Forgot your password?
typodupeerror
Wireless Networking GNU is Not Unix Hardware Your Rights Online

Is Linksys Violating The GPL? 524

Posted by timothy
from the could-just-be-a-glitch dept.
jap writes "According to this post on LKML, Linksys is shipping firmware for (at least their) 802.11g access-points based on Linux - without any sourcecode available or mentioning of it on their site. This could be interesting: it might provide the possibility of building an ueber-cool accesspoint firmware with IPsec and native ipv6 support etc etc, using this information!"
This discussion has been archived. No new comments can be posted.

Is Linksys Violating The GPL?

Comments Filter:
  • Cisco IOS ? (Score:5, Funny)

    by berkeleyjunk (250251) on Sunday June 08, 2003 @02:21PM (#6144299)
    If you push too hard for publishing source code, this box will be running Cisco IOS soon, slowing down the box 4 fold.

    • Re:Cisco IOS ? (Score:2, Informative)

      by Anonymous Coward
      Nah, Free/OpenBSD can have commercial license where you don't need to publish the source e.g. MacOSX
    • Re:Cisco IOS ? (Score:3, Interesting)

      by Anonymous Coward
      Interestingly enough, Cisco's Content Engine module (it's a web cache) for the 2600/3600 routers, run linux. So, is Cisco violating the GPL? Maybe, by not providing source. But, it doesn't mean they modified the source at all, much of the functions in it appear to be handled by external programs that they have written.

      The module itself is just a PIII 500 mobile processor with a laptop drive and some memory. Basically, just a PC on a tiny card. It's neat.
      • Re:Cisco IOS ? (Score:5, Interesting)

        by prizog (42097) <novalis-slashdot&novalis,org> on Sunday June 08, 2003 @03:20PM (#6144658) Homepage
        Hi. I work for the FSF investigating GPL violations (and yes, we are also working on this Linksys thing). Can you tell me more about this Cisco issue? Is there any software FSF holds copyright on (the gnu c library, bash, gnu tar, gzip ...)? Does the unit come with an offer to provide source code?
        • Re:Cisco IOS ? (Score:5, Interesting)

          by prizog (42097) <novalis-slashdot&novalis,org> on Sunday June 08, 2003 @03:28PM (#6144706) Homepage
          Er, you can mail me at novalis atsign fsf.org if you have any information.
        • Re:Cisco IOS ? (Score:3, Interesting)

          by Sheetrock (152993)
          I'm a bit curious... how does the FSF avoid issues with EULA agreements when performing an investigation? They seem to forbid the types of operations I would think necessary to determine if code is being misappropriated, as some degree of disassembly or analysis of EULA'd software would seem to be necessary for a comparison.

          Not that such an argument would matter much if they were indeed found to be misusing GPLed code, of course.

          • Re:Cisco IOS ? (Score:5, Informative)

            by prizog (42097) <novalis-slashdot&novalis,org> on Sunday June 08, 2003 @04:14PM (#6144976) Homepage
            Usually, we don't do much investigation -- we rely on reports from users of the products. We never agree to EULAs, technical NDAs, etc. as a matter of principle. And usually, there's no disassembly involved -- simply grepping for a copyright notice is enough. Most violations are inadvertant -- they're still serious, but there's usually no attempt to hide what software is used.
        • Re:Cisco IOS ? (Score:5, Informative)

          by ZorroIII (659075) on Sunday June 08, 2003 @06:26PM (#6145628)
          In the release notes [cisco.com] for the software on the NM-CE card they say:
          GNU General Public License Modules Cisco Cache software, Release 3.0.2 incorporates software licensed under the GNU General Public License. If you would like the source code for any of the modified GPL code in Cisco Cache software, Release 3.0.2, send a request to ce-sw-req@cisco.com
          I sent them a mail some time ago asking for the source of GPL programs, but still havent received an answer. The card is rather interesting, one day I'll try to modify the OS to something that can be used for other stuff aswell.
    • by frovingslosh (582462) on Sunday June 08, 2003 @04:06PM (#6144930)
      If the code on the Lynksys needs to be released under the terms of the Linux license, then replacing that code with Cisco code in future releases would not change their obligation to release the code for a current product. Rather, it would be an admission that they did indeed have an obligation to release the current code, an would leave them with an inferior produvct while not removing that obligation to release the source for the good code.
      • In Linksys was forced to give out IP they don't wish to divulge it is a huge signal to other companies to steer clear of Linux.
        • The thing is, it's mostly not their IP, it's Linus' and the rest of the people that wrote the code's IP. They may have made some changes, but that doesn't mean they can disregard the copyright under which the software was released. I'm pretty sure they knew about the GPL before the got started.
    • Re:Cisco IOS ? (Score:3, Interesting)

      by fm6 (162816)
      Even though you got modded "Funny" I think you're serious. Consider the cost of licensing a proprietary OS and porting all your code to it. Weigh that against the cost of putting all the source code on the web.

      My guess is that nobody at Linksys thought about their obligation to provide source code, or if they did, the process fell through the usual corporate cracks.

  • I'm not sure (Score:5, Insightful)

    by CAIMLAS (41445) on Sunday June 08, 2003 @02:22PM (#6144306) Homepage
    I'm not sure whether this is just as damaging to Open Source as the SCO thing had the potential of being, or not. On one hand, it might deter use of linux at all, and on the other it'll just be a general 'bad business practice to use linux in our commericial products' type stigma.
    • by Alain Williams (2972) <addw@phcomp.co.uk> on Sunday June 08, 2003 @02:28PM (#6144351) Homepage
      Not at all -- it just gives SCO another company to sue!
    • Re:I'm not sure (Score:2, Insightful)

      by GigsVT (208848) *
      I doubt it.

      Software companies license code from other companies all the time. If you come to that conclusion, then the argument is really against using any licensed code at all.

      The GPL is not that difficult to comply with. Compliance is simply the cost of licensing the GPLed code. It's still a hell of a lot cheaper than Linksys licensing some other embedded OS and paying a per-unit royalty.
  • Man... (Score:5, Insightful)

    by rindeee (530084) on Sunday June 08, 2003 @02:22PM (#6144311)
    ...think of the number of APs they'd sell based on this fact alone. They obviously should abide by the GPL, but they should also shout it from the hilltops that their AP is Linux based and therefore a hackers delight (and the FCC's nightmare).

    ER
    • Re:Man... (Score:2, Insightful)

      by LooseChanj (17865)
      They don't need to, slashdotters'll shout it for them. And to mainly the right people too...
    • Re:Man... (Score:3, Insightful)

      ...think of the number of APs they'd sell based on this fact alone. They obviously should abide by the GPL, but they should also shout it from the hilltops that their AP is Linux based and therefore a hackers delight (and the FCC's nightmare).

      Who would you rather have coming after you legally:

      The FSF idealist hippies, with their still unproven (in court) GPL.

      Or..

      The FCC. An organization that is now VERY well regarded by the Bush administration and most big media companies thanks to the new media

      • Re:Man... (Score:5, Insightful)

        by Fluffy the Cat (29157) on Sunday June 08, 2003 @03:58PM (#6144889) Homepage
        That's fine. If it's impossible for Linksys to release the source, they just have to stop distributing the code (and suffer potential lawsuits about copyright infringement and the like from anyone who holds the copyright on various parts of the kernel). If the GPL doesn't apply, plain copyright law does.
  • Does it matter ? (Score:3, Interesting)

    by DumbMarketingGuy (171031) on Sunday June 08, 2003 @02:23PM (#6144316) Journal
    The GPL has no real valid legal meaning until it has been tested in a court of law. I think the fact that no GPL violation case has ever made it into a courtroom speaks volumes!
    • by blackcat++ (168398) on Sunday June 08, 2003 @02:29PM (#6144360)
      The GPL has no real valid legal meaning until it has been tested in a court of law. I think the fact that no GPL violation case has ever made it into a courtroom speaks volumes!

      Yes it does. It means that until now noone has had the guts to risk a legal confrontation to free themselves from the requirements the GPL imposes.

      And even if the GPL has no valid legal meaning, what remains? Standard copyright law. So without the GPL you don't even have the right to download the source, let alone modify and republish it!
  • Better drivers? (Score:4, Interesting)

    by CodeMaster (28069) on Sunday June 08, 2003 @02:24PM (#6144319)
    They have been using Linux for a long time on their routers/AP's.
    Anyone who have one must have noticed it.

    The one thing to say to their defence is that they are usually "driver friendly" with their PCMCIA WiFi cards.

    I just hope that now they will wake up, straighten up the mess, and start helping the community with supporting 802.11g in Linux for their NIC's.
  • by PirateDave -) (679653) on Sunday June 08, 2003 @02:26PM (#6144331)
    What's got the higer priority: getting companies to print the GPL in their manuals, or getting companies to release high qulaity *ware with linux (for free!)
    It could be argued that GPL compliancy will make it better, but as far as I can see it's still much better than what it could potentially have been.
  • In case gets /.ed (Score:5, Informative)

    by Anonymous Coward on Sunday June 08, 2003 @02:26PM (#6144336)
    Hi,

    Sorry for the very lengthly posting, but I want to be as precise as possible in describing this problem.

    Awhile ago, I mentioned that the Linksys WRT54G wireless access point used several GPL projects in its firmware, but did not seem to have any of the
    source available, or acknowledge the use of the GPLed software. Four weeks ago, I spoke with an employee at Linksys who confirmed that the system did use Linux, and also mentioned that he would work with his management to ensure that the source was released. Unfortunately, my e-mails to this
    individual over the past three weeks have gone unanswered. Of course, I also tried contacting Linksys through their common public e-mail accounts (, ) to no avail.

    However, it is hard for me to know if my contact in the company has just gone on a three week vacation (and not set an auto-responder), or has been asked to not answer anymore mail on this subject. Also, I should note that I don't own this product, so I can't determine if the source is shipped with it.

    However, I have gone through all the available information on the Linksys website, and can find no reference to the GPL, Linux (as it relates to this product), or the firmware source code. Also, the firmware binary (see below) is freely available from their website. There is no link from the download page to the source, or any mention of Linux or the GPL. Finally, it would be
    strange if the source was included in the physical package, as my contact at Linksys was initially unaware Linux was used in this product.

    The following steps can be used to determine the exact nature of the possible GPL violation.

    1. Go to the following URL:
    http://www.linksys.com/download/firmware.asp?fwid= 178

    2. Download the "firmware upgrade files":
    ftp://ftp.linksys.com/pub/network/WRT54G_ 1.02.1_US _code.bin
    (MD5SUM: b54475a81bc18462d3754f96c9c7cc0f)

    3. While it is downloading, confirm that there is nothing on the webpage to indicate that this binary contains GPLed software.

    4. Once the download is complete, copy the contents of the file from offset 0xC0020 onward into a new file.
    dd if=WRT54G_1.02.1_US_code.bin of=test.dump skip=24577c bs=32c

    5. Notice that this file is an image of a CramFS filesystem. Mount it.

    6. Explore the filesystem. You will notice that the system appears to be based on Linux 2.4.5. Incidentally, there is at least one other GPLed project in the firmware: the BusyBox userland component: (http://www.busybox.net/)

    7. The Linux kernel (I think) is mixed up with a bunch of other stuff in: bin/boot.bin

    You might want to know why I am interested in getting the code for the kernel used in this device.

    There's been some discussion here about Linux's lack of wireless support for a few of the newer 802.11b and (nearly?) all 802.11g chips. Incidentally, Linux has excellent support for at least one manufacturer's wireless family.
    The following Broadcom chips all appear to be supported under Linux -- if you happen to be running Linux on a MIPS processor in a Linksys router:

    Broadcom BCM4301 Wireless 802.11b Controller
    Broadcom BCM4307 Wireless 802.11b Controller
    Broadcom BCM4309 Wireless 802.11a Controller
    Broadcom BCM4309 Wireless 802.11b Controller
    Broadcom BCM4309 Wireless 802.11 Multiband Controller
    Broadcom BCM4310 Wireless 802.11b Controller
    Broadcom BCM4306 Wireless 802.11b/g Controller
    Broadcom BCM4306 Wireless 802.11a Controller
    Broadcom BCM4306 Wireless 802.11 Multiband Controller

    This list was produced by running strings on:
    lib/modules/2.4.5/kernel/drivers/net/wl/wl.o

    I am trying to determine exactly how tightly coupled these drivers are to the kernel.

    As an aside, I know that some wireless companies have been hesitant of releasing open source drivers because they are worried their radios might be pushed out of spec. However, if the drivers are alre
    • Cool. (Score:5, Insightful)

      by mindstrm (20013) on Sunday June 08, 2003 @03:00PM (#6144549)
      But his assumption about how kernel modules work is completely wrong.. though the INTENT might be something like he describes, it's not what Linus said.

      The Linux kernel license says you can code proprietary modules, as long as the interface is part of the stock kernel (in other words, GPL)

      So you can make a proprietary network driver, as long you don't haev to modify the main kernel to get it to work; you are under no obligation to release that source at all. If you have some way of hacking an entire realtime OS to look like a network drive to the kernel, that would comply.

      So, linksys should be redistributing the linux sources, however, if their custom work is confined to modules & userland code, they are under no obligation to release the source to those drives. And as linux already has a kernel interface for network & wireless network, there is no reason to expect them to release that code.
    • Re:In case gets /.ed (Score:5, Interesting)

      by MickLinux (579158) on Sunday June 08, 2003 @04:04PM (#6144919) Journal
      I see your point. However, if I had to guess, the silent treatment is while management tries to figure out what to do.

      I could imagine quite possibly that they've signed some NDAs that won't allow them to release all their source code. Then this GPL stuff means that they have to release all their source code -- or so it seems.

      So now they've got to figure out what to do, and while they're figuring, it's legally safer to say nothing to anyone.

      Probably their best way out is either get the NDAs released [unlikely], or find out the individual authors of their modules, and work out individual licensing agreements [difficult, but possible] that keep it outside the GPL. At that point, though, you won't have your information.

      That said, I have to think about SCO, and think that one shouldn't take a "All your codebase are belong to us" approach. My feeling is that trying to knock others out to get what you want, is kindof evil. And that goes in both directions.

      So I think persistance is key, here, but if they made a mistake, (1) don't gloat -- rather, be meek (2) still be persistent, and try to get FSF's help pursuing this (3) hopefully get the FSF to offer them help in finding for themselves a legally sound position.

      P.S. Good hacking job [and yes, that's hacking not cracking, though I hope that they don't just decide 'hit him with the DMCA -- he's too small to fight it.' Ugh. This DMCA gives all the power to big criminals, it seems to me, and takes power away from little law abiders.

      • Re:In case gets /.ed (Score:5, Interesting)

        by 73939133 (676561) on Sunday June 08, 2003 @05:44PM (#6145421)
        Probably their best way out is either get the NDAs released [unlikely], or find out the individual authors of their modules, and work out individual licensing agreements [difficult, but possible] that keep it outside the GPL.

        It's too late for that: whether they do or do not release the source code at this point, they have already lost their right to release the binary. And their GPL violation is not that they haven't put up the source code for FTP somewhere, the GPL violation is that they didn't identify the product as using GPL'ed code in the first place, accompanied by an offer to make the source code available.

        That said, I have to think about SCO, and think that one shouldn't take a "All your codebase are belong to us" approach. My feeling is that trying to knock others out to get what you want, is kindof evil. And that goes in both directions.

        If someone has violated SCO's copyright in the way they claim, they should be punished severely: copyright violations like those claimed by SCO threaten not only companies, they threaten the very existence of open source software. (However, I believe that SCO's claims are bogus, so I don't see much danger of that happening.)

        Likewise, if Linksys has violated the terms of the GPL, they should be punished severely. Linksys's behavior, shipping GPL'ed code without identifying it as such, is a fundamental violation of the GPL, and if the only consequence is that companies have their wrists slapped when found out (and it has taken years to find this out about Linksys), it undermines the whole idea of the GPL.
  • Requirements (Score:5, Informative)

    by TWX (665546) on Sunday June 08, 2003 @02:26PM (#6144338)
    If they're not rewriting the source code, using it in a form that they themselves obtained it in (pre-compiling), they might not have to provide source if they disclose their source location. Also, if they were smart enough to create independent kernel modules for the rest of the device, they wouldn't have to release those anyway.

    It would be nice if they included at least a copy of the GPL and a linux installation CD in the back of their manual though, since that would be a way of distributing the code, if not more than the code, and would probably make them in compliance.

    Hell, TurboLinux install CDs came with hardware that Linux couldn't even use, for a while...
    • Ah, you got an SMC EtherPower card too, huh?
    • Re:Requirements (Score:3, Informative)

      by David Jao (2759) *
      If they're not rewriting the source code, using it in a form that they themselves obtained it in (pre-compiling), they might not have to provide source if they disclose their source location.

      False.

      You're probably thinking of section 2c of the GPL, which says:

      c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form

  • by OctaneZ (73357) <ben-slashdot2@@@uma...litech...org> on Sunday June 08, 2003 @02:27PM (#6144345) Journal
    A couple follow ups on the kernel mailing list:

    A very interesting bit from the busybox maintainer, who has evidently already sent linksys two letters [lkml.org]

    A post outlinging the possibility that Belkin is also shipping GPL'd code [lkml.org]

    A few other people are throwing their two cents in, but those were the most interesting, code be an interesting test of corporate policey, and the ability of the GPL to withstand a court battle.
  • by kien (571074) <kien.member@fsf@org> on Sunday June 08, 2003 @02:27PM (#6144347) Journal
    I sent an email asking Linksys why IE was required to use their web-based admin tool for my BEFSR41.

    Here's their reply:
    Again, thank you for contacting Linksys Customer Support. Unfortunately, we do not have an advice yet when will Linksys support other operating systems. Rest assure that your message will reach the right department. If you have further questions, please contact us at (800) 326-7114 or send us an email at support@linksys.com so that we may further assist you. Please use this phone number given as reference for future support calls. Thank you and have a nice day.


    --K.
    • IE is required? I have no problem administering my BEFSR41 with Mozilla.
      • IE is required? I have no problem administering my BEFSR41 with Mozilla.

        That's interesting, slugo3. I'm curious about the firmware version of your BEFSR41 and whether you're using Mozilla from a Windows platform or a GNU/Linux distro?

        --K.
    • but setting konqueror or mozilla to send MSIE identification HTTP directives did the trick.

      Is it actually required, or do they just say it is? Have you tried a different browser?
      • but setting konqueror or mozilla to send MSIE identification HTTP directives did the trick.

        That's a great experiment that I have not yet tried and I will give it a shot if for no other reason than to identify the underlying problem that open standards are being usurped. Thanks for the pointer, SHEEN.

        --K.
      • Hotmail works just fine for me under Safari without changing the user agent (or anything else).
    • Required?? (Score:3, Informative)

      by FreeLinux (555387)
      Just yesterday, I updated the firmware and reconfigured one of these with Konqueror running from a Knoppix CD. The only issue that I had was that Wine was not able to run their firmware update tool, which is just a GUI tftp.exe and the firware.bin. With Knoppix, I just did a tftp put firmware.bin and all was well.
    • Workflow Sludge (Score:3, Insightful)

      by fm6 (162816)
      Ever work in a tech support org? They have to deal with thousands of emails a day, most of them lame RTFM questions. So they tend to send out a lot of boilerplate, which is what this obviously is.

      From what I know about Linksys products, there's no reason they shouldn't work fine with any web browser that supports Java and the usual W3C security protocols. (And in fact, there seems to be a fairly active Linksys/Mac user community.) But if they say, "We only support Windows and IE" they drastically narrow t

  • by pla (258480) on Sunday June 08, 2003 @02:28PM (#6144352) Journal
    Why does everyone always assume that any embedded device running Linux must have, in some way, violated the GPL?

    I worked eight years as a firmware engineer. In the last three, I dealt almost exclusively with Linux.

    And I can assure you that we didn't need to change any GPL'd code to get what we wanted. Even on fairly custom hardware, we could find preexisting GPL'd code to do 99% of what we needed (and wrote user-space drivers where possible, and modules where not). No need to release anything if you don't change anything, to comply with the GPL.

    Whether ethical or not, plenty of legal ways of circumventing the intent of the GPL exist. And, like it or not, eliminating those loopholes (which would basically require forcing any program that runs under linux to use the GPL) would kill Linux in the business world.
    • by runderwo (609077) <runderwo.mail@win@org> on Sunday June 08, 2003 @02:50PM (#6144474)
      No need to release anything if you don't change anything, to comply with the GPL.
      Erm, take a look at Section 3 of the GPL [gnu.org] -- it quite clearly states that if the program is redistributed in binary form, it must be accompanied by the source code or a written offer for the source code.

      You may be thinking of the LGPL [gnu.org] instead, which relaxes redistribution requirements.

      • At best, if nothing has been changed, they would mearly need to provide access to the linux kernel and stock utilities.

        If they write code that is independant of the kernel, it is then theirs to license as they see fit. For example, while linux game ports might be based on the kernel, there is no obligation to release the source code to those games.

        There is only a violation if they modified existing GPL code. It doesn't sound like they'd be stupid enough to do that.
    • I call bullshit.

      Even if they made no changes, they still have to provide a copy of the GPL itself, and tell the user where they can obtain the source.

      As for "legal ways of circumventing the GPL", I've seen plenty of people spout this line, but never seen any of them produce an actual legal loophole in the GPL. I'd bet that you're no different.
    • Agreed. (Score:5, Informative)

      by mindstrm (20013) on Sunday June 08, 2003 @02:54PM (#6144507)
      However, the GPL still requires that they provide source, even if they have not modified it. If you redistribute, you must provide source, or at least a written offer for the source.

      You can (section c) simply pass along the written offer YOU received, if you are simply redistributing, and not modifying, but only if it's NON-COMMERCIAL, and only if you yourself received the written offer. IF they are using stock linux kernels, there is no written offer, so .. they are obligated to provide a copy of the source (sans their changes, if they are not within the scope of the gpl)

      3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following:

      * a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or,

      * b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or,

      * c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.)
    • While I agree with you, Some minor nitpicking:
      Section 9 of the GPL states
      "Each version is given a distinguishing version number. If the Program
      specifies a version number of this License which applies to it and "any
      later version", you have the option of following the terms and conditions
      either of that version or of any later version published by the Free
      Software Foundation. If the Program does not specify a version number of
      this License, you may choose any version ever published by the Free Software
      Foundat
  • by FattMattP (86246) on Sunday June 08, 2003 @02:31PM (#6144373) Homepage
    The source might be available but only mentioned in the documentation. He states in his message that he doesn't own one of these units so he doesn't have access to all the information that an owner of the unit would. The GPL doesn't require that the source be distributed with the binaries only that it be available. That doesn't mean downloadable. It's possible that people who have purchased the unit have instructions contained within on how to download or order a CD with the source code.
    • Doesn't matter. The firmware is downloadable regardless of whether you own the product or not - and the firmware includes a CRAMFS filesystem containing the kernel and busybox, so it's binary distribution of GPLed code. The offer of source has to be available to anyone who could obtain it from them. Read section 3 of the GPL.
  • by harlows_monkeys (106428) on Sunday June 08, 2003 @02:37PM (#6144417) Homepage
    It looks like what people want is the driver source, so that certain wireless chips can be supported under Linux.

    If Linksys did things right, however, those drivers will be compiled as modules, which they don't have to release source for (well...unless they started from GPL'ed driver source, of course).

    Aside from the drivers, everything else interesting should be implemented as applications, which can be closed source on Linux.

    So, don't get too excited: becoming fully GPL-compliant might consist of them simply putting up source for a stock kernel, and putting something about the GPL in their documentation.

  • by Anonymous Coward
    If they didn't make changes to GPL'd programs, and if they acknowledge that they use linux and specify what version etc, they don't have to release the code. Technically you could ask them to send you a copy of 2.4-20.tgz, and they could charge you reasonable costs for doing so.

    This assumes they didn't alter GPL code.
  • by mindstrm (20013) on Sunday June 08, 2003 @02:43PM (#6144441)
    Two points. I always have two points.

    First, as someone else already said, just becuase it uses a linux kernel doesn't mean they modified anything, it could be a stock kernel. If they wrote userspace drivers and/or kernel modules using existing interfaces for their custom hardware, they are not obligated to release anything.

    Secondly, if they weren't abiding by terms they had to according to the GPL, it would be COPYRIGHT violation, not license violation, as if you don't comply with the license, copyright law says they can't redistribute it. I know it seems like a silly point, but it's not.

    People talk about the GPL being "tested in court" and whatnot.. but the fact is: If you don't accept the GPL as valid, then copyright law still stands, and says you can't redistribute, or make derivitive works. A judge can rule the GPL as invalid, but that would mean that nobody had any rights to redistribute anything.

    It's not a license you had to accept and agree to in order to use the product.. so you can't "violate" it.

    Linus, or any other kernel developer could go to linksys, and say "I have not granted you permission to use my copyrighted work, please demonstrate why you think you are allowed to do this". They can then either cite how the GPL allows them to do what they do, or concede that they have no right to distribute.

    So as unclear as I can be.. it's not a GPL violation... and people are not forced to release code because of a nonexistant GPL violation... although that might be an acceptable remedy to all parties in most cases. They could also be forced to simply stop doing it.

    • First, as someone else already said, just becuase it uses a linux kernel doesn't mean they modified anything, it could be a stock kernel. If they wrote userspace drivers and/or kernel modules using existing interfaces for their custom hardware, they are not obligated to release anything.

      Even if they use a stock kernel. they still have to suply the source of the stock kernel if they distribute a binary. read the GPL.

    • I looked at several of your past posts, and noticed that none of them have two points. Some have more, some have fewer.
  • Just be happy that people are using Linux. IMO this kind of public outcry over this -- especially with the comment that you could take advantage of the source to use for your own purposes, with no reimbursement for their development costs -- drives people to the open willing arms of the BSD folks (which includes myself). This kind of inflexibility in working with commercial entities while OSS is still in the infancy of corporate adoption just turns them away.
  • Ok, I don't know if they have to release source for anything (they can point to other spots saying it's all unmodified).

    If they have properitary drivers for their cards, good for them but they don't need to release the source.

    On the other hand, it would be nice if they gave you the ability to insert your own ramdisk into the firmware upgrade (run your own code on the router).

    Can you imagine the number of cool things you could do with such functionality.
    • According to the post on lkml, you can extract a cramfs image from the firmware update. Simply extract the filesystem, mount it, copy your binaries onto the filesystem and edit the configuration files. Unmount, dd the image back into the firmware update. Flash firmware.
      • Isn't that simple. Cramfs's are by their nature, write-only. This because of it is compressed as one single image.

        You'd really need to extract the cramfs (you can actually just specify an offset when mount and mount the rom image directly), copy all the files off to a directory, modify, then use mkcramfs to generate and image, and stick that image back into the rom image.

        I highly doubt though that the rom doesn't at least have a checksum somewhere in it. ROM's are a dangerous thing not to checksum.

        Wha
  • umm (Score:2, Redundant)

    by dtfinch (661405)
    Unless they modified GPL'd source code, I don't see why they would have to redistribute the source or restate the GPL.

    If I put Linux on one computer and wrote software that ran on top of it, without modifying any of the GPL'd source, I would have no such obligation. And I could sell that computer to someone, with Linux installed, along with my own software, and still not be obligated to release any source. Why should it be different if, say, I put it on a million smaller computers and sold them?
    • Re:umm (Score:3, Informative)

      by Fluffy the Cat (29157)
      And I could sell that computer to someone, with Linux installed, along with my own software, and still not be obligated to release any source.

      No, you wouldn't. The GPL would require you to provide either the source code to GPLed code on your computer, or an offer of the source code. You could quibble over section 3c and whether it's commercial distribution if you're selling the computer rather than the software on it, and in that case you could get away with just passing on the offer that you received wit
  • by Saint Aardvark (159009) * on Sunday June 08, 2003 @03:23PM (#6144673) Homepage Journal
    which is also GPL'd [zebra.org]. If you do strings /mnt/usr/sbin/zebra, you see:

    Usage : %s [OPTION...]
    Daemon which manages kernel routing table management and redistribution between
    different routing protocols.
    -b, --batch Runs in batch mode
    -d, --daemon Runs in daemon mode
    -f, --config_file Set configuration file name
    -k, --keep_kernel Don't delete old routes which installed by zebra.
    -l, --log_mode Set verbose log mode flag
    -P, --vty_port Set vty's port number
    -r, --retain When program terminates, retain added route by zebra.
    -v, --version Print program version
    -h, --help Display this help and exit
    Report bugs to %s
    bug-zebra@gnu.org

    ObGPLQuote:

    3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following:

    * a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or,

    * b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or,

    * c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.)

  • by Trailer Trash (60756) on Sunday June 08, 2003 @03:25PM (#6144681) Homepage
    Not only are they in violation of the GPL, they are literally costing SCO BILLIONS OF DOLLARS by violating SCO's copyrights, patents, or some contract with IBM by releasing a Linux based product! Quick, someone alert McBride!
  • by Anonymous Coward on Sunday June 08, 2003 @03:27PM (#6144699)
    Just been hacking around a Belkin 54k WAP/Router box I bought a few weeks back. NMap identifies it as Linux 2.4.0-2.4.5.

    The Belkin Networking downloads page gives an updated firmware for this. Sure enough, at offset 790393 there's a CRAM Filesystem. Mounting that shows a stock 2.4.5 kernel with three custom modules (one for the wireless card, one for the ethernet card, one for the front panel LEDs). These three modules aside it looks like non-modified GPL stuff.

    However, reading any of the binary files shows the string : "GCC: (GNU) 3.0 20010422 (prerelease) with bcm4710a0 modifications" - Modifications you say? Oh dear, I don't remember seeing a Broadcom patch submitted to GCC ...
  • Just checked out my router's firmware. This particular model (their most popular) is not running Linux.

    Although I looked online and it seems you can pick up a WRT54G for ~$115. That's less than I paid for the AP less than a year ago (of course, I bought that retail).
  • What penalties are available for those who use GPLed code but don't conform to the "release and show" that one should do? I mean, it's not like Linus could call Linksys up and revoke their license... Could this be the big flaw in GPL?
  • by RunzWithScissors (567704) on Sunday June 08, 2003 @04:28PM (#6145035)
    Unfortunatly there are many, many misconceptions when it comes to the GPL. One of the previous comments stated that Tivo used Linux but had not released their source code. The reason is that they don't have to! I would be surprised if Linksys would be required to release their source code under the GPL.

    The misconception that I see the most is that because a product runs on top of Linux, or uses the Linux kernel then the product is also GPL'd, not so. If the product has changed the sourcecode for Linux, those changes are covered under the GPL. This is why companies like Tivo are not required to release their source. The Tivo software was written without using any existing GPL'd code as it's base, therefore it can be covered under any licensing agreement the author sees fit.

    As for Linksys, I'm willing to wager that they implemented all of their code as kernel modules. So if ask for the source code under the name of the GPL, all they are obligated to give you is the source code for the Linux kernel, sin any kernel modules they've written themselves. Kernel modules can be licensed any way the author sees fit.

    -Runz
  • by andersen (10283) on Sunday June 08, 2003 @04:36PM (#6145076) Homepage
    <BusyBox maintainer hat on>

    This is what I did to verify that the Linksys firmware was violating the GPL....

    #!/bin/sh
    wget ftp://ftp.linksys.com/pub/network/WRT54G_1.02.1_US _code.bin
    # I noticed a GZIP signature for a file name "piggy" at offset
    # 60 bytes from the start, suggesting we have a compressed Linux
    # kernel
    dd if=WRT54G_1.02.1_US_code.bin bs=60 skip=1 | zcat > kernel

    # Noticed there was a cramfs magic signature at offset 786464
    dd if=WRT54G_1.02.1_US_code.bin of=cramfs.image bs=786464 skip=1
    file cramfs.image

    sudo mount -o loop,ro -t cramfs ./cramfs.image /mnt
    ls -la /mnt/bin
    file /mnt/bin/busybox
    strings /mnt/bin/busybox | grep BusyBox
    /usr/i386-linux-uclibc/bin/i386-uclibc-ld d /mnt/bin/busybox

  • by deego (587575) on Sunday June 08, 2003 @05:25PM (#6145349)
    Even if Linksys complies after some cajoling, this demonstrates the practical "loophole" we have been witnessing for the past 2 years:

    companies use GPL'ed stuff, and if they get caught, they (often) comply. For each violation that gets caught, there might be several that get away.

    In other words, there's no punishment for them when they get caught, except to finally fess up and do what they were required to do in the first place. So, it makes sense for those who think this way, to try to get away with it for as many things as they can. Very sad.
  • by LiteForce (102751) on Sunday June 08, 2003 @05:35PM (#6145394) Homepage
    American Megatrends use uClinux [uclinux.org] (also GPL licensed) as a core part of their firmware for the AMI MegaRAC G2 Remote Processor (http://www.ami.com/megarac/ [ami.com]).

    I only discovered this by running 'strings' on the firmware and found references to uClinux and a variety of other GPL stuff.

    There is NO mention of the GPL in the product manual or on the packaging which contains the CD with a backup copy of the firmware.

    I asked for copies of any GPL sources (and associated changes) which the MegaRAC G2 used - to their credit, I received a very nice diff which only covered changes to files which already exist in the uClinux distribution.

    Unfortunately, those changes include the addition of header files which the modified kernel relies on - header files which I wasn't given and further requests for them have been ignored. So, even with the 'source' which I was given, I can't use it to produce an identical binary as to that contained in the firmware image which was supplied to me.

    For those readers who are interested in purchasing one or more MegaRAC G2s, I suggest you ask your AMI dealer why it took them over eight weeks to patch a vulnerability [ami.com] which allowed *any* remote user to gain full access to the system console and also why the product is prone to frequent hangs which are not recoverable unless you unplug all power from the server and card until the onboard battery drains.

    The vulnerability is so simple to exploit - start up the GTK+ remote console utility that came on the CD and point it to the IP address of any MegaRAC G2 card.... that's it. No prompt for a username or password. Nothing. Instant console access.

    ... then again, I suppose it just goes to show the quality of the code which their engineers are kicking out to the end-users :-(

  • by UncleSocks (243734) on Sunday June 08, 2003 @07:14PM (#6145881) Homepage
    Hi,

    A few months ago I was poking around their "network file server in a box" - I forget the model number, but it is shoebox sized and purple.

    I can say for a fact that they used Linux and a number of other GPL bits in this box. I almost sounded the alarm, but I was way too busy with other things.

    What I found:
    1) Open case
    2) Remove small compact flash card that contains the software for this product
    3) Install compact flash card into my notebook
    4) Use cfdisk, notice that there are three ext2 filesystems
    5) Mount ext2 filesystem
    6) See that they are using a 2.4.x kernel
    7) See that they are using GPL print spooling software (I forget which)
    8) Try to find _any_ notice about the GPL in the docs or via the debug serial port _NO NOTICE_.
    9) Visit linksys website to find GPL required sources, not there.

    If anyone wants more details please message me off list.

Our business in life is not to succeed but to continue to fail in high spirits. -- Robert Louis Stevenson

Working...