Slashdot Log In
GPL Violation - NVIDIA
from the miss-manners-saves-the-world dept.
Ralph Metzler is just another one of those 'thousands of developers' you hear about developing software for Linux. Ralph was checking out the sources for the Linux 2.3 kernel, and he noticed that a chunk of memory conversion routines were copied line for line out of his bttv.c video driver source into NVIDIA's code.
Tony Bennett at NVIDIA grabbed a small amount of bttv.c and integrated it into the Xfree86 driver, without realizing that the code was GPL'ed. Nvidia was contacted about this oversight, and politely responded in a positive way to Ralph. I got to talk to Ralph to see how it all worked out.
I learned from Rich Black, PR manager for NVIDIA, that they are currently changing the code for the next revision of the Xfree86 driver, and the GPL'ed code will be removed from the driver within the next one to two weeks. I got to talk to him, too.Ralph Metzler: I received E-mail by Tony Bennett, and he also said he would fix it and they apologized for any possible infringement or any violations, and it was an oversight and they would remove it as soon as possible.Slashdot: Are you happy with that?
Ralph Metzler: Yes, of course. Of course, it would have been better if it had never happened. I wasn't especially happy about seeing that they released binary-only drivers now, and I just wanted to try them out, and then I see that they re-used GPL'ed code.
Slashdot: ... and then they threw in a credit for someone else who wasn't even you.
Ralph Metzler: All right, I think that was David M[iller] or something. He made some patches to this code, and while he was mentioned in the bttv code before those routines, they probably thought it was all his code, but it was originally mine. He made some patches so it works with newer kernels. They probably thought it was all his original code. It was also probably just a mistake.
Slashdot: The way it stands right now on the Web site, people are able to download [the driver], and it's not GPL'ed.Rich Black: I think it's one of those things where our corporate rule is that we do not open up our code, and we do not have open code, and we will not do that.
Slashdot: That's fine, and that's understandable, but you're in the position that you're either going to have to open it up completely, or not use it at all. Waiting until next revision and then saying, 'Oh, well, it's fixed now' is a bit of a problem, because right now you're in violation.
Rich Black: Right, which we understand, and it will be taken care of within the next one to two weeks. I understand we're in violation of that now, and it was something that was done strictly as a mistake on our part, and somebody was going through writing some code, and it was completely done on accident. It was not a known violation at the time, it was something that he is aware of now, and is seeking to alleviate the situation and take care of it. I guess I can't change anything about how we are in violation of the GPL right now, but it's something we are going to take care of as soon as possible. With the next version of the software, we'll take care of that, and we'll no longer be in violation.
Slashdot: Would you be willing to open source the one kernel module that uses that code?
Rich Black: From what I understand, that is something that might be opened, but I cannot state as 100% fact that I know for sure that that it is the direction, because it is our general rule that none of it is going to be open sourced, but from what I understand is that one [module] might be made available.
So, that's the story. Big company makes a mistake, developer notices mistake and politely informs big company, big company recognizes mistake, apologizes and makes efforts to correct the problem. Wouldn't it be great if it were always this easy? The open nature of the GPL makes 'borrowing' source code extremely easy, and sometimes mistakes do happen. With any luck, polite messages and open communication will save the day.
Re:When will you learn? (Score:3)
When someone trips and finds themselves with their head stuck in an unfortunate bodily orifice we help them get it out and get back on their feet. That is how we got where we are today, and that is how we will get even further in the future.
You are wrong. I am sick of people who treat these companies as poor blind little puppies and try to show them the light!
Have you ever argued with a typical corporatist about issues like this? I have, alot. They profess ideals such as "their right to earn profit for their efforts and expenses" and other self-serving mankind-screwing rhetoric. Look at how nVidia has behaved.. they have been feeding us lies, with their promises of embracing Open Source etc. That is not the behaviour an entity that doesn't know better, that's the behaviour of an entity that is one of two things.
Intelligent. They know who we are, they know what we stand for, and they don't like the way it threatens their hip pocket so they seek to squash us. There is no showing them the light, because they know our light as well as we do already.
Mind-bogglingly stupid. They do what they do because they have seen it's what the majority of people do. No amount of rationalizing or leading by example will work with them either. Rationalizing won't work because these people simply do not think. Leading by example will not work because the corporatists are the vast majority, a much more visible example, and they see us as rebels.
Either way, they are our enemies, and they will stay that way, and we have no choice but to fight them. I agree that it would be better to turn them to our side, but simply no amount of our good-will will do that.
Here's an idea... (Score:3)
It's obvious that they were in violation, but there are many cases which are far more ambiguous. (Specifically, bundling GPL components with a commercial system.)
From my perspective the GPL is about as annoying as software patents. No, this is not a troll. This is the truth; what good is a license which has no legal backing? What good is a license which is ambiguous and frequently abused?
The strongest threats anyone in the GPL community can make are:
1) I'll have a thousand Slashdotters complain until the article rolls off the front page
2) I'll have Stallman send you a stern email telling you that his interpretation doesn't match with your interpretation. Please stop.
3) I'll take you to court (without being able to plead damages, because no money was lost.)
From a company's perspective, how can badly can I abuse a license where no monetary damages occur? Why would I want to become involved in GPL issues without understanding the REAL legal ramifications?
Although there are many people here who have strong *opinions*
So I'll say again it. Will someone please TAKE THE NEXT ABUSER TO COURT and get this whole stupid thing settled.
Don't respond to this, there's no point. Everything about the GPL has been beat to death on this forum and on usenet. Put up or shut up. Go to court.
950
Excellent point. (Score:3)
The dangers to Open Source and Free Software to this are all too obvious and have been amply elaborated upon in other posts, so I will not go into that here. But: imagine your company creates a closed-source tool that, say, processes images. In this, let's say that you have a filter that "textures" an image, using an arbitrary grayscale image to indicate contours. Now, imagine, three months later, you see somebody else come out with a similar product with exactly the same feature. How are you supposed to know whether they disassembled your code or not? How are you supposed to know whether they somehow got hold of a piece of your COPYRIGHTED source, and just stole that?
The only solution I can see is to insist on complete, keystroke-by-keystroke monitoring and logging of the creation of each and every source file, to be made available should a copyright lawsuit arise. These logs would naturally have to be kept whenever implementing a feature identical or similar to one in an already-extant product. And, to prevent companies with legal might to throw around such as Microsoft and Sun saying, "oops, no logs, but our high-priced lawyers will help you figure things out," absence of these logs would automatically put you in violation of copyright. This has to be done - there's no other way to protect our code.
Re:This isn't a "Win"... (Score:3)
Jaded, Hell. We're not children (most of us anyway). We can see for ourselves how their world works. Until we can make our own we're forced to play in theirs. That given, this is simply reality. Corporations are easily dealt with when you remember that they're just after money. That's actually a good thing; it clarifies situations like this one. nVidia thinks they can steal from us. And why not, from their viewpoint? There's so much effort being made not to look like zealots that they know they'll get away with it, even if they're caught. So why not; hey, it's good for profits. And the only way to stop it is to make it BAD for profits. Simple enough. A no-limit game, if you've the stomach for it. We're showing that we don't; it's all too clear that they do.
Code reuse (Score:3)
What if the offender had been another open source project? If they had used a BSD license instead of the GPL, for instance. Would they have been forced to change to the GPL? Would anyone have cared?
What if NVidia had just used a clever algorithm they found in an open source project?
I'm also confused on the point of how much and of what kind of code can be reused from other projects. Is any amount of cut and paste OK?
After all, the whole benefit of open source is to build on other people's code and learn from it, but licenses like the GPL say "touch it and you've bought it" as far as I can see. Although I'm sure that common sense dictates that things aren't in practice that strict.
Yuk, Yuk... (Score:3)
Thanks
Bruce
Negligible consequences for stealing code? (Score:3)
Which is it going to be?
FTR, My personal opinion is that we demand they open the module immediately or face a lawsuit, because legal intimidation seems to be the only language large companies understand.
Re:Developers' OK not enough (Score:3)
Chas - The one, the only.
THANK GOD!!!
Re:This isn't a "Win"... (Score:3)
--The knowledge that you are an idiot, is what distinguishes you from one.
NVIDIA & GPL (Score:3)
As for NVIDIA choosing closed-source development for their drivers, I have a feeling that they will come around eventually. Creative was not going to release SBLive! drivers as open source, but that changed rather rapidly when they realized that they could harness Open Source development to reduce development costs and keep up with the enternally evolving Linux kernel.
If NVIDIA wants to really compete in the Linux marketplace, then the GPL is a powerful enticement. Granted, they may not want to release their latest and greatest drivers quite yet, but it may be in their best interest to do so eventually. Look at how 3dfx makes generally lower-quality hardware (although I use a 3dfx card in my own box) but they've done a great job of capturing the Linux market with quality open-source drivers. Even though I think 3dfx doesn't have the advanced technology of NVIDIA's chips, I am more inclined to buy their products for my Linux box because of their support of the GPL. While people like myself are the minority, we're very vocal about these things.
At least NVIDIA is stepping in the right direction. I can understand their hesitancy to go the Open Source route, but I think that once they see that it will be a positive thing to their bottom line they'll come about in good time. As the article says, be polite about these things and let the power of Open Source speak for itself.
Why BSD licences are better than GPL. (Score:3)
This, yet again, proves why the BSD licence is best for corporations. Companies can develop on BSD, take what code they want and incorporate it into their products. With BSD, they get a linux-binary compatible enviroment to QC the products they ship. (Some people are confused on this point. Because BSD doesn't use the linux kernel, they don't believe it can run Linux binaries. Using BSD/SCO/Solaris as a QC platform for "Linux binaries" goes farther than any other method of proving 'linux compatibility' with the absence of a functional LSB)
And, at some future date...when they decide that OpenSource isn't a bad thing then they can participate with a BSD-esque, GPL or some other model.
All the tactic of 'The appropriate fix (under the GPL) is to release the source code.' will do is push companies AWAY from OpenSource.
"sampling" GPL code (Score:3)
You can't take them to court (Score:3)
The case law is quite clear on this: If you violate someone's copyright unintentionally (eg, you think the material is in the public domain), you can be ordered to stop, but no punitive damages will be awarded. Which is, of course, exactly what nVidia is already doing.
We should all be glad for this anyway -- if punitive damages could be awarded for good faith copyright violations,
Re:nVidia has incentive to remain closed-source... (Score:3)
The above points amd the fact that the world is full of unscrupolous, lazy, developers is why I started considering using the BSDL instead of the GPL. With the BSDL folding of source code into proprietary code is acceptable while with the GPL this is not the case. Considering the fact that it is nigh impossible to know if your code has been stolen and used in some binary only application with no external dependecies (unlike the nVidia driver) without going through a lot of trouble to discover this (code dissasembly) and then a lot of trouble to prove it, I have started looking for an alternative to the GPL. I settled on the BSDL for a few reasons which I will list below
- I'm not getting paid either way so why
- try to restrict people from making money of my software. After all, Redhat has proved that it is possible to get rich off other people's code even if it is GPLed.
The purpose of my post isn't to start a flame war so if that is your response when you read this, don't bother I'll simply laugh at it. On the other hand I am interested in well written, intelligent opposing viewpoints and/or exposures of flaws in my reasoning.PS: It's 4 AM and instead of studying for my Calc III final I am posting to Slashdot. AAAAAAAAARGHHH!!!!
Re:This isn't a "Win"... (Score:4)
nVidia would be no problem if they were an isolated incident. It's the fact that this is going on in such a widespread way, across so many companies, that is threatening. It's threatening because if people don't see that their GPL work is being protected, they won't write as much.
I think perhaps if you want to kill free software, this is the way to do it. Just show the authors that there is a pervasive violation of both the letter and the intent of their licenses for somebody else's pecuniary gain, and that we can't afford to go to court and we can't use publicity to go after the offenders because it's not popular to do so. They'll stop writing.
That's why these incidents bother me so much.
Bruce
Re:This isn't a "Win"... (Score:4)
Has anyone ever heard of one documented case where a developer willingly violated the GPL and actually recieved anything besides a collective browbeating from OSS advocates?
AFAIK there's one. Look at the case of QuakeLives - the guy basically violated section 6 of the GPL from day one by taking a bunch of OSS Quake code and closing it, and then telling people they had to forfeit their rights under the GPL in order to download it. The only reason he ever backed down was because John Carmack stepped in and threatened legal action (which he, certainly, can afford).
That's the only time I'm aware of. It's obvious that this problem will only grow as time progresses, the GPL becomes more pervasive, and the computer industry grows exponentially. But there's really no obvious solution. So to your final proposition, I say, "don't tempt fate" - eventually something like this will happen. It will be interesting to see what, if any, repercussions there are.
--
Re:When will you learn? (Score:4)
Yeah, thats right. Do unto others as the bastards would have done to you, eh?
How about showing them our way of life and SW development, and see if they don't come around eventually? Do you really think we would have seen, let's say, open sourced SB Live drivers if the community had acted like rabid dogs fighting over snippets of code? Of course not. We share. In good spirit.
When someone trips and finds themselves with their head stuck in an unfortunate bodily orifice we help them get it out and get back on their feet. That is how we got where we are today, and that is how we will get even further in the future.
Regards
Demanding Open Source isn't just ideological (Score:4)
If the general linux public takes a different view then maybe they are mistaken. If NVIDIA go bust, or choose to stop supporting Linux, who will keep support for their card up to date? Now ask the same about 3dfx. Open source means more future-proof. Of course, it depends how long you want the hardware to last.
Re:GNU and IP: Legal != Moral (Score:4)
Ok, there's two separate concepts. Morally meaningless, and Legally meaningless. Some people believe that the concept of IP, as the law sees it today, is Morally meaningless, because nobody has a right to restrict copying and distribution. But it is definitely not Legally meaningless, cos if you copy enough stuff you'll be in trouble. To ensure that free software stays free, you use your Legal rights over the software. You say people can only use it if they don't restrict others' Moral rights by putting burdensome Legal obligations on them not to copy it.
If, as some people advocate, copyright law were to be dismantled, the Legal protection given to your Moral rights by the GPL would vanish. However, also the ability to put burdensome Legal obligations on people would vanish, so there would be no need for a GPL. Until/unless that happens, the GPL is a good Legal tool for protecting Moral rights.
I think there's no conflict, as long as you get the distinction between Legal and Moral clear.
Re:When will you learn? (Score:4)
>release the module under the GPL, immediately, or go to court.
I agree, because the intention of using the GPL has always been to make more code open - the "virus-like" nature that some people condemn is, nonetheless, the point. Companies and authors rigorously defend other copyrighted material every day for their own motives of financial gain or creative control, and legally the GPL is nothing more or less than a copyright. Having them remove the offending code is not the motive for initially using the GPL - opening up the derivative code is.
Removing the code and replacing it with a functional equivalent doesn't even really address what they've already gained from it, either, because it was there during the development effort and its presence will have been partly responsible for the final state of the other, closed code in the project. In other words, not all the damage can be undone (but note that this point isn't likely to be addressed by copyright law - in fact the idea is more akin to patents).
However, since not everyone does have your resources, there need to be legal funds in place to deal with these cases.
How to *find* GPL violations? (Score:4)
Damn, I wanted a Bruce-Flame-Fest (Score:5)
While the
The appropriate way to handle it would have been to tell Bruce Perens and let him start a
How can we stand for this?
-Davidu
When will you learn? (Score:5)
THIS MUST STOP. I guarantee you nVidia will NOT just ask you kindly to stop if you (for example) violate their license by reverse-engineering their software. Hell, no. Instead, you'll have a hundred letters from big-time lawyers in your mailbox, your ISP will be court-ordered to shut off your site(s), and if you're lucky you'll only be paying them off for the next 40 years after you lose in court.
We should be making it at least as painful for them. Threaten, sue, and threaten some more. They won't learn any other way. Our licenses are not negotiable. You want the DMCA? Well, then, IT GOES FOR US TOO. Follow the license or go to jail. Where were the copyright police today? They didn't have any trouble rousting out a 13-year-old kid IN A FOREIGN COUNTRY no less or fucking over mp3.com, so where were they for this equal offense?
The GPL is every bit as binding, every bit as legal, and every bit as serious a license as any other. It's time we got tough about this. They're playing hardball, we're striking out one after another, and then when they're up to bat we give them intentional walks, one after another.
I hope to God I come up with something nVidia sees fit to use in their software. Because I have balls, resources, and a good mind to fuck them to Hell and back. It's long past time for this one-way street to come to an end.
Mistakes will happen BUT... (Score:5)
If it comes down to, "Apologize then clean up the header and say you fixed it" - that isn't costly. Do you have any reason to believe that code and algorithms which may have been borrowed in the binary was cleaned up as well? Of course not - doing that would make the fix potentially take longer. Companies generally don't play nicely and tend to have some trouble accepting that others actually might be so naive as to expect that they would.
At the least - very least - there should be an insistence on having the developer whose code was nicked get access (under an NDA if need be) to the source to verify whether more was borrowed. That should be an absolute minimum requirement before anyone believes them.
Preferably the driver should be forced to be GPL as per the licence which the code was distributed under. (That is, after all, the purpose of the GPL.) If they do not do that then they should seek an alternate licence from the author. Note that nothing in the GPL prevents the author from re-releasing a non-GPLed version. And yes, the author would be perfectly justified asking for gobs of money.
But no, none of this is going to happen. Which is why when people who don't think like lawyers start thinking that people who pay lawyers will play nice, they get the short end of the stick. Repeatedly.
*sigh*
Ben
This isn't a "Win"... (Score:5)
They used GPL'ed code to cut their development cost and they would have continued to use the code unless they were caught. Now they'll go back and remove it but there's still an incentive to use GPL'ed code in a closed way:
1) They probably won't get caught.
2) If they do, there's no penalty... just say "whoops... that was an accident"
The point is: If instead of GPL'ed code it was another company's copyrighted code, there is no way they'd get off we a "mea culpa... we'll be good boys now". There would have been extra cash involved or the company who got ripped off would have gotten some rights to the violating product... note that nVidia still doesn't think that they should have to open up the offending module.
Hell... why doesn't some company take Linux and relabel it as their own OS and sell it as a binary only. Then over the next four years they can go in and rewrite subroutine after subroutine in successive releases as people complain... the company will then have four years of revenue off of the work of other people.
GNU and IP (GNU *is* IP) (Score:5)
While I applaud the handling of this on both sides, this sort of thing shows a blindspot among a lot of people here.
A lot of people here seem comfortable, simultaneously, with two very contradictory ideas. On the one hand, there's the idea that someone who claims "copyright" on something, say music, has no real right to demand that people not copy or distribute their works in a manner against the wishes of that person. On the other hand, there's the idea that someone who releases something under the GPL has every right to demand that no one violate that license and copy or distribute that work in a manner (sans source) against his/her wishes.
There's a deep conflict between those ideas, and Slashdotters who adore copyleft and ignore copyright need to recognize that and somehow resolve it.
In other words, how can GNU be so holy if the little copyright "c" is meaningless? I'm curious as to thoughts.
What, if any, ppenalties should be assessed? (Score:5)
"We'll fix it on the next release" is a nice sentiment, but they have been infringing on Ralph Metzler's rights, and are currently violating the GPL, and will continue to do so until the next release, whenever nVidia decides that will be.
If nVidia really wants to make this right, they should either
- a. take down the offending drivers from their site today, and go back to the last revision or drivers without the offending code, or
If a large company is caught infringing on the patents of another large company, they are usually asked to pay a licensing fee. This situation should be no different.b. they should be asked to make the appropriate royalty payments to either Ralph Metzler and/or the Open Source community.
If we, as the Open Source community, decide not to pursue nVidia's immediate resolution of this, and persist instead in being "polite" instead of protecting our rights, we will find it infinitely harder to enforce our licenses in the future.
Re: What, if any, penalties should be assessed? (Score:5)
So, if Ralph isn't responsible for enforcing compliance by third parties (e.g. nVidia) to the GPL, who is?!?
I am not saying that Ralph should demand "all sorts of concessions" from nVidia; however, they are under a legal obligation to follow the License, whether Ralph chooses to enforce it or not. The fact is, Ralph isn't the only person involved in this situation, and the License serves not only to protect the interests of the programmers, but to protect the interests of the users of the software.
You are right, the whole community has not been harmed by this; just those with nVidia cards. Anyone who downloaded those drivers have now been harmed by nVidia's carelessness. First, many of them bought cards based on the assumption that nVidia would continue to support Open Source. In retrospect, this was obviously a mistake.
Then, they were misled into thinking that these new binaries were closed-source, 100% nVidia-written drivers, which would have been just fine, except...this turns out to be patently false as well.
Finally, when the users went to the site for updated drivers, they were not informed, as the GPL requires, that they are at that point entitled to the source code to the software they are using on their own hardware! Therefore, the number of people harmed by this is far greater than a single programmer.
Now, whether or not Ralph chooses to pursue the misappropriation of his work, you are correct; it is his own choice. But it was also his choice to give up some of the control he has over his source code, when he released it under the GPL.
The License serves to protect software end users, not just Ralph. If the community doesn't care enough to enforce it, the GPL will just be the punchline to a stupid hippie joke. I don't want that to happen! Do you?
nVidia has incentive to remain closed-source... (Score:5)
What that means is, by opening the source to its drivers, nVidia is inviting the competition to inspect the secret sauce and help them in developing their own recipes. It's terrible drivers which have prevented ATI from becoming a big player in performance 3D, and mediocre drivers which held Matrox back. nVidia would lose an edge if it were to open up its driver source.
However, what the Open Source community needs to do with companies like nVida is remind them that their real advantage isn't in proprietary drivers, but in the superiority of their hardware. (For example, 3Dfx's drivers are typically great, but right now their soon-to-be-released Voodoo 4/5 boards are getting stomped by the GeForce 2 from nVidia thanks to its superior silicon). If they can be convinced that opening their driver source will yield better drivers and allow them to spend more R&D time on keeping their hardware more advanced than the competition's, then they'll do that, because nVidia's best advantage is its hardware--its driver advantages are more fleeting. What's needed is an effective evangelist to show them the way, like when a certain Apple CEO said to a certain soft-drink executive "Do you want to sell sugared water all your life, or do you want to change the world?" Or, when a certain essay caused Netscape to open the Mozilla code.
The key here is that open source's big players need to start pushing for these code openings. There's no earthly reason why nVidia couldn't be made to realize how well it could capitalize on its hardware advantages if it didn't have to put so many resources into driver dev.
As a final note, I doubt they could have been ignorant of their use of GPL'd code. Their driver dev people don't just go around using source code they find on the Net, without reading what the licensing terms are. That doesn't happen in a company like nVidia which is known for its good driver development team, a big company which surely has an interest in keeping its programmers from making costly mistakes by plagiarizing the IP of other companies. I'd be willing to bet that their use of GPL'd code was on purpose, not an accident, and that there's other GPL'd code hidden in those binary-only drivers. The corporate attitude is probably that stealing open-source code is okay. And that's yet another reason that we should try extra hard, but with honey rather than vinegar, to get them to realize the merits of open-source driver development.