Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Software

Is Showmypc.com an Open Source Pretender? 323

Posted by kdawson
from the show-us-the-source dept.
shaitand writes "When looking for a remote support application that penetrates firewalls and can be initiated by my clients with a couple of clicks, I came across Showmypc.com. It was a standalone executable but looked like it would work and best of all it was open source. The only thing I didn't like was the interface, so I went to check out the Sourceforge page. I noticed a substantial problem: CVS is empty and the source on the download page is for the 2.6 version. The version of the executable is 3.53. I mailed the developers that they needed to distribute their modified SSH client and VNC source to be in compliance with the GPL license. They said they didn't modify those programs and ignored my request for the current source code. So I ask again, if this is a GPL'ed application; where is the source?"
This discussion has been archived. No new comments can be posted.

Is Showmypc.com an Open Source Pretender?

Comments Filter:
  • by Anonymous Coward on Sunday September 09, 2007 @11:03PM (#20534505)
    "Where's ShowMySource.com?"
    • by Divebus (860563) on Sunday September 09, 2007 @11:06PM (#20534545)
      Right on their front page [showmypc.com]: "It started as an open source Desktop Sharing and Remote PC access project..."

      And then what happened?

      • by ajs (35943) <ajs@a[ ]com ['js.' in gap]> on Monday September 10, 2007 @01:38AM (#20535337) Homepage Journal

        Right on their front page [showmypc.com]: "It started as an open source Desktop Sharing and Remote PC access project..."

        And then what happened?

        And if what they claim (that they use, but haven't modified vnc/openssh) then there's no problem here, and no, as per their Web site, it isn't open source.

        Slashdot really is scraping the "slow news day barrel" this week.
        • by Mr2cents (323101) on Monday September 10, 2007 @04:32AM (#20536207)
          OpenSSH is not GPL but BSD licensed so there is no problem IMO. I haven't checked for VNC (sorry, I'm just too lazy). And besides, GPL is all about distribution, not about modification; if I modify a GPL program and keep it to myself, there is no problem. There is no way you can force me to give up the changes. But if I distribute it, I have to supply the source code with my modifications.

          So did the guy receive binaries of GPL-based software? If that's the case, he can demand the source. If not, he just wasted our precious time.
  • REport em (Score:3, Interesting)

    by Anonymous Coward on Sunday September 09, 2007 @11:06PM (#20534539)
    did you report them to SourceForge?
  • Why not? (Score:5, Insightful)

    by Frosty Piss (770223) on Sunday September 09, 2007 @11:08PM (#20534555)

    CVS is empty and the source on the download page is for the 2.6 version. The version of the executable is 3.53

    If it's original work, can't the copyright holder decide to close the source? If it doesn't contain anyone else's work that happens to be GPLd, I don't see a problem here.

    Need more info...

    • Re:Why not? (Score:4, Insightful)

      by Skreems (598317) on Sunday September 09, 2007 @11:10PM (#20534579) Homepage

      If it's original work, can't the copyright holder decide to close the source? If it doesn't contain anyone else's work that happens to be GPLd, I don't see a problem here.
      True. But Sourceforge only provides hosting for OSS projects. If they're hosting their binary downloads for the new version on their own site with their own non-Sourceforge hosting, they're fine.
      • True. But Sourceforge only provides hosting for OSS projects.

        Perhaps that's why the current version isn't on Sourceforge?

      • Re:Why not? (Score:5, Informative)

        by DustyShadow (691635) on Monday September 10, 2007 @12:26AM (#20535005) Homepage
        From http://www.gnu.org/licenses/gpl-faq.html#Developer Violate [gnu.org]

        "Is the developer of a GPL-covered program bound by the GPL? Could the developer's actions ever be a violation of the GPL?

        Strictly speaking, the GPL is a license from the developer for others to use, distribute and change the program. The developer itself is not bound by it, so no matter what the developer does, this is not a "violation" of the GPL.

        However, if the developer does something that would violate the GPL if done by someone else, the developer will surely lose moral standing in the community."
        • Re:Why not? (Score:4, Interesting)

          by Skreems (598317) on Monday September 10, 2007 @01:50AM (#20535407) Homepage
          That doesn't seem true at all. Plenty of OSS programs out there release a GPL version for non-commercial uses, and a pay version under a proprietary and for-pay licensing scheme. That would definitely violate the GPL if they didn't own the copyrights on the code, but they're not "losing moral standing in the community" just because they found a way to finance their project.
      • No..

        sourceforge REQUIRES [sourceforge.net] you upload the source. This is a sourceforge requirement, and is independent of the gpl.

        Just create a support ticket on sourceforge and in some weeks(in my expierience) that project is either closed or the source is put in the file release system.

    • Re:Why not? (Score:5, Insightful)

      by courtarro (786894) on Sunday September 09, 2007 @11:21PM (#20534659) Homepage

      That would be true if the code were unmodified versions of GPL'd code, but glancing through the two helper EXEs (spcplink.exe and spcwinv.exe) reveals quite a few references that look like they might be directly pulled from VNC or OpenSSH. Interestingly enough, these two helper apps are written in Visual C++, while the main app is written in VB6.

      Now that I look closer, I notice that spcwinv.exe is actually referred to as "VNC Server Free Edition for Win32", and the copyright is "Copyright © RealVNC Ltd. 2002-2005", yet the strings within the file have been modified to refer to it as a ShowMyPC product. I'd say that's a dead giveaway.

    • by shaitand (626655)
      'If it's original work, can't the copyright holder decide to close the source? If it doesn't contain anyone else's work that happens to be GPLd, I don't see a problem here.'

      If it's an original work then yes but there is still a problem. They are claiming this program is GPL'd and open source. Their site is designed to imply they are an open project in every way possible. If they closed the application a major version and half ago they are not entitled to ride the open source buzz. If I didn't want to person
  • no source in CVS now (Score:3, Informative)

    by xonicx (1009245) on Sunday September 09, 2007 @11:09PM (#20534563)
  • by courtarro (786894) on Sunday September 09, 2007 @11:09PM (#20534565) Homepage
    Whereas GotoMyPC is a serious business with a vested interest in keeping users' machines secure, this site has no such commitments, and as such it seems like a pretty bad idea to use it without being able to check the source code. Potential GPL violations aside, a significant reason that we need the source is to confirm that it does what they say it does. Without it, who knows what backdoors they could be offering; it's especially concerning since it's specifically designed to penetrate firewalls. Beware!
    • by Marty200 (170963)
      Without it, who knows what backdoors they could be offering; it's especially concerning since it's specifically designed to penetrate firewalls. Beware!

      The same thing can be said about any piece of software. At some point you have to take the risk that your machine might be exposed.
      • by Gazzonyx (982402)

        Without it, who knows what backdoors they could be offering; it's especially concerning since it's specifically designed to penetrate firewalls. Beware!

        The same thing can be said about any piece of software. At some point you have to take the risk that your machine might be exposed.

        Although a good point, with this type of software, you're expecting that you'll be receiving an inbound connection through the firewall; when you 'install' whackAMole.exe, which is a single player game, and find netbus connections in netstat, you know something is up. That, of course, isn't something that ever happened to me in my teens, but rather a story I just made up on the spot, really.

      • by shaitand (626655) on Monday September 10, 2007 @03:09AM (#20535837) Journal
        'The same thing can be said about any piece of software. At some point you have to take the risk that your machine might be exposed.'

        Or... you could just use open source software.
    • Re: (Score:3, Insightful)

      by root-a-begger (854073)
      GoToMyPC did not start as a closed source product from Citrix. It started as a closed source product from Expertcity. Expertcity was an unknown and yet people found reasons to trust it and the company grew enough that Citrix acquired it.

      In short, The parent comments are pure FUD which can be applied to just about any closed source start-up...And this assumes you automatically trust closed-source software from a large company. This also assumes if it were open source that people have reviewed it in enough
  • by FUD spreader (1153607) on Sunday September 09, 2007 @11:13PM (#20534597)
    this program contains code that they don't want you to see, because they are a shell company for microsoft that is simply using the VNC platform to spy on people so they can report back to the government.
    • Re: (Score:3, Funny)

      by wamerocity (1106155)
      You know I've been on slashdot for a few months now, and it is posts like that make me wish, 1; I had mod points (I've never been given mod points, so I wouldn't even know how to recognize it. Help?) and 2. that there was a "-1 Enough already" mod
      • by MLease (652529) on Sunday September 09, 2007 @11:45PM (#20534783)
        You would see a message upon logging in stating that you have 5 mod points, which expire in 3 days from the time you get them. You may not have been around long enough to get mod points yet; if you go here [slashdot.org], you'll get more info on moderation (scroll down the page a bit to get to the moderation parts).

        -Mike
      • Re: (Score:3, Informative)

        by rts008 (812749)
        MLease is giving you the straight info. The moderating guidelines spell it out pretty well (MLease's link), and will give you a good idea what to do.

        You will see in each post (when you have mod points) a window with a drop-down menu with the choices available (-1 Troll; +1, Informative, etc.). It will show up near where you are used to seeing the 'Reply to This' link. If you want to mod that post, select from the window and go on. At the very bottom of the page will be a 'Moderate' button. Just click on tha
      • You know I've been on slashdot for a few months now, and it is posts like that make me wish, 1; I had mod points (I've never been given mod points, so I wouldn't even know how to recognize it. Help?)
        Mod points are like busses. You never have them when you need them, yet, when you don't need them 3 turn up at once. Seriously, the first time I got mod points, I had not used them all, yet I got another batch (I still only had 5 mod points, since there is a limit).
    • by sumdumass (711423)
      Well it is simple then, just load linux onto your calculator and place it next to the keyboard, MS would have a hell of a time monitoring you now.

      BTW, check out that connection to akamai your computer makes when starting. It is in the same building as the FBI. You will find it in the firewall logs of the super good internet securities sweet. (I know)
  • No source needed (Score:5, Informative)

    by JanneM (7445) on Sunday September 09, 2007 @11:15PM (#20534617) Homepage
    They don't need to give public or cost-free access to the source. All that is required is that they give the source to their customers, for a reasonable copy and distribution fee, if they ask for it.

    And as for VNC and friends, well, if they didn't change that code they don't need to give you the source either.
    • Re: (Score:3, Informative)

      by Eskarel (565631)
      They need to give the source to anyone they distribute to(assuming the program is actually GPL) who asks. If they distribute free to everyone, then anyone who asks for it has to be given the source, that's the whole point of the license.

      If they distribute it to their customers only and one of their customers gives it to you, then you can ask the customer for the source and they have to provide it to you.

      If they've release a piece of software under the GPL then they have to do this(they can close future

      • by JanneM (7445)

        They need to give the source to anyone they distribute to(assuming the program is actually GPL) who asks. If they distribute free to everyone, then anyone who asks for it has to be given the source, that's the whole point of the license.

        If they distribute it to their customers only and one of their customers gives it to you, then you can ask the customer for the source and they have to provide it to you.

        But the OP isn't a customer. He has not been given a binary of the system by anybody. GPL or not, he simply has no right to the source as things stand. He can get the source in one of two ways: he can become a customer by buying a binary, or he can ask one of their existing customers to give or sell him a binary. Only at that point does he actually have a right to get the source code (for a fee if needed) as well.

        If they've release a piece of software under the GPL then they have to do this(they can close future versions of the product and stop distributing the gpl'd versions, but as far as I can determine you can't ungpl something you've already distributed as gpl). They also have to do this if any of the software they've modified or linked to is GPL(exceptions for lesser GPL).

        Any code that is theirs, they can change the license at will. They can't change the license o

        • Re: (Score:3, Informative)

          by shaitand (626655)
          'But the OP isn't a customer. He has not been given a binary of the system by anybody. GPL or not, he simply has no right to the source as things stand. He can get the source in one of two ways: he can become a customer by buying a binary, or he can ask one of their existing customers to give or sell him a binary. Only at that point does he actually have a right to get the source code (for a fee if needed) as well.'

          They distribute the binaries for free on the website. You can go download one now and be enti
    • And as for VNC and friends, well, if they didn't change that code they don't need to give you the source either.

      The initial question asserts that SSH and VNC had been modified. Whether that's true is really unknown.
    • Re: (Score:2, Informative)

      by 42forty-two42 (532340)
      If they didn't modify the source, they must pass on the written offer to provide source code they received, provided they're distributing the binary noncommercially. For commercial uses, or if they don't (or can't) pass on said written offer, then they must provide source code, even if it is unmodified. Of course, they need only provide source to people they give the binary to (including free demos or whatever).
    • by evilviper (135110)

      All that is required is that they give the source to their customers, for a reasonable copy and distribution fee, if they ask for it.

      Anyone who got the binary has the right to request source under the GPL. The binary is freely downloadable on their website, and the submitter says he asked them for the source code, and they refused.

      And as for VNC and friends, well, if they didn't change that code they don't need to give you the source either.

      Not true. If they didn't change it, they still need to provide th

    • by Aim Here (765712)
      Wrong. Reread section 2b of version 2 of the GPL. Section 2c doesn't apply because this is a commercial enterprise, and section 2b obliges you to offer source code to 'any third party' for up to three years.
    • Re: (Score:3, Informative)

      by vondo (303621)

      And as for VNC and friends, well, if they didn't change that code they don't need to give you the source either.

      Simply not true. If you distribute GPL'd code, you have to distribute the source (in a manner prescribed by the GPL). Whether you modified it or not does not matter one bit and if you offer your product for download, you have to host the source on your own servers. A link to the source code at some other location is NOT good enough.

      There have been smaller linux distributions that get burned over this, but it is the rule under the license.

  • by BobandMax (95054) on Sunday September 09, 2007 @11:15PM (#20534621)
    ...because the GPL only requires that an offer of source code be distributed along with the application. Have you purchased a copy of their commercial offering?

    Please read the following from gnu.org's FAQ:

    QUOTE

    If I distribute GPL'd software for a fee, am I required to also make it available to the public without a charge?

    No. However, if someone pays your fee and gets a copy, the GPL gives them the freedom to release it to the public, with or without a fee. For example, someone could pay your fee, and then put her copy on a web site for the general public.

    UNQUOTE
  • by digital photo (635872) on Sunday September 09, 2007 @11:16PM (#20534631) Homepage Journal
    Well, they claim their software started out as open source(read: probably derived from open source projects like vnc/ssh/etc). Their sourceforge page indicates that the code is under GPL license, which implies that the source code should be made available to individuals wanting to use it for their own use.

    However,other than the front page and the sourceforge page, there is nothing else on their site indicating that the application is in anyway open source in spirit, letter, or intent.

    Of course, you can always just ask them if they are indeed still Open Source, or if they were, but have since reneg'd on their license agreement to be Open Source. I forget... do you need to make your code open source/GPL if your code essentially links to libraries of GPL/Open Source projects? Or perhaps if your product is derived from Open Source application source code?

    If they are making use of code from another Open Source project and are burying it in their binary-only distros, might be worthwhile to check their code for library strings and see whose projects' rights are being tread upon and ask why they haven't upheld their GPL/OS obligations.

    That's, IF they are using/leveraging/linking...
    • by tgatliff (311583)
      Well the thing I like best about this appearing on slashdot is that now someone will fork the code and get it opensource again. At least that is the hope...

  • Who are you? (Score:2, Informative)

    by QuantumG (50515)

    I mailed the developers that they needed to distribute their modified SSH client and VNC source to be in compliance with the GPL license.
    Uhhh, dude, you're not the copyright holder, who have no right to say what they "need" to do. Find the copyright holder, tell them, if they want to do something about it, they will. Otherwise, suck it up.

    • by rm999 (775449)
      Very true - just because something is GPL'd doesn't mean that everyone "owns" the software. It is still copyrighted by someone, and it is up to that person/group to make sure any derived works are still free and open.

      You can ask for the source, but you cannot bring them to court.
      • by glwtta (532858)
        You can ask for the source, but you cannot bring them to court.

        Hmm, looks to me like he asked them for the source and did not bring them to court. What's the problem?
        • by QuantumG (50515)
          Looks to me like he demanded the source.

          • by shaitand (626655)
            'Looks to me like he demanded the source.'

            Per the terms of the license agreement if a binary has been distributed to me under the GPL, I have a RIGHT to the source. Of course I demanded it. They are responsible for honoring those terms. If they fail to honor them and I can show damages then I can sue them, just not for copyright infringment.

            Even if they were the original author and gave me the software gratis, if they offered say... support and failing to provide that support caused damages to me I could su
            • by QuantumG (50515)
              Not only are you wrong, you're also on crack.

              I tell ya what, you go find yourself in that situation and *try* to sue them and see how far you get.

              Even if they provide you with that "written offer" to provide source code under section 3(b) of the GPL version 2 and then subsequently refuse to give you the source code when you ask for it, you still can't sue them for breach of contract because you've made no consideration.

              All that you can do is get the copyright holder to sue them for copyright violation becau
              • by redhog (15207)
                He could in that case very well sue them for false advertisement (that the code is GPL when it is not). In addition, the copyright holder could sue them for copyright infringement.

                Why doesn't the GPL contain a clause that allows others than the copuright holder to sue for violations? That would have been awesome! Think about the suefest!
                • by QuantumG (50515)
                  Cause no matter how much the FSF might like to, they can't change the law, and the law says that only the copyright holder can sue for copyright infringement (strangely enough).

        • by rm999 (775449)
          Simple. The only way he's getting the source if they don't want to give it up is through court. He cannot bring them to court. Therefore, he is not getting the source.

          In other words, he is demanding something when he does not have the right to do so. I can ask you for a million dollars, but you probably won't give it to me.
          • Re: (Score:3, Insightful)

            by shaitand (626655)
            'In other words, he is demanding something when he does not have the right to do so.'

            Nonsense, everyone who they distribute a binary to has the right to demand the source. They just don't any teeth to back up the demands.

    • A polite heads-up with a pointer to the actual copyrights can be handy. Saying "I'd be interested in the use of it for this particular project, but not having access to the [GPL/BSD/Apache/whatever] licensed source precludes me from doing so, because it's hard to know what other copyrights you might be violating if you're being this obviously careless" might also help.
  • by UbuntuDupe (970646) * on Sunday September 09, 2007 @11:20PM (#20534651) Journal
    I'm *pretty* sure there's an established procedure for reporting GPL violations, and I'm *pretty* sure submitting a /. story griping about your experience with that software ain't it.
  • by Retalin (68942) * on Sunday September 09, 2007 @11:31PM (#20534707) Homepage
    This is flame bait... this is not news and it's definately not the proper way to report a GPL violation. Are we really hurting for news submissions?
  • I had a similar need some time ago but didn't like the solutions out there. I ended up setting up an OpenVPN server (listening on 443 to ease outbound firewall penetration). When the user needed help, they connected to my VPN server, I connected to it (if I was not in the office) and then did as I pleased (RDP, SSH, what have you). In this manner, I had a guarantee of security (which I was able to control) and ease of use on the customer's part (all they had to do was fire up an OpenVPN connection). The
  • Somebody can write a program, release it under GPL, and not release the source.
    That's perfectly valid.
    The GPL, or any other license, doesn't apply to the copyright holder.
    I've always wanted to do that, just to get a rise out of the community.

    Of course, if they included GPL software, making this a derivative work, disregard me.
    • by vga_init (589198)
      Unfortunately for you, that's not the case. The GPL specifies that the source code must be distributed along with the binary or must be made publicly available otherwise. Having access to the source code is one of the four essential software freedoms that the GPL was designed to ensure.
      • by pclminion (145572)

        Unfortunately for you, that's not the case. The GPL specifies that the source code must be distributed along with the binary or must be made publicly available otherwise.

        And if it isn't? I suppose somebody would sue the guy. Why, THAT'S IT! He's gonna sue HIMSELF!

        Thanks, you've brought me much enlightenment. On your particular level of stupidity, that is.

        • by vga_init (589198)
          It seems to be that by giving someone the license, even the copyright holder has entered a legal agreement, at least to the person who is holding that license. Perhaps the law doesn't support suing the copyright holder for this reason, but it's immoral at the very least.
  • UltraVNC + tightvnc (Score:2, Informative)

    by bluefrogcs (656231)
    Create a distributable exe via http://www.uvnc.com/addons/singleclick.html [uvnc.com] You can set it for connection ports, etc .. all you need after that is any vnc that is running in listener mode. client runs the exe that was created, connects to the listener machine and displays the remote desk. Client closes exe at teh end of the session and session is teminated and can't be reinitiated from the listener end. Goes through firewalls, routers, etc .. Total cost = 0 .. No additional login info needed .. I used to ha
  • by shaitand (626655) on Monday September 10, 2007 @01:30AM (#20535297) Journal
    They removed the link to the sourceforge page.
  • UltraVNC (Score:3, Informative)

    by jon287 (977520) on Monday September 10, 2007 @02:28AM (#20535605)
    UltraVNC and UltraVNC "single click" can do just what you want, is greatly customizable, and completely free.

When you make your mark in the world, watch out for guys with erasers. -- The Wall Street Journal

Working...