Bobulate
Home [ade] cookies
GPLv2 clause 6
October 19th, 2009
This week I was in Grenoble for the Embedded Linux Conference Europe. On the seond day of the conference — Friday — I was one of the few people wandering around in a suit. Even the guys who normally wear suits had dressed down to deal with the nitty-gritty of kernel threads, time sources, and boot time optimization.
So I talked about licenses. And license obligations. And interesting bits of the GPL version 2. There’s one clause of the GPL version 2 that I’d like to single out because it’s one that is surprising to me — and rarely mentioned. Clause 6.
6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients’ exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License.
So, let’s suppose you (Bob) receive a program under the GPLv2 from the original author (licensor, called Alice), and pass it on unmodified to a third party, Charles. Clause 1 of the GPL applies, because it is verbatim. You just need to give Charles a copy of the license, and Charles receives a license from Alice automatically. There is in my reading no license, no relation whatsoever between you and Charles. Now if Charles distributes the program, the only license he could violate is Alice’s, and it is Alice who would need to enforce any violation.
This is actually how it works, too — suppose Alice wrote a part of the Linux kernel, she grants a license to any recipient (Charles) even though there are second parties involved (Bob); Alice can enjoin Charles to satisfy the requirements of the license. (For Alice perhaps read ‘Arald)
Now suppose you, Bob, modify the program before distributing it. In that case, clause 2b comes into play and the resulting work (based on the program) is also covered by the GPL version 2. When you distribute it, Charles receives a license from you to the modified work, and Charles receives a license from Alice to the original program. This is powerful, because Charles now has two licenses and two licensors that he must satisfy — but also weak, it seems to me, because Charles could violate one of the licenses and still keep the other. So if Bob sues Charles over compliance, Charles could just switch to the original Alice version (unless Alice enforces compliance issues as well).
It’s unlikely that would work in practice, because Charles wants the modifications done by Bob. Probably.
PS. Thanks to Saul Goode for some very careful and relevant comments to my previous writing on the GPL version 2; in particular pointing to the US Copyright Code and how it doesn’t restrict running the program at all — as indeed the GPLv2 itself writes “The act of running the program is now trestricted.”
On damages and responsibility
October 18th, 2009
My newspaper — the NRC — contains an item de uitspraak on page two once a week that deals with some recent court ruling. This week it is a copyright-related item, probably spurred on by last week’s controversy about rights payments on embedded videos on personal websites.
I’ll translate and quote parts of the column here, because it is of interest. This is transformative in nature and thus creates a derived work. Let’s think that this particular derivative work falls under “fair use” (which doesn’t exist as such in Dutch copyright law).
To start off, it’s not actually a copyright item; a 15-year old posted a copyrighted photograph which he had found with image search on his own website. He did this twice. An earlier case awarded the rightsholder (the photographer) EUR 4000 in damages. That seems a bit excessive to me, but .. in any case, the kid did not pay, and now the rightsholder is suing the parents for the same damages.
So this case actually is about claiming damages from parents, in particular because of the responsibility that parents have for the actions of their children. Dutch law says “Responsibility for damages caused to third parties by a child, 14 or 15 years old, lies with those who exercise parental control, except if they cannot be blamed for not preventing the actions (causing the damage) by the child.” Ugh, that’s convoluted, and “parental control” is something called “ouderlijk gezag,” which may be exercised by natural parents or foster parents or in some cases an institution.
According to de uitspraak, the considerations in this case were that a 15-year old has a reasonable expectation of autonomy and that non-stop surveillance is not to be expected (heck, I don’t watch non-stop over my kids when they’re surfing, and they are 5 and 6 — but then I do try to start them in a safe place of the net). So letting kids do “stuff” on the net is not a reason in itself a reason to expect surveillance. The judge also states that it need not be considered unusual for kids to maintain a website. As a result the parents are not held responsible for the damages.
Note that this says nothing about the damages awarded earlier: presumably the kid still owes 4k from the original case. It does, however, say something about where parental oversight is expected for kids doing things on the net.
Sounds like GPLv2
October 15th, 2009
The GPL version 2 was written back in 1991, in some sort of “plain english”. At least the intention was to write a clear document that allows recipients of a copyrighted work (e.g. a compute program in source code form) the four freedoms,
- 0: The reedom to use, for any purpose;
- 1: The Freedom to study the program;
- 2: The Freedom to make modifications to the program;
- 3: The Freedom to distribute the program, either in modified form or verbatim, either as source or as a compiled object./li>
(This is not the canonical form of the four freedoms, heck no). There are restrictions on when you may exercise those freedoms. In particular, when you distribute the program, you need to give the recipient the source code. If we boil it down to its syrupy goodness, this becomes “you can have this to do what you like, but anyone you give this to gets that same right.”
Well, that’s the intention. And under normal use, this is how it works. The GPL gives you permission to use the software (you must have a license to even run a piece of software you have, because of the way copyright law interacts with software). If you violate the terms of the GPL, then you can’t use the software. Simple.
The GPL version 2 has some extra text outside of the legal parts; for instance, one bit tries to clarify the intention of the license:
This General Public License does not permit incorporating your program into proprietary programs. If your program is a subroutine library, you may consider it more useful to permit linking proprietary applications with the library. If this is what you want to do, use the GNU Library General Public License instead of this License.
However, intentions come into play to only a limited extent in licenses. There is the text of the license, which is .. well, suffice to say it was written in 1991 with plain English in mind.
The Register is reporting on a webcast hosted by Black Duck Software with Karen Copenhaver and Mark Radcliffe. The Register article starts out with the misleading paragraph:
Two prominent IP lawyers have warned that the all-pervasive General Public License version 2 (GPLv2) is legally unsound.
Unsound doesn’t mean broken, and unsound doesn’t mean that the main use of the GPL version 2 is unsound. There’s a great deal of ambiguity in the license; I saw a talk by Sean Hogle at OSiMWorld with similar points. In particular this ambiguity exists around “derivative work”, although “distribution” is also not watertight. One illustration that “distribution” doesn’t cover everything that might be intended is the existence of the Affero GPL (AGPL).
Note that the analysis presented (in the webcast and summarized on the Register and then summary-summarized here) applies to the GPL version 2 only, and the GPLv3 is a great deal clearer (from a legal point of view, although it’s a lot more words).
As far as the Register article goes, the first comment finishes with “Rocket science it is not.” No, it’s not rocket science, but the gap between what you want (or what you have been led to believe) and what the text actually says — let alone what it does when subjected to scrutiny — may be very great. And that’s the different between landing on the moon, crashing into the moon, and exploding on the launch pad (which is AGPLv3, BTW).
Open Access
October 15th, 2009
On the open-* front, it turns out that next week is officially Open Access Week, pushing for open access to the results of scholarly work. I would venture that publicly paid research belongs to the public, and part of the social contract in supporting institutes of learning is that the results become evailable to the public quickly. That means I’m against patents on the results of publicly funded research as well. The results should be patent — make public, published, obvious — but I can’t support further restrictions on that, as the contract around patents is a trade off between the public good and risk in investment. And for public money, that risk is non-existent.
But I digress. Open Access week. I actually found out only because one of the institutes at the faculty of science where I used to work won a prize around Open Access; of course the event around the prize is closed.
I’m in Grenoble this week for the ELCE conference, where I’m mixed in with hordes of kernel hackers and embedded device manufacturers. I feel slightly out of place as a userland-and-legal guy. I had a nice chat about patents with a gentleman from a consortium working on ultra-low-power communications; in particular when casting a specification as a standard I feel that patents which may restrict the use of the technology or prevent certan kinds of implementation (e.g. Free Software implementations) have no place whatsoever in standards. It seems like we agree on that topic; I will continue to ask people carrying ‘open standards’ on their banners to explain what they mean.
For the Open Web, two weeks remain for registration.
Free Software for Africa
October 13th, 2009
Some time in march I will need to go back to Kano, Nigeria, hopefully for the second Nigerian Free and Open Source software conference. I’m looking forward to seeing Mustapha (now a proud father) and Ibrahim and Immanu and the rest of the guys again. The news out of Nigeria hasn’t been very good recently, and the Dutch government is advising against travel to the south of the country at all; this doesn’t apply to the north, which I found a wonderful place to visit and talk about Free Software last year. Licensing is always an issue, as are business models.
I was therefore really happy to stumble across the FOSS for Africa wiki with a whole series of educational modules around business models and examples of what works in Africa right now.
Browser Selection
October 13th, 2009
I’ve said it before, the devil is in the details. Last week the European Commission, by way of its Commissioner for Competition Policy Neelie Kroes, decided to accept a test proposal from Microsoft regarding the browser selection on its Windows operating system. Incidentally, the Register has a more readable form of the same thing.
Now, Karsten Gerloff, president of the FSFE, has written a good overview of what is wrong with the proposal. Basically, all the details are wrong. You can also find some comments by Carlo Piana on the subject.
Let me summarize: the browsers are not all shipped in the same state — there is one special pre-installed one — and the mechanism for choosing browsers is not flexible enough. It’s still not clear what the presentation order will be, which may skew the selection as well. I’ll say one good thing, and that is that there’s space for 12 browsers in the browser selection screen (umm .. no technical reason to limit it like that if the selector is a webpage, or anything else really). The big five plus space for specialized or less popular ones. It’s not clear what the criteria are there. Still, one might imagine a whole family of WebKit-based browsers being included.
Memory Twiddling
October 12th, 2009
Looking at Holger Freyther’s entry on the size of QList::Data object, my first reaction was “no, you can’t make that smaller, not on every architecture.” Holger’s point is that there is a hole of 31 bits in the structure (Thiago points out that that is intentional) where you could re-order elements to remove the hole — the last 24 bits of the hole could be used for something else. Of course, that only works for machine architectures that allow byte-aligned addressing. In any case, this shows that machine-based suggestions on code quality should be taken with a grain of salt.
But Holger’s other comments on memory profiling got me thinking about the tools available on OpenSolaris as well. It comes with something called pmap(1) which spits out a table like this (an edited selection from Firefox):
Address Kbytes RSS Anon Locked Mode Mapped File 07FE4000 400 400 400 - rw--- [ stack ] 08050000 8 8 - - r-x-- firefox-bin 08061000 8 8 - - rwx-- firefox-bin E9600000 4096 4096 - - rw--- [ anon ] E9C00000 3072 3072 - - rw--- [ anon ] EA000000 1024 1024 1024 - rw--- [ anon ] F2673000 560 248 - - r---- DejaVuSans-Bold.ttf F2EA0000 156 36 - - r-x-- libaudiofile.so.0.0.2 F2ED6000 12 12 12 - rwx-- libaudiofile.so.0.0.2 F2EE0000 40 36 - - r-x-- libltdl.so.3.1.4 F2EF9000 4 4 4 - rwx-- libltdl.so.3.1.4 total Kb 249204 155460 54148 -
This seems to be pretty fine-grained, and by totalling the RSS (Lubos help me here) you can find the total real memory usage of the application. Something that might be scripted and collected over time? Heck, there’s probably some DTrace probes to do just that already — it’s just missing a graphing application.
On a vaguely related topic, I should note that KSysGuard on OpenSolaris has received a great deal of attention — not upstreamed yet — both from Belenix and from the KDE4-Solaris project inside Sun, so that it once again produces useful displays on OSOL.
Some Dutch IT Items
October 12th, 2009
The Dutch copyright enforcers on music and video, Buma/Stemra, launched a plan last week to actually start collecting rights for proprietary content embedded in blogs and other personal websites. The version that reached the public press was that you would have to pay 130 EUR for up to six copyrighted items displayed on a .. something. That wasn’t really made clear in the press, and newspapers and then politics jumped all over it.
Now that plan has been retracted; apparently several parties in the Tweede Kamer ended up doubting the legal basis for such a licensing scheme, not to mention the social unrest caused by kids linking stuff on their social network pages (I hear Hyves is the most popular one in .nl, and its name seems to be used synonymously with “social network site” by now), and then the parents get a bill for the embedding. Well, the parents get the bill if they are still legally responsible for the child — I’m not sure what the age limits are there.
Just a list of my initial questions:
- Why is it onerous on the parents to be responsible for the behavior of their children in one aspect of the law, and not in others (e.g. vandalism)?
- If there is a legal doubt about the basis of enforcing rights on embedded content, what exactly is that based on? In what way does embedding differ from other forms of hosting? Does this not affect the legal basis of all rights enforcement on online content?
- Are these political parties up there only for their crowd-pleasing skills? (And I voted for ’em, too).
Copyright is important. It’s part of our social contract, although copyright in itself is an artificial construct of society. I won’t claim that the current crop of copyright laws is the best of all possible, but it is part of our (in the context of this blog entry, Dutch) society. And working with (and protecting) that social contract is part of everyone’s duty to society. So I’ll have a little sympathy for Buma today.
And in other news, Stichting Brein (whose amazingly annoying rightsholders information film at the beginning of every DVD I own is sufficient reason for me to rip the damn thing so I can just watch the movie and who were responsible for an amazingly misdirected bit of FUD against all forms of downloaded content a few years back — find the NLUUG and others’ response to the FUD (Dutch) as well as some useful background information on home copying (Dutch) on Arnoud Engelfriet’s blog) has gotten tied up in did-too-did-not court cases against the Pirate Bay. Brein’s mandate is protecting the rights of non-Free content. I can’t really fault them for doing that, it is something that is sometimes needed under copyright law. I can’t bring myself to have any sympathy for them, though.
[[ Thought experiment: Supposing that embedding doesn’t require normal handling of the rights on copyrighted works, how does a tracker — which doesn’t even embed, but only points to other, possibly embedded, copies — differ from the exemption now given? ]] [[ Addendum: Ars Technica has a nice overview of resistance to technology from rightsholders. ]]
Conference Schedules
October 12th, 2009
Spurred by Henrik’s comment on FSCONS (and I intend to go to FSCONS to talk about licensing, but need to get that together), I thought I’d post an update on some conferences.
I’ll be at ELCE later this week to talk about licensing compatibility (and possibly machine architecture). I’m looking forward to it, because the embedded and mobile industry is one that mostly “gets it” when it comes to Free Software (it’s also the source of most violations). I’m honoured to be on a conference programme with so many real hackers, and looking forward to hearing about non-x86 architectures in particular.
Later this month, the NLUUG conference on the Open Web will be held in Ede, the Netherlands. Support for openness — in all the meanings of open standards, open access, open content — is still of growing importance. You can find me at that conference with my green and purple hats on (FSFE and NLUUG). Arnoud Engelfriet will be providing the legal and licensing angle at that conference (speaking of whom, I was very surprised to see him on TV a week or two ago explaining about copyright and how it was possible to download things without violating copyrights).
If you don’t want the Open Web, you might want to go to Linux Kongress, 600km to the east. You can attend a talk about Ede, though. From my point of view, though, the most interesting talk is probably about Open Source ERP (I wonder about that, actually, since the OEPL looks like it is a restrictive license that will probably fail the Free Software criteria and might fail the Open Source Initiative criteria — but this is not the spot for lengthy license examination). My interest there is sparked (if I can call it that) by the relative lack of Free Software in that space. It is apparently neither an itch that people want to scratch, nor a market where business has found a way to work with Free Software in its business model. At least, that’s the impression I got from OpenExpo two weeks ago, and I’d be happy to be shown otherwise.
issa gone expode!
September 22nd, 2009
In Switserland today. It’s great to be in the mountains again, it puts a spring in my step — although the travel also puts a crimp in my email responsiveness. I’m in Winterthur for OpenExpo, where I’ll be showing off all three of my hats. Stop by for a promotional talk about the Open Web conference from the NLUUG, or about KDE, or we can sit down and discuss licensing issues in community-led and business-led Free Software projects. Your choice. It’s gorgeous weather — or it was today during the day, lovely to see the hills and countryside — some come on in before you get a tan.