From fca59bea770346cf1c1f9b0e00cb48a61b44a8f3 Mon Sep 17 00:00:00 2001 From: Harald Welte Date: Sun, 25 Oct 2015 21:00:20 +0100 Subject: import of old now defunct presentation slides svn repo --- 2012/gpl-freedomhec2012/gpl_compliance.tex.bak | 507 +++++++++++++++++++++++++ 1 file changed, 507 insertions(+) create mode 100644 2012/gpl-freedomhec2012/gpl_compliance.tex.bak (limited to '2012/gpl-freedomhec2012/gpl_compliance.tex.bak') diff --git a/2012/gpl-freedomhec2012/gpl_compliance.tex.bak b/2012/gpl-freedomhec2012/gpl_compliance.tex.bak new file mode 100644 index 0000000..e7f86b7 --- /dev/null +++ b/2012/gpl-freedomhec2012/gpl_compliance.tex.bak @@ -0,0 +1,507 @@ +% $Header: /cvsroot/latex-beamer/latex-beamer/solutions/conference-talks/conference-ornate-20min.en.tex,v 1.7 2007/01/28 20:48:23 tantau Exp $ + +\documentclass{beamer} + +% This file is a solution template for: + +% - Talk at a conference/colloquium. +% - Talk length is about 20min. +% - Style is ornate. + + + +% Copyright 2004 by Till Tantau . +% +% In principle, this file can be redistributed and/or modified under +% the terms of the GNU Public License, version 2. +% +% However, this file is supposed to be a template to be modified +% for your own needs. For this reason, if you use this file as a +% template and not specifically distribute it as part of a another +% package/program, I grant the extra permission to freely copy and +% modify this file as you see fit and even to delete this copyright +% notice. + + +\mode +{ + \usetheme{Warsaw} + % or ... + + \setbeamercovered{transparent} + % or whatever (possibly just delete it) +} + + +\usepackage[english]{babel} +% or whatever + +\usepackage[latin1]{inputenc} +% or whatever + +\usepackage{times} +\usepackage[T1]{fontenc} +% Or whatever. Note that the encoding and the font should match. If T1 +% does not look nice, try deleting the line with the fontenc. + + +\title{Current Developments in GPL Compliance} + +\author{Harald Welte} + +\institute +{gpl-violations.org} +% - Use the \inst command only if there are several affiliations. +% - Keep it simple, no one is interested in your street address. + +\date[FreedomHEC 2012] % (optional, should be abbreviation of conference name) +{FreedomHEC 2012, Taipei} +% - Either use conference name or its abbreviation. +% - Not really informative to the audience, more for people (including +% yourself) who are reading the slides online + +\subject{Embedded Linux} +% This is only inserted into the PDF information catalog. Can be left +% out. + + + +% If you have a file called "university-logo-filename.xxx", where xxx +% is a graphic format that can be processed by latex or pdflatex, +% resp., then you can add a logo as follows: + +% \pgfdeclareimage[height=0.5cm]{university-logo}{university-logo-filename} +% \logo{\pgfuseimage{university-logo}} + + + +% Delete this, if you do not want the table of contents to pop up at +% the beginning of each subsection: +%\AtBeginSubsection[] +%{ +% \begin{frame}{Outline} +% \tableofcontents[currentsection,currentsubsection] +% \end{frame} +%} + + +% If you wish to uncover everything in a step-wise fashion, uncomment +% the following command: + +%\beamerdefaultoverlayspecification{<+->} + + +\begin{document} + +\begin{frame} + \titlepage +\end{frame} + +\begin{frame}{Outline} + \tableofcontents + % You might wish to add the option [pausesections] +\end{frame} + + +% Structuring a talk is a difficult task and the following structure +% may not be suitable. Here are some rules that apply for this +% solution: + +% - Exactly two or three sections (other than the summary). +% - At *most* three subsections per section. +% - Talk about 30s to 2min per frame. So there should be between about +% 15 and 30 frames, all told. + +% - A conference audience is likely to know very little of what you +% are going to talk about. So *simplify*! +% - In a 20min talk, getting the main ideas across is hard +% enough. Leave out details, even if it means being less precise than +% you think necessary. +% - If you omit details that are vital to the proof/implementation, +% just say so once. Everybody will be happy with that. + +\begin{frame}{About the speaker} +\begin{itemize} +\item Programming computers since 1989 +\item Linux user + application developer since 1994 +\item Linux kernel development since 1999 +\item GNU GPL license enforcement since 2003 +\item IT security expert, network protocol security +\item Board-level Electrical Engineering +\item System-level Software for PPC, ARM, x86 +\item IANAL, but companies not complying with the license forced me to spend lots of time with legal issues +\end{itemize} +\end{frame} + + +\section{Historical Development} + +\begin{frame}{Historical development} +\begin{itemize} + \item 1970ies: Softare becomes copyrightable + \item 1980ies: GNU project, GPLv1 + \item 1990ies: Linux kernel, GPLv2, servers + \item 2000s: Linux and FOSS is everywhere +\end{itemize} +\end{frame} + +\subsection{FOSS is everywhere} + +\begin{frame}{Linux and Free Software (FOSS) everywhere} +\begin{figure}[h] +\centering +\includegraphics[width=100mm]{linux_netfilter_singapore_entertainment.jpg} +\end{figure} +\end{frame} + +\begin{frame}{More Linux - More License Violations} +\begin{itemize} + \item Boom of Linux results in many {\em new companies} using it in products + \item Such Linux newbies do not have a history in the FOSS community + \item They also do not share the same culture, values and norms + \item They simply use Linux to reduce royalty cost for proprietary OS + \item They run into trouble (GPL violations) +\end{itemize} +\end{frame} + +\subsection{GPL enforcement} + +\begin{frame}{More License Violations - More Enforcement} +\begin{itemize} + \item New Linux based products continue to enter the market + \item License compliance often very bad + \item Community is deeply upset about the violation of its rules + \item Often percieved as insult of the FOSS community culture + \item Lack of respect of corporations towards community + \item Legal enforcement is often the only possible way for community to educate corporations +\end{itemize} +\end{frame} + +\begin{frame}{GPL enforcement} +\begin{itemize} + \item Before 2003: Mostly Free Software Foundation + \item 2003-now: gpl-violations.org (Europe), ~ 200 cases + \item 2005-2010: SFLC (United States) + \item 2010-now: SFC (United States) + \item publicly invisible enforcement + \begin{itemize} + \item e.g. MySQL (dual-licensing) + \item e.g. Asterisk (dual-licensing) + \end{itemize} +\end{itemize} +\end{frame} + +\section{Beyond minimal license compliance} + +\subsection{FOSS communities vs. license terms} + +\begin{frame}{FOSS community is technical, not legal} +\begin{itemize} + \item FOSS is created by software developers working together in +colalborative ways, often without any formal structure + \item Individuals, Universities as well as Corporations +contribute their work + \item Cooperation in a culture of sharing + \item Even direct competitors like Intel and AMD cooperate in Linux +development, because everyone needs it + \item FOSS communities are deeply technical. They hate company +politics. + \item License is {\bf just} a last resort of protection against +those who absolutely don't understand FOSS +\end{itemize} +\end{frame} + +\begin{frame}{Beyond pure legal compliance with licenses} +\begin{itemize} + \item Compliance with the legal terms of the license is the +absolute bare minimum that companies have to do + \item If you use FOSS in your products, please consider +establishing a healthy relationship with the communities that drive +development of this software + \item It is not a customer / supplier relationship! + \item The community expects you to participate in development +\end{itemize} +\end{frame} + +\subsection{Becoming part of the community} + +\begin{frame}{Why should you join?} +Benefits to Embedded electronics companies +\begin{itemize} + \item Larger number of engineers can help you improve your product + \begin{itemize} + \item optimize performance (battery, speed, ...) + \item fix more bugs than your in-house R\&D + \item have more ideas/innovation than all engineers combined inside your company! + \end{itemize} + \item Be recognized within the community as {\em somebody who understands} + \begin{itemize} + \item allows you to attract skilled developers from the FOSS world who would otherwise never consider working for you + \item makes you more attractive to most technical customer base of {\em early adopters} + \end{itemize} + \item Reduce cost of maintaining your code base +\end{itemize} +\end{frame} + +\begin{frame}{How to become part of the community} +\begin{itemize} + \item Permit your engineers to engage in technical discussions on mailing lists + \item Submit your modifications to the respective upstream projects + \item Join technical conferences and discuss technical issues + \item Encourage the community to innovate and extend your products +\end{itemize} +\end{frame} + +\begin{frame}{When and how to release source code} +\begin{itemize} + \item Legal requirement: + \begin{itemize} + \item You're used to release source code at the time product ships because the license forces you to + \end{itemize} + \item Community norm: + \begin{itemize} + \item Your engineers interact with the project maintainers during R\&D + \item Source code of your modifications undergoes review + inclusion in mainline + \end{itemize} +\end{itemize} +\end{frame} + +\begin{frame}{Quality of the source code release} +\begin{itemize} + \item Legal requirement / Reality: + \begin{itemize} + \item {\em complete and corresponding} source code + \item Often does not compile + \item Often contains proprietary kernel modules of questinable legality + \item Often provides no (simple) way of installing re-compiled program on the actual device + \end{itemize} + \item Community norm: + \begin{itemize} + \item {\em complete and corresponding} source code + \item no proprietary kernel modules that constrain e.g. updates to later kernels + \item complete utilities to install modified version of software on the device + \item maybe even some instructions on how to do so + \end{itemize} +\end{itemize} +\end{frame} + +\begin{frame}{Summary} +\begin{itemize} + \item Show respect for the FOSS development model based on +mutual respect and understanding + \item Actively engage and discuss with the community + \item Don't try to cheat your way out of license compliance + \item Treat community as partner in development of your products + \item Don't treat them like your enemy (DRM, Tivo-ization)! +\end{itemize} +\end{frame} + +\section{Current Developments} + +\subsection{Software Freedom Conservancy} + +\begin{frame}{Software Freedom Conservancy} +\begin{itemize} + \item gpl-violations.org is no longer alone + \item SFC is doing busybox enforcement in the US + \item Some people/entities are upset abuout that... + \item ... but we {\bf need} to see more enforcement + \item SFC activities sometimes misrepresented in public! +\end{itemize} +\end{frame} + +\begin{frame}{Software Freedom Conservancy} +\begin{itemize} + \item It's great to see enforcement outside Europe + \item It's great to see cases go to court in the US + \item We need more precedent in favor of GPL enforcement to + deter people from intentionally taking the risk of + infringement + \item +\end{itemize} +\end{frame} + +\begin{frame}{Software Freedom Conservancy / beyond busybox} +\begin{itemize} + \item Some Linux kernel developers will work with SFC + \item SFC is now able to enforce GPL on Linux kernel, not just busybox + \item Lots of devices have Linux kernel but no busybox (e.g. Android) +\end{itemize} +\end{frame} + +\subsection{The AVM Case} + +\begin{frame}{The AVM Case}{Background (1/2)} +\begin{itemize} + \item AVM is commercially most succesful vendor of DSL CPE (Fritz!Box) + \item They heavily use Linux and other FOSS in their products + \item They also have an unusual amount of proprietary code in + the devices, compared to most other vendors (e.g. bypass + netfilter/iptables and use their own packet filter/NAT) + \item Cybits is a German vendor of parental control / child safe + content filtering software (proprietary) +\end{itemize} +\end{frame} + +\begin{frame}{The AVM Case}{Background (2/2)} +\begin{itemize} + \item Cybits has developed a version of their filtering software + that can be installed by the user onto the AVM Fritz!Box + \item The installation procedure downloadsd a AVM firmware + update, extracts the root filesystem, changes some + scripts, deactivates individual programs and adds their + own software into the filesystem image + \item The modified image is then installed by the user into his + device +\end{itemize} +\end{frame} + +\begin{frame}{The AVM Case}{The Dispute (preliminary proceedings)} +\begin{itemize} + \item AVM now asks court to grant injunction against Cybits + modifying {\em their firmware}, based on copyright, + trademark and unfair competition claims + \item Court grants that injunction based on AVMs claims + \item Cybits disputes that first decision + \item Harald Welte / gpl-violations.org become {\em side intervener} +\end{itemize} +\end{frame} + +\begin{frame}{The AVM Case}{The Dispute (preliminary proceedings)} +\begin{itemize} + \item {\em side intervener} because AVM tries to use legal means + to restrict the freedom granted by the GPL: The ability + to modify GPL licensed code, and to use such modified + versions + \item As cybits only modifies code that is not copyrighted by + AVM, AVM cannot make copyright based claims + \item Court lifts preliminary injunction on condition that some + erroneous display in the web interface are resolved by + Cybits +\end{itemize} +\end{frame} + +\begin{frame}{The AVM Case}{The Dispute (main proceedings)} +\begin{itemize} + \item AVM sues Cybits in main proceedings, Harald Welte side + intervenes again + \item AVM is making claims over claims and files tons of papers, + up to a point where I have doubts that the court is able + to read all of them + \item Among other things, they always try to present the + firmware as something whole to which they own rights. + But if specifically asked, they do not explicitly claim + it's a derivative or collective work + \item Court accepts the fact that GPL licensed software is used +\end{itemize} +\end{frame} + +\begin{frame}{The AVM Case}{The Dispute (ridiculous AVM claims)} +\begin{itemize} + \item AVM claims that an illegal modification under copyright + law is happening, as Cybits is modifying their code by + unloading AVM's proprietary kernel module and replacing + it with standard kernel modules like ip\_tables. + \item AVM claims that illegal copying happens as one of AVM's + programs is copied from flash into RAM when Cybits + installations scripts are executing it + \item AVM claims copyright is about software, not firmware (lol) +\end{itemize} +\end{frame} + +\begin{frame}{The AVM Case}{December 2011: The verdict} +\begin{itemize} + \item Court rules that AVM cannot restrict Cybits based on + copyright law due to the provisions of the GPL + \item Court rules that the firmware (including all GPL and + non-gpl licensed components) constitutes a collective + work + \item Court rules that thus the entire collective work becomes + {\em infected} by the GPL (!) +\end{itemize} +\end{frame} + +\begin{frame}{The AVM Case}{Analysis of the verdict} +\begin{itemize} + \item Court has made a very far-reaching verdict + \item What is the result of the {\em infection} of the + collective work? + \item Why is it not {\em mere aggregation on a storage medium}? + \item Was AVM insisting that the firmware is somehow one + item/entity all along the court case the reason for this + somewhat unexpected outcome? +\end{itemize} +\end{frame} + +\begin{frame}{The AVM Case}{What do we learn from it?} +\begin{itemize} + \item Some companies are behaving outrageous in terms of GPL compliance + \item Trying to fight very hard to restrict the freedom of the + GPL can come back very hard to your own disadvantage. + \item AVM has publicly proven that they're probably the worst + aggressor against the freedom of the GPL, and they have + failed to get away with it. +\end{itemize} +\end{frame} + +\subsection{Current focus at gpl-violations.org} + +\begin{frame}{Chinese Android Phones} +\begin{itemize} + \item traditionally, we only see major brands/vendors like HTC, + Samsung, LG, Motorola in Europe + \item at the moment, TCT, ZTE, Huawei and others are starting to + become available + \item we're taking a {\em very} close look at all those devices + and have just obtained an injunction against TCT Mobile + (Alcatel branded) + \item Chinese vendors must learn that they have to respect + copyright and the GPL when they ship to EU or US market +\end{itemize} +\end{frame} + +\begin{frame}{Chinese Oscilloscopes (DSO)} +\begin{itemize} + \item did you know there are fairly decent Linux based DSO + (digital storage oscilloscopes) available? + \item wouldn't every system-level engineer dream of being able + to enhance the software on a DSO with his custom + analysis / trigger / protocol decoder code? Or for + factory testing/automation purpose? + \item as part of GPL enforcement, Hantek/Tekway have now + released the source code to bootloader/kernel, including + the kernel drivers for their DSO hardware! +\end{itemize} +\end{frame} + +\begin{frame}{no-name / store-branded OEM devices} +\begin{itemize} + \item Actually found one German "cheap electronics vendor" who + sell more than 13 currently active products in a + completely GPL incompliant way + \item Pretty big surprise, given all the enforcement that has + been done in recent years +\end{itemize} +\end{frame} + +\begin{frame}{Cooperation with Free Software Foundation Europe} +\begin{itemize} + \item Cases that we have finished enforcement on are handed over + to FSFE + \item FSFE volunteers will continue to monitor compliance, + especially of firmware updates for them + \item If any such future incompliance is found, case gets handed + back to gpl-violations.org for enforcement of + contractual penalty and declaration of cease+desist + \item Contractual penalty gets donated to FSFE +\end{itemize} +\end{frame} + +\begin{frame}{Thanks} +\begin{itemize} + \item Thanks for your attention + \item Feel free to raise questions +\end{itemize} +\end{frame} + +\end{document} -- cgit v1.2.3