Comment This is just a demonstration... (Score 1) 536
Agreed,
I think this is just a demonstration of what the proposed "Internet-Kill-Switch" would be operated like. Information getting out of hand? Turn it off.
Agreed,
I think this is just a demonstration of what the proposed "Internet-Kill-Switch" would be operated like. Information getting out of hand? Turn it off.
From the wikipedia article, there are three Americans that were held at Guantanamo...
http://en.wikipedia.org/wiki/American_detainees_at_Guantanamo_Bay
First, we have not specified which GPL version is applicable, or if there are specific exemptions to it. Here is the applicable section under GPLv1:
"Source code for a work means the preferred form of the work for making
modifications to it. For an executable file, complete source code means
all the source code for all modules it contains; but, as a special
exception, it need not include source code for modules which are standard
libraries that accompany the operating system on which the executable
file runs, or for standard header files or definitions files that
accompany that operating system."
Nothing there about build scripts or tools to build.... Let's take a look at GPLv3 (section 1):
"The “Corresponding Source” for a work in object code form means all the source code needed to generate, install, and (for an executable work) run the object code and to modify the work, including scripts to control those activities. However, it does not include the work's System Libraries, or general-purpose tools or generally available free programs which are used unmodified in performing those activities but which are not part of the work. For example, Corresponding Source includes interface definition files associated with source files for the work, and the source code for shared libraries and dynamically linked subprograms that the work is specifically designed to require, such as by intimate data communication or control flow between those subprograms and other parts of the work."
I see the section regarding build scripts, but embedded devices often do not include the ability to build on the device itself, presenting a big difference from the desktop world where you would typically config, build, install all from source. I still think that simply including the settings/defines/prerequisites would suffice. Note that the section above also specifically excludes general purpose tools. Since installation is often accomplished either through external flashing device or embedded flash utility (general purpose tool), these would be excluded.
Yeah, I've read the GPL. I'm not sure I like where things are going in v2 and v3. On the embedded devices that I work with (for instance FreeRTOS), the licenses are GPLv1 for the overall OS and tasking system. They also include a specific exemption for custom tasks/routines which doesn't require you to release unless you change the OS.
Ultimately, it boils out to defining which device, which specific license and which specific files are involved. None of that's been done, so to assume the most radicalized position here doesn't make sense.
No, I disagree. The section "However, this does not include the work's System Libraries, or general-purpose tools..."
I read this as you must include the defines that you used to build it, but not the build script or firmware loader utilities that you used to put it on the device. To point out, the GPLv3 is the strictest, GPL1 and GPL2 are not as strict.
Not a violation here.
Sorry to rain on the "GPL violation parade", but this really isn't a violation. The GPL covers the source code only, that's what the banner above the code indicates. It doesn't stretch to everything that's required to build a duplicate product. These companies are under no obligation to release their build environment, scripts, custom firmware utilities or whatever unless they contain GPL code AND they're releasing the binaries out into the public. Private build tools don't count. Doesn't matter if it makes your source useless, or you unable to build a new image. Nobody ever promised that you would be able to build some replacement code and drop it into the device. Indeed, there are reasons where companies may NOT want you do to that (think product liability), even if they do release the source code that they originally built from.
I'm a great supporter of GPL, but folks here are trying to stretch the GPL into something it's not. If what you propose is true, I should be releasing the source and binaries to Notepad because I used it edit some of my files. I would also be required to release my build scripts even if they're owned by another company, and the firmware loader that I used to load up the image into the device.
Perhaps if you worked with the companies in question without crying wolf over some GPL violation that isn't, they may actually help you more. Here's a suggestion: offer to build them a new script based on public tools...And I mean really "go the distance" with them, using something public like Ant. Help them work through the rough edges and show them that you can provide a "win-win" situation where they can actually trust you. They may not bite, but then again, they may... And you've helped show good faith rather than calling in the lawyers.
I agree with the poster that the economics of attacks is definitely in favor of the Trojan vs. the technical attack. It's scary how many people install junk on their computers, and it's not getting any better. Even I do it sometimes without knowing 100% who's behind some utility or patch that I want. This is the approach that pays off easy too. Why bother trying to sneek into their box when the user's will install your bug for you?
In nature though, some of these parasites actually evolve into beneficial bugs. The take their little bit, but they also do some extra bit for the host. Both sides win, this is symbiosis. Imagine that the SETI@home also defragmented your disks or optimized performance some how in exchange for running on your system, same thing.
Now consider for a second that Conficker patched some security holes after entering the host system....Isn't it doing some little bit of good? Not wanting it on my box, just showing how Conficker's security is also beneficial to the host machine. Their goals align... Consider also, how does Google's goals align with mine when I use online Docs?
I think there will be a real blending here. Trojans will get more beneficial and less intrusive, people will tolerate them because they do something useful, and a new class of free (as in beer) software will evolve.
Lets keep the alarmist talk down to a minimum here. As a few people have pointed out, the auto industry response will simply be to DRM you out of your own car. I'd expect that the government would want a part of the action, so expect a DMCA for autos too... They'll push you right into the loving arms of the factory service shops who will now be the only "authorized" repair option.
You're right, HTC does have access to the WinMo stuff on top of the CE layer. The DO make edits to run their own "Sense" customizations on top of the WinMo base. You are not correct about Android though...the Android code is out there for anyone to download. It IS like Ubuntu in that you can get the base OS and stuff it onto anything. It takes moderately more skill than building your own kernel for the PC, but it's there and easily within reach for a company like HTC. The only stuff that Google cares about is their custom applications that don't come with the OS. Notice that HTC's added their own "Sense" adaption to the Android set for their devices...
I think Google's play here is pretty benevolent. They want to change the way the entire phone industry works, making a FOSS operating system as the launching vehicle is the mechanism by which they are doing that. If you follow Google's patents, it will give you a clue as to their direction. I think the long term goal of Google is to put the carriers out of business as they are currently working. Look for Android to support something like Skype or other VOIP. Look for Android phones to do free association with wireless access points, and look for some type of payment mechanism (similar to the blogger payment scheme) for folks to open their local wireless up for phone connections and payments...
Just my 2 cents...
Sure, HTC buys and OS from MS to put on *some* of it's phones. If you've been watching, that number has been dropping to zero lately.
HTC does get Android from Google, but that's FOSS, so they are not beholden at all to Google for that...
I've worked with the folks at HTC, they're bright and highly motivated... Any interest that they've got in Palm is NOT because they need an OS to run.
"God is a comedian playing to an audience too afraid to laugh." - Voltaire