Checking For GPL Compliance, When the Code Is Embedded 75
Excerpting from ComputerWorld UK, ChiefMonkeyGrinder writes with word of what sounds like a very cool tool: "Open source software is everywhere these days. In particular, Linux is being used increasingly to power embedded systems of all kinds. That's good, but it's also a challenge, because the free software used in such products may not always be compliant with all the licences it is released under, notably the GNU GPL. For companies that sell such embedded systems using open source, it can be hard even finding out what exactly is inside, let alone whether it is compliant. Enter the new Binary Analysis Tool."
Re: (Score:2)
I left the country.
I do not see how that would work ... (Score:2, Redundant)
There are so many types of microprocessors on the market it's almost impossible to de-assembly everything.
But I might be wrong.
Re: (Score:2)
Re: (Score:1)
I'd say it's well above 55%. There is a multiplier effect that clouds the understanding of many people, who have almost zero understanding of what variant of x86 processor their box contains. Every PeeCee out there has at least a handful of small 4 and 8 bit embedded controllers in it or connected to it. So by the nature of the way PCs are designed, the motherboard, all the plug in cards and storage devices, peripherals, keyboard and mouse have small processors in them. By this very nature, there is a o
Re: (Score:2, Informative)
haha..... you didn't, right?
There are bears out there!
So.. (Score:5, Funny)
Confused (Score:1)
I thought Slashdot was opposed to copyright law? The GPL is a copyright license, so why would we care about compliance with a copyright?
Re: (Score:1)
The Slashdot groupthink is opposed to over-the-top copyright law and secretly-drafted legislation, not against reasonable (read: 14 years) copyright terms.
For someone with such a low UID you should know this.
Re: (Score:1)
Speaking as someone who has used the Linux kernel a long time, and who has several of the 1992 and 93 releases on published CD-ROM media, that is very interesting. Big chunks of the Free Software out there are up for grabs in a 14-year copyright world.
Almost all of GNU Emacs falls into that category, and the 1996 Linux kernel is looking pretty useful for embedding purposes.
Re: (Score:2)
The problem is, there is very few 14-year old software that still is relevant today unchanged. Embedded a 14-year old Linux kernel may w
Re: (Score:3, Funny)
GNU is Not Unix General Public License
I fail to see the redundancy here.
Re: (Score:2)
Do you really not understand the difference between downloading something for personal enjoyment and commercial distribution?
Also, I really would like some proof that the downloading crowd and the GPL enforcement crowd are made up of the same people.
Re: (Score:2)
Re: (Score:2)
There are multitudes of people ignoring copyright on commercial music. There are multitudes of people ignoring copyright on Microsoft Windows and Microsoft Office. It's an epic failure to say that the people using Linux and OpenOffice must be the ones illegally copying music. The MS pilferers are already breaking copyright law. Therefore, I'd suspect that most people breaking copyright law for music are the ones also doing so for their OS.
Re: (Score:2)
It's an epic failure to say that the people using Linux and OpenOffice must be the ones illegally copying music.
Thats not what I said at all. I was talking about people who dowload illegally would be the first to defend defend GPL. Are you saying that the only people who support GPL are Linux/OpenOffice users? Pretty small group if that's true.
Re: (Score:2)
Looks like you are case in point. Prove its wrong.
Re:Why? (Score:5, Insightful)
I agree. Many people view open source software as a better alternative to pirated software. Also worth noting: pirating commercial software lets the business keep mindshare. Adobe doesn't pursue students who pirate Photoshop because they would rather hook kids on photoshop so they'll buy it later than see them get adapt to a cheaper (or open source) alternative and never become a customer. The same is true for Windows: Microsoft would rather see people pirate Windows than switch to Linux; at least that way they keep the mindshare.
In general, I think piracy is as much an enemy of open source software as it is commercial software. There could be people who oppose software piracy but support movie and music piracy, but I think very often people take the same stance on piracy across the board.
that's a poor rationalization for piracy (Score:1)
Re: (Score:2)
Way to go .. (Score:2, Informative)
Technical requirements
* A Fedora GNU/Linux installation
* python (2.6 or higher preferred, but not 3)
* python-magic
* GNU binutils (for readelf and strings)
* e2tools http://freshmeat.net/projects/e2tools/ [freshmeat.net] (optional)
* squashfs tools (4.0 highly recommended)
* module-init-tools (for modinfo)
Re: (Score:2)
Ok, so the software has some dependencies. Isn't the Linux package management system designed to take care of all that with one command?
Re: (Score:2)
Unfortunately I don't think you can "apt-get install fedora".
But you can "apt-get install gentoo [debian.org]", though it won't do what you probably think it does.
Re: (Score:2)
Not all package managers handle dependencies as well as others. An app like this should include a script to check for them and provide some useful, non-cryptic error messages if necessary.
But it's sad that a specific Linux distro is a dependency. That means that the developers took some shortcuts and didn't write distro-agnostic scripts. Lazy.
Re: (Score:2)
Nonsense, this is a very standard, and non-exotic list of dependencies (aside from the apparent Fedora dependency, I agree that is lazy). Packagers for different distros need only package this software for their distro as they package any other piece of software, and the user will never have to care what dependencies it r
Re: (Score:2)
Followup:
From the README file:
It seems the Fedora dependency is listed somewhat in error, probably the result of someone being a tad too conservative.
Re: (Score:2)
Yeah, but if you're using Debian or Ubuntu, I'm pretty sure APT won't be able to install Fedora!
give me a break (Score:2)
If you think that is bad, you should take a look at all the dependencies Firefox has....
Hell, if you already have a standard GNU/Linux installation, then half that list is already installed!
False positives...? (Score:2, Interesting)
Are we to believe then that, unlike every single piece of virus-scanning software ever, this binary scanning utility will never encounter a false positive? What happens when it shows some product as containing OSS, but it doesn't?
And with that in mind, even if you *do* identify a product as containing OSS, how do you prove it without access to the source code? The company could simply claim it was a false positive (regardless of whether or not that happened to be true), and you would be left with the burd
Re: (Score:3, Insightful)
Re: (Score:1)
Which just brings us right back to my second point - how do you *prove* it without access to the source?
Re: (Score:2)
Re: (Score:2)
something called a court order (Score:2)
see the trick is if you find GNUSort traces in Evil Incs file mangler then as the owner of GNUSort you can file a lawsuit and then get them to prove that the source is "clean".
Re: (Score:1)
Isn't the burden of proof on the party filing the law suit? Otherwise, I can see where a pretty adventurous circus could ensue, resulting in the deepest pockets almost always winning.
Re: (Score:2)
That's what "discovery" is for. In a case like this, if the defendant refuses to prove to the plaintiff that there's no violation (by showing the source code), to the plaintiff's satisfaction, then the plaintiff files a lawsuit, and part of the Discovery process is that the defendant MUST provide the source code to the plaintiff for examination. If the source code shows a violation, then the defendant can either get skewered in court, or settle out-of-court. If it shows no violation, then the plaintiff c
Re: (Score:3, Interesting)
``What happens when it shows some product as containing OSS, but it doesn't?''
That's a good question, and that's why we have things like "innocent until proven guilty" and rights for criminal suspects and people who have been put under arrest.
In other words, as long as we all stay civilized, false positives needn't be a big problem. You inform the company that you believe their product may contain software whose license puts certain requirements on the company that it doesn't seem to be fulfilling, and then
Re: (Score:2)
If you are not convinced, I suppose you can always bring the case to court and force disclosure and investigation. But experience up to now seems to indicate that companies who are violating the terms of the GPL usually change their ways before things get that far.
So, with no evidence other than some abstract mathematical metric, you're going to make me invest tens of thousands of dollars to prove to you that I haven't violated the GPL in some way? Sounds an awful lot like "guilty until you can prove your
Re: (Score:1)
Re:Isn't this like DRM for Open Source... (Score:5, Informative)
Its not hypocrisy at all but a cleaver response. The GPL was originally created because RMS felt that the way software was being produced, sold, and controlled with licensing, patents, and copyright was not good for people, the economy, and especially the general principle of freedom.
He and others first lobbied to try and get the rules changed, many continue that effort. In the mean time he did the next best thing. He co-opted the rules and created a license that preserves things he felt were important that others were using the same rules to take away. He then put in lots of effort to ensure there would be a concentration of value protected by that license such that others would want to access it. The four freedoms would for the most part exist in the natural state; that is a world free of patents, and copyright. You might not always have the source to something you bought but it would be a pretty tough world to sell software in competitively without offering the code.
So what the GPL is really designed to do is say, look we don't think the system should work this way and that there should be these rules but ok if you get to use them than so can we. If you don't like it than you have to adopt our position that the copyright and patent system at least where software is concerned is broken and throw out your rules.
were using the same rules to take away. Most of the freedoms would probably exist
Re: (Score:2)
I love how people like to make up the history of Stallman and the GPL.
Re: (Score:1)
It's a form of Raymondism. Which isn't yet a registered religion, but easily could be.
Such fine historical revisionism! (Score:1)
He then created a psudeo-religion by declaring 'freedoms' instead of simply writing an open source that required derivative works to also be open.
It may seem deceptive to wrap your desires in 'freedoms' but your post is proof that it works....really well.
It is only like DRM if you don't know what DRM is. (Score:3, Interesting)
This tool is to be used voluntarily by people wishing to preform an audit of software packages they have acquired. DRM is shipped with software that you receive, and is non-voluntarily run on the consumers computer, to check for compliance.
This would be like DRM if we were writing code into open source projects that would phone home if the company tried to violate the GPL. This is not what is happening at all. (nor would it even be feasibly possible, since open source DRM is a laughable concept)
This is n
Re: (Score:2)
Curious why you would be curious...
Re: (Score:3, Insightful)
Re: (Score:2)
So it is Evil for a company to say illegal coping and sharing of our software that we put a lot of time, money and development into is given away for free while we still have all these expenses to pay for, and we should try to find a way to make sure we curve this behavior so we can get the money we earned.
But it Haled when a tool is made to make sure Software companies are making software that uses Open Source Software and they are not following the rules of the license.
1. Your comparison of the "Binary Analysis Tool" and DRM is shaky at best
The "Binary Analysis Tool" is an auditing tool, not a license enforcement mechanism like the DRM in Assassin's Creed 2.
2. Most individual copyright infringement is for non-commercial purposes.
Most companies that are engaging in copyright infringement are doing so for commercial purposes.
Do you see the difference?
The law treats commercial and non-commercial infringement very differently.
DRM vs GPL (Score:1)
As I see it, a comparison of DRM and the GPL that basically equates the two, is pretty flawed.
The purpose of DRM is more or less, to restrict and control what users of software can do with that software.
Users of GPL software, on the other hand, are guaranteed certain rights by the GPL, such as the right to have access to the source code of the software they receive.
The tool mentioned in the article will help users to ensure that their rights under the GPL are being protected.
If a company distributes GPLed s
Why bother (Score:1, Flamebait)
When we are going to abolish copyright? This is hypocrisy! This is using the same evil tactics that ??AA uses!
And then what? (Score:2)
Discovered that Cisco is using GPL software and not complying with neither disclosing it nor making it available. Good an clear documentation as well.
I was not able to find anyone interested at all.