Hi,
I will try to present the facts and free claims about the freebox that run
Linux GPL source code.
Please note that I am not a Laywer.
Also due to the obscurity of the freebox, some informations could be out of
date or incorrect.
Finaly as free is a french provider, most of the link are in french.
==FACT==
1) The freebox is an adsl gateway with VoIP, TV over ADSL and a optional
wifi bridge. The box is built and lended by an ADSL provider 'free'[0].
2) The freebox runs Linux 2.4. You could find some BitKeeper logs on
internet [1], [2]. You could also find some interesting (but sometimes
suspicious) informations on [3]. For example you could see the files that
are in the firmware (and find other GPL softwares).
3) The boot sequence is described on [4]. Note that in case of firmware
upgrade, the box should first synchronize with the dslam and do dhcp
requests, then download the new firmware and finaly reboot.
4) The optional wifi support is provided by a pcmcia card (prism2/3 for
802.11b, broadcom for 802.11g). You can buy it on 'free' portal or on
your own [5]. Note that in both case the card is yours and it is not
lended by 'free'.
==FREE and PRO-FREE CLAIMS (some claims could be find on [6])==
A) The freebox is only lended, so the user can't ask for GPL source code.
-> They forgot that for wifi feature, you have buy a pcmcia card and
that is card works wifi Linux driver. So according to GPL you could ask
for wifi driver source code and all the Linux source code ???
Also some people that don't return the freebox in time had to
paid 400 Euros and they became the owner of the freebox. Free send to a
client a letter [7] saying that if the user don't return the freebox,
free could bill it and then it becomes propriety of the user :
'Nous vous rappelons que conform?ment aux Conditions G?n?rales de Vente ,
en cas de non-restitution du modem, Free se r?serve le droit de proc?der
? la facturation de l'?quipement terminal, au prix mentionn? dans les CGV,
qui deviendra alors la *propri?t?* de l'Usager.'
B) The freebox don't keep the Linux kernel in memory, it is downloaded
at each boot.
-> If you remember 3), you could find strange that the box need to reboot
if a new firmware is available. Also the boot sequence is quite complex to
be made by an external (non-GPL) firmware : it need to control the led
display, need to control the ADSL chips in order to synchronize, need
to manage PPP in case of 'no-degroupe' users and finaly donwload in memory
the fimware. So we could assume that at least a mininal system (Linux
kernel + some utils) is keep in rom).
C) 'Free' is a network operator and needs to keep secret some informations
in order to preserve security on its networks.
-> Everybody know how security obscurity via is safe. Also I agree they
don't want to give their script or their configuration, but I fail to
see what could be a threat in the Linux kernel.
PS : sorry for my bad english.
[0] http://free.fr
[1] http://openlogging.org:8080/sakura.(none)/max-20040524220224-60268-baea416b9b2da5c2/src?nav=index.html
[2] http://openlogging.org:8080/chewbacca.proxad.net/rani-20040112173203-20972-c609c93690b2941a/src?nav=index.html
[3] http://www.f-b-x.net/
[4] http://forums.grenouille.com/index.php?showtopic=14659
[5] http://faq.free.fr/?q=797
[6] http://djeyl.net/free/nntp/index.php?group=all&author=Alexandre&headers=gpl
[7] http://linuxfr.org/comments/626391.html#626391
Pierre Michon wrote:
>==FREE and PRO-FREE CLAIMS (some claims could be find on [6])==
>
>A) The freebox is only lended, so the user can't ask for GPL source code.
>
>
If you lend someone linux, you're _distributing_ linux. The
GPL is about _distribution_ I believe, it doesn't have to be a _sale_.
You can't _lend_ someone windows (as a way of doing business) without
satisfying ms licencing terms either.
>-> They forgot that for wifi feature, you have buy a pcmcia card and
>that is card works wifi Linux driver. So according to GPL you could ask
>for wifi driver source code and all the Linux source code ???
>
>
Well, the wifi driver may or may not be under the GPL licence.
Check that first. The linux kernel itself is GPL of course.
>Also some people that don't return the freebox in time had to
>paid 400 Euros and they became the owner of the freebox. Free send to a
>client a letter [7] saying that if the user don't return the freebox,
>free could bill it and then it becomes propriety of the user :
>'Nous vous rappelons que conformément aux Conditions Générales de Vente ,
>en cas de non-restitution du modem, Free se réserve le droit de procéder
>à la facturation de l'équipement terminal, au prix mentionné dans les CGV,
>qui deviendra alors la *propriété* de l'Usager.'
>
>
>B) The freebox don't keep the Linux kernel in memory, it is downloaded
>at each boot.
>
>
Check where it is downloaded from, that is where linux
is being distributed from. Likely the same company though.
>C) 'Free' is a network operator and needs to keep secret some informations
>in order to preserve security on its networks.
>
>
They don't need to keep the kernel secret for security. Of course they
can still
keep their scripts secret, their (non-GPL) userland utilities secret, their
proprietary drivers secret and the hw specs secret. Good or bad, it is
up to them. But it seems to me they have to offer the kernel source,
at least.
Helge Hafting
Hi,
>Well, the wifi driver may or may not be under the GPL licence.
>Check that first. The linux kernel itself is GPL of course.
For the prism card, they should use hostap driver, but there no way to
check that (we can't log in on it). At least [2] list hostap in their
drivers.
>Check where it is downloaded from, that is where linux
>is being distributed from.
According to [1] it is downloaded from the company server. But as we
can't log in the freebox, there no way to check it. Also sniffing adsl
is a bit harder...
>Of course they can still
>keep their scripts secret, their (non-GPL) userland utilities secret,
>their proprietary drivers secret and the hw specs secret.
If you look at [2], their drivers are in the kernel tree. Don't they fall
to GPL ?
[1] http://www.f-b-x.net/
[2]
http://openlogging.org:8080/sakura.(none)/max-20040524220224-60268-baea416b9b2da5c2/src/drivers/freebox?nav=index.html|src/|src/drivers
Hi,
I'm sorry, I must be a bit stupid but I don't see any GPL violation
here... Could you be a bit more specific on what kind of code, Free is
keeping under his foot ?
Regards
--
Emmanuel Fleury
Sometimes one should just look at things and think about things
without doing things.
-- Calvin & Hobbes (Bill Waterson)
Hi,
>I'm sorry, I must be a bit stupid but I don't see any GPL violation
>here... Could you be a bit more specific on what kind of code, Free is
>keeping under his foot ?
Sorry I realise that my first post wasn't clear.
The fimware that is used with the freebox is a Linux system.
So in the firmware there is the GPL Linux kernel and all the GPL software
listed on [1] (busybox for example).
Users can't download nor binary firmware nor source code of GPL
software.
The binary firmware is downloaded by the freebox when a new version is
available. This is done on an unknow server with an unknow protocol.
So free keep the Linux kernel modification they have made. You could
see some of the log of their modification on [2] and [3].
They also don't provide the source for the GPL userspace software they
include in the firmware.
Pierre
[1] http://www.f-b-x.net/#firm
[2]
http://openlogging.org:8080/sakura.(none)/max-20040524220224-60268-baea416b9b2da5c2/src?nav=index.html
[3]
http://openlogging.org:8080/chewbacca.proxad.net/rani-20040112173203-20972-c609c93690b2941a/src?nav=index.html
Hi,
Ok, I think this is cristal clear to me, now. :)
Pierre Michon wrote:
>
> The fimware that is used with the freebox is a Linux system.
> So in the firmware there is the GPL Linux kernel and all the GPL software
> listed on [1] (busybox for example).
>
> Users can't download nor binary firmware nor source code of GPL
> software.
>
> The binary firmware is downloaded by the freebox when a new version is
> available. This is done on an unknow server with an unknow protocol.
>
> So free keep the Linux kernel modification they have made. You could
> see some of the log of their modification on [2] and [3].
> They also don't provide the source for the GPL userspace software they
> include in the firmware.
Your task will be to prove that the kernel they upload to your box is a
modified Linux kernel (by "modified Linux kernel", I mean no modules but
the kernel itself).
So, the first step would be to catch/sniff this binary image, then
analyze it.
But, as long as you cannot prove that Free has done internal
modifications to the Linux kernel which are not released in any way,
your case is quite thin.
Regards
--
Emmanuel Fleury
Don't speculate - benchmark.
-- Dan Bernstein
> Your task will be to prove that the kernel they upload to your box is a
> modified Linux kernel (by "modified Linux kernel", I mean no modules but
> the kernel itself).
>
> So, the first step would be to catch/sniff this binary image, then
> analyze it.
>
> But, as long as you cannot prove that Free has done internal
> modifications to the Linux kernel which are not released in any way,
> your case is quite thin.
why?
The GPL holds modified or not...
(and that includes drivers if they are distributed together with the gpl
kernel as part of a bigger work)
Arjan van de Ven wrote:
>
> why?
>
> The GPL holds modified or not...
>
> (and that includes drivers if they are distributed together with the gpl
> kernel as part of a bigger work)
Because they can just add a link to http://www.kernel.org on the kernel 2.4.20
(as refered in http://www.f-b-x.net/#firm). I would be a quick fix for them.
Regards
--
Emmanuel Fleury
Reality continues to ruin my life.
-- Calvin & Hobbes (Bill Waterson)
On Wed, 5 Oct 2005, Arjan van de Ven wrote:
>
>> Your task will be to prove that the kernel they upload to your box is a
>> modified Linux kernel (by "modified Linux kernel", I mean no modules but
>> the kernel itself).
>>
>> So, the first step would be to catch/sniff this binary image, then
>> analyze it.
>>
>> But, as long as you cannot prove that Free has done internal
>> modifications to the Linux kernel which are not released in any way,
>> your case is quite thin.
>
> why?
>
> The GPL holds modified or not...
>
> (and that includes drivers if they are distributed together with the gpl
> kernel as part of a bigger work)
The unmodified kernel and the unmodified drivers are available
from ftp.kernel.org and other sources, the vendor doesn't have
to supply them, only tell you where you can get them if you want them.
Anything the vendor wrote in user-space is the vendor's own stuff.
The vendor doesn't have to supply them at all.
Transparently upgrading across the network is a pretty good idea.
It seems that the "secret" protocol they are using pissed you off
so you think they must be doing something wrong.
Cheers,
Dick Johnson
Penguin : Linux version 2.6.13 on an i686 machine (5589.55 BogoMips).
Warning : 98.36% of all statistics are fiction.
****************************************************************
The information transmitted in this message is confidential and may be privileged. Any review, retransmission, dissemination, or other use of this information by persons or entities other than the intended recipient is prohibited. If you are not the intended recipient, please notify Analogic Corporation immediately - by replying to this message or by sending an email to [email protected] - and destroy all copies of this information, including any attachments, without reading or disclosing them.
Thank you.
Pierre Michon wrote:
>
>
> [1] http://www.f-b-x.net/#firm
Quite interesting. But this is "Linus Torvalds" and not "Linus Tordval".
The only thing we can know is that they are using a 2.4.24-pre9 compiled
for MIPS. But, you're right on one point, the fact that they have
several version of the 2.4.24-pre9 with different sizes makes it really
really suspicious.
Regards
--
Emmanuel Fleury
Please do not shoot the pianist. He is doing his best.
-- Oscar Wilde
On Wed, 2005-10-05 at 07:45 -0400, linux-os (Dick Johnson) wrote:
> On Wed, 5 Oct 2005, Arjan van de Ven wrote:
>
> >
> >> Your task will be to prove that the kernel they upload to your box is a
> >> modified Linux kernel (by "modified Linux kernel", I mean no modules but
> >> the kernel itself).
> >>
> >> So, the first step would be to catch/sniff this binary image, then
> >> analyze it.
> >>
> >> But, as long as you cannot prove that Free has done internal
> >> modifications to the Linux kernel which are not released in any way,
> >> your case is quite thin.
> >
> > why?
> >
> > The GPL holds modified or not...
> >
> > (and that includes drivers if they are distributed together with the gpl
> > kernel as part of a bigger work)
>
> The unmodified kernel and the unmodified drivers are available
> from ftp.kernel.org and other sources, the vendor doesn't have
> to supply them, only tell you where you can get them if you want them.
only for non-commercial distribution!
which here isn't the case obviously
On Wed, 2005-10-05 at 13:37 +0200, Emmanuel Fleury wrote:
> Arjan van de Ven wrote:
> >
> > why?
> >
> > The GPL holds modified or not...
> >
> > (and that includes drivers if they are distributed together with the gpl
> > kernel as part of a bigger work)
>
> Because they can just add a link to http://www.kernel.org on the kernel 2.4.20
> (as refered in http://www.f-b-x.net/#firm). I would be a quick fix for them.
that's not enough to satisfy the GPL conditions.
Arjan van de Ven wrote:
>
> that's not enough to satisfy the GPL conditions.
It is.
Regards
--
Emmanuel Fleury
And I'm right. I'm always right, but in this case
I'm just a bit more right than I usually am.
-- Linus Torvalds
On Wed, 2005-10-05 at 14:02 +0200, Emmanuel Fleury wrote:
> Arjan van de Ven wrote:
> >
> > that's not enough to satisfy the GPL conditions.
>
> It is.
3. You may copy and distribute the Program (or a work based on it,
under Section 2) in object code or executable form under the terms of
Sections 1 and 2 above provided that you also do one of the following:
a) Accompany it with the complete corresponding machine-readable
source code, which must be distributed under the terms of Sections
1 and 2 above on a medium customarily used for software interchange;
or,
b) Accompany it with a written offer, valid for at least three
years, to give any third party, for a charge no more than your
cost of physically performing source distribution, a complete
machine-readable copy of the corresponding source code, to be
distributed under the terms of Sections 1 and 2 above on a medium
customarily used for software interchange; or,
c) Accompany it with the information you received as to the offer
to distribute corresponding source code. (This alternative is
allowed only for noncommercial distribution and only if you
received the program in object code or executable form with such
an offer, in accord with Subsection b above.)
they don't do a)
they don't do b)
c) is only for noncommerial distribution (not the case here) and only if
they got it in a type b) before, eg it allows you to transfer a type b)
in the non-commerical case.
On Wed, Oct 05, 2005 at 02:02:35PM +0200, Emmanuel Fleury wrote:
> Arjan van de Ven wrote:
> >
> > that's not enough to satisfy the GPL conditions.
>
> It is.
>From the GPL FAQ:
==================================================
Is making and using multiple copies within one organization or company "distribution"?
No, in that case the organization is just making the copies for itself.
As a consequence, a company or other organization can develop a modified
version and install that version through its own facilities, without
giving the staff permission to release that modified version to
outsiders.
==================================================
The bottom line is the Freebox is still owned by Free when you are using
it. It you "buy" it (by not giving it back and paying 400 EUR), you
don't have the right anymore to plug it into free network, thus don't
have access to freebox's firmware.
but please keep that away from the LKML, this is *offtopic* here.
This list is about *developement* of the linux kernel..
--
Vincent Hanquez
Arjan van de Ven wrote:
>
> 3. You may copy and distribute the Program (or a work based on it,
> under Section 2) in object code or executable form under the terms of
> Sections 1 and 2 above provided that you also do one of the following:
>
> a) Accompany it with the complete corresponding machine-readable
> source code, which must be distributed under the terms of Sections
> 1 and 2 above on a medium customarily used for software interchange;
> or,
>
> b) Accompany it with a written offer, valid for at least three
> years, to give any third party, for a charge no more than your
> cost of physically performing source distribution, a complete
> machine-readable copy of the corresponding source code, to be
> distributed under the terms of Sections 1 and 2 above on a medium
> customarily used for software interchange; or,
>
> c) Accompany it with the information you received as to the offer
> to distribute corresponding source code. (This alternative is
> allowed only for noncommercial distribution and only if you
> received the program in object code or executable form with such
> an offer, in accord with Subsection b above.)
>
>
> they don't do a)
>
> they don't do b)
>
> c) is only for noncommerial distribution (not the case here) and only if
> they got it in a type b) before, eg it allows you to transfer a type b)
> in the non-commerical case.
First, it is very arguable to say that they are "distributing" the
software as it does not comes with the FreeBox but is automatically
downloaded at each boot through the DSLAM network (which the user is not
supposed to know about).
Second, if you take the example of the LinkSys case, there was an
indirect way of getting all these informations (their website) and
_still_ you don't have all the informations you claimed in the boxes
that LinkSys is selling but on their website.
See:
http://gnumonks.org/~laforge/weblog/2005/06/13#20050613-linksys-adsl2mue
And (LinkSys GPL Code Center):
http://www.linksys.com/servlet/Satellite?childpagename=US%2FLayout&packedargs=c%3DL_Content_C1%26cid%3D1115416836002&pagename=Linksys%2FCommon%2FVisitorWrapper
If you want to know more about the _usage_ (and in matter of justice and
laws the usage is often more important than what is written down),
I would suggest you take a look at the LinkSys case.
See:
- http://lkml.org/lkml/2003/6/7/164
- http://lwn.net/Articles/53780/
Regards
--
Emmanuel Fleury
My life needs a rewind/erase button.
-- Calvin & Hobbes (Bill Waterson)
Emmanuel Fleury writes:
> First, it is very arguable to say that they are "distributing" the
> software as it does not comes with the FreeBox but is automatically
> downloaded at each boot through the DSLAM network (which the user is not
> supposed to know about).
In the US, copyright law's definitive use of "distribution" says that
"to distribute copies or phonorecords of the copyrighted work to the
public by sale or other stranfer of ownership, or by rental, lease, or
lending" is a right reserved to the copyright owner. Saying "it's
only a loan" or "it's only temporary" does not relieve any obligation
under the GPL. I would imagine that law across the EU is similar.
Michael Poole
Hi,
> First, it is very arguable to say that they are "distributing" the
>software as it does not comes with the FreeBox but is automatically
>downloaded at each boot through the DSLAM network (which the user is not
>supposed to know about).
Have you read my first comment ?
If you said there is nothing in the freebox, how does it boot in order
to recover the firmware ?
They made a no-GPL firmware, that manage the led screen, the adsl chip,
ppp, that can do http request ?
Why does it need to rebbot when a new firmware is available ?
I am bored that people always give the same suspicious arguments...
Pierre
Hi,
>Your task will be to prove that the kernel they upload to your box is a
>modified Linux kernel (by "modified Linux kernel", I mean no modules but
>the kernel itself).
Have you read my first comment ?
I provide the link of their BitKeeper changelog [1] [2]...
Also GPL state that you need to give GPL source even if you don't do any
modification...
Pierre
[1]
http://openlogging.org:8080/sakura.(none)/max-20040524220224-60268-baea416b9b2da5c2/src?nav=index.html
[2]
http://openlogging.org:8080/chewbacca.proxad.net/rani-20040112173203-20972-c609c93690b2941a/src?nav=index.html
Hi,
>The bottom line is the Freebox is still owned by Free when you are using
>it. It you "buy" it (by not giving it back and paying 400 EUR), you
>don't have the right anymore to plug it into free network, thus don't
>have access to freebox's firmware.
So how do you explain my point B ?
Why does it need to reboot when there is a new firmware ?
How they manage to download the firmware (need led driver, ppp, http,
adsl driver, atm stack, ...)
>but please keep that away from the LKML, this is *offtopic* here.
>This list is about *developement* of the linux kernel..
Please suggest other mailling lists.
Pierre
On Wed, Oct 05, 2005 at 05:18:46PM +0200, Pierre Michon wrote:
> Why does it need to reboot when there is a new firmware ?
To use it, exactly like when you reboot your pc to change kernels.
> How they manage to download the firmware (need led driver, ppp, http,
> adsl driver, atm stack, ...)
How do you think some random network card with do netbooting works ?
(got a led driver, ipv4 simplified "stack", dhcp & tftp capabilities)
Just like your pc has a BIOS to search for booting devices
> Please suggest other mailling lists.
the one you CC at first @lists.gpl-violations.org and only this one ...
--
Vincent Hanquez
>> Why does it need to reboot when there is a new firmware ?
>To use it, exactly like when you reboot your pc to change kernels.
Yes but in this case you have just rebooted. It is like when you reboot
to change your kernel, the new kernel notice it is newer and reboot...
If it has an external firmware in the adsl chips for downloading the
linux kernel, why after you download the new linux firmware, you need to
reboot ?
I forgot to say that in case of a new firmware, you can see the upload
(and flash ?) of the new firmware with ____,----- symbol on led. See
step 6 of [1].
So why in case a new firmware you need to wait more time (about 10
second) that the case where there not new firmware ?
>> How they manage to download the firmware (need led driver, ppp, http,
>> adsl driver, atm stack, ...)
>How do you think some random network card with do netbooting works ?
>(got a led driver, ipv4 simplified "stack", dhcp & tftp capabilities)
>Just like your pc has a BIOS to search for booting devices
Adsl is far more complex than ethernet...
>> Please suggest other mailling lists.
>the one you CC at first @lists.gpl-violations.org and only this one ...
Ok, let's continue on this mailling list.
Register is needed to post, but I think it is worth to continue, to
clarify how works the freebox and some wrong assuptions.
Pierre
[1] http://forums.grenouille.com/index.php?showtopic=14659
Pierre Michon wrote:
>
>>Just like your pc has a BIOS to search for booting devices
>
> Adsl is far more complex than ethernet...
Not complex enough so that a network boot protocol can't fit on a BIOS
chip, believe me.
> Ok, let's continue on this mailling list.
> Register is needed to post, but I think it is worth to continue, to
> clarify how works the freebox and some wrong assuptions.
The only wrong assumptions that I see here are yours.
I don't understand why you cannot accept that the Freebox is part of the
Free network infrastructure and that you are not using directly the OS
but only the service that they provide.
You have to understand that this is just like if the nodes to which your
mobile phone is connecting were running Linux. Just because your mobile
phone is your, you cannot ask for the code of what is running on the node.
'Got it, now ?
Regards
--
Emmanuel Fleury
A good compromise leaves everyone mad.
-- Calvin & Hobbes (Bill Waterson)
On Oct 5, 2005, Emmanuel Fleury <[email protected]> wrote:
> First, it is very arguable to say that they are "distributing" the
> software as it does not comes with the FreeBox but is automatically
> downloaded at each boot through the DSLAM network (which the user is not
> supposed to know about).
So if I tell you to download a Live CD using say bittorrent and don't
tell you that this Live CD contains Linux the kernel because you're
not supposed to know that, you're not entitled to get the sources?
--
Alexandre Oliva http://www.lsd.ic.unicamp.br/~oliva/
Red Hat Compiler Engineer aoliva@{redhat.com, gcc.gnu.org}
Free Software Evangelist oliva@{lsd.ic.unicamp.br, gnu.org}
Hi,
>Not complex enough so that a network boot protocol can't fit on a BIOS
>chip, believe me.
So _why_ the freebox act _differently_ in the boot process when there is
a firmware update ?
Just for the fun ?
> he only wrong assumptions that I see here are yours.
I provide facts and arguments, you provide nothing.
>I don't understand why you cannot accept that the Freebox is part of the
>Free network infrastructure and that you are not using directly the OS
>but only the service that they provide.
So what about _my_ wifi pcmcia card ?
What about the people who had to paid 400 euros and receive a letter
from free telling them that according to CGV there are the onwer of the
freebox (ok this one need some checks).
Again in my first post I provide facts for this (with links), you provide
nothing than replying always the same things without arguments against
mine.
Please take my first post and reply to point A, B, C with arguments.
>'Got it, now ?
No, because you didn't answer to my questions...
Pierre
Please let's continue on legal gpl-violations.org ML.
On Wed, Oct 05, 2005 at 02:29:50PM +0200, Emmanuel Fleury wrote:
> Arjan van de Ven wrote:
[...]
> > they don't do a)
> >
> > they don't do b)
> >
> > c) is only for noncommerial distribution (not the case here) and only if
> > they got it in a type b) before, eg it allows you to transfer a type b)
> > in the non-commerical case.
>
> First, it is very arguable to say that they are "distributing" the
> software as it does not comes with the FreeBox but is automatically
> downloaded at each boot through the DSLAM network (which the user is not
> supposed to know about).
If the box downloads a linux kernel through the DSLAM network, then
someone is clearly distributing linux kernels through the DSLAM network.
I would guess it is the same guys, because relying on someone else providing
them with kernels is a risky business. But whoever is on the other end
of the DSLAM net have to offer the source as well, because they _are_
distributing kernels.
The fact that the user isn't supposed to know how this box work
doesn't change anything, of course. The GPL says those who
distribute the work - it doesn't matter that they don't tell the
customer that they're given a linux kernel. They still have to offer
the source if asked.
Helge Hafting
On Thu, 6 Oct 2005, Helge Hafting wrote:
> If the box downloads a linux kernel through the DSLAM network, then
> someone is clearly distributing linux kernels through the DSLAM network.
> I would guess it is the same guys, because relying on someone else providing
> them with kernels is a risky business. But whoever is on the other end
> of the DSLAM net have to offer the source as well, because they _are_
> distributing kernels.
>
> The fact that the user isn't supposed to know how this box work
> doesn't change anything, of course. The GPL says those who
> distribute the work - it doesn't matter that they don't tell the
> customer that they're given a linux kernel. They still have to offer
> the source if asked.
the argument that they are making is that they are only moveing the kernel
within their own companies equipment, and therefor it doesn't count as
'distribution'
agree with this argument or not, but please acknowledge this point of view
rather then pretending that they have no argument at all and are just
plain refusing.
David Lang
--
There are two ways of constructing a software design. One way is to make it so simple that there are obviously no deficiencies. And the other way is to make it so complicated that there are no obvious deficiencies.
-- C.A.R. Hoare
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
>> If the box downloads a linux kernel through the DSLAM network, then
>> someone is clearly distributing linux kernels through the DSLAM network.
>> I would guess it is the same guys, because relying on someone else
>> providing
>> them with kernels is a risky business. But whoever is on the other end
>> of the DSLAM net have to offer the source as well, because they _are_
>> distributing kernels.
>>
>> The fact that the user isn't supposed to know how this box work
>> doesn't change anything, of course. The GPL says those who
>> distribute the work - it doesn't matter that they don't tell the
>> customer that they're given a linux kernel. They still have to offer
>> the source if asked.
>
>
> the argument that they are making is that they are only moveing the
> kernel within their own companies equipment, and therefor it doesn't
> count as 'distribution'
>
> agree with this argument or not, but please acknowledge this point of
> view rather then pretending that they have no argument at all and are
> just plain refusing.
>
> David Lang
>
If one turns it on, doesn't turn it off, pays the 400 EUR and
as a result OWNS it, then what one has is a box that at that point
in time is running Linux and one is the owner of it.
// Stefan
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32)
iD8DBQFDRHnpBrn2kJu9P78RApviAJ9AwjF8wU+6ao/L61AC7xW/QSBRZwCaA9u1
yDDXxWQ/0MHeAS7pSg4C4rg=
=oLR8
-----END PGP SIGNATURE-----
On Thu, 6 Oct 2005, Stefan Smietanowski wrote:
> If one turns it on, doesn't turn it off, pays the 400 EUR and
> as a result OWNS it, then what one has is a box that at that point
> in time is running Linux and one is the owner of it.
as I said, feel free to argue against their point, but let's stop having
people getting on their high horse pretending that they have no argument
at all.
David Lang
--
There are two ways of constructing a software design. One way is to make it so simple that there are obviously no deficiencies. And the other way is to make it so complicated that there are no obvious deficiencies.
-- C.A.R. Hoare
David Lang wrote:
> On Thu, 6 Oct 2005, Helge Hafting wrote:
>
>> If the box downloads a linux kernel through the DSLAM network, then
>> someone is clearly distributing linux kernels through the DSLAM network.
>> I would guess it is the same guys, because relying on someone else
>> providing
>> them with kernels is a risky business. But whoever is on the other end
>> of the DSLAM net have to offer the source as well, because they _are_
>> distributing kernels.
>>
>> The fact that the user isn't supposed to know how this box work
>> doesn't change anything, of course. The GPL says those who
>> distribute the work - it doesn't matter that they don't tell the
>> customer that they're given a linux kernel. They still have to offer
>> the source if asked.
>
>
> the argument that they are making is that they are only moveing the
> kernel within their own companies equipment, and therefor it doesn't
> count as 'distribution'
Interesting argument, but it breaks for at least two reasons:
1. You can buy that box instead of just hiring it. That moves kernels
"outside the company",
for money even.
2. It doesn't matter if they only move kernels withing their own
companys equipment.
If they lend a customer equipment containing a linux kernel, then
they're lending
them a linux kernel. Lending is distribution!
>
> agree with this argument or not, but please acknowledge this point of
> view rather then pretending that they have no argument at all and are
> just plain refusing.
The argument might be fine, if they were moving linux kernels into
company equipment
used by company personell only. (I.e. linux-powered
desktops/servers/gadgets for their employees.)
And it might not. Maybe they actually have to distribute source to
employees too, if they
request it. The GPL only mentions recipients, no exceptions for
"internal company use". A company
may perhaps demand that the employees never request the source, though.
Or perhaps
"internal use" is covered by the company being a "legal unit".
People breaking the GPL should be taken seriously. Fortunately, the
solution is easy for
GPL-breakers. Break someone else's license, and they have to pay
damages. Break the GPL,
and all you need to do is to stuff some source code onto a public
(web/ftp)server - and all is fine again.
The situation is so cheap and _easy_ to rectify, that is one reason
people gets so pissed off at
a violation. It is not as if complying with the GPL would be any kind
of burden to them.
Helge Hafting
Helge Hafting wrote:
>
> Interesting argument, but it breaks for at least two reasons: 1. You
> can buy that box instead of just hiring it. That moves kernels
> "outside the company", for money even.
I might have misunderstood but I think that if you buy the hardware you
cannot connect it to the DSLAM network anymore. So that only the boxes
they own are connected to the DSLAM.
> 2. It doesn't matter if they only move kernels withing their own
> companys equipment. If they lend a customer equipment containing a
> linux kernel, then they're lending them a linux kernel. Lending is
> distribution!
Are you sure this point has been clarified in court in the past ?
If not, I would bet on it (for the specific case of settop boxes).
> The argument might be fine, if they were moving linux kernels into
> company equipment used by company personell only. (I.e.
> linux-powered desktops/servers/gadgets for their employees.) And it
> might not. Maybe they actually have to distribute source to
> employees too, if they request it. The GPL only mentions recipients,
> no exceptions for "internal company use". A company may perhaps
> demand that the employees never request the source, though. Or
> perhaps "internal use" is covered by the company being a "legal
> unit".
"internal use" is kind of a buzz word here and should probably be
clarified for this kind of cases.
For now, I really don't see the flaw in Free's argument.
I mentioned in another mail the case of a mobile phone network
infrastructure where the network nodes to which mobile phones are
connecting are running Linux. It seems to be an "internal use" (as it
never leak out of the company network) and yet providing a service to
customers.
The only difference in the Freeboxes case is that the node is at the
customer place (you can compare the customer's mobile phone to the
customer's computer plugged on the Freebox). But the fact that you don't
share your node with others and that you have it at home doesn't change
the fact that the company own it.
Has been any previous similar cases in the past which went in court ?
Maybe the best attack angle would be to say that if a GPL system is
interacting directly with a customer, then the source code should be
distributed. But I don't see if this requirement need changes in the GPL
(I'm ain't no expert).
Regards
--
Emmanuel Fleury
Always program as if the person who will be maintaining your program
is a violent psychopath that knows where you live.
-- Unknown
Emmanuel Fleury wrote:
>
> Are you sure this point has been clarified in court in the past ?
> If not, I would bet on it (for the specific case of settop boxes).
I _wouldn't_ bet on it....
Argh.
Regards
--
Emmanuel Fleury
Given that sooner or later we're all just going to die,
what's the point of learning about integers?
-- Calvin & Hobbes (Bill Waterson)
Emmanuel Fleury wrote:
>Helge Hafting wrote:
>
>
>>Interesting argument, but it breaks for at least two reasons: 1. You
>>can buy that box instead of just hiring it. That moves kernels
>>"outside the company", for money even.
>>
>>
>
>I might have misunderstood but I think that if you buy the hardware you
>cannot connect it to the DSLAM network anymore. So that only the boxes
>they own are connected to the DSLAM.
>
>
Well, but there still is a kernel in the box that was downloaded before
they bought it? Or does the box become unuseable when they buy it?
>
>
>>2. It doesn't matter if they only move kernels withing their own
>>companys equipment. If they lend a customer equipment containing a
>>linux kernel, then they're lending them a linux kernel. Lending is
>>distribution!
>>
>>
>
>Are you sure this point has been clarified in court in the past ?
>If not, I would bet on it (for the specific case of settop boxes).
>
>
Licencing rules applies when copying stuff for internal use.
Consider what would happen, if the company used windows
instead of linux on their boxes:
Everytime they copy windows onto a box they have to pay ms for another
licence. Big companies can't jsut buy a single windows licence and
copy it to all their desktops. BSA has definitely clarified that in court.
Now, the ms licence specifies payments to ms. The GPL is just another
licence,
with slightly different terms. Instead of a payment, it specifies source
availability as the "price".
There is clearly court precedent that companies have to comply with
software
licences when making copies for _internal_ use. GNUs licence or ms licence
shouldn't matter.
>"internal use" is kind of a buzz word here and should probably be
>clarified for this kind of cases.
>
>For now, I really don't see the flaw in Free's argument.
>
>
If "when do we invoke the GPL" is hard to see, try considering
"when do we have to pay" if using ordinary proprietary pay-per-instance
software. You will then find that the cases are similiar.
If the company makes and distributes an internal copy of windows, then
they pay ms.
If the company makes and distributes an internal copy of linux, then
they have to
provide an internal copy of the source as well.
If I make a business out of lending windows boxes, then I have to pay
licences
on each box. If I lend customers linux boxes, I should lend them the
source too if they
requests it. Remember, even if the average customer doesn't know what
software
is in the box, they still have the right to make a copy of the linux
kernel, because you
cannot take away that right.
>I mentioned in another mail the case of a mobile phone network
>infrastructure where the network nodes to which mobile phones are
>connecting are running Linux. It seems to be an "internal use" (as it
>never leak out of the company network) and yet providing a service to
>customers.
>
>
This is fine. Similiar to how I can run a linux-based webserver, without
having to provide people with linux source. This because I don't give
them the server that contains linux. But if you _sell_ one of those
network nodes, then you have to provide linux source along with it.
>The only difference in the Freeboxes case is that the node is at the
>customer place (you can compare the customer's mobile phone to the
>customer's computer plugged on the Freebox). But the fact that you don't
>share your node with others and that you have it at home doesn't change
>the fact that the company own it.
>
>
Interesting argument indeed. But consider: what would happen
if the phones (or freebox) were to run windows? The distributing
company would have to pay licencing fees, right?
>Has been any previous similar cases in the past which went in court ?
>
>
>
There have at least been cases where companies were selling
linux-powered products, and were told that they had to
provide the sources. I don't know if any of them bothered
going to court, simply making the source available (on a cd
or webserver) is so much cheaper than that.
>Maybe the best attack angle would be to say that if a GPL system is
>interacting directly with a customer, then the source code should be
>distributed. But I don't see if this requirement need changes in the GPL
>(I'm ain't no expert).
>
>
An interesting thing about the GPL is that it talks about
"distributing copies", not about "selling or otherwise changing ownership".
"Distributing" a linux kernel embedded in a product owned by the
company doesn't change that. Where the binary kernel go, the
source should go too (if requested).
Fortunately, this licencing term is so easy to satisfy that it'd be silly
to try to fight it. Stick the source on a webserver somewhere. Provide
the URL in the accompagnying paper (or a README file if appropriate.)
If distributing cd's, consider sticking a tarball there.
Helge Hafting
Hi,
>I might have misunderstood but I think that if you buy the hardware you
>cannot connect it to the DSLAM network anymore. So that only the boxes
>they own are connected to the DSLAM.
Again have you any proof that there aren't any Linux firmware in the
flash of the freebox ?
How do you explain that the boot sequence isn't stateless ?
Why in case of a firmware update, you have a special state of 10 seconds
were the freebox seem to download and write some data somewhere ?
So yes may be you can't connect anymore to the free DSLAM, but there is
may be still GPL data in the flash.
>Are you sure this point has been clarified in court in the past ?
>If not, I would bet on it (for the specific case of settop boxes).
For french law I don't know, but someone on gpl-violation this is true
for de and au.
>I mentioned in another mail the case of a mobile phone network
>infrastructure where the network nodes to which mobile phones are
>connecting are running Linux. It seems to be an "internal use" (as it
>never leak out of the company network) and yet providing a service to
>customers.
No the freebox is more like a dvb box that is lended by a satellite
provider and could do firmware update via satellite.
I don't know if there are similar case for dvb box.
Pierre
Helge Hafting wrote:
>
> Well, but there still is a kernel in the box that was downloaded before
> they bought it? Or does the box become unuseable when they buy it?
No idea, I don't have a Freebox yet.
> If I make a business out of lending windows boxes, then I have to pay
> licences
> on each box. If I lend customers linux boxes, I should lend them the
> source too if they
> requests it. Remember, even if the average customer doesn't know what
> software
> is in the box, they still have the right to make a copy of the linux
> kernel, because you
> cannot take away that right.
You got an extremely good point here. At least it shows why this way of
doing is not "moral", but, looking at the GPL text, there is nothing
stating any obligation to "pay" in any manner (money or contributions)
to use and/or modify GPLed softwares.
Just to illustrate my point, in the case of an webserver, if the
webmaster patch the code of his own webserver to provides his customers
with a new service. Has he the obligation to redistribute this code ?
Namely, his patched webserver will never get distributed. The only
interaction between the customers and his webserver will be through
exchanges of HTML files.
And anyway, to whom redistribute the code ? Indeed, what would do the
customers with such code ? As they are only using the service without
really touching the software.
Therefore, it would be nice from the webmaster to contribute with his
patch, but I do think that it is his own choice to do so.
Note: Originally, the redistribution of the code was mainly to avoid
customers or companies to get stuck with a "no more maintained"
binaries. In the case we are looking now, as the hardware is not
belonging to the customers, there is no such risk. So the protection
seems to be against something else... but what ?
> There have at least been cases where companies were selling
> linux-powered products, and were told that they had to
> provide the sources. I don't know if any of them bothered
> going to court, simply making the source available (on a cd
> or webserver) is so much cheaper than that.
LinkSys is an example. But the customers were owning the machine with
everything in it (including the OS). Again, the clause on distributing
the sources help to not get stuck with a piece of hardware that you own
with no possibility of upgrade (remembers me the famous story of RMS and
the laser printer).
> An interesting thing about the GPL is that it talks about
> "distributing copies", not about "selling or otherwise changing ownership".
>
> "Distributing" a linux kernel embedded in a product owned by the
> company doesn't change that. Where the binary kernel go, the
> source should go too (if requested).
>
> Fortunately, this licencing term is so easy to satisfy that it'd be silly
> to try to fight it. Stick the source on a webserver somewhere. Provide
> the URL in the accompagnying paper (or a README file if appropriate.)
> If distributing cd's, consider sticking a tarball there.
Well, I'm really sorry to play the Devil Advocate once time more, but as
far as I know all these DSL companies have big secrets because of
weaknesses in their security. Being hacked at the Internet level is one
thing, being hacked at the DSLAM level means a lot. Try to imagine if
anybody could upload to you his own modified kernel, this means that you
can tape all the internet traffic, all the phone calls, all the TV
programs that you are looking at, and also probably having an easy way
in to your local network (wired and wifi).
Regards
--
Emmanuel Fleury
Live as if your were to die tomorrow.
Learn as if you were to live forever.
-- Mahatma Gandhi
Pierre Michon wrote:
>
>>I might have misunderstood but I think that if you buy the hardware you
>>cannot connect it to the DSLAM network anymore. So that only the boxes
>>they own are connected to the DSLAM.
>
> Again have you any proof that there aren't any Linux firmware in the
> flash of the freebox ?
Helloooo !!! Have you proofs that they have ???
You're always assuming the worst from Free, this is really starting to
be annoying. Just stick to the FACTS and if you want to argue on
something, bring PROOFS !
And even if it was the case, you missed the point here, if they own the
Freebox their point is that they are using Linux for "internal use" only.
>>Are you sure this point has been clarified in court in the past ?
>>If not, I would bet on it (for the specific case of settop boxes).
>
> For french law I don't know, but someone on gpl-violation this is true
> for de and au.
Nonsense, you are talking about cases of softwares which were sold to
customers with GPL code inside. This is no such case here.
>>I mentioned in another mail the case of a mobile phone network
>>infrastructure where the network nodes to which mobile phones are
>>connecting are running Linux. It seems to be an "internal use" (as it
>>never leak out of the company network) and yet providing a service to
>>customers.
>
> No the freebox is more like a dvb box that is lended by a satellite
> provider and could do firmware update via satellite.
>
> I don't know if there are similar case for dvb box.
You obviously need a brain, try to get one and come back after you
learned to use it.
Regards
--
Emmanuel Fleury
Shut up and hack !
-- Theo de Raadt (OpenBSD Hackaton)
Emmanuel Fleury writes:
>>>Are you sure this point has been clarified in court in the past ?
>>>If not, I would bet on it (for the specific case of settop boxes).
>>
>> For french law I don't know, but someone on gpl-violation this is true
>> for de and au.
>
> Nonsense, you are talking about cases of softwares which were sold to
> customers with GPL code inside. This is no such case here.
In the US, the law (17 USC 106) is very clear that renting, lending,
and leasing are "distribution" that is a protected right. The Berne
Convention says the same in article 11bis (remember that a later
revision explicitly included computer programs in "literary works").
Do you think this interpretation of "distribution" does not apply to
Free? If not, why not?
Michael Poole
Emmanuel Fleury writes:
> Well, I'm really sorry to play the Devil Advocate once time more, but as
> far as I know all these DSL companies have big secrets because of
> weaknesses in their security. Being hacked at the Internet level is one
> thing, being hacked at the DSLAM level means a lot. Try to imagine if
> anybody could upload to you his own modified kernel, this means that you
> can tape all the internet traffic, all the phone calls, all the TV
> programs that you are looking at, and also probably having an easy way
> in to your local network (wired and wifi).
Lousy security is not an excuse to violate contract or copyright law.
Michael Poole
Emmanuel Fleury wrote:
>Helge Hafting wrote:
>
>
>>If I make a business out of lending windows boxes, then I have to pay
>>licences
>>on each box. If I lend customers linux boxes, I should lend them the
>>source too if they
>>requests it. Remember, even if the average customer doesn't know what
>>software
>>is in the box, they still have the right to make a copy of the linux
>>kernel, because you
>>cannot take away that right.
>>
>>
>
>You got an extremely good point here. At least it shows why this way of
>doing is not "moral", but, looking at the GPL text, there is nothing
>stating any obligation to "pay" in any manner (money or contributions)
>to use and/or modify GPLed softwares.
>
>Just to illustrate my point, in the case of an webserver, if the
>webmaster patch the code of his own webserver to provides his customers
>with a new service. Has he the obligation to redistribute this code ?
>
>
No, because he didn't distribute any binary code.
>Namely, his patched webserver will never get distributed. The only
>interaction between the customers and his webserver will be through
>exchanges of HTML files.
>
>
Correct, so only the licence on the html files (if any) will matter.
>Therefore, it would be nice from the webmaster to contribute with his
>patch, but I do think that it is his own choice to do so.
>
>
Indeed, because he didn't distribute the webserver binary
in any way. He still only got his own single (modified) copy.
So he has choice. But if he starts selling "improved webserver boxes"
then the GPL kicks in. Source too - the price of getting the sw for
no money in the first place.
>Note: Originally, the redistribution of the code was mainly to avoid
>customers or companies to get stuck with a "no more maintained"
>binaries. In the case we are looking now, as the hardware is not
>belonging to the customers, there is no such risk. So the protection
>seems to be against something else... but what ?
>
>
The point is forced open source. If you can do business using
open-source stuff, then you shall be unable to prevent others from
doing the same. This is the "price" of open source, and keeps the
sw prices way down. Nobody can charge much for the open software
component, because the source must be available for free so
anybody capable of compiling it can create their own product.
Competition and the ability to make money then, is not about
having the best sw (because it is forcibly not secret) but in
providing the best service and hardware.
>>There have at least been cases where companies were selling
>>linux-powered products, and were told that they had to
>>provide the sources. I don't know if any of them bothered
>>going to court, simply making the source available (on a cd
>>or webserver) is so much cheaper than that.
>>
>>
>
>LinkSys is an example. But the customers were owning the machine with
>everything in it (including the OS). Again, the clause on distributing
>the sources help to not get stuck with a piece of hardware that you own
>with no possibility of upgrade (remembers me the famous story of RMS and
>the laser printer).
>
>
Not getting stuck is one thing. Not needing to reinvent the wheel
is another. Nobody need to make another linux kernel from scratch, they
can instead grab the existing one and build on that. In the long run, this
saves a lot of reimplementation cost for society. Instead, whe can focus on
improving the software further.
>>An interesting thing about the GPL is that it talks about
>>"distributing copies", not about "selling or otherwise changing ownership".
>>
>>"Distributing" a linux kernel embedded in a product owned by the
>>company doesn't change that. Where the binary kernel go, the
>>source should go too (if requested).
>>
>>Fortunately, this licencing term is so easy to satisfy that it'd be silly
>>to try to fight it. Stick the source on a webserver somewhere. Provide
>>the URL in the accompagnying paper (or a README file if appropriate.)
>>If distributing cd's, consider sticking a tarball there.
>>
>>
>
>Well, I'm really sorry to play the Devil Advocate once time more, but as
>far as I know all these DSL companies have big secrets because of
>weaknesses in their security. Being hacked at the Internet level is one
>thing, being hacked at the DSLAM level means a lot. Try to imagine if
>anybody could upload to you his own modified kernel, this means that you
>can tape all the internet traffic, all the phone calls, all the TV
>programs that you are looking at, and also probably having an easy way
>in to your local network (wired and wifi).
>
>
Well, then they need to secure their DSLAM setup. If it is at all
vulnerable this way, then they need to fix it. Most users may be
"computer dummies", but there are enough experts among them too.
It only takes one leak, breakin, or reverse engineering session to
break through security-by-obscurity. And when the cat is out of the
bag, it is out forever.
The internet level is secure enough, when set up by competent people.
Surely the same can be done at DSLAM level. This reminds me of ethernet
many years ago, when people realized the possibilities of a hacked network
driver. (A simple way to sniff all traffic, and inject spoofed traffic.)
Easy to do these days, with a open-source kernel.
But these problems are solved - mostly with encryption to protect
what must not be sniffed, and firewall routers preventing the routing
of spoofed packets. With a good setup, spoofing is limited to
spoof other machines on the same network, and then the local
admin can set things straight.
Bad security is not an excuse for disobeying the GPL. The GPL itself states
that there are no exceptions. If "other concerns" means you can't obey
the GPL to the letter, then you _must_ refrain from distributing the
GPLed software altogether. In such cases, the open software is not a
legal option.
Very similiar to a company that cannot afford to pay licences - in that case
proprietary sw is not an option. They can't just pirate anyway and get away
with it because "otherwise their business model won't work and result in
bankrupcy".
If you can't take the "cost" of open sw, then don't use it.
Fortunately, the cost is
usually low. And they _can_ keep a linux device driver secret, they
merely have to offer
the source for the rest of the kernel.
Helge Hafting
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Michael Poole wrote:
> In the US, the law (17 USC 106) is very clear that renting, lending,
> and leasing are "distribution" that is a protected right. The Berne
> Convention says the same in article 11bis (remember that a later
> revision explicitly included computer programs in "literary works").
> Do you think this interpretation of "distribution" does not apply to
> Free? If not, why not?
The argument seems to be that you're paying for the service, and not the box,
and that the box is owned by Free and therefore no distribution occurs here, as
the kernel moves from Free to Free.
The obvious example is web servers, where you aren't distributing anything (at
least not the server software) and still providing service.
The difference here is that the box is physically at the customer's house, which
could be considered "lending", but IANAL.
Anyway, I guess you'll have to ask a (preferably French) lawyer to find out.
BTW, the whole thing about the kernel being in ROM or RAM or whatever and how it
got there are moot - its still running Linux. And if lending is distribution,
then they need to offer the source code.
FYI: Needing to reboot to change firmware makes sense, and those 10 extra
seconds might involve upgrading the proprietary firmware... But thats irrelevant.
- --
[Name ] :: [Matan I. Peled ]
[Location ] :: [Israel ]
[Public Key] :: [0xD6F42CA5 ]
[Keyserver ] :: [keyserver.kjsl.com]
encrypted/signed plain text preferred
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDRTlGA7Qvptb0LKURAs9iAJ9NKgLPDkUl/BBeAMJBot0PGzIDBwCfY/SS
pxRwgjqVPlasdIPTG/kvp6U=
=uAEf
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Emmanuel Fleury wrote:
> Helge Hafting wrote:
>
>>Interesting argument, but it breaks for at least two reasons: 1. You
>>can buy that box instead of just hiring it. That moves kernels
>>"outside the company", for money even.
>
>
> I might have misunderstood but I think that if you buy the hardware you
> cannot connect it to the DSLAM network anymore. So that only the boxes
> they own are connected to the DSLAM.
Get the box, turn it on, don't turn it off, pay the 400 EUR, own the box
LEAVING IT ON.
Result: You have a box that is _NOW_ running Linux and YOU own it.
If them placing the box at your place isn't considered distribution
(re: your mobile phone thing) then you BUYING it would need to,
due to transfer of ownership.
The fact that the box can't do what it's supposed to after you buy it
is irrelevant.
// Stefan
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32)
iD8DBQFDRYXYBrn2kJu9P78RAkOWAJ9WpWueLnpxMJYNqzvP7iguD76VmwCgnbXC
M7HrIV7fM5vsNXNzP0FY7MI=
=Yeav
-----END PGP SIGNATURE-----
> Helloooo !!! Have you proofs that they have ???
Could you just reply on the simple question : why the boot is not
stateless ?
>Just stick to the FACTS and if you want to argue on
>something, bring PROOFS !
In the fact (first mail) I give :
On [1] you could see 7 steps.
Step 1 to 5 is network initialisation (adsl synchronization, dhcp,
check on the dslam, ...)
Step 6 is software update
Step 7 is operationnal
When there are no firmware update the sequence is 1, 2, 3, 4, 5, 6, 7.
When there is a firmware update it is 1, 2, 3, 4, 5, 6, 1, 2, 3, 4, 5,
6, 7.
But you haven't a freebox, so how could you have seen this that ?
Even other people agree that may be a GPL firmware stored in the freebox
(see https://linuxfr.org/~crevetor/19607.html and the author of
http://www.f-b-x.net/ told me the same thing by mail [2])
>Nonsense, you are talking about cases of softwares which were sold to
>customers with GPL code inside. This is no such case here.
Have you read the mailling ?
it was about case were hardware was lended...
>You obviously need a brain, try to get one and come back after you
>learned to use it.
You need one too, you failed to read :
"Please let's continue on legal gpl-violations.org ML."...
[1] http://forums.grenouille.com/index.php?showtopic=14659
[2]
>Tout laisse a supposer que la freebox contient bien un systeme linux
> >>minimal, elle telecharge le reste (/usr, ...) lorsqu'elle se
> >>connecte >au serveur et en cas de mise a jour du fimware le system
> >>minimal est >ecrasse et on reboot...
>
non je me suis mal exprim?, elle garde le syst?me sur sa rom et le met a
jour en cas de nouvelle version, du moins c est ce que je pense.
> On Wed, 2005-10-05 at 14:02 +0200, Emmanuel Fleury wrote:
> > Arjan van de Ven wrote:
> > > that's not enough to satisfy the GPL conditions.
> > It is.
> 3. You may copy and distribute the Program (or a work based on it,
> under Section 2) in object code or executable form under the terms of
> Sections 1 and 2 above provided that you also do one of the following:
>
> a) Accompany it with the complete corresponding machine-readable
> source code, which must be distributed under the terms of Sections
> 1 and 2 above on a medium customarily used for software interchange;
The Internet is a medium customarily used for software interchange, in
fact, it is most likely the most popular medium for that purpose. At the
time the GPL was written (June 1991), it arguably was not. So you will see a
lot of arguments that including a URL was not sufficient. However, now that
the Internet is the most popular medium for software interchange, offering a
URL is actually the *best* way to make the source code available.
Anyone who argues otherwise is just looking to make trouble for no reason
whatsoever. There is no medium you could possibly include that is more
likely to be usable than a URL. The intent of this paragraph was that the
software be available and easily accessible. A URL does this better than
anything else.
DS
"David Schwartz" <[email protected]> writes:
> However, now that the Internet is the most popular medium for
> software interchange, offering a URL is actually the *best* way to
> make the source code available.
As long as you can guarantee that the URL remains valid for the
required 3 years, and that the exact source code used to build each
released binary version is available, not just the latest source.
Pierre Michon writes:
> 1) The freebox is an adsl gateway with VoIP, TV over ADSL and a optional
> wifi bridge. The box is built and lended by an ADSL provider 'free'[0].
I suggest you say :
"The box is built by an ADSL provider 'free'[0]. The box is located at
the user end of the ADSL line (i.e. in the appartement of an individual
or in the offices of a company). "
Later on you could expand on how the box gets there, how
it is installed (lended or not) and the claim of Free that it is
not lended in any ways.
> ==FREE and PRO-FREE CLAIMS (some claims could be find on [6])==
>
> A) The freebox is only lended, so the user can't ask for GPL source code.
I insist that free does not even claim to lend the Freebox. They
claim that the freebox is a terminal equipement of their local network.
> -> They forgot that for wifi feature, you have buy a pcmcia card and
> that is card works wifi Linux driver. So according to GPL you could ask
> for wifi driver source code and all the Linux source code ???
> Also some people that don't return the freebox in time had to
> paid 400 Euros and they became the owner of the freebox. Free send to a
> client a letter [7] saying that if the user don't return the freebox,
> free could bill it and then it becomes propriety of the user :
> 'Nous vous rappelons que conform?ment aux Conditions G?n?rales de Vente ,
> en cas de non-restitution du modem, Free se r?serve le droit de proc?der
> ? la facturation de l'?quipement terminal, au prix mentionn? dans les CGV,
> qui deviendra alors la *propri?t?* de l'Usager.'
I believe that a customer could ask for the corresponding sources
to Free if she/he got a copy of the binary out of the freebox. Does anyone
have such a binary ?
> the fimware. So we could assume that at least a mininal system (Linux
> kernel + some utils) is keep in rom).
Could someone provide a hard proof of this ?
> C) 'Free' is a network operator and needs to keep secret some informations
> in order to preserve security on its networks.
>
> -> Everybody know how security obscurity via is safe. Also I agree they
> don't want to give their script or their configuration, but I fail to
> see what could be a threat in the Linux kernel.
I'd say this is more a debatable justification than a claim.
Cheers,
--
Loic Dachary, 12 bd Magenta, 75010 Paris. Tel: 33 8 71 18 43 38
http://www.fsffrance.org/ http://www.dachary.org/loic/gpg.txt
Hi,
2005/10/15, Loic Dachary <[email protected]>:
> I believe that a customer could ask for the corresponding sources
> to Free if she/he got a copy of the binary out of the freebox. Does anyone
> have such a binary ?
But those ISP does everything in order the user couldn't touch the
firmware because they are frightened that the user could modify it and
does things that wasn't planed (record live tv stream for example).
For that they :
- disable all debug functions on customers boxes (serial port, jtag, ...).
- download the firmware via encrypted protocol (https, ...)
- check the integrity of the bootloader, firmware server, firmware.
- encrypted all rescue firmware that could be present on user computer.
So one way of recovering the firmware could be to unsold the flash
chip and read it on another board.
An other way will be to try to renable debug functions by soldering
component on the board.
But it will be very expensive and need special competences (and
without the datasheet of the board could be very hard...).
>
> > the fimware. So we could assume that at least a mininal system (Linux
> > kernel + some utils) is keep in rom).
>
> Could someone provide a hard proof of this ?
>
No without reading the flash chip.
What I have seen for the boards like freebox in my company :
- the bootloader try to load the firmware in flash
- if it fails, it try to read a rescue firmware. That rescue firmware
is minimal and will only allow to enable ADSL line and download a new
firmware in the flash and reboot.
- if it fails, the bootloader will try to load a encrypted firmware
from local Ethernet LAN (bootp, ...) and reboot.
But there no way to know what exactly does the freebox (may be try to
find the flash chip and its size)...
Pierre
PS : Does we need the binary image in order to ask for the source code ?
In this case, with Embedded devices that hide the firmware it will be
very difficult to make GPL apply...
Pierre Michon writes:
> PS : Does we need the binary image in order to ask for the source code ?
> In this case, with Embedded devices that hide the firmware it will be
> very difficult to make GPL apply...
It is not mandatory, it's just easier in this specific case.
If we knew for sure what the firmware contains, the box would be
enough. But if someone is able to figure out exactly what the
firmware contains she/he will also be able to extract a tarball in
which case the box itself becomes useless to ask for the corresponding
sources ;-)
Cheers,
--
Loic Dachary, 12 bd Magenta, 75010 Paris. Tel: 33 8 71 18 43 38
http://www.fsffrance.org/ http://www.dachary.org/loic/gpg.txt