What is the Best Way to Handle a GPL Violation? 511
DeadSea queries: "When you find that somebody is violating the GPL by distributing your code or a derivative of your code as a closed source product, how do you go about handling it? I have found two violations of the GPL for my Java Utilities, in the last month. The Free Software Foundation says that the copyright holder is the only person empowered to act. If you are the copyright holder, how do you communicate with the offenders? I know folks here must have dealt with this before: Linksys, SCO, Castle Technology, United Linux, and others. Personally, I would like to believe that with a little nudging (and without lawyers), I can resolve the things. As such, I would especially appreciate any example letters or other documents that might be effective."
Re:If you gave the code away for Free (Score:5, Interesting)
Well, duh. If I gave something away for free and then someone uses it to make a profit and doesn't even bother to help you out in the way you've helped them, I'd be pretty pissed off too.
Don't get me wrong, the BSD license has it's place, but if the main point is to keep the code free, what would you choose something that lets anyone take the code and make it non-free?
Not everybody misunderstands the thrust of the GPL. When I release code under the GPL, I do so for a very specific reason: I want to keep that code free. If I were to release something under the BSD license, it would likely only be because I don't much give a damn about that code anymore.
Re:If you gave the code away for Free (Score:4, Interesting)
How can Java be closed source? (Score:2, Interesting)
1. Java can be trivially decompiled, so I don't see how this can be regarded as "closed source" with a straight face.
2. Your library does not look like rocket science to me.
That does not lower the formal legal bar, but come on, how many ways are there to do Base64 encoding and circular buffers? I don't know what exactly you think someone took from you, but this looks to me like one of the junk patent cases where someone gets a patent on something blindingly obvious, like using names in urls, and the tries to sue others.
If some non-trivial code of yours was stolen, then, by all means, sue the bastards. First, I would talk to them, then I would talk to my lawyer, and then I would tell my lawyer to sue them. If you don't want to do that, you can sign over your copyright to the Free Software Foundation, and they will do the enforcement for you. But please, don't make the whole free software movement look like SCO by trying to enforce rights on trivial pieces of source code.
Your library offers a Swing dialog box for entering passwords, for crying out loud! That's like "my first programming project", it's the hello world of Swing programming. My opinion: come back when they took something worthwhile from you. This way you only make yourself look bad and give SCO and Microsoft ammunition on why free software people are communists and morally corrupt people.
Trash 'em in public (Score:3, Interesting)
It would be nice if there where some endowed fund managed by, say, the FSF, that developers could turn to, but I don't see that happening. So, in my mind, public whipping is the only realistic alternative.
How did you find this out? (Score:5, Interesting)
Re:Trash 'em in public (Score:3, Interesting)
But if your goal is to promote Free Software, that's the way to do it.
I've got 4 current "investigations" open (Score:5, Interesting)
I've sent emails, asking for the reasons why snippets of our source end up mysteriously in their commercial applications. In one case, a company (in Germany) came back stating that they happen to have the 5 same exact function names in their application, and byte-for-byte identical perror() strings to our application, but they insist they're not using any of our code, but claim that they did use it "for documentation purposes" when writing their application. That one is still open and pending, and we'll be doing protocol sniffs to see if theirs match ours. We have certain "fingerprints" in our protocol, which can only be done by using the source directly.
Another company I just found several days after the one above, seems to be using our code in a commercial BeOS project. They responded to my email, claiming that our code was used "as is" in their project, and then goes on to say "the use was re-configured to allow for easier additions". I don't see how they can claim both, in the same project. Either the code was used as-is (impossible, our code doesn't build on BeOS), or they modified it (and they must give us back the changes to those sources).
Another company directly took our code, removed all of our names from the project, replaced them with their own, slapped their own (non-GPL) license on it, and sold it to "partners" for quite a hefty fee. When we confronted them asking for an explanation, they basically told us to piss off. When we escalated, the CEO came back with, and I quote "If we end up in court, I will bankrupt these guys".
We also contacted this company's "partners", and asked them for the source to the changes they were also distributing. Every time we would contact these companies, the original company would threaten to sue us if we contacted their partners.
The FSF is involved in all of the cases. The investigations are still open, and pending.
Companies seem to think that because they have money, and most Free Software developers do not, that they can just slap us around left and right. The other point companies seem to try to "leverage" when they are clearly violating the GPL, is that the common myth that the "GPL Has Never Been Tested In Court(tm)", and since it has no basis, they can take whatever they want, and not give back. They seem to forget that the U.S. Copyright system backs up all of this code.
So what do we do? There are dozens upon dozens of cases where the GPL is clearly being violated; the MPlayer [mplayerhq.hu] violation from KISS Technologies, the BusyBox [busybox.net] Hall of Shame, and many more.
GPL violation = FSF+Moglen (Score:3, Interesting)
2. Sic Moglen on them
The only reason to refrain from doing this is if you wish to retain some proprietary interest in the code, for the purpose of perhaps producing a closed-source version of it. If that is your intent, I really don't give a flying fig what you do. If, however, you are pure of heart, you have absolutely nothing to lose by assigning the copyright to the FSF. You'll always be able to use, modify, and distribute the code, just as you can now. The only right you (might) lose would be the right to later create a proprietary version.
Re:I hate to say it... (Score:5, Interesting)
There is something inherently wrong in that - there must be a better way to protect works that have been created for the benefit of others out there than having to pay to protect whats rightfully yours and whats given out in goodwill.
If not, we're just a really fucked up society.
Re:If you gave the code away for Free (Score:2, Interesting)
Argh, I hear this newspeak usage of `free' over and over and it never makes sense.
`make it non-free' makes it sound like somehow you lost some freedom. But none of your freedoms has changed: there is nothing that you could do before that you can't do know
You don't have access to the other persons changes, but you never had that access to begin with.
The only sense that free applies is if you somehow imagined that code has a consciousness and the person who modified your code has caged that code up so it no longer can roam freely. This is a such a warped use of the word `free'.
This of course isn't your fault, it is the FSF. I just wish they would drop the doublespeak and state it plainly:
GPL code is not `free' by any normal definition of free (beer or freedom). It is simply code that is for sale, but not for money: the price of use is sharing changes you make to it.
In fact they use many of the same techniques that ruthless companies use. The official FSF policy on LGPL is really interesting: if there is significant competition in an area, they recommend first lowering the price of the code by issuing it under LGPL so companies don't have to give up any writes to use. Once competition is driven out, the license can be changed to GPL and they can reap the benefits.
Re:How can Java be closed source? (Score:3, Interesting)
Would you call the police and report the theft of your potted plant? And if you did, would they care?
Re:Tips (Score:2, Interesting)
At first I thought you were serious, but then realized you were someone who's both never had a company, and never been involved in a civil case before. Because that's almost exactly what can happen. Either that, or you spend so much money defending your position that you go bankrupt. If you think it's never happened, or doesn't happen often.. get a clue.. and learn to use google.
Re:I would suggest... (Score:3, Interesting)
Not only the DMCA. You can send anyone any cease-and-desist about anything. They're just free to ignore it if they like. It has little legal value, a bit like "do this or I'll sue".
Re:How do you DETECT a GPL violation? (Score:2, Interesting)
Re:How can Java be closed source? (Score:3, Interesting)
The only reason I can think of off hand is to bait clueless developers into shipping it with a commercial product so you can come along and hassle them about it later. In my experience, working programmers outside the Slashdot-reloading set tend to have trouble grasping the subtle distinctions among the BSD/GPL/LGPL licenses, so this activity doesn't seem very sporting.
Stop investigating, start suing. (Score:5, Interesting)
No, companies rightfully think that because the GPL has yet to be tested in court, there's no case history, and they'll be able to drag it out in the courts forever...that they can walk all over you.
The only answer is to dot your i's, cross your t's- give the offender all reasonable chances to comply. If they don't do it in a timely manner, SUE.
Let me repeat that.
SUE.
Why? First off, chances are most of these companies really can't afford a legal battle either. If you file papers- I'd bet a lot of companies would simply recognize you're serious, and cave in. You negotiate for your legal fees and force compliance on them, and you're done. If not, and you have what most people feel is a solid case, you'll have the whole Open Source community behind you, because we'll realize just how important your case is. The FSF assists your lawyer(they specifically state they'll assist- they just can't pursue on their own), we help you pay for your lawyer with a legal fund through donations(I'd donate!), and so on.
Not to mention, it's a lot easier to ask a judge for access to the company's source code than it is to go through all sorts of hoops to prove it. Show the trail of breadcrumbs leading up to the door, and the judge won't have much of a problem letting you open the door to see if there's a mouse nibbling on a cracker behind it.
So we loose some market share because people think we're evil bad guys who go around suing(this is why it's important to give people a chance). Who gives a fuck about market share? We're in this for the CONCEPT. Loosing some market share is better than the open-source concept becoming a joke("why should I open-source my stuff, if someone's just going to rip it off tomorrow, and I'll have no recourse against them?")
All it will take is a few lawsuits, and everyone else chasing down violators will have ammunition and WON'T have to sue...but our "nice guy" methodology isn't going to play, because we have no teeth to back up our "please comply" requests.
Re:I would suggest... (Score:5, Interesting)
Most obfuscators are based on constant pool attacks. They go through the constant pool and give your fields and methods lovely names like void, int, class, and new. (Along with the standard fare- as many overloads as possible of a(), etc.) The JVM doesn't care, but the language spec does. So you can still decompile it, and the decompiler will cheerfully spit out code that doesn't compile because many of the variable names have been renamed to reserved words.
However, constant pool rearrangements don't significantly change the bytecodes. (And generally, obfuscators don't mess with the order of entries in the constant pool. If they do, they have to run through the actual bytecodes and fix the operands of certain instructions.) So bytecode is not altered by most obfuscators and you can easily develop a hashcode function for a class file definition that is based on the bytes in the bytecode segments and that will produce the same hashcode for a class before and after treatment by a run-of-the-mill obfuscator. So if you're trying to prevent people from copying your code, obfuscators work pretty well. If you're trying to hide stolen code from the original author who may be looking for such hash collisions, you have to use a better obfuscator which will screw with the bytecode itself.
Obfuscation has a nice side effect of shrinking the final JAR file, since most of the bulk of a Java class is in the constant pool and the obfuscator tries to rename everything to "a". In fact, I heard someone saying that the word "java" appears so many times in the constant pool of Java's standard library that if the name "Oak" hadn't been taken, the typical size of a JVM download would have been reduced by some absurdly significant percentage.
Re:What Wikipedia Does (Score:2, Interesting)
Re:I would suggest... (Score:5, Interesting)
Re:I would suggest... (Score:2, Interesting)
You want to know about getting ripped off?!! (Score:0, Interesting)
These f*sckers - http://www.ingenux.com/onevision wont even return calls or pull our website content, applications and service offerings. They basically ripped our site and software and renamed it, offering it as theirs.
Nice eh? Been asking them since November to take it down.
We've also been getting ripped off all over the place. It's very sad that people can do this, the biggest offenders have been operating out of barbados and other shady places, and we can do little to track them down and stop it.
Makes me sick it does, especially when its hard enough scraping a living as it is, but hearing about people landing $150,000 deals is just a bad joke.
File injunctions! (Score:5, Interesting)
Especially when one of the papers that you file is an injunction or restraining order prohibiting that company from distributing the allegedly infringing software.
Wikipedia [wikipedia.org] says:
"An injunction is an equitable remedy in the form of a court order that prohibits ("enjoins" or "restrains") a party from continuing to do an illegal activity. The party that fails to adhere to the injunction faces civil or criminal contempt of court and may have to pay damages or sanctions for failing to follow the court's order."
Injunctions are wonderful things. These are used all the time by companies to stop other companies doing harmful things. The injunction can be the weapons of choice against GPL violators.
If your lawyer threatens the company with an injunction prohibiting the company from distributing the matter until the matter is settled, they must listen to you. If they do not, get a temporary injunction prohibiting the distribution of the offending code.
Discalimer: IANAL.
Re:I would suggest... (Score:3, Interesting)
Re:Just say what you want. (Score:5, Interesting)
For the most part I agree with you, but it's entirely possible that a judge could force a companay to release their code. Something like that would, however, be done on a case by case basis, and would depend on the history of that specific violation.
If, for example, a company held off prosecution by promising to release the code "real soon now", but never quite got around to doing it, and then after 4 years of stalling, claimed that they had replaced all of the GPL code, so you can now blow your complaint out your ear, I wouldn't bet my life against the judge ordering a full code release.
Re:I would suggest... (Score:3, Interesting)
Do not phrase it as a "GPL violation", it isn't. It is a violation of COPYRIGHT LAW. Inform them that they have infringed your copyright. Any laywer and any corporate executive can immediately understand copyright infringment. They are also probably aware of the massive liability it entails.
Once you've got their attention THEN you can discuss what sort of licencing terms you are willing to offer them and on what conditions you will sign away their liability for past infringments.
You can still settle on very generous terms like you intend to do, but you do need to point out that they are at risk of substantial cash liability or they won't waste time even talking to you.
-
Re:I would suggest... (Score:4, Interesting)
Assuming he felt like doing so (and hiring a laywer), is there any reason you think he shouldn't refuse to settle, instead taking it all the way to a court judgment on copyright infringment and (hopefully) winning a staggering sum of money?
You said yourself hardly anyone's stupid enough to fight a clear copyright. That's becuase it's a hard case to beat, and thanx to the RIAA and MPAA copyright infringment carries absolutely obscene penalties. It effectively gives the GPL a serious set of teeth against violators.
-
Umm.. Sorry, but the king is naked (Score:3, Interesting)
Sorry, but for such trivial items, we are talking about fair use rather than copyright violation. Just like I can quote a paragraph without permission of the author, I should be able to copy a small section of the code that someone decided to let me read.
In some places, the law could be different now. Just look at SCO and errno.h. But it really shouldn't be. GPL is for significant projects like gcc. I really shudder when someone thinks of patenting, copyrighting, trademarking or applying any kind of IP to a Base64 implementation.
Re:Another violation (Score:4, Interesting)
Did you tell the Apache Foundation/the authors and/or the FSF? If you are not a user or author you have no rights. They do however and they should be made aware so they can act. It isnt enough to contact them and complain on /. if you get no response.
GPL viability as a licence is enhanced if abusers fear that if they do copy GPL code a few eyeballs among millions of users will catch them eventually.
Problem with OpenSource Code (Score:2, Interesting)
This thread seems to highlight the major problem with the whole OpenSource ethos... In the real world, people rip you off left, right, and center. So the only way to protect your IP is not to give away for free. If you release your source code under the GPL, be prepared for other people to use as the "basis" of their code. Either leaving unchanged in their software, or replicating the functionailty.
If you want people to have the ability to use your software in there one software, I feel a better way is to release compiled binaries, and say "Hey - you can use this for $0, but just put an aknowledgement in your about or program credits.. if you want the source code send me an email and we can discuss why you feel you need access to the code..."
As a developer I am certainly gratefull for people who release the packages for $0 and don't require any royalty payments; and yes.. I have looked and code released under the GPL to figure out how similer problems were solved. However, due to the fact that I have bills to pay and beer to drink.. I find it difficult in understanding why _anyone_ would give away their IP for nothing.
The fact that people use your code and you don't even get a "thank you" highlights the major failings with the whole OpenSource/GPL issue.
My $0.02
TheLogster
In what way are your utilities being violated? (Score:1, Interesting)
Given the fact that we are not making any improvements/changes to the code, it's not part of a "product" in any way and it's certainly not something we'd release, and that our use of the libraries are a minor part of a script that has a very specific use to us, would we still be considered in "violation of the GPL"?
I am by no means and expert on the GPL, but I wouldn't think this would come close to being a violation. However, if the author has a problem with it, let me know and we'll stop using the code.
Re:I would suggest... (Score:3, Interesting)
Also remember some stories about CDs degrading with unexpected quickness. Not all CDs even approach archival quality, and appearantly some that were initially readable degrade within a year. And if you know how to tell which is archival and which isn't, you know more than I do.
Did anyone actually LOOK at the libraries???? (Score:4, Interesting)
1. Lanuching a browser window
2. Creating a password dialog box
3. Base64 encoding of text
I find it hard to believe that any commercial company would expose themselves to liability by stealing pieces of code that any code monkey worth their salt can write in less than a day. It is more likely that they happened to develop the similiar libraries in parallel. Since these tasks are so trivial (and examples of them appear in many places, both in print and on the web), I can see how two programmers would code up these tasks in the same way. In fact, given how widespread the implementation of, say, Base64 encoding is, I wouldn't be surprised if the original poster's libraries are nearly identical to a previous implementation of the libraries.
It would be akin to someone trying to copyright a musical chord and then suing everyone for trying to use it in their music!
Re:Did anyone actually LOOK at the libraries???? (Score:2, Interesting)