Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Software GNU is Not Unix Government The Courts News

What is the Best Way to Handle a GPL Violation? 511

DeadSea queries: "When you find that somebody is violating the GPL by distributing your code or a derivative of your code as a closed source product, how do you go about handling it? I have found two violations of the GPL for my Java Utilities, in the last month. The Free Software Foundation says that the copyright holder is the only person empowered to act. If you are the copyright holder, how do you communicate with the offenders? I know folks here must have dealt with this before: Linksys, SCO, Castle Technology, United Linux, and others. Personally, I would like to believe that with a little nudging (and without lawyers), I can resolve the things. As such, I would especially appreciate any example letters or other documents that might be effective."
This discussion has been archived. No new comments can be posted.

What is the Best Way to Handle a GPL Violation?

Comments Filter:
  • by DetrimentalFiend ( 233753 ) * on Thursday January 15, 2004 @09:09PM (#7993782)
    I would suggest sending an informal e-mail asking if they understand that they're violating the GPL. If that doesn't resolve the problem, the next step might be e-mailing someone at the FSF for advice. If you really serious about it and the FSF can't help you, you may need to get some advice from a lawyer.

    Of course, the Passive Aggressive way would be to simply decompile the byte code. Java decompilers are quite excellent at producing almost exactly the same source code as was there to begin with (minus comments). You could then put the GPL license at the top, post a copyright for the work they did. After that, send them a letter telling them that you assisted their efforts at becoming compliant with the GPL. You could even bill them with a consulting fee if you really wanted to get a funny reaction from them. Of course, if you did this, you would almost certainly need to find a good lawyer ahead of time.
    • Truely the funniest OT advice I've read in ages!
    • by akpoff ( 683177 ) * on Thursday January 15, 2004 @09:24PM (#7993924) Homepage
      I agree with the informal email but I would a) send copies of the offending code from your product and a copy of the GPL, and b) a link to the FSF GPL FAQ [fsf.org]. I would send the email to their General Counsel. You should word the letter in a conciliatory way and OFFER them the opportunity to remove the offending code. Do NOT tell them they must now releaes all their source code to the public. That will freak them out and cause them to into defense mode. Also, DO NOT ASK for money at all at this point -- they'll assume it's a shakedown.

      It sounds like your goal is to get them to respect your license. Approach them with firm honesty and you may get what you're looking for. If that doesn't work then YOU have whether you want to fight it with lawyers. The cheapest way out would be to assign your copyright to the FSF and let them (as the legal copyright holders) handle it.

      • by jmv ( 93421 )
        Do NOT tell them they must now releaes all their source code to the public.

        Besides, the GPL cannot force them to do that. They always have the choice between 1) comply with the GPL and release their source or 2) plead guilty of copyright violation and pay a fine. For example, you can bet that if MS, Adobe, whatever, is caught with GPL code in a major product, they'll likely choose the second option.
        • by Geek of Tech ( 678002 ) on Thursday January 15, 2004 @11:10PM (#7994805) Homepage Journal
          You forget, there's more. They could also get an injunction so that the infringing material cannot continue to be distributed. Just because they pay a fine doesn't make it lawful to keep distributing something that isn't yours (yeah that goes for music too...)

        • by cfulmer ( 3166 )
          Well, this isn't exactly right. In the US, at least, copyright violation is generally a civil charge, not a criminal charge. Basically, this means that you have a right to sue them. If you win, then you can likely get either an injunction ordering them to stop using your work, collect damages or both. You may collect damages for past infringement and get an injunction preventing future infringement, for example.

          In either case, two things to do: 1. register the copyright. 2. See a lawyer.

          (BTW... Th
        • by Stephen Samuel ( 106962 ) <samuel AT bcgreen DOT com> on Friday January 16, 2004 @12:44AM (#7995401) Homepage Journal
          (( The absolutely first thing you should do is to look into registering your copyright. I'm not sure what it would cost you, but it raises the stakes for them by an order of magnitude))

          Do NOT tell them they must now releaes all their source code to the public.

          If that's what you want them to do, then say so. Don't pussyfoot around. You can't force them to release anything that is whole-cloth theirs, but you anything that's a clear derivative of yours, their legal choice is to release the source, or face a judge.

          The first letter should be business like, and reasonably noncombative. If you'd be happy to just have them release the source code (on an ongoing basis), then let them know that, if they do so, you'll chaulk it up to a misunderstanding and let it be.

          Also let them know what if they force you to spend much more time onthe issue that you'll be charging just for your time. Remember that this is consulting rates, so $100/hour isn't even starting to get unreasonable.

          It's probably worth mentioning that if lawyers start logging time, the price goes much higher much faster.

          Send the message to the best contact you have at the company. If you can find their legal eagles, then CC the message to them.

          I'd also CC a copy to a reasonably disinterested third party who would know to log the message for posterity. The FSF might be a good bet.

          If they're distributing your code and/or documentation on the net , and they're clearly non-responsive, then you can also send a DMCA takedown notice to their ISP. (The law is there. You may hate it for other reasons, but it's a tool for you to use like any other).

          Remember to stand firm on your rights. If they're using your code, you have the right to tell them to stop. If you're seriously pissed at them, you can simply tell them to stop distributing your code. If they refuse to stop, you can go to a judge and get an injunction against them (It would be in the context of suing them for copyright invringement).

          If you want to get paid for the work that they've stolen, then decide how much you want per copy and ask them for it. Worst case is that they'll tell yo to drop dead and you'll be forced to go to court to get the money from them. Note: you can get more money if your copyright is filed... the sooner the better. Until the copyright is filed, the most you can get out of them is 'damages'.. which will (probably) top out at the actual price they are charging for the code. Once you filee, then the cap is the greater of actual damages and $30,000+ per copy. That $30L+ can be a pretty sturdy barganing tool.

          Note: IANAL If in doubt, talk to a real lawyer. There seem to be a number of reasonably good ones at groklaw [groklaw.net]. Perhaps one of them lives in your area.

          NoteL if you really don't think you are willig to drag these people thru court, then you can always assign your copyright to the FSF (or assign them the right to enforce it). At that point the FSF can start wailing on them with authority.

          • by spitzak ( 4019 ) on Friday January 16, 2004 @03:59AM (#7996177) Homepage
            No. You cannot force them to release the code, therefore stating that is going to immediately get you in trouble for lying in your first communication.

            The only thing you can force them to do is stop distributing their version until they either remove the code from it or they comply with the GPL by releasing their code.

            You also can sue them for copyright violation. I have heard you almost have to do this for money, not for any other remedy. I certainly don't think there is any case where the remedy for a copyright violation is that the guilty party is forced to give up all copyrights to a piece of their own work, especially if their work is significantly larger than the violated work.

            So do not say anything stupid about them being forced to release their code. That is false, no matter how much Billy at Microsoft wants people to think otherwise.
      • by Uma Thurman ( 623807 ) on Thursday January 15, 2004 @10:47PM (#7994586) Homepage Journal
        Do not aim for anything other than compliance.

        No money
        No apology
        No donations
        No release of their source
        Nothing

        Just compliance with the GPL. Period. You will win, because hardly anyone's stupid enough to fight a clear copyright, and compliance is a perfectly reasonable thing to ask.

        • by Alsee ( 515537 ) on Friday January 16, 2004 @04:04AM (#7996183) Homepage
          Do not aim for anything other than compliance.

          Assuming he felt like doing so (and hiring a laywer), is there any reason you think he shouldn't refuse to settle, instead taking it all the way to a court judgment on copyright infringment and (hopefully) winning a staggering sum of money?

          You said yourself hardly anyone's stupid enough to fight a clear copyright. That's becuase it's a hard case to beat, and thanx to the RIAA and MPAA copyright infringment carries absolutely obscene penalties. It effectively gives the GPL a serious set of teeth against violators.

          -
      • a) send copies of the offending code from your product and a copy of the GPL
        Have you learned nothing from Darl?! You do not send the offending code, you merely tell them that there is tons of it in their software. Then you send them a bill for $699.
      • by scrytch ( 9198 )
        > I would send the email to their General Counsel

        At which point you shut down all possible dialog except through legal channels. Every company I've been with has had a policy that once something goes to legal, legal takes care of it from then on, because it's assumed that anything anyone else says will end up scrutinized in court.

        Get hold of a product manager, who will eventually connect you to a development manager. You might need to speak to someone in corporate communications first -- it's their j
    • by amplt1337 ( 707922 ) on Thursday January 15, 2004 @09:24PM (#7993931) Journal
      In terms of copyright protection, in order to bring suit your copyright must be registered with the US Copyright Office [copyright.gov].

      Computer programs have their copyrights registered under the category of "literary work." For more information see The US Copyright Office website [copyright.gov].

      You may be able to do a 'cease-and-desist' type thing without it (hey, under the DMCA you can probably send a CaD to anybody you want for anything, without necessarily having cause) but I don't know what sort of proof you have to have that the work was originally yours.

      This is a definite warning though -- if you're developing Open Source and want to be really sure you can enforce the freedom of your code, register that copyright!
      • by jmv ( 93421 )
        ...hey, under the DMCA you can probably send a CaD to anybody you want for anything, without necessarily having cause...

        Not only the DMCA. You can send anyone any cease-and-desist about anything. They're just free to ignore it if they like. It has little legal value, a bit like "do this or I'll sue".
      • You do not need to be registered, That was what half the berne convention is about. Its advisable before a case but not actually necessary to bring suit.
    • by S.Lemmon ( 147743 ) on Thursday January 15, 2004 @09:51PM (#7994156) Homepage
      Java decompilers are quite excellent at producing almost exactly the same source code as was there to begin with (minus comments).
      Actually this is a pretty good argument for using a language like Java for GPL projects. One of the big arguments I often hear about the GPL is how can you really tell when someone's violating? A fully compiled program may only leave tell-tail and often deniable traces, but Java's much harder to hide.
      • by MillionthMonkey ( 240664 ) * on Thursday January 15, 2004 @10:49PM (#7994597)
        You can run an obfuscator, like Retroguard.

        Most obfuscators are based on constant pool attacks. They go through the constant pool and give your fields and methods lovely names like void, int, class, and new. (Along with the standard fare- as many overloads as possible of a(), etc.) The JVM doesn't care, but the language spec does. So you can still decompile it, and the decompiler will cheerfully spit out code that doesn't compile because many of the variable names have been renamed to reserved words.

        However, constant pool rearrangements don't significantly change the bytecodes. (And generally, obfuscators don't mess with the order of entries in the constant pool. If they do, they have to run through the actual bytecodes and fix the operands of certain instructions.) So bytecode is not altered by most obfuscators and you can easily develop a hashcode function for a class file definition that is based on the bytes in the bytecode segments and that will produce the same hashcode for a class before and after treatment by a run-of-the-mill obfuscator. So if you're trying to prevent people from copying your code, obfuscators work pretty well. If you're trying to hide stolen code from the original author who may be looking for such hash collisions, you have to use a better obfuscator which will screw with the bytecode itself.

        Obfuscation has a nice side effect of shrinking the final JAR file, since most of the bulk of a Java class is in the constant pool and the obfuscator tries to rename everything to "a". In fact, I heard someone saying that the word "java" appears so many times in the constant pool of Java's standard library that if the name "Oak" hadn't been taken, the typical size of a JVM download would have been reduced by some absurdly significant percentage.

    • by Squeamish Ossifrage ( 3451 ) * on Thursday January 15, 2004 @10:53PM (#7994645) Homepage Journal
      This just a minor quibble, but I think it bears mentioning: I wouldn't phrase it as "they're violating the GPL" because that sounds like (you think) the GPL has some inherent authority. The issue is that they're violating the terms of the license under which you released your code to them. That just happens to be the GPL.
    • Of course, the Passive Aggressive way would be to simply decompile the byte code.

      [...] Of course, if you did this, you would almost certainly need to find a good lawyer ahead of time.

      In fact you would, as you would infringe their copyright by doing so. Remember that you have no right to their code.

      Unlike what certain FUD-spreaders want you to believe, their creating a derivative work of your GPLed code and their own code does not force their code under GPL. All you can legally demand is that they remove

    • by Alsee ( 515537 )
      Number one rule:
      Do not phrase it as a "GPL violation", it isn't. It is a violation of COPYRIGHT LAW. Inform them that they have infringed your copyright. Any laywer and any corporate executive can immediately understand copyright infringment. They are also probably aware of the massive liability it entails.

      Once you've got their attention THEN you can discuss what sort of licencing terms you are willing to offer them and on what conditions you will sign away their liability for past infringments.

      You can st
  • by pantycrickets ( 694774 ) on Thursday January 15, 2004 @09:11PM (#7993793)
    What is the Best Way to Handle a GPL Violation?

    Shoot on site!!
  • by Anonymous Coward on Thursday January 15, 2004 @09:13PM (#7993812)
    And we'll, uh... check out their websites... until they stop responding. That'll get their attention.
  • by mikeophile ( 647318 ) on Thursday January 15, 2004 @09:14PM (#7993824)
    Terminate with extreme programming?

    /got nuthin

  • Simple (Score:5, Funny)

    by Anonymous Coward on Thursday January 15, 2004 @09:14PM (#7993827)
    Get a lawyer. Asking for legal help on slashdot is about as dumb as asking us for medical advice. (It's possible that the advice might be good, but you could end up neutering yourself)
    • Re:Simple (Score:4, Insightful)

      by danila ( 69889 ) on Friday January 16, 2004 @06:07AM (#7996547) Homepage
      It's not simple. You assume that a random lawyer has more experience dealing with GPL violations then some of the slashdotters. It is probably not true.

      Your advice is similar to "ask a sales clerk" in response to "what wireless card is better for Linux on G5 laptop?". He is asking for personal experience, not for legal advice.

      Not to mention that lawyers cost money and are not necessarily necessary, as there are many ways to deal with the violation informally.
  • Tips (Score:5, Informative)

    by chunkwhite86 ( 593696 ) on Thursday January 15, 2004 @09:14PM (#7993829)
    Call the company and ask for the contact information of their legal department.

    Pay a lawyer a small fee to have him write a letter to the offending company suggesting that their GPL violation will result in litigation if they don't work with you to resolve the problem.

    The offending company's legal department will probably ignore you if you address them directly, so it helps a lot to have a lawyer write the letter (and send it certified mail with return receipt - that always scares people)
  • a large case of GPL violation needs to be proven.
    in court.
    creating a huge stink.
    preferably with a large corporation.
    then perhaps other companies will think twice before copying GPL code.
  • What Wikipedia Does (Score:4, Informative)

    by Raul654 ( 453029 ) on Thursday January 15, 2004 @09:15PM (#7993834) Homepage
    Over at Wikipedia (which is distributed under the GNU-FDL), there's a page [wikipedia.org] that lists other sites using Wikipedia's content.
  • by weeboo0104 ( 644849 ) on Thursday January 15, 2004 @09:15PM (#7993839) Journal
    #1 Send a threatening letter to users claiming a violation

    #2 Demand $699 from the users

    #3 ???

    #4 PROFIT!
  • by rm -rf $HOME ( 738703 ) on Thursday January 15, 2004 @09:15PM (#7993842)
    ...but get a lawyer. They do this for a living. They're not all scum. Why, I bet you've got at least one lawyer friend. Pay them (yes, pay -- even if this is a friend) to write up a letter and send it to the violator.

    DIY is great for things you enjoy doing. Writing letters to copyright infringers isn't fun for many people.
    • by metlin ( 258108 ) on Thursday January 15, 2004 @09:38PM (#7994060) Journal
      I know that the best thing to do is to call a lawyer, but I find it quite unsettling to think that when I'm creating something and giving it away to the world for free, I would need to pay a price to protect my work?

      There is something inherently wrong in that - there must be a better way to protect works that have been created for the benefit of others out there than having to pay to protect whats rightfully yours and whats given out in goodwill.

      If not, we're just a really fucked up society.
      • by markov_chain ( 202465 ) on Thursday January 15, 2004 @09:46PM (#7994115)
        If you wanted to give it away for free, you could always use a FreeBSD licence.

        With the GPL, what you are really protecting is the livelihood of the open-source community, which relies on sharing the improvements and additions to original code.
      • GET IT STRAIGHT (Score:5, Insightful)

        by ObviousGuy ( 578567 ) <ObviousGuy@hotmail.com> on Thursday January 15, 2004 @09:46PM (#7994118) Homepage Journal
        The GPL does not guarantee that the world can receive your project "Freely". It only guarantees that your project itself will be Free.

        In order to guarantee that Freedom for your software, it is necessary to sometimes fight for it. Fighting for it usually means battling legal challenges to your rights as copyright owner. These fights will cost you money.

        Freedom is not free. It is not even cheap.
      • I know that the best thing to do is to call a lawyer, but I find it quite unsettling to think that when I'm creating something and giving it away to the world for free, I would need to pay a price to protect my work?

        There is something inherently wrong in that - there must be a better way to protect works that have been created for the benefit of others out there than having to pay to protect whats rightfully yours and whats given out in goodwill.

        And yet, this doesn't just apply to programming. Suppose

  • by xSquaredAdmin ( 725927 ) on Thursday January 15, 2004 @09:16PM (#7993851)
    Just find any of their e-mail addresses that you can, and submit them to any porn mailing lists that you can find. It may not work, but it's fun to do.
  • by Anonymous Coward on Thursday January 15, 2004 @09:16PM (#7993853)
    Forget handling the violation... What about finding the violation in the first place? If they strip all comments and change the execution order (with a script), how would you be able to know it was the same? It would seem approperiate to do a statistical analysis on the code to detect similarity... but does such a method even exist? However, before you can even do analysis on the binary you must gain access to the binary. With many products, unless they offer downloadable firmware or tftp/ftp/etc access, the firmware can be almost impossible to access. In this case, is there any way to even know without figuring out how to extract the information from the ROM? It could even be encrypted, only allowing a certain chipset to access it. (CSS for example) It would take a DMCA violating reverse engineering job to find this out, which could result in a counter-suit to any GPL violation you found. And they would most likely have more money.
  • I have two options at my disposal to get you punies to share your source
    1. Castration
    2. Crucifixion

    You guys have no idea how the glimmer in your eyes can scare the average CEO, especially when holding a set of garden shears.

  • I have all the sympathy for people suffering from GPL violation, but I find this case ridiculous for several reasons:

    1. Java can be trivially decompiled, so I don't see how this can be regarded as "closed source" with a straight face.

    2. Your library does not look like rocket science to me.

    That does not lower the formal legal bar, but come on, how many ways are there to do Base64 encoding and circular buffers? I don't know what exactly you think someone took from you, but this looks to me like one
    • by Anonymous Coward on Thursday January 15, 2004 @09:40PM (#7994072)
      It doesn't matter what they took from him, only that it was taken. Someone could steal a potted plant or my automobile from the front of my house; the fact that the plant has little relative value next to the car doesn't make the theft of the plant any less a theft.

      This has nothing to do with patent. This is a GPL violation. Get it straight.
    • You know, it does kinda look like this guy GPLed his Programming 101 homework assignments :)
    • by JohnA ( 131062 ) <johnanderson&gmail,com> on Thursday January 15, 2004 @10:16PM (#7994327) Homepage
      2. Your library does not look like rocket science to me.

      So what? Personally, I find the Ostermiller libraries incredibly helpful. I don't want to spend my time writing an Excel compatible CSV library, or fixing StringTokenizer bugs.

      Green Eggs & Ham [amazon.com] isn't rocket science, either. But I bet someone would take offense to you misappropriating its content...
    • After reading the description of his library I had the same thought. What exactly is the point of releasing trival, 10-minutes-to-rewrite-from-scratch stuff like this under the GPL rather than any of the other open-source licenses?

      The only reason I can think of off hand is to bait clueless developers into shipping it with a commercial product so you can come along and hassle them about it later. In my experience, working programmers outside the Slashdot-reloading set tend to have trouble grasping the sub
      • "What exactly is the point of releasing trival, 10-minutes-to-rewrite-from-scratch stuff like this under the GPL rather than any of the other open-source licenses? ... The only reason I can think of off hand is to bait clueless developers into shipping it with a commercial product so you can come along and hassle them about it later."

        How about "because even though it's not rocket science, this code is useful to me, and I want other people to be able to use it rather than have to rewrite it"? I's not like v
    • by twitter ( 104583 ) on Thursday January 15, 2004 @11:52PM (#7995056) Homepage Journal
      Fefe, you just wrote one of the most insulting posts I've seen in a long time and it's inemical to free software in general. You crap on DeadSea's work and the whole idea of software freedom. To add insult to injury, because DeadSea complains of being violated, you compare him to the lowest scum on Earth: Microsoft, SCO and junk patent advocates. Your troll is so excellently crafted, it's obvious that you know what you are doing, so what follows is for peopole who might not understand your methods.

      You reveal the root of your contempt, and it's resulting ridicule right here:

      1. Java can be trivially decompiled, so I don't see how this can be regarded as "closed source" with a straight face.

      It's obvious that you don't understand or have forgoten software freedom and have a very bad elitist atitude. The point of the GPL is that the others can read and understand code that you write or modify. The GPL demands distribution in HUMAN READABLE form, complete with all of the original notes. While you might think yourself above the need for comments, that's beside the point. The GPL does not require you to pander, it simply asks you to pass on what you recieved. Stripping information is a clear violation of the spirit and letter of the GPL.

      Your second insult should be aimed at the violators:

      2. Your library does not look like rocket science to me.

      If it was so easy, why was the code appropriated? When the company appropriated the code, why did they bother to strip information from it? Someone so uber-leet as yourself would never sink so low, would you? Real men like might not mind putting in long hours reinventing the wheel, but I do. When you use someone else's code, the least you can do is honor the license it's under.

      Your final comments are the most insulting of all:

      you only make yourself look bad and give SCO and Microsoft ammunition on why free software people are communists and morally corrupt people.

      What a stupid blast. Just try reverse engineering something from Microsoft and distributing it. The answer you get will be most unreasonable. It's surprising indeed that someone from Germany would call someone a Communist, especially someone who would so fiercly advocates software freedom [www.fefe.de].

      What could be more helpful to closed source than to convince free software writers to keep quiet about GPL violations? The losers obviously can't keep up. If we are silent and just let people have their way when our code is "stolen" we might as well take orders about software development straight from Redmond. It would be better to hand over your copright to anyone else.

  • Trash 'em in public (Score:3, Interesting)

    by Saeed al-Sahaf ( 665390 ) on Thursday January 15, 2004 @09:19PM (#7993884) Homepage
    I think that unfortunately, most developer who release GPL code do not have the resources to make a legal response (i.e. hire a lawyer) unless it's a very high profile application. This essentially leaves us with trashing / embarrassing the culprit in a public forum.

    It would be nice if there where some endowed fund managed by, say, the FSF, that developers could turn to, but I don't see that happening. So, in my mind, public whipping is the only realistic alternative.

    • The "real alternative" is to turn over copyrights to the FSF and let them handle these violations. Of course that also means giving up rights to ever 'taking back' your code at some future date.

      But if your goal is to promote Free Software, that's the way to do it.
  • a bullet to the kneecap?
    eh, no, perhaps not..
    Ah, a baseball bat to the kneecap..

    Your pal, Tony S.

  • by xankar ( 710025 ) on Thursday January 15, 2004 @09:22PM (#7993909) Journal
  • My suggestion.... (Score:5, Insightful)

    by UrGeek ( 577204 ) on Thursday January 15, 2004 @09:24PM (#7993929)
    1. Call the phone. Talk to them on the phone and explain the oversight. Be polite and approach the situation purely as a problem solver with a helpful attitude. But take notes and pay close attention to how they response.

    IF THAT FAILS,
    2. Craft a letter. Be professional but firm.
    IF THAT FAILS,
    3. Get a lawyer. A good one but one that will take the case for a percentage of this company that you are about to own.
  • by DAldredge ( 2353 ) * <SlashdotEmail@GMail.Com> on Thursday January 15, 2004 @09:25PM (#7993935) Journal
    How did you find out they where using your code? That might help us help you.
  • Offer to sell (Score:5, Insightful)

    by Spazmania ( 174582 ) on Thursday January 15, 2004 @09:25PM (#7993936) Homepage
    First, make a call. Navigate your way to someone senior and offer to sell them a license to use your code as they see fit. After all, why shouldn't you make some money off your code too?

    Follow up with a letter in which you inform them that you have determined that your software appears in their code without a license. Offer to sell them a license for some reasonable amount. Point out that you have also offered them use of the software under the GPL license if they prefer.

    Direct your letter to their legal counsel if they have one. Otherwise, look for someone near the top. The head of the salesforce is generally a good bet; they're very vocal within the company and will tend to get the necessary folks to deal with you.
  • do this... (Score:2, Funny)

    by Amyloid ( 306245 )
    when in danger, when in doubt, run in circles, scream and shout!
  • Simple (Score:5, Insightful)

    by mark-t ( 151149 ) <markt AT nerdflat DOT com> on Thursday January 15, 2004 @09:30PM (#7993983) Journal
    First of all, and perhaps most important, do *NOT* bring up the term "GPL".

    Second, inform them that you are the author of the material that they are distributing, and that they have not fulfilled their obligations in order to obtain legal permission from you to distribute their changes to your code without making the source available, since the combined work (your code plus their changes) still contains your code and that code is still copyrighted by you and therefore still subject to your distribution requirements. They can comply with your copyright by removing every last line of code that you wrote or by releasing the source of their entire product. You can, at your option, also make alternative arrangements with them to grant them permission to distribute without the source in exchange for some compensation that you specify.

    Doing it this way takes the focus off the fact that it's the "GPL", and it's viewed simply as a matter of straight copyright infringement, removing any possibility of potential discrimination against the GPL.

  • by femto ( 459605 ) on Thursday January 15, 2004 @09:30PM (#7993984) Homepage
    If you trust the FSF, and you know you only ever want to release your code under the GPL, ask the FSF if they will accept your code as a donation. That way they become the copyright holder and are authorised to take action.

    You are able to continue devlopment as before, since the code will still be GPL'd. You will have lost the right to sell your software under a license other than the GPL though.

    • They wont do anything since they are cash stripped and are fighting or have lost agaisnt linksys, SCO, and others.

      Remember the second you assign your rights to them, you can not hire your own laywer to defend you. After all your code property of the FSF now.
  • by hacker ( 14635 ) <hacker@gnu-designs.com> on Thursday January 15, 2004 @09:33PM (#7994013)
    Two projects I contribute heavily to, and one of them is a project I am the primary maintainer of, are being "tentatively" violated by 4 commercial companies, and there may be a 5th on the way.

    I've sent emails, asking for the reasons why snippets of our source end up mysteriously in their commercial applications. In one case, a company (in Germany) came back stating that they happen to have the 5 same exact function names in their application, and byte-for-byte identical perror() strings to our application, but they insist they're not using any of our code, but claim that they did use it "for documentation purposes" when writing their application. That one is still open and pending, and we'll be doing protocol sniffs to see if theirs match ours. We have certain "fingerprints" in our protocol, which can only be done by using the source directly.

    Another company I just found several days after the one above, seems to be using our code in a commercial BeOS project. They responded to my email, claiming that our code was used "as is" in their project, and then goes on to say "the use was re-configured to allow for easier additions". I don't see how they can claim both, in the same project. Either the code was used as-is (impossible, our code doesn't build on BeOS), or they modified it (and they must give us back the changes to those sources).

    Another company directly took our code, removed all of our names from the project, replaced them with their own, slapped their own (non-GPL) license on it, and sold it to "partners" for quite a hefty fee. When we confronted them asking for an explanation, they basically told us to piss off. When we escalated, the CEO came back with, and I quote "If we end up in court, I will bankrupt these guys".

    We also contacted this company's "partners", and asked them for the source to the changes they were also distributing. Every time we would contact these companies, the original company would threaten to sue us if we contacted their partners.

    The FSF is involved in all of the cases. The investigations are still open, and pending.

    Companies seem to think that because they have money, and most Free Software developers do not, that they can just slap us around left and right. The other point companies seem to try to "leverage" when they are clearly violating the GPL, is that the common myth that the "GPL Has Never Been Tested In Court(tm)", and since it has no basis, they can take whatever they want, and not give back. They seem to forget that the U.S. Copyright system backs up all of this code.

    So what do we do? There are dozens upon dozens of cases where the GPL is clearly being violated; the MPlayer [mplayerhq.hu] violation from KISS Technologies, the BusyBox [busybox.net] Hall of Shame, and many more.

    • by SuperBanana ( 662181 ) on Thursday January 15, 2004 @10:27PM (#7994384)
      Companies seem to think that because they have money, and most Free Software developers do not, that they can just slap us around left and right.

      No, companies rightfully think that because the GPL has yet to be tested in court, there's no case history, and they'll be able to drag it out in the courts forever...that they can walk all over you.

      The only answer is to dot your i's, cross your t's- give the offender all reasonable chances to comply. If they don't do it in a timely manner, SUE.

      Let me repeat that.

      SUE.

      Why? First off, chances are most of these companies really can't afford a legal battle either. If you file papers- I'd bet a lot of companies would simply recognize you're serious, and cave in. You negotiate for your legal fees and force compliance on them, and you're done. If not, and you have what most people feel is a solid case, you'll have the whole Open Source community behind you, because we'll realize just how important your case is. The FSF assists your lawyer(they specifically state they'll assist- they just can't pursue on their own), we help you pay for your lawyer with a legal fund through donations(I'd donate!), and so on.

      Not to mention, it's a lot easier to ask a judge for access to the company's source code than it is to go through all sorts of hoops to prove it. Show the trail of breadcrumbs leading up to the door, and the judge won't have much of a problem letting you open the door to see if there's a mouse nibbling on a cracker behind it.

      So we loose some market share because people think we're evil bad guys who go around suing(this is why it's important to give people a chance). Who gives a fuck about market share? We're in this for the CONCEPT. Loosing some market share is better than the open-source concept becoming a joke("why should I open-source my stuff, if someone's just going to rip it off tomorrow, and I'll have no recourse against them?")

      All it will take is a few lawsuits, and everyone else chasing down violators will have ammunition and WON'T have to sue...but our "nice guy" methodology isn't going to play, because we have no teeth to back up our "please comply" requests.

      • File injunctions! (Score:5, Interesting)

        by B.D.Mills ( 18626 ) on Thursday January 15, 2004 @11:46PM (#7995027)
        If you file papers- I'd bet a lot of companies would simply recognize you're serious, and cave in.

        Especially when one of the papers that you file is an injunction or restraining order prohibiting that company from distributing the allegedly infringing software.

        Wikipedia [wikipedia.org] says:

        "An injunction is an equitable remedy in the form of a court order that prohibits ("enjoins" or "restrains") a party from continuing to do an illegal activity. The party that fails to adhere to the injunction faces civil or criminal contempt of court and may have to pay damages or sanctions for failing to follow the court's order."

        Injunctions are wonderful things. These are used all the time by companies to stop other companies doing harmful things. The injunction can be the weapons of choice against GPL violators.

        If your lawyer threatens the company with an injunction prohibiting the company from distributing the matter until the matter is settled, they must listen to you. If they do not, get a temporary injunction prohibiting the distribution of the offending code.

        Discalimer: IANAL.
  • Are you actually sure that they did not accidentally hit the same characters on the keyboard? I mean, if these tidbits are source, then I would not build a well on it.

    Still, if they include it in their source tree then they are in violation I guess. Now go on and put them together into a real program or library.
  • by dillon_rinker ( 17944 ) on Thursday January 15, 2004 @09:34PM (#7994021) Homepage
    1. Assign copyright to the FSF
    2. Sic Moglen on them

    The only reason to refrain from doing this is if you wish to retain some proprietary interest in the code, for the purpose of perhaps producing a closed-source version of it. If that is your intent, I really don't give a flying fig what you do. If, however, you are pure of heart, you have absolutely nothing to lose by assigning the copyright to the FSF. You'll always be able to use, modify, and distribute the code, just as you can now. The only right you (might) lose would be the right to later create a proprietary version.
  • by bwt ( 68845 ) on Thursday January 15, 2004 @09:41PM (#7994077)
    You should first look to register [copyright.gov] your copyright. This costs $30 and is otherwise relatively simple. This gives you certain legal benefits in a potential litigation and serves as a deterence. You should start pouring over Title 17 so that you know the law. Don't be afraid to read it yourself -- copyright law is actually pretty accessible.

    After that you should send them a letter stating that (1) your work is copyrighted and is not public domain (2) you offer a licence (the GPL) which is seeks certain forms of compensation in return for using your work. That compensation comes in the form of reciprical licencing to their derivitive copyrights. Provide them with a copy of the GPL. (3) State that they have made no attempt to comply with those terms. State the actions taken by them that violate the terms. State that they have not purchased or seceured any licence to use your copyrighted material in the manner they are using it. Don't be wishy-washy. Say things like "you are basing your business on piracy of my intellectual property". (4) State that as of this letter they are on notice that they are violating the law and that if they do not cease and desist then any willful and knowing infringment may be subject to increased penelties under the copyight law. (5) Remind them that damages for infringement include any profits attributable to the infringement.

    If you feel like it, offer them a real licence to do what they are doing for an appropriate cost, say $2million or some other number you'd be happy with.

    Don't be afraid to go talk to an IP lawyer. If you want to proceed beyond telling them to stop pirating your stuff, then this will be essential. Use the phone book. Make it clear to the people you talk to that you are interested in discussing retaining them on a contingency basis only, that your have registered your copyright, and that you believe a business is willfully pirating your code.
  • Effect (Score:3, Funny)

    by Scrameustache ( 459504 ) on Thursday January 15, 2004 @09:47PM (#7994131) Homepage Journal


    If I were you, I would have slashdotted them instead of slashdotting myself, but I'm a vindictive bastard, not a masochist ;-)

  • by Anonymous Coward on Thursday January 15, 2004 @09:52PM (#7994161)
    I had a dispute with a company that was screwing me over, and I called and called, and told them the specific laws they were violating and that the law entitled me to $1000 damages for each violation (there were two violations). It was like talking to a wall. They knew that the cost of taking them to court was more than the cost of paying the ransom they were demanding from me.

    Then I had a lawyer call them. They rolled over.

    The reason? I had an airtight case against them, and the fact that a lawyer was calling them meant I was WILLING to go to court, although I never actually had to. They'd lose badly in court, so they settled.

    Call a damn lawyer.
  • by Trailer Trash ( 60756 ) on Thursday January 15, 2004 @09:52PM (#7994167) Homepage
    I see this all the time (and cringe), so here's a short list of what to not do:

    1. Don't complain about it on Slashdot (not saying the poster is). We see this all the time here. The offender probably isn't reading, and frankly doesn't care.

    2. Don't email them or use a web contact form. This has no legal ramifications, and the person reading it will probably just delete it thinking you're a loon.

    Now, for what to do. IANAL, etc.

    1. Send a certified letter to their corporate legal counsel if you can find out who it is, otherwise an officer of the corporation. Outline what is infringing, and explain why you own it. For your first letter, no threats, just tell them (not ask: tell) to deal with the infringement within 30 days or so and to inform you when they've done so. Their options are to remove the code or GPL their product.

    2. If that doesn't work, hire an attorney. He'll send a nastier letter.

    My guess is that for 95% of the cases out there, the first letter will solve the problem. For another 4%, the attorney's letter will. You'd better be willing to go the distance for the other 1%. Note that the attorney may take it on contingency if the other party has enough money to make it worth his while.
  • The C-Team (Score:5, Funny)

    by iiioxx ( 610652 ) <iiioxx@gmail.com> on Thursday January 15, 2004 @10:14PM (#7994309)
    In 1991, a crack development unit was sent to prison by a software patent court for a crime they didn't commit. These men promptly escaped from a maximum security stockade to the Linux Expo underground. Today, still wanted by the government, they survive as coders of fortune. If someone rips off your code, if no one else can help, and if you can find them, maybe you can hire... the C-Team.
  • by slashname3 ( 739398 ) on Thursday January 15, 2004 @10:18PM (#7994335)
    Hey! How come an SCO lawyer is asking advice on how to prosecute their case on slash dot? Oh, never mind, I think I answered my own question.
  • by Foofoobar ( 318279 ) on Thursday January 15, 2004 @10:30PM (#7994411)
    I ever so recently had to deal with a copyright AND trademark issue. First, find a lawyer who understand the GPL. Then have their office send a cease and desist order as the owner of the material being distributed. If they fail to respond, take legal action in a federal court.
  • by bergeron76 ( 176351 ) * on Thursday January 15, 2004 @10:56PM (#7994674) Homepage
    As the copyright holder, YOU can negotiate terms for the use of your code. If you're dead set against anyone using it commerically, let them know and don't let them use your code (but overall the community will suffer).

    If you think you should be paid for your work, and its a commercial product, ask them for fair compensation.

    Keep in mind, though, that there are several reasons not to make ludicris requests:

    a) it hurts the community overall - by working out a deal with the company/violator directly, you can potentially work out terms that you're both happy with. Ultimately this makes Open Source look more [financially] viable in the corporate realm.

    b) you have the power to contribute back to the community 2-fold - one with your code; and 2 with a financial contribution to the organization of your choice (FSF, etc) based on some kind of negotiation with the violator (like I mentioned in a above); compromise by allowing them to keep their derivative work closed source (and simultaneously preserving their business model), but ask that they contribute X% of the profits to the FSF, or yourself, or whatever you deem appropriate [within reason of course, the more companies that are successful with open source business models, the better].

    c) don't ask them to open their source!!! Before modding this post as flamebait because it contains a controversial statement, hear me out... Most companies DON'T have a product if they are forced to open their source code. Some do, however, it makes it much more difficult to do from a business sense, and it makes Linux very incredulous in the eyes of investors / Venture capitalists, etc.
    HOWEVER - business models DO exist that are helping the linux community AND succeeding commercially. A good example is Tivo. They've created a successful consumer product and they haven't released the sourcecode - BUT the community saw something useful in Tivo and thus FreeVO and MythTV, etc. were created to fill the non-commercial niche. In addition, they help the OS community by allowing hacks while still trying to maintain business income (and food on the tables of their programmers/IT staff).

    We can't have it both ways, guys! We can't on one hand piss and moan about the lack of IT jobs, while simultaneously demanding total financial compensation for our community contributions. The bottom line is that we have to work with what we have and strike a balance with the corporate Linux companies.

    The linux community is searching for the elusive "business model" - I'll tell you what it is: It's compromise. It's allowing a business to use your code and make a profit in exchange for providing yourself and the business/GPL violator with a reasonable symbiotic relationship. "Clone" applications will surface immediately to fill the market of people that aren't willing to pay for the product (insert Tivo / FreeVo example here). The businesses can market their products to the general society and make money; and they can help the Open-Source community develop a "free" (for those with the tech know-how) equivalent.

    d) Everyone PROFITs!

  • by iamacat ( 583406 ) on Friday January 16, 2004 @05:06AM (#7996369)
    300 replies and nobody looked at the "Java utilities" that the author is so protective about?
    • Base64 - Encode and decode base 64.
    • Browser - Open a browser from an application on Windows, Unix, or Macintosh.
    • CGI Query String Parser - Libraries to to parse the query data supplied by HTTP GET or POST requests.
    • ... the list goes on


    Sorry, but for such trivial items, we are talking about fair use rather than copyright violation. Just like I can quote a paragraph without permission of the author, I should be able to copy a small section of the code that someone decided to let me read.

    In some places, the law could be different now. Just look at SCO and errno.h. But it really shouldn't be. GPL is for significant projects like gcc. I really shudder when someone thinks of patenting, copyrighting, trademarking or applying any kind of IP to a Base64 implementation.
  • by starX ( 306011 ) on Friday January 16, 2004 @07:01AM (#7996774) Homepage
    Whatever you do, make sure that you can produce the code, and make it accessable. I don't doubt your honesty, but you should be able to point out to them in exactly what files the offending code resides. For all you know, the company might not even have knowledge that it's there, and given the recent crap with SCO, they are likely to be very distrustful unless you can specify exactly what the code is.

    Aside from that, if it does come to court, you should make sure your lawyer is competent to demonstrate that just because a few lines are different doesn't mean that it wasn't copied and then "tweaked" for purposes of legality. A decent lawyer should be able to demonstrate to the judge the different ways of accomplishing the same complex task, overall coding style, etc. And failing a decent lawyer, you may find yourself needing to explain it to said indecent lawyer.

    I would, above all else, urge you not to waste time. Send them a friendly email, and make it clear that you expect a response within a reasonable amount of time, and failing that response, or if you should get a dismissive response, your next communication with them should be through a lawyer, on your lawyers letter head, through good old fashioned US Mail.

    Pre-emptively, you might gather any and all access logs available to you. Then see if you can find out what IP range the company owns. If you can demonstrate that one of their employees accessed it, that will give you a more direct link. You could always try subpoening the home IPs of the "authors" of this code, but that will be hella hard and take a lot of time.

    Best of luck to you!
  • by humblecoder ( 472099 ) on Friday January 16, 2004 @12:15PM (#7999362) Homepage
    I went to the original posters website to look at the libraries in question, and they appear to be trivial little code snippets. Here are some examples:

    1. Lanuching a browser window
    2. Creating a password dialog box
    3. Base64 encoding of text

    I find it hard to believe that any commercial company would expose themselves to liability by stealing pieces of code that any code monkey worth their salt can write in less than a day. It is more likely that they happened to develop the similiar libraries in parallel. Since these tasks are so trivial (and examples of them appear in many places, both in print and on the web), I can see how two programmers would code up these tasks in the same way. In fact, given how widespread the implementation of, say, Base64 encoding is, I wouldn't be surprised if the original poster's libraries are nearly identical to a previous implementation of the libraries.

    It would be akin to someone trying to copyright a musical chord and then suing everyone for trying to use it in their music!
  • by kevinank ( 87560 ) on Friday January 16, 2004 @01:53PM (#8000493) Homepage

    First talk to your lawyer. He or she will help you with the details.

    If you don't have, and don't want to have a lawyer, then first you should put them on notice. Identify the code that you believe they have misappropriated, and the product or place where they are publishing it without your permission. Ask them to respond with their agreement to comply, and send your notice to the company CEO by certified mail.

    You can file a lawsuit for damages. Statutory damages are about $500 per work. If you register your copyrighted code with the copyright office of the library of congress then you'll also be able to collect reasonable lawyer's fees should you prevail.

    If the company fails to respond, or fails to agree to respect your rights then you can also file a lawsuit to get a permanent injunction barring them from violating your rights, and possibly for triple damages.

    If you had a lawyer, you could also make him available for another mutually agreeable negotiated license, but negotiating that yourself it is very easy to fall to charges of extortion. The only real solution for doing this without a lawyer is to set up standard commercial licensing terms, and direct their attention to it.

  • by Tsu Dho Nimh ( 663417 ) <abacaxi@hotmail . c om> on Friday January 16, 2004 @02:44PM (#8001088)
    "When you find that somebody is violating the GPL by distributing your code or a derivative of your code as a closed source product, how do you go about handling it?"

    Read the USA copyright law http://www.copyright.gov/title17/circ92.pdf ... you can just file a legal action in the proper federal court. AFAIK, you have to register the copyrights first, and damages can be limited if you register late, but you can get the offender to stop the infringement and pay your legal fees no matter how late you register things.
    NOTE: there are forms you can fill out to get a break on the filing fees if you are truly impoverished.

    "If you are the copyright holder, how do you communicate with the offenders?"

    Through a letter to their CEO, first, letting them know they have infringed, politely requesting that they cease and desist the infringement. Then via letters from your lawyer to theirs, probably.

    Getting a temporary injunction is tricky - you are usually asked to post a bond in case the other guy prevails, and it can be hefty. However, the judge can require the infringing party destroy (or hand over to the court) all develo9pment copies, finished works, copies, etc. and pull them from distribution channels.

It is not best to swap horses while crossing the river. -- Abraham Lincoln

Working...