being material beneficiaries from that.
People like Patrick McHardy do an enormous service to the Linux community, and he alone provably did more in the last few years than what that GPL conservancy did for its entire existence. Nothing will be more educational than a "GPL death sentence" to some multi-billion dollar multinational like Broadcom. If it will not be McHardys doing the hard work of suing such companies, who will? I don't see those conservancy guys, Linus' associates, or meek Linux Foundation raising a hand on kinds of Qualcomm, or Samsung (from whom, coincidentally, lots of Linux Foundation funding comes)
I completely don't understand people who direct flak on them, and the brouhaha with the "pledge." The only rationale I can fathom, is again is that material beneficiaries of GPL violation have now penetrated the circles who made the "GPL Cooperation Commitment"
McHardy wasn't trying to get compliance, he was trying to get money. He didn't care about source availability at all, and many of the suits were over licensing matters entirely unrelated to source availability.
Enforcement is a good thing. But the point is to get people complying with the license.
When there have been a confrontation with a company that will willingly break the law in order to get money and people which intent is to get source availability, the outcome has been no source and no compliance.
In every confrontation between people, strategies need to adapt when goals fails to be achieved. Even if the goal of McHardy has been to get money, the effect of that strategy might produce more compliance with source than the past strategy of SFC.
Dual-license. Set out a commercial option. Once compliance is achieved they are liable for the commercial licensing fees for the period up until that time. It isn't a fine, it isn't damages, it is just the normal cost of doing business.
May the standard licensing costs quite high (but not exorbitant) and state that other terms are available if negotiated before using the software.
If they refuse to pay and the amount is large enough, sell the dept to a collections agency and at least cause some inconvenience (though that last part probably won't work across international borders).
Of course if you don't want financial recompense, and open-source-ness is your only concern, then compliance it the only matter to be concerned about. But some people and commercial entities simply won't respect that up-front (so you'll have to fight for compliance) unless non-compliance has an associated cost.
I'm not suggesting they shouldn't be. On the contrary, "on top of" is fine; those efforts cost money and time. I'm saying that some people don't care about compliance, and are just out to get monetary "damages". Which is exceptionally questionable when you're just one of the tens of thousands of people who might theoretically have a claim, but you're pursuing something unilaterally without regard for actually obtaining sources and encouraging future compliance.
> This page unfortunately does not demonstrate why he is profiteering
The page also unfortunately does not demonstrate why the people, who self proclaimed themselves "netfilter core team," are so hellbent on arm twisting McHardy into signing on their "Principles."
Linus said that those principles are not a prerequisite for participating in the Linux kernel, but the current netfilter people not only suggest they are, but are ready to scream, shout, mislead, make dodgy insinuations to people, and go wingnut to make contributors sign it.
The second assumption after first presuming them doing this is the goodwill, is them getting good paychecks from network devices owners who benefit from various extends of erosion of GPL terms.
> People like Patrick McHardy do an enormous service to the Linux community
A response to legal attacks, justified or not, is that a lot of places with $$$ to fund the GPL work ban GPL as an existential threat, and fund work under more liberal licences.
That shouldn't be a valid get-out for people ignoring the licence terms. But it is the reality and has to be part of the argument / strategy. That's aside from any consideration about the form of the particular legal attacks you refer to.
A company can limit themselves to only use technology that exist in the public domain or has no conditions applied. I would however question how effective that is in term of competition in a competitive market where smaller and more agile companies can leverage the ability to internally use GPL in order to push out products faster and cheaper without wasting unnecessary time to re-implement tools used internally.
As a example, I have never seen a gaming company having internal policy against GPL. Developers are limited in including software that would disrupt the primary business model, but otherwise limiting developers on what they can do when experimenting or internally developing would only delay launches and steal developer time which could be allocated to improve the game.
They are free to use something other than Linux, or GPL software. This is pretty much what an opensource is, don't like GPL, go get some code not under it.
The much of the *BSD family whose pretty much only point of existence over GNU was its use of permissive license is there laying around, with their devs almost begging for somebody to take their code, and fund their work.
And still, how many of those companies went, and chose FreeBSD over Linux? Not many, very likely just single digits. Most continue skulking, squabbling, crying, facing lawsuits, lose money, face, but they still continue to bite the bitter fruit, which is Linux.
The simple truth is that they have no alternative to Linux, and they don't have resources to make an OS of their own, or bring the numerous permissively licensed "Linux killers" to usable state.
> And still, how many of those guys went, and chose FreeBSD over Linux?
Well, Apple is at 14% of the smartphone market globally and that's derived from BSD, Macs are smaller but also BSD.
The OS is just one case, it's hard to catch up with Linux, but that has not stopped Fuschia (BSD/MIT/Apache) and proprietary, nor SaaS where Linux powers it but is not "distributed" in GPL terms.
The shape of the future is people are stopping feeding the GPL commons in favour of permissive licenses that the $$$ wants https://resources.whitesourcesoftware.com/blog-whitesource/o... shows over half of projects in 2019 are MIT /Apache vs GPL(s), and a steady decline in even GPL3 usage.
I don't know what should be done about enforcement but I do know these realities have to be factored into any useful considering about that.
> The shape of the future is people are stopping feeding the GPL commons in favour of permissive licenses that the $$$ wants https://resources.whitesourcesoftware.com/blog-whitesource/o... shows over half of projects in 2019 are MIT /Apache vs GPL(s), and a steady decline in even GPL3 usage.
Yes, that's how it looks. In the long term, I think that will turn out to be a Faustian bargain for users and hackers.
It will be the world the commercial software devs want; a large pool of permissively licensed software that they can pick and choose from to assemble $$$ products (with a number of useful idiots and sometimes even businesses contributing to maintaining the underlying pieces), without having to worry about contributing anything back.
But the dream of a Free Software computing experience, where you can inspect and modify every part of the software you run, will have died.
I have no idea how that insinuation came upon that opensource is somehow "abandoning GPL."
GPL was, is, and will likely be the de-facto one, and only license people call an opensource license for as long as we talk about serious projects outside of webdev realm.
The statistics is skewed as of recently because of the overabundance of GitHub one day projects.
I chose it (now back on windows, different story...). The GUI/xserve configuration was problematic. To me, I think bsd is great for servers, but for Desktop less usable then linux.
> I genuinely did not understand people calling for "DON'T SUE THEM, YOU WILL SCARE THEM AWAY FROM LINUX!"
Bringing lawyers in always makes people really defensive. People are unlikely to take risks if there's liability involved. Whether this is good or bad for free software I don't know. Probably not.
Linux needs more leverage over companies. Not necessarily legal leverage.
The idea of GPL is to move towards better software, better rights of users of software and developers of software.
So
> People are unlikely to take risks if there's liability involved.
people are free to choose inferior products, ways of development, components and libraries, but that would - probably - make them less competitive, so e.g. their investors may become worried.
Not only Linux needs more leverage - it also needs to use it, because otherwise it's a moot point.
> The idea of GPL is to move towards better software, better rights of users of software and developers of software.
Maybe that's the idea of GPL, but certainly not the reality. As long as it more enforcement won't help. But I'm still all for it. Makes sure companies fund better software with better licenses and the GPL ends in the garbage bin of history where it belongs.
Do you have concrete examples of how the GPL directly benefited the projects you mentioned?
> gcc
GCC is a very high quality free software compiler but there were occasions where it let free software ideology get in the way of technical excellence. Fearing proprietary extensions, they actively opposed a plugin system and stable intermediate representation. This led to the creation of LLVM.
> concrete examples of how the GPL directly benefited the projects you mentioned?
The GPL is the reason for many source-code contributions. Compare this to the way Sony use FreeBSD to power their PS3 and PS4 consoles and contribute little back to the FreeBSD project.
There are other reasons companies may contribute changes, including that it spares them the trouble of rebasing their fork, and it may earn them goodwill, but copyleft is a strong reason too.
A good concrete example really is that of compilers. Apple used to begrudgingly contribute code to GCC, as the GPL required them to. LLVM has no such requirement, so we see proprietary forks crop up. [0] If I were to contribute to a project like GCC or LLVM, I'd rather my work didn't end up in some non-Free fork.
That Apple later invested in LLVM turned out to be pretty great for everyone. GCC is still doing fine, and we have another industry-strength Free Software compiler suite. I'd rather Apple didn't use a proprietary fork for their own secret-sauce, but I can't be too grumpy given how well LLVM/Clang has done.
> there were occasions where it let free software ideology get in the way of technical excellence
It's an FSF project, so this criticism doesn't really land. FSF projects are not aiming for technical excellence at any cost. It's a bit like saying Free-range ideology gets in the way of my food budgeting.
I don't know much about the specifics of GCC here.
Can we really know what Sony would have done in an alternate timeline? Maybe they would purchased a license to a non-FOSS OS. Maybe they would have simply used Linux with proprietary binary blobs.
Investors are much more likely to worry about IP lawsuits than the nitty-gritty of development libraries and methodology. If people start being sued for using the Linux kernel, your investors are going to expect a pretty solid explanation for why you won't be one of them.
> If people start being sued for using the Linux kernel, your investors are going to expect a pretty solid explanation for why you won't be one of them.
So follow the license? If you built a business on pirating Windows, nobody would be surprised when MS murdered you in court. Why should Linux be any different?
It shouldn't be! Linux devs have every right to enforce the license as strongly as they'd like. I'm just saying that it's silly to expect that this won't impact usage, or that investors will insist on Linux because of their deep and principled commitment to good development standards.
Is usage the goal? I would think it's better to have, say, 80 devices on the market that use Linux and comply with the GPL and give software freedom to their users, along with 20 devices whose vendors chose to avoid the hassle and used a proprietary or permissively licensed kernel, than to have 100 devices that all use Linux and violate the GPL and give the users no ability to share or modify the software.
Whatever the movement is 'trying to do' is not the point so much as 'what will happen' because of the incentives and thinking process (ie risk mitigation) at most companies.
Most of these licences are untested in court and that's a very bad thing for everyone. So in a way, a bunch of clear and settled cases would provide the 'best path forward' because then we'd know where the lines are - but - a bunch of 'weird outcomes' that cost other companies bazillions would probably hurt a lot and it will strike fast. You won't be able to get your investment if your flirting with a situation in which some other corp got banged for $2B, even if technically you are in the clear.
It's probably a very bad idea to 'sue for money'. The objective of the legal cases should be 'clarity' and the cases should be chosen on that basis if the open source community really wants to thrive.
it is not just that the licences are untested in court in one legal system, dont they need to be tested in all jurisdictions? I mean what jurisdiction applies to the licence? (GPL might not be such a problem, since it is very restrictive, but what about LGPL? I ship a system with my software using an LGPL lib to country A, while I am located in country B and the developers of the lib were from country C,D and E)
But legal jurisdictions defer to one another, to the point wherein that is even becoming more formalized, especially for smaller countries [1]. And it's possible that an IP ruling in 'some important place' sets the material precedent anyhow.
If the US or EU rules one way, then others will be influenced by that on some level.
A lot of this could possibly be more clarified by legislation, but I only think the EU and maybe the UK really have the wherewithal or importance to make an impact. Germany possibly but I see them wanting to do that at the EU level. I don't see anything on the horizon for the US.
I would definitely double down on my heretofore down-voted statement: if you care about open source, you really, really want to have 'good, clean cases' pushed through and tested in the courts.
If Open Source proponents leave it to the wind, patent trolls, or big corps - you may see 'bad cases' go through the system and set really bad precedent that hinges on weird corners cases.
Do not underestimate how much of a big deal this is. IP is a discussion at every point along the way when contemplating investing in independent or internal projects and 'ambiguity' is a huge factor in risk aversion.
All of these IP licences are just 'ideas' waiting to be 'more or less law' when they face legal scrutiny, so if I were the 'God of Open Source' I'd be looking to find cases to build a favourable pipeline to the Supreme Court. Major rulings will have a beneficial impact for everyone.
I care about open source, but I also think these litigations might be harmful, I mean if the software is the product companies cannot publish the source. What probably works (and the GPL is good for) is dual licensing, one free GPL version and one paid version. If you do not want to do this, then maybe some clearly permissive license like MIT or putting it into public domain might be a good alternative.
The 'licenses' which you are describing may be worthless, in that they have no actual meaning. Some more so than others.
Someone could sue over GPL tommorow, goes to the Supreme Court, and the GPL is invalidated and ruled invalid.
Then what? The entire software industry turns upside down.
So when the 'licence has little meaning' and it can be overruled in a court ... then companies are very scared of that and act accordingly - with risk aversion.
In other words the 'GPL' is not 'the GPL'. It's just 'maybe the GPL'. And that is a huge maybe if you're betting the company on it.
To make the 'GPL' actually the 'GPL' and to validate the strategy articulated in your comment - you need to either have 1) laws passed in support of this stuff or 2) have major courts rule on it.
The contracts seem reasonable, it would be nice to have them validated in court.
Copyright, a similar issue, is being tested right now in Oracle v. Google and it's going to have a big impact.
To give you some small hint at how big this issue is: Android is switching from Java to Kotlin over this. Literally the #1 most popular OS in the world has to fundamentally shift gears due to IP litigation risks.
If the laws were clear then either a) Android would have never used Java to begin with or b) Android would have no problem using Java. Instead, we're in limbo. Which is why clear contract laws are good for everyone.
> Nothing will be more educational than a "GPL death sentence" to some multi-billion dollar multinational like Broadcom.
I don't think you understand.
That's the equivalent of someone asking about relationship advice on the internet and getting all this "dump her" / "dump him" advice when really what's needed is a little more communication.
I would say a majority of the work in open software comes various forms of corporate sponsorship via sort of unofficial work from their employees.
You ask for "GPL death sentence" and you'll end up with a lot more Apple Computer employees who are for all practical purposes unable to work on any GPL projects.
Everything will be MIT and sharing changes will be withheld for the tiniest of reasons.
There are already plenty of reasons to shy away no matter how good it is for everyone.
Again, this it's not like it's a tragedy, it's an opposite. Opensource will very much benefit from less freeloader companies like Apple, and less companies of lesser rectitude hanging around OSS projects.
Apples is free to go back 20 years, and copy *BSD userspace instead of GNU, which it used for 15 out of 20 years. They are completely free to chose Microsoft Trident instead kHTML for the browser engine. The are completely free to do the same for hundreds of other GPL libs they used in their commercial products.
They are 100% free to do that... If they can pull it out. The thing is they chose it, because they couldn't make anything else work.
Apples militantly opposes GPL, is a freeloader, was actively working around GPL legal language, and it uses DRM, and they are rumoured to be behind much of anti-GPL publicity campaigns. No, they are not good players at all, and will never be.
> Again, this it's not like it's a tragedy, it's an opposite. Opensource will very much benefit from less freeloader companies like Apple, and less companies of lesser rectitude hanging around OSS projects.
Is that so? Which examples do you have where Apple freeloads some GPL software? As far as I can tell Apple stopped adopting any GPL-3 code and effectively has stopped updating GPL-2 dependencies. They are in the process of completely removing it.
On the other hand Apple still contributes actively to a lot of non GPL licensed Open Source code including LLVM.
> Today, we observe almost universal failure in compliance throughout the (so-called) Internet of Things (IoT) market. Only unrelenting enforcement that holds companies accountable can change this abysmal reality.
Which is why Linux on embedded is facing competition full of non-copyleft based OSes.
NutXX, RTOS, Azure RTOS, mbed, Arduino, Zephyr (ironically from Linux Foundation partners), Fuchsia, ....
You're missing thee point of why at least half of the operating systems (if you can call them that) in your list exist. FreeRTOS and Azure RTOS (formerly ThreadX) are hard realtime microcontroller operating systems that are designed to squeeze into as little as 32kB Flash and a few kB RAM. Their capabilities are a far cry from what Linux offers. They complement each other instead of competing.
Neither FreeRTOS nor ThreadX/Azure RTOS can really accept random patches. These systens are certified for use in highly safety critical applications (think railways, nuclear reactors, chemical plants...). To keep that certification, either the whole OS must be recertified after a change or an impact analysis and extensive testing are performed for each and every minor patch. Most random hackers won't be able to deliver any of that along with their patches. It requires resources few have access to.
To give you an example, I had access to the complete ThreadX source code a while ago as my employer back then was a licensee. Making functional changes to that code was a complete no go because that would instantly invalidate its certification and put the onus of recertification on us. And we wouldn't have been able to pull that off at all.
Given those restrictions, the actual software license barely matters.
Do you think the certified editions are fundamentally different from the normal ones? Hint: they aren't. Certified means that these are the exact revisions they handed in for certifications. It's just not realistically possible to get full certification for every release in a fast cycle because the time and effort needed is too high. But they still take on full responsibility for each and every patch going into the codebase.
I've yet to see a certified source code that's different from the non-certified version. I've looked at the ThreadX sources on Github and I see no difference to what I had access to at my previous employer.
I've also gone through the Github history of the FreeRTOS project. The only merged PR that I could find that was not made by a FreeRTOS team member and touched the kernel was a series of whitespace changes.
I am thinking that it is somehow ironic that parent managed to not list a single linux competitor... The alternatives he mentioned are not posix compilant. Instead they are extremely lightweight MCU OSes which serve a completely different role.
I thought that would be more because of the Linux bloat + security risk. I don't think it makes much sense to use Linux in the embedded space, but something that is 100x smaller.
I certainly wouldn't want self-driving car systems to be powered by Linux...
From a stability perspective I would. Linux had much more time to harden than comparable OS. From a technical perspective it isn't a real time OS and does come with unnecessary functions that are probably not relevant to the application, but I think people underestimate the amount of bugs in embedded systems. Minimal OS or bare metal doesn't really matter much.
To my knowledge there was never an incident where common OS was responsible for failure, but it has been a myth for ages.
If it does fail it is probably due to a hardware defect, but a risk analysis would show a plethora of possibilities for fail safe systems.
"Second, depending on what subindustry (i.e., specific class of devices) seems most responsive to increased enforcement activity and willing to provide compliant source releases quickly, we will launch, coordinate and fund an alternative firmware project for that class, or, if appropriate, merge our efforts with an existing alternative firmware project for that class of device."
It is hard to read that as anything but an incentive for vendors to be less responsive, in the hopes that the SFC focus their efforts elsewhere.
Most companies nowadays want to have total control on how users use their hardware. For many IoT things the product is in the patterns they collect when the device sends data home to "backup on the cloud".
That entirely depends on whether the attractive profit margins are on the hardware itself, or adjacent (complementary) to it, in software or services tied to the hardware through the firmware.
Was it unreadable? Sometime ago everybody believed that after the IPv4 exhaustion everybody will quickly switch to IPv6. It was quite reasonable to sell them while they were still worth something if they believed that they will be worthless is several years.
Sadly, there was no big switch to IPv6 and double NAT is the thing now.
From a company's perspective, it must suck to get nagged or even sued over GPL compliance and then have no one use the code. So combining enforcement with firmware development is a much more positive approach that will hopefully generate less ill will.
So I'll be a cynic and say that it's often due to the actions of the company that prevent the user from "using" the code, at least on that device. How many devices have a linux kernel but lock the bootloader down for example?
Yeah, though a really strict reading of GPLv2's "the scripts used to control compilation and installation" might suggest that it's not, since maybe the source code has to include the signing key to get it onto the device. But I don't think anyone's dying on that hill, they just made a new license.
If I remember correctly, somewhere else in the talk he says something like, "I don't think we need GPLv3 for this", but I don't remember where (earlier or later) and don't have time to re-watch the whole talk to hunt for it right now.
(edit: although I think he still prefers v3 / thinks it is stronger. Really you should just watch the talk instead of taking my memory of what he said for granted)
Is it? The one new thing I've looked at (the Akai MPC Live drum machine) had everything wide open. Root console, no password. This also seems to have been the case for a lot of older network appliances etc, but it might have changed in recent years?
It would also suck more to write a kernel from scratch because you didn't want to follow a simple rule when using the most popular and well developed kernel in the world.
I don't get the ill will point. We're talking about companies that are knowingly and wilfully breaking the terms of the GPL.
They aren't entitled to violate the terms of the GPL. They aren't entitled to sell unauthorised copies of Disney DVDs either, and for the same reasons. Compliance with copyright law, and compliance with the licence terms of software that doesn't belong to you, are not optional.
It would be nice if there was less misinformation out there about what the cost actually is. Companies are required to pay that cost if they intend to ship Linux legally. They should not be using Linux otherwise.
Not sure I agree there's a big cost if you do know what you're doing, THB. I'm notsure about Yocto, but I think the buildroot system has GPL compliance baked in. Like packages have licenses and you can export a dump of what you're required to provide. If you're using a proper distro it should be even easier.
I think he's talking about companies that don't know what they're doing. Keeping track of changes is one thing, but even if it takes companies like Tesla years to become compliant, it's seems pretty clear that companies might not know what they should do once they start shipping devices.
Raising awareness and offering alternatives all seems good, but I still hope litigation is a last ditch effort.
It is good if there are more decisions of the highest court. Legal uncertainty is harmful for open source. And as long as there are points in the GPL without leading decisions, this legal uncertainty will continue and open the door for trolls to blackmail open source users with out-of-court settlements in order to enrich themselves.
Actually it would be so simple: I give you source code, you give me changes back, we're even. [...] If you make hardware that locks down software, it's your decision as a hardware maker; it has no impact on my decision as a software maker to give you the software. [...] To me the important part was always: I give you software, you can do whatever you want with it; if you make improvements, you have to give them back. (source: https://www.youtube.com/watch?v=PaKIZ7gJlRU).
In European law, the actual party will is the determining factor in contracts, not the (possibly ambiguous) wording. This is especially important with licenses such as GPL, which are full of unclear, secondary regulations. That is why the clear, unambiguous statement of the original Linux author is important.
Good software, which is not used due to (unnecessary) legal uncertainties, and thus cannot benefit from the support of potent companies, is of no use to anyone, neither in the short nor the long term. The sooner legal uncertainties are removed, the better. Unfortunately, companies avoid legal disputes, often at all costs; that is why it is so easy to blackmail them with out-of-court, very often unfounded claims from patent and copyright law.
When I buy a product, I want it to work well and have good value for money. For this it is irrelevant if the bootloader is locked. If I want to make a system to tinker where I can replace the firmware, I buy a Raspi. The Raspi also benefits from contributions from companies that use Linux in devices where I might not be able to replace the system.
No, the Anglo-Saxon law (US, UK, etc.) is different and makes no assumptions outside of the contract; the contract is applied verbatim as written, and when something is missing, it is not part of the contract. In Europe on the other hand the contract is just one piece of the puzzle and the judge can add, remove or modify clauses in search of the true pary intentions; in case of conflicting elements, the judge may refer to what is applicable under the usual rules for such contracts and even change the contract type. That's why Tivoization with GPL v2 is unquestionably legal in USA, but there is still a certain legal uncertainty in Europe, because there is no supreme court decision.
> and when something is missing, it is not part of the contract.
What if a clause is ambiguous to benefit both parties equally, but not at the same time? Are both parties forbidden to act on their own in those cases?
There is no general answer. The judge decides and instructs the parties how to proceed. Contracts in Anglo-Saxon countries are usually much larger and regulate many more eventualities than one is used to in Europe. It is then usually a matter of presenting evidence in the sense of the specific wording of the contract.
I see no goodwill from those types, and the simplest explanation for their stance is them being material beneficiaries from that.
People like Patrick McHardy do an enormous service to the Linux community, and he alone provably did more in the last few years than what that GPL conservancy did for its entire existence. Nothing will be more educational than a "GPL death sentence" to some multi-billion dollar multinational like Broadcom. If it will not be McHardys doing the hard work of suing such companies, who will? I don't see those conservancy guys, Linus' associates, or meek Linux Foundation raising a hand on kinds of Qualcomm, or Samsung (from whom, coincidentally, lots of Linux Foundation funding comes)
I completely don't understand people who direct flak on them, and the brouhaha with the "pledge." The only rationale I can fathom, is again is that material beneficiaries of GPL violation have now penetrated the circles who made the "GPL Cooperation Commitment"