VIA Pulls PadLockSL 233
yipyow writes "A few weeks ago VIA Technologies posted software based on Nullsoft's WASTE, as reported here a few days ago. VIA PadLockSL included both a Windows and Linux client and some special extensions to work with security hardware built into certain VIA products. It was released under the GPL so I managed to snag a copy of the source code right before VIA suddenly removed their page (Google cache). I have posted Linux compilation instructions and mirrored the source here. If VIA has decided not to pursue the project further, I think the F/OSS community should turn this project into something, it has potential to be a great tool."
Be careful (Score:5, Interesting)
Re:Be careful (Score:2, Interesting)
Well the thing is they can't do anything about it now, once they released it as GPL even if they didn't mean to, then it's GPL forever baby.
No going back on your word when company politics might prevent things, or saying "oops" lik
Re:Be careful (Score:5, Informative)
Not if some of the source is based on a license that doesn't permit use of the GPL. If they accidentally included some proprietary or closed source to which they didn't have full rights, then their release of the software under GPL would be illegal.
Re:Be careful (Score:2, Informative)
Otherwise, you could take that Win2K source that was lost/stolen/whatever, make some GPL project out of it, and suddenly it would be completely legal. It doesn't work that way.
You are wrong. (Score:3, Informative)
Wrt. the Win2K source code: If the Win2K source code were dual-licensed with one license being GPL, then, sure, you could take that code and start a new GPL project from it. However, it isn't/wasn't, therefore you would be infringing on Microsofts copyright to that code by distributing it (or d
Re:You are wrong. (Score:2)
Re:Be careful (Score:2)
Only the copyright holder can choose to licence their code under the GPL. Nobody else can make that choice for them.
Re:Be careful (Score:4, Insightful)
Misleading (Score:3, Insightful)
No. The original WASTE was released under the GPL by someone whose permission to license it is in dispute. I have yet to see any even remotely conclusive argument about this either way, and it looks like the kind of question that really only a court has the authority to answer.
Re:Be careful (Score:2, Informative)
Here you go, Mr. Lawyer: [nullsoft.com]
Re:Be careful (Score:5, Informative)
All of that was reported on here [inthegray.com].
The only reference to WASTE that you could mentioned on their page was buried in a forum discussion [viaarena.com].
Re:Be careful (Score:3, Interesting)
Re:Gave Nulloft/Justin no credit (Score:5, Informative)
So what? Correct me if I'm wrong, but did VIA not make substantial additions to the functionality of the code, GPL'd their source and released it back to the community? That is the extend of their obligations according to the license that the WASTE author elected to use when he released his source, is it not?
Re:Gave Nulloft/Justin no credit (Score:5, Informative)
Re:Be careful (Score:5, Insightful)
Re:Be careful (Score:2, Interesting)
Re:Be careful (Score:5, Insightful)
Re:Be careful (Score:2, Interesting)
Re:Not a troll (Score:2)
Only you and Alanis have been able to torture the word 'ironic' quite that far. Freedom is only guaranteed by the creation and adherence to the laws of the land.
Re:Not a troll (Score:2)
Re:Not a troll (Score:5, Insightful)
What *are* you talking about.
The idea isn't being hurt, just 1 particular project.
You cannot release someone else's code under a different license without their permission. This is exactly what keeps GPL software *free* so how could it possibly be ironic?
Licenses are *necessary*. They are, in essence, a contract between supplier and recipient. They detail that which each party can expect from the arrangement.
Without the licenses that say 'do what you will with this' there would be no OSS to keep airborne.
In case you hadn't noticed, OSS took off a long time ago.
Re:Not a troll (Score:3, Insightful)
For example, you can quite easily give out public domain software. Of course you get the all-oft repeated argument "what if someone takes your code than turns it closed-source" to which I reply big fucking deal. I still can release my code openly. So if some company wants to use it on their own big deal. All the power.
Actually a public domain approach is more free/open because it allows commercial developers to create solution
Re:Not a troll (Score:2)
And where would one go looking for your software? The homepage listed for you here on slashdot is http://www.imaluser.com/ [imaluser.com]
This link doesn't work.
Not a contract either (Score:2)
Hogwash. Bullshit. Nonsense. They are nothing of the sort. Go read groklaw. Find a law dictionary.
Why do idiots like you think licenses are contracts? What woodwork do you come from? If it were a goddam contract, it would be the GPC.
Re:Be careful (Score:2, Interesting)
Re:Be careful (Score:4, Informative)
It seems you are exactly right.
I don't think so.
Let's see. Nullsoft's employee posted it who has had the authority to post in the past. It appeared for how long (?) on their site listed as GPL. Their statement mentions nothing about infringement on others copyrights or patents.
IANAL. To me, it seems me, however, that Nullsoft did in fact make this GPL software. If I were to use it, say, for remote encryption key generation linked to openSSL or openSSH or whatever, I'd consult my lawyer first but it looks like they've got no recourse. The post by AC I'm responding to claims that Nullsoft discovered a license violation which it doesn't, other than to now claim that it's copyrighted software. I think they might be able to claim that if you got it after that date, they've changed the license but if someone got it prior to that and reshared it with ANY mods, the GPL stands.
This strikes me as akin to a company doing unauthorized work, billing for it and then hoping that you'll pay just because they sent you an invoice. Or better yet, you recieve an unsolicited radio in the mail in the mail from me. You turn it on and I attempt to bill you. In the US, it's a gift. No contract existed, I didn't ask for it and you sent me something with no legal strings attached. It's not a misshipped package. It doesn't matter if it's a $5 radio and you billed me $5 or a $5 radio and you tried billing me $5000.
additional mirror (Score:5, Informative)
[Mirror posted in article seems to be slowing down, it's getting around 20k/sec at the moment.]
Re:additional mirror (Score:2)
Re:additional mirror (Score:2, Informative)
Re:additional mirror (Score:5, Interesting)
Thank goodness for GPL conservators (Score:5, Insightful)
I'm glad you managed to save the code, GPLd as it is it has the right to live or die according to popularity. Hope it works.
shak's nude anime gallery [slashdot.org]
Re:Thank goodness for GPL conservators (Score:5, Insightful)
Re:Thank goodness for GPL conservators (Score:3, Insightful)
This makes the assumption that the GPL license originally given for the original code is actually valid. The common point that people make is that Justin Frankel wrote the code while working for AOL, and depending on his contract with AOL, code he writes while working for them (or while in the office?) may be owned by AOL, meaning the license he put on the code may not be valid.
It can be owned by AOL and still GPL'd. The real question is whether Justin Frankel has the organizational standing to make a
Re:Thank goodness for GPL conservators (Score:2)
The Prooba=lem was that other dvisions at AOL were threatened by the code. Some strings were pulled and AOL claims that the code was unauthorized. My feeling is that the code really was authorized, but it was expedient for AOL to remove it later. While the code is legal, one can expect some lawsuits from AOL
Re:Thank goodness for GPL conservators (Score:2)
Re:Thank goodness for GPL conservators (Score:2)
Re:Thank goodness for GPL conservators (Score:3, Insightful)
Nope.
There are really several possibilities here:
Huge leap with no support (Score:3, Insightful)
How do you figure that?
Either he had the authority to act on behalf of Nullsoft or he did not. If he chose to use this authority to release winamp one way waste another, that would be at his discretion.
It is possible that Justin had authority to release binaries such as Winamp but no authority to release source.
People keep saying "well what if some internal document said XXX?"
What everyone seems to neglect is t
Re:Thank goodness for GPL conservators (Score:2)
Unauthorized software? (Score:5, Informative)
Re:Unauthorized software? (Score:2)
Re:Unauthorized software? (Score:4, Informative)
Software is void, revoked and terminated. (Score:2)
Do copyright abilities trump contract law when companies get buyer's remorse?
Re:Software is void, revoked and terminated. (Score:5, Informative)
No. But note that a piece of software is not necessarily licensed under the GPL just because it is accompanied by a text which claims so. Otherwise, I could legally redistribute (e.g.) Microsoft Windows by claiming it is under the GPL.
Most likely, the copyright of the software is and always was held by Nullsoft, not the author. Therefore, the author didn't have the right to license the software under the GPL (or any other license) in the first place. Same thing as the Microsoft analogy.
This is also the reason why the Free Software Foundation requires copyright disclaimers from the employers of software authors. They don't want to suddenly find out that they never had any rights to a software which they allegedly distributed under the GPL.
Re:Software is void, revoked and terminated. (Score:3, Interesting)
It's not that simple. If I work for a store, and it is normal duty of mine to do sales and quote prices. I'm am acting on behalf of that company when doing so.
If I work for Nullsoft and it is my normal duty to release software, I am acting on behalf of nullsoft when I do so.
If I have
Re:Software is void, revoked and terminated. (Score:4, Interesting)
Why are you so sure he indeed had the authority to do so (source code and all w/ a GPL license? Are you his boss, perhaps, or maybe a Nullsoft lawyer? Have you read the Nullsoft source release policy statement? Do you have the employee's job description on your desk? Are you bugging Nullsoft's corporate offices? Why are you so obviously authoritative on this issue? Inquiring minds want to know!
Re:Software is void, revoked and terminated. (Score:2)
Because he's the guy who wrote and released their (Nullsoft's) software.
This is pretty much a case of the "nullsoft" division of AOL doing something that AOL decided it didn't like and then AOL claiming that there was no division and that all decisions had to go through them.
Maybe his bosses didn't like his decsion, but it's pretty obvious that he was in a position to make decisions on behalf of nullsoft.
Re:Software is void, revoked and terminated. (Score:2)
Just a quick little addendum:
Do I NEED all that shit when I sign a contract with another company?
No. There ju
License not a Contract (Score:2)
A contract is an agreement.
You can not enter my house without permission (law)
I grant you a license to enter with the condition that you do not smash my windows. (permission)
If you enter and do not smash the window everything is okay.
If you enter and smash the window, you are now trespassing, because you do not have permission.
Re:Unauthorized software? (Score:2)
Also, you need to know the story of gnutella, the original P2P software. That was started at Nullsoft as well. It was also GPL. It also got p
that must suck (Score:2)
Has the author spoken as to whether the license is legitimate or not? If he had the power to post and license products, then I assume the GPL stands.
Re:that must suck (Score:2)
He got exactly what he expected I am sure. Probably more suprised he lasted so long then that he got kicked out.
Windows Binary Mirror (Score:5, Informative)
Wang33
Re:Windows Binary Mirror (Score:2, Informative)
Wang33
Re:Windows Binary Mirror (Score:2)
Why not ask Rob nicely to add a licence instead of trying to get heavy?
---
Thanks for this Rob, I was going to trawl the P2P networks tonight for it but you've saved me a job. Thanks for the bandwidth too.
Re:Windows Binary Mirror (Score:2, Funny)
We should post peoples info more often, it's a lot more interesting when you know where someone is from.
Re:Windows Binary Mirror (Score:2)
You're a jackass, plain and simple. If he doesn't have the source just ask him to post it. Your actions are no matter than the fucktard companies and their lawyers suing everyone in sight and, in my opinion, they're worse as most (if not all) slashdot readers should know better.
Posting someones info like that on slashdot is pretty shitty. We already know about the abuse involving the whois db. It doesn't matter that it's freely available via whois. It's not like any of us routinely check
Re:Windows Binary Mirror (Score:2)
Re:Windows Binary Mirror (Score:2)
He does not make a good point. The GPL doesn't say "if you give a link to the binary, you must give a link to the source". It says that you need to comply with at least one of the options under section three - Which simply by including the GPL (in the form of the "COPYING" file), Wang33 has done.
Unless AirLace contacted Wang33 to request the source and either waited a reasonable amount of time or received an outright reje
Re:Windows Binary Mirror (Score:2)
So thanks for being a Jerk, Airlace. Once you fully understand the GPL then you may come back.
Security chip and continued development. (Score:4, Interesting)
Re:Security chip and continued development. (Score:4, Informative)
Re:Security chip and continued development. (Score:2, Funny)
Re:Security chip and continued development. (Score:2)
Does VIA offer documentation on their chipsets?
Yes, at least to their PadLock system. Overview [via.com.tw], Programmer's Guide [via.com.tw].
Basically their system allows one to use hardware accelerated AES encryption in all major modes (CTR requires using the co-processor to precompute blocks in ECB mode and then XORing them in regular software.) I'd say that is pretty damn impressive and from what I've looked, the documentation is solid and quite clear.
You can even get Brian Gladman's AES implementation [plus.com] which uses VIA's h
To Quoeth The Homer... (Score:3, Funny)
Possible unlawful use of code (Score:5, Insightful)
Since this product was based on WASTE, this is possibly why it was taken down, and if so, then the fact that a major company thinks the GPL wasnt applied lawfully to it, then Im inclined to think that all the other archives of it around are infringing as well.
Just my 2 cents on the matter. In the origional WASTE story, i offered to mirror the source code. I did this until i actually sat back and thought about it, then I removed the code because I didnt think its release was lawful.
Re:Possible unlawful use of code (Score:5, Informative)
Seriously. This is the kind of attitude that Steve Ballmer and folks can point to and say "See how viral the GPL is? Some guy under contract to AOL simply put the word GPL in the source - they didn't even have to make sure the release complied with the terms of the GPL, and now AOL's valuable IP is gone." And then millions of PHBs will ban the use of the word GPL in their offices, because Ballmer provided 'proof' that it was bad.
The GPL does not let you take any source code anywhere and release it under the GPL. If it did, we'd have seen GPL'd Windows 2000 from the leaked MS source, and a GPL'd version of every piece of source that was ever leaked onto the net. Heck, we could solve Xfree86 problem in a second - someone just grab the latest source with the annoying license, untar it, stick in a GPL LICENSE and COPYING files, tar it back up, and distribute it. Bingo - problem solved. Yet for some strange reason, no one has done that yet. Because it's not allowed. I bet even RMS would agree with that.
The GPL provides an awful lot of protection, but that all goes out the window if the inital release under the GPL was unlawful. And one such case would be if you signed an employment contract stating that any code you wrote was property of the company. If you plan to work on GPL stuff, either get a waiver beforehand, or find another job. But you don't get to decide that part of your contact doesn't apply because you don't like it or feel it's "wrong". If so, I could decide that I don't feel like repaying my car payment, or that I want to knock down a few walls in my apartment, regardless of what my lease says. The courts get to strike down parts of a contract after it's signed - the average person doesn't.
Re:Possible unlawful use of code (Score:2)
No one's debating that this is a legal, legitimate way of freeing code under the GPL. I don't think there's many GPL zealots that would think so.
The problem arises when you think about who released the WASTE code, the actualy author of WASTE and (head honcho?) of Nullsoft at the time: Justin.
I guess what really legally determines this is how much power over Nullsoft does AOL legally have? It's something that needs to b
Re:Possible unlawful use of code (Score:3, Insightful)
The problem is proving that Frankel caved to pressure from AOL. The Feds could not prove that Capone was a Gangster. Yet everyone knew he was one anyways.
Re:Possible unlawful use of code (Score:3, Insightful)
You state that as if it's a fact, but it's actually your opinion and one I don't agree with at all.
If I work for a store, and it is normal duty of mine to do sales and quote prices. I'm am acting on behalf of that company when doing so.
If I work for Nullsoft and it is my normal duty to rel
Re:Possible unlawful use of code (Score:3, Insightful)
Sorry, but what a "major company" thinks about the application of the GPL doesn't mean shit (see that other long running story about this company called SCO). What matters is what the courts think and while I can completely understand not wanting to get embroiled in a court case, that doesn't mean you need to rationalize it by handing moral authority over to an organization that has, as its stated goal, complete self-interest witho
Re:Possible unlawful use of code (Score:2)
if the original waste code was released by the person that wrote it, then it's morally correct to spread it, in my eyes
I see your point of view, but what about works for hire, or employed programmers who had no pretence of ownership of said code?
Re:Possible unlawful use of code (Score:2)
I have won a moral victory.
I'd say (Score:5, Informative)
http://sourceforge.net/forum/forum.php?forum_id=3
Apparently, there were some GPL violations in the code but it doesn't sound like a permanent problem
TEN FOOT POLE (Score:5, Insightful)
Re:TEN FOOT POLE (Score:4, Informative)
I'm working [winw.org] on it.
don't do that (Score:5, Insightful)
Furthermore, one of the most likely reason VIA pulled this is that they don't have the right to distribute it (patents, other people's copyrights, etc.). Then, even if you acquired a copy under the GPL, you couldn't use it because the GPL would be invalid.
Also, the person posting it may not have been authorized to do so by the copyright holder (the company itself). That would also mean that you don't, in fact, have the right to use it under the GPL because the GPL is an agreement between you and the copyright holder (VIA), and VIA has not entered into that agreement with you.
Even if you could get away with it legally for some reason, I really think it's a bad idea to behave that way. Good relations between VIA and OSS developers are essential in order to have Linux run well on their hardware. There is no hard-and-fast line, but in a situation like this (it seems it has had no widespread announcement, no user community, no external contributions), the creators of such a software package should be allowed to change their mind at the last minute.
Re:don't do that (Score:2)
Licenses are the fine line between open source and anarchy. If we don't respect the licenses in place, no-one will respect ours.
Maybe (Score:2)
If VIA comes after you, you can simply show that you have a license, and you received it from them.
If a VIA employee posted it on an official website I would think that you can have a good expectation that this was properly authorized. It would be pretty hard for them to argue you knew this wasn't valid.
Yes the creators should be allowed to change their mind at the last minute, but not after it has already passed.
Re:don't do that (Score:2)
the creators of such a software package should be allowed to change their mind at the last minute.
No, they shouldn't. There's a huge amount of contract law that says co. It was released under a particular license. There is no changing it after hundreds of thousands of people hav
tum-te-tum... (Score:3, Funny)
Hey presto everyone, GPL'd Windows Source code!!!
I love it! (Score:3, Insightful)
WASTE is GPL, set in stone. (Score:3, Informative)
The WASTE software and source code was posted on the Nullsoft website by a Nullsoft employee who's always posting software to the site, who happens to also be the author of WASTE.
Let me repeat: an officer of the company and the author of the software made this software available under the GPL on the company website.
This seems open and shut to me: it's still GPL'd software. Sure the employee may have acted against the wishes of his gods, but its too late, it was released by the author, on the company website.
This would set a dangerous precedence if this were successfully challenged in court. Any company could virtually release a product under the GPL and later revoke it at their whim, claiming its unauthorized and that everyone must destroy their copies.
Re:WASTE is GPL, set in stone. (Score:2, Insightful)
It's far from open and shut that the release under the GPL was legal and I don't think the courts will have a hard time deciding it without setting dangerous precedent. If an employee steals a product off the manufac
cumulative mirror (Score:3, Interesting)
In the top section I've posted the original waste source, current waste source, PadLockSL source and some of the windows binaries mirrored in this thread.
This should consolodate the mirrored files in one place.
tainting - license issues (Score:2)
And also, the code is in dispute maybe, but what about reverse engineering the protocol? Without protocol docs, you'd have to download and run this in a testing environment if you wanted to reverse engineer the protocol to roll your own code.
Maybe someone should fix the GPL violation (Score:2)
SCO Arguments and WASTE (Score:2)
Re:De-ja Vu? (Score:4, Insightful)
The GPL is irrevocable, so they can't revoke it. The only "official" things they can do to stop people developing it further are:
Given that the second option would be an admission of copyright infringement, and the first option is on shaky ground, I can see them choosing the last option.
Re:I can see it already. (Score:5, Insightful)
In other words, you want the international community to pass a law that makes it so that if someone steals my code and posts it online and then has a friend download it, I lose all rights to that code.
That's a very bad idea.
Re:I can see it already. (Score:2)
I don't necessarily agree with him either, since I believe that as long as all contributers to the source are in agreement, they can change the license it is released under. Is this right? If so, there really should be no way to stop them from posting the code, then pulling it and changing the license. Sure, the dama
Re:I can see it already. (Score:4, Insightful)
If someone steals my code, then posts it online under the GPL illegally and then other people download it, I don't think that those other people should have Carte Blanche to do what they want with my code. I think that if I inform them and can prove to them that they are using code that should never have been in the GPL, then they have an obligation to stop using my code.
If we go with the great-grandparent's plan, then anything released under the GPL, no matter how it got there, would stay GPL. In other words, thieves would be totally free to steal and distribute code.
Which is a very bad idea, I think
Re:I can see it already. (Score:2)
Re:I can see it already. (Score:2)
Information wants to be free, dude. Get with it.
Re:I can see it already. (Score:2)
No what he's saying is that if you post something saying "here's this is GPL'ed" and I download it, YOU are the one who is liable if it turns out that proprietary code is buried in it.
In my understanding, copyright already works this way. You would be the one distributing it and copyright governs distrib
Re:I can see it already. (Score:2)
If you can't be held liable for having the code and you distribute the code as part of some GPL project and other people download it and they can't be held liable either, then how on earth am I going to regain control of my code? Ask nicely and hope that everyone complies?
Re:I can see it already. (Score:2, Insightful)
You just wait. I give this thing about 30 days, and then people will start hearing from all kinds of lawyers, and we'll have another SCO on our hands, claiming we jacked source code which we did not, in fact, jack.
Huh? Tell me, if I had a job as a janitor at Microsoft headquarters, and grabbed a copy of the Windows source code, would I be able to release it as GPL? And would the people downloading and spreading it be in the right? Of course not!
This is essentially AOL's argument: that somebody rel
Re:Via's RNG publicity and a conspiracy theory... (Score:5, Insightful)
There are other hardware crypto accelerators [soekris.com]. OpenBSD uses them to offload all possible crypto and random functions from the CPU whenever one is present. VIA's is nice, in that it comes with the computer, but $100 will get you the same functionality in a PCI card.
Anybody here thinks that securei easy IM might not facilitate terrorist message interception?
You mean, like Jabber with SSL? That cat's already out of the bag.
Re:Via's RNG publicity and a conspiracy theory... (Score:2, Informative)
The only thing that is a little mainstream (because it's easy to use and install) is Trillan. However it is closed source (possible back door) and the key generation isn't fully documented. Cerulean studios could have been obliged to give up their keys..
Re:Why? (Score:4, Insightful)