I Am Not a License Nazi (part I)
Saturday morning, I decided to get back to some wine testing, in an effort to get the new Palm Tungsten Simulator working, so I could test some applications in and against it. (Curiously enough, there are two simulators for these two Palm models, one is modeled after the OS itself, minus the new applications that are shipping on these models in real-life, and the other models exactly what you get when you purchase one of these devices in a store. They aren’t the same, and they are not available from the same location).
As expected, the Simulator fails to run in wine, including release, nightly, and cvs versions of wine. The problem lies upstream in either the Palm code, or the MMDRV_ portions of wine. I’m narrowing in on a workaround, mostly thanks to the helpful people in #winehq on irc.debian.org.
So I decided to see if wine worked at all on some of these recent Windows InstallShield/Catapult installers. I dug around in my shared Windows downloads directory (I don’t have any Windows machines, only directories of downloads, which are mapped to my vmware sessions when they are booted).
I found an application called “Foo Install.EXE” (not the real name, more on that in a moment). It purports to perform a certain action on a Palm device, in Windows, bypasing the standard Palm tools to do so. Running it in wine, threw a few errors, because wine doesn’t support USB hardware, which this device tried to communicate with. Normally, in Windows, this would be launched with a double-click, hiding any errors which might appear, behind context. Oddly, when the application errored out, I recognized the error message.. because I wrote it!
“Wait a minute. How can a commercial Windows application contain an error message I know I wrote, which exists in a project I maintain…”
I ran strings on the executable, and sure enough, this application has 5 function names directly copied from our library and headers, and includes one string which only appears on POSIX systems, and never actually is output from the Windows executable. The application has cut-n-pasted code from our LGPL library into their Windows tool, and were using it to talk to the Palm device, in Windows.
I decided to try some of the company’s other Palm applications. 3 of the company’s 5 commercial applications uses this same code. I couldn’t test the other two, because they didn’t have any “demo” versions for download, and were clearly commercial-only. I can only assume that if they put the code into 3 of them, they put the code into the other 2.
Now, normally this would appear to be a mistake, and I like to give companies the benefit of the doubt, but in this case, I think it was much more maliscious than that. Not only was the code clearly marked as being LGPL, but it wasn’t designed for use in Windows. This means someone took the code from our library (and potentially our headers), and put it into their Windows products, modifying the code a bit to work on that platform (/dev/ttyUSBx vs. USB::, etc.), but they neglected to add the required LGPL notices to their downloads. They also have their own license, which adds restrictions on use of their product, and they have a bland copyright notice of their own, right on the About and Help screens of their application. This could be construed as a “Lanham Act” violation (“False designation of origin…”).
I fired off a message to their contact address, including a copy to firstname.lastname@example.org, so everyone can be in the loop. I expressed our concerns, detailed our findings, and requested an explanation and requested that they make an effort to bring themselves into compliance. I try to give everyone the benefit of the doubt first, until they reject that offer.
So far, no reply yet.
I Am Not a License Nazi (part II)
I jumped on over to Freshmeat to look at some of their new Palm projects (which I do from time to time, to get a feel for the direction people are going with their Palm code), and did a search for handheld there. I found something called “BearOps Handheld”, and decided to try to download it and give it a try.
Not only is there no download available, but their site claims that they’ve exceeded their bandwidth allocation for the month, and that downloads have been suspended. I fired off an email to tell them that I’d gladly be a mirror, but they didn’t respond. This means their email is working, and didn’t bounce.
Ok, off to Netcraft to see what their provider is.. and I notice that they’ve switched providers in the last few years. Could they really have exceeded their bandwidth every month, across multiple providers?
Off to The Internet Archive, and I see that they’ve been up since at least July 20, 2001. Drilling down into September 28, 2001, we see the same “suspended downloads” message on their site. Odd, is it really possible that for over 2.5 years, they’ve exceeded their bandwidth with 2 separate providers? Not likely. I’ve never even heard of BearOps, and if it was that popular, I’m sure it’d be somethiing I’ve heard of. It’s based on Debian, after all.
I brought this up with some other handheld/Palm people in the Free Software community, and the concensus was that emails asking for the source go unanswered, offers for mirrors go unanswered, and the company simply refuses to supply any details about their distribution, unless you purchase it.
Another possible GPL violation? Or just non-existant/dead/ignorant people?
There Is Much More To This…
There seems to be an ever-increasing abuse of the GPL and other Free Software licenses lately. Most-recently, the MPlayer discovery of several GPL violations by a company called “Kiss Technology”.
I spoke with my girlfriend Erika, an avid Wall Street Journal reader, and she suggested I write an editorial/letter to the WSJ, explaining all of this. The problem, she said, was that companies and “normal people” don’t know this is happening, and that nobody reads those “geek webpages” (groklaw, slashdot, advogato), so none of this information gets where it needs to be… injected into the public media.
The synopsis of this, is that companies are actively stealing software, violating copyright, selling products based on that stolen code, increasing their profits, firing/laying off staff (“We found something on the the web that does exactly what we’re paying you to write for us, so we don’t need you anymore. Pick up your last check at the door.”), and the economy increases, due in part, to theft, and jobs being lost.
The economy is improving because jobs are being lost. There is this mentality among well-funded companies, that they are “safe”, because “..those unemployed Free Software hippies” don’t have enough money to bring them to court. They’re wrong. A bit of a media campaign with some truth, can be much more damaging than any lawsuit.
We can’t let this continue like this. Chasing all of these companies down, is getting to be exhausting.