Abusing the GPL? 771
"How, you may ask?
Integrate the highly useful GPL code we're eyeing into our only slightly more complex (but much more lucrative) project, thereby saving us at least 30% of the coding involved. The company then go all the way to production with it, but instead of finally compiling the actual project for distribution, they instead compile a bunch of incomprehensible gobbledygook that just happens to compile to the same bytecode. You know the game: globally replace every function name, variable name, and so on from our code with nonsensical names (or random characters), remove all of the comments, and any other form of obfuscation they can introduce. They will then GPL the obfuscated gobbledygook, which isn't much more useful to anyone than reverse-engineered bytecode would be (it is a complex project). 'Voila!' All the benefits of a huge GPL project and countless thousands of volunteer hours and unreadable, incomprehensible source tree.
For the record: I do not think this is right yet, I have not been able to find any precedent for why the GPL should protect against this kind of abuse.
I'm not trying to snitch on my company -- or lose my job, which is why I am posting anonymously -- but hopefully some lawyers out there could point out some iron-clad legal reason preventing this sort of thing. I've read the GPL through at least a dozen times since yesterday, and so far it looks like our lawyer is right. I have not found any relevant linkage either, as I have mentioned. Links to extended legal analyses of the GPL from a technical standpoint (if any exist) would be the most helpful. All help is appreciated."
Sounds wrong to me (Score:2, Insightful)
What you should do is put it as "What would Microsoft do". If you too microsoft's code and decompiled it and then changed a few names and recompiled it would they sue?
Would you company risk taking on Microsoft? If they would then tell them to go ahead and violate the GPL. If they wouldn't ask them why they feel they can get away with taking on someone smaller.
If you find another job please let us know who it is is doing this.
Dirty Pool! But also confusing. (Score:3, Insightful)
I mean when was the last time you looked at the source of a project that you just wanted to use, not develope.
Re:Dirty Pool! But also confusing. (Score:5, Interesting)
What if they claim that the obstafacation (sp?) is part of a copy-protection plan and that anybody whom writes a program to un-do it is violating the DMCA.
Could they sue even though the code is in fact GPL?
-J
Re:Dirty Pool! But also confusing. (Score:4, Interesting)
It could lead to a situition where corps. co-opt open source programs, embed a password protection scheme,than obfascate. They could then outright take all the code they want and make a program to give away. Then could then make money off of selling the passwords. All will being covered by the GPL and DMCA.
Re:Dirty Pool! But also confusing. (Score:3, Insightful)
So while you are right, they could defend people without assigning copyright to them, they are trying to protect the interests of Free Software, and protect hemselves from being abused.
Re:Sounds wrong to me (Score:2, Interesting)
Re:Sounds wrong to me (Score:5, Informative)
Now, the fact that this intermediate bytecode is legal C or whatever other language the original was written in doesn't make it source. It just means that that is the internal syntax of this intermediate stage. This is because the defining characteristic of source code is that it is human readable. It is what the developer wrote and would use to modify it himself. WHen you preprocess this in such a way that it is no longer suitable for human reading and maintaining, it ceases to be source...and ceases to meet the GPL source requirement.
I highly recomend that anyone who is going to talk about this actually READ the GPL [gnu.org]
From the GPL:
-Steve
Defining Source legally is not so easy. (Score:3, Interesting)
Secondly even if your definition - must be human readable - is accepted, there are humans who can read machine language, in hex (I'm sure we've all got anecdotes about our favourite guru programmer doing just that). And to be honest most programmers, with a little effort, could train themselves to do the same.
Finally - you're assuming the obfuscated text is no longer source and that therefore there is a separate text which is the 'real source'. Let's think about how someone normally forks a GPL project, something like -
- take original GPL'd source code
- make modifications
- release new code, with source, and acknowledgement of original authors
But the GPL doesn't AFAIK require the release of the original source - only the source for your new version. Releasing the original code is the responsibility of the authors of the original project.
So in this case, obfuscation is part of the modifications, along with inclusion of some home-grown code (the original GPL code was only 30% of the whole right?). So legally how is there a difference?
However, these points in themselves lead to reasons why this approach would be unsuccessful. Namely,
- if hex machine code is human-readable then obfuscated C certainly is. Plus if it's been obfuscated mechanically - it can be de-obfuscated mechanically. Partially anyway.
- they have to acknowledge the original code's authors and therefore the original project. People can compare the obfuscated code with the original code and figure a lot of it out.
Using a combination of these I can forsee that it would be possible to generate a completely 'plain source' version and keep it in step with the obfuscated one, with relative ease.
To sum up - I think legally they can do this, but I doubt it will gain them much advantage.
But I am not a lawyer.
Get a different license (Score:3, Interesting)
Without knowing the details of what GPLe'd application is involved, it's hard to give good advise, but you may be able to talk to the authors of the code to re-issue the code under an additional license. Maybe the authors would be willing to release the code under the BSD, LGPL, apache, or other license in exchange for a few bucks...
Of course if this is really old GPL with hundreds of authors this becomes difficult. You would need approval from all the contributers.
Re:Dirty Pool! But also confusing. (Score:2)
Even if that's not the case here, it could happen.
Re:Dirty Pool! But also confusing. (Score:3, Insightful)
This is why the GPL defines what source code is. And source code is HUMAN READABLE. Thast the point of source code. Code that has been preprocessed in some way, even if it is not a machine readable binary, is NOT source code unless it is in a human readable and inteligable language.
I do believe that this issue is specifically addressed in the GPL (along with a few other situations, which is why the GPL is so damned long).
This is definitly a violation of both the letter and the spirit of the GPL, and I urge the person who asked this question, or anyone else working for this corperation to blow the whistle on this project. It is a direct attempt to subvert the free software community.
-Steve
Cut and dried Copyright violation (Score:3, Insightful)
If you take some code and switch out all the variable names and change the spacing around, it's still the same code. If your lawyer is advising you differently, I'd be very suspicious of his motiviations.
Re:Cut and dried Copyright violation (Score:3, Insightful)
Afraid not - the GPL gives you the right to change the code as long as you release the changes; the fact that it's changed to code that won't make any sense without a truckload of aspirin and coffee doesn't matter. It's not very sporting of them to do this, but I have a feeling it'll even out in the end - they'll lose the comprehesible copy of this, they'll want to come out with a new version and be faced with the awful task of trying to remember what the hell they did.
Re:Cut and dried Copyright violation (Score:2, Insightful)
Re:Cut and dried Copyright violation (Score:3, Insightful)
I guess the chances of this AC blowing the whistle are slim, and if he/she doesn't do it, it's likely that this place will get away with this bullcrap. There are times to stand up for your principles, and while I don't fault him/her for not wanting to lose a job, I hope that if I'm ever in that situation I'll be strong enough to do the right thing.
Re:Cut and dried Copyright violation (Score:3, Insightful)
1. maintain the GNU licensing that was there when you got it.
2. if you (re)distribute changes, you must at least distribute those changes as source code.
I understand that their actions make the source "unfriendly" but if it compiles, then I can fire up (g)cc and recreate the same binary that you have. Maybe even compile on a different platform. I don't see how this violates the spirit of the GPL, since there are no provisions in it for the quality or readibility of code. It's primarily designed to protect the openness of the code, not to protect the usability of it.
You don't understand the spirit then. (Score:5, Insightful)
The "spirit" of the GPL is about being able to make modifications to the code. That is one of the rights that the GPL is trying to preserve. It isn't just about being able to get a free copy of the code you can compile (and if you're lucky for different platforms).
As at least a dozen other posts under this article have already said, there is language in the GPL providing for quality -- or at least editability. The source must be in the "preferred form" for editing. Because releasing a
The authors of the GPL understood that "openess" depended on at least the level of usability that was present when the code was written. Hopefully we've cleared this up (and this guy's company lawyer has been sacked).
Re:You don't understand the spirit then. (Score:4, Insightful)
"The source code for a work means the preferred form of the work for
making modifications to it. For an executable work, complete source
code means all the source code for all modules it contains, plus any
associated interface definition files, plus the scripts used to
control compilation and installation of the executable. However, as a
special exception, the source code distributed need not include
anything that is normally distributed (in either source or binary
form) with the major components (compiler, kernel, and so on) of the
operating system on which the executable runs, unless that component
itself accompanies the executable."
I interpret this to mean something equivalent to ASCII, depending on platform. Or the form of source that is usually sent to the compiler, or the form of source that the (original) developer is accustomed to working on. In other words, C source code, not XORed EBCDIC, nor a JPEG of the ASCII source, nor a stereogram, nor a t-shirt with a poetic interpretation of the algorithm used(ala DeCSS).
IANAL, so it's really up to a judge to decude what exactly this means. But i think that obfuscated source is just as good as well-documented cleanly formatted code for satisfying the GPL. Obviously the clean source is preferred, but not required.
Re:Cut and dried Copyright violation (Score:4, Informative)
The GPL does address the issue of what constitutes "source code" at some length. From section 3:
The source code for a work means the preferred form of the work for making modifications to it.
I'd hardly think that obfuscated source would qualify as "the preferred form of the work for making modifications to it."
The GNU GPL has a clause against this (Score:3, Informative)
It would be hard to write an anti-obsucation clause I imagine
Not that hard; in fact, it's already been done. The GNU GPL [gnu.org], section 3, states: "The source code for a work means the preferred form of the work for making modifications to it." I don't think any reasonable U.S. district court judge would consider robo-obfuscated C to count as the "preferred form" for that purpose. See #3117740 [slashdot.org] for another explanation.
Re:Don't be so sure. (Score:5, Insightful)
'The source code for a work means the preferred form of the work for making modifications to it.'
Incomprehensible gobbledygook does not the preferred form make, any more than machine code.
What a lot of people appear to miss a lot of the time is that the GPL is _not_ one of those 'thrown together in a week' opensource licenses. It was developed over several years, and reviewed and rereviewed by the FSF legal counsel. It doesnt have holes like this.
Newbie lawyers looking at it for a few hours always misinterpret it. They dont have the technical savvy, nor the persistence to grasp the actual meaning and how thorough the GPL actually is when it comes to accomplishing its task.
The current MySQL AB/Nusphere legal issue isnt the first court case on the GPL because nobody has tried to violate the GPL before. It's because everyone else has realized they dont have a chance in court, and have given up rather than trying to persue a case which their lawyers have eventually realized they will lose.
Re:Maintenance issues (Score:3, Insightful)
I recall a friend of mine who worked on a project that was designed obfuscated in the first place. Var names like vEh45c01, etc.
all proprietary, all aobscure, god forbid if the guy who designed it were to have an accident.
That said, would keeping the clear code represent a legal obligation? Since after all, the clear code is really the source, not the obfuscated stuff that you compile from.
No Ethics == Outathere (Score:2, Informative)
Life is too short to work for lowlife scum.
And then what? (Score:3, Informative)
The primary question of the article was "Is this legal or actionable with respect to the GPL?"
Even if the FSF knew about it, what could they do? There has to be a clear violation of the wording of the GPL, not just some gut reaction.
So the question stands: What can be done about this type of situation given what we know?
If there is something that can be done, then talk about reporting them.
FWIW: The BSD advertising clause would require at least one comment remain in the code, the original authors name. That would at least give someone a hint as to where the code came from when trying to interpret the "garbage" source.
Re:And then what? (Score:2)
No infraction until release (Score:3, Informative)
Threatening mass resignations from engineering, btw, is one tactic I'm currently seeing used to prevent a GPL violation at another company. Buyer's market though engineering talent may be right now, I expect it'll be effective -- turnover is just too expensive. Quitting right away (as soon as idea is raised) -- simply put, why?
Parses, but no useful information (Score:5, Funny)
Spirit of the law (Score:3, Interesting)
So these people violate the "spirit of the GPL." Throw that at them in your court case. Cite other cases (esp. intellectual property cases) in which a decision was made based on the "spirit of the law."
-Evan
Re:Spirit of the law (Score:2, Insightful)
If there is any "spirit of the GPL", it should be explicitly stated as part of the license.
Source code = preferred form for modification (Score:5, Informative)
To find out whether the gobbletygook you distribute is source code or not is simple: if you normally add features to the program by editing the gobbletygook, it's source. If you instead edit the stuff that you compiled to gobbletygook and then recompile it, then the stuff you distributed isn't source and it's a clear-cut GPL violation.
Why did it take so many posts? (Score:5, Informative)
Why did it take so many posts for someone to point this out? Do people not read the GPL?
What a day to be without moderator points...
For those too lazy to read the whole thing, read section three, point #3 [gnu.org] very carefully. Just because something compiles does NOT mean that it is source according to the GPL. That you would not do development on the obfuscated gobbledegook clearly shows that the obfuscated version is NOT the preferred form for modification. I would be highly suspicious that your lawyer is insufficiently anal when reading contracts if they missed this.
As for precedent, can anyone find a discussion of GPL'ed yacc/bison grammars? This would fit exactly the case above - the original source that must be distributed is the .y file, not the result of compiling the .y to a .c file. Unfortunately, I don't think that anyone has ever been tempted to rip off a GPL'ed grammar.
Re:Why did it take so many posts? (Score:5, Funny)
Re:Why did it take so many posts? (Score:5, Informative)
So, not only do that have to release the unobfuscated code, but they have to release the scripts that obfuscated it. What fun!
Re:Why did it take so many posts? (Score:5, Interesting)
Also how is the obfuscated version going to be produced. Either feeding the source through some for of obfuscating preprocessor or decompiling the object code would simply be creating a derived work anyway.
Effectivly you'd be trying to argue that you wern't infringing copyright because you scramble and/or encrypt before you distribute. You'd need a very good lawyer to convince any judge with this kind of argument.
You are not anal enough either. (IAAL) (Score:5, Insightful)
In order to impart meaning to the GPL distinction between source vs. object/executable, one must go on a fact-finding parade to measure industry practice, and other wishy-washy standards. In the context of a dispute over a GPL'd bit of code, you can be damn sure that the GPL will collapse under the weight of this fact-finding process, and that the party with more patience and money will win that battle.
There are some things that lawyers understand better than geeks, believe it or not. We are (generally) excellent at spotting weakness in prospective arguments. In the case of the GPL, there are drafting holes big enough to drive a Trident submarine through. I've said it before, and I'll say it again: the GPL won't hold water in a dispute. The reason no one has given you any precedent (as per your request) is that the GPL has not been truly tested in court. Since the GPL eschews the lessons that lawyers have learned about drafting in the past (largely in order to score points with geeks by being colloquial in manner and sounding un-lawerly), it cripples itself with imprecision and ambiguities. The weakness in its core definition of source vs. object/executable is merely one of many fatal flaws in the document. To be perfectly frank, the GPL is a POS contract and I would arguably be liable for malpractice if I advised a client to use it for reason other than their unbending adherence to open source dogma.
In conclusion, you are likely to see many companies "abusing" the GPL. Rather than use the loaded term "abusing", I would prefer to characterize this behavior as "exploiting" the unsophisticated and niave drafting of the GPL's language.
Since I said "IAAL", I must also say that the above does not represent a formal legal opinion, that I do not represent you (the reader) as your lawyer, and that you should not treat this message as my legal advice to you. Laugh all you want -- I'm just sticking to my ethical directives, kids.
Re:You are not anal enough either. (IAAL) (Score:3, Insightful)
I think that this is a distinction that is much easier to make than the previous one you mentioned. All you have to do is to go to the computers where the people are actually writing the code and see what form of the program they are modifying. If they're working on the code in a format different from what is distributed, it's an easy case that the form that's being distributed isn't the preferred form for making modifications. That's especially true if you can find:
You're correct that this is not an open and shut thing, but it's not an intractable one, either. Most people have fairly sensitive BS detectors, and they're going to be able to tell that code that's been deliberately messed with to make modification more difficult is not in the preferred format for making modifications. All you have to do is show that a deliberate attempt has been made to obfuscate with the code and you're set.
Short parade (Score:3, Interesting)
Your clarifying language... (Score:4, Informative)
Re:You are not anal enough either. (IAAL) (Score:3, Informative)
Re:You are not anal enough either. (IAAL) (Score:5, Insightful)
I went across the hall at work yesterday and asked two lawyers who I often see over lunch about this. They said that while "preferred" and such terms are often fairly vague and cases hinge on those, in this case, where you can simply show the inability of the company to use the obfuscated code, and the obfuscating programs used, that it's dead simple.
Too bad modern judges can't hand down rulings that really cut to the heart of the problem...
Ruling that the company must delete all other source code and forever maintain the project using only this source code and other code in this form would quickly show if this was the preferred method.
(With creative and honest judges we could get by with a lot less of your type.)
Re:You are not anal enough either. (IAAL) (Score:3, Interesting)
You may have somehow missed out on this, but lawyers are paid to disagree with other lawyers. No matter what your lawyer says, I guaran-goddamn-tee it that every other lawyer on earth will disagree with him if I pay them to do so.
The question you should be asking your lawyer is not "What do you think this contract means?" but instead "Do you think you could win this case?"
On second thought -- don't ask your lawyer if he thinks he could win the case. The other thing lawyers make money from is claiming to be able to win cases for you. Ask some other lawyer if he thinks your lawyer could win the case after making it clear that you can't afford his services.
Re:OT: Modern Judges (Score:3, Informative)
It's not so much that "preferred form" is obvious, it's that "the preferred form" is obvious. Note, not "a preferred form". The common meaning of "the preferred form" allows for exactly one form to fit this description. In other words, out of all of the available forms, the one that is the best possible form for modification is the one that has to be distributed. Quite clearly, if the company is continuing to modify the program in form X, then form X is, prima facie, the only possible form that fits the phrase "the preferred form".
The only way this could be negatived (yes, that is a verb in lawyerspeak) is by demonstrating that the form used for development is a form not convenient to others, and the translated form is actually preferable for those others.
IANALY, but I did top the year last year, and this is a simple question of interpretation that a first year law student could deal with.
No it isn't. (Score:3, Insightful)
Re:Why did it take so many posts? (Score:3, Insightful)
Yacc has a BSD license, not GPL, and so this was never an issue at all for yacc. You can do whatever you want with BSD licensed code.
Bison makes a specific exception to the GPL for the code that it includes in your parser. You can compile your
So many posts. So little time. (Score:5, Funny)
Eh. It doesn't really matter. What does matter is that he's got a legal theory as to how the GPL can be sidestepped. It might not hold up in court. But that doesn't matter until it gets to court. There's no Bad Law Fairy who's gonna come out of the sky and put things right. Somebody is going to have to mount a legal challenge to this abuse. That somebody has to have legal standing in the case and deep pockets. Now, don't all raise your hands at once!
OK, I just ran out of irony. Look, the mod system worked -- maybe not as fast as you liked, but it did. Don't feel bad because you didn't get to put on your Arnold mask and mod all the lamers down. It's just a damned filtering tool, not a way to Rebalance Universal Morality.Re:Source code = preferred form for modification (Score:4, Funny)
To find out whether the gobbletygook you distribute is source code or not is simple: if you normally add features to the program by editing the gobbletygook, it's source.
Maybe if that gobbledegook were legalese?
Etc.
At least then it would be the preferred form for someone -- the lawyers
(NB: Zealots, I'm only kidding. I do think this is an ethically dubious act, and possibly an illegal one too. I guess it depends on whether this company thinks that their lawyer(s) are better than some of the ones that could get brought to bear against them...)
And if somebody DOES succeed in reverse-engineerin (Score:4, Interesting)
Re:And if somebody DOES succeed in reverse-enginee (Score:3, Interesting)
Re:Source code = preferred form for modification (Score:5, Insightful)
Excellent. So, to the original question: All your company needs to do is develop a text editor that works with obfuscated binary "source files", and add a step to the make routine that turns those obfuscated binary source files into obfuscated, yet compilable C, and there you go. Source files that you actually use to do modifications with, and are difficult or impossible to read (since nobody says you have to GPL your proprietary text editor that works with the obfuscated binary source files, or the program thats part of the build routine that turns them into C, because its not a derivative work of the GPL'd code in question, no more than Windows Notepad needs to be GPL'd because I looked at some Linux source in it).
"viral license" (Score:2, Insightful)
Personally, I feel that the GPL should be enforced when the work is actually DERIVED FROM a GPL'd work. The example of the IDE is a prime example. Look at KDevelop. If I write a console-based program which doesn't use the Qt or KDE libraries, I am allowed to release the program under whatever license I choose. No argument.
If we squabble about license issues and what constitutes a "dervied work" then it only gives MS a better case against the GPL. While I'd personally rather see packages like Qt released under the LGPL, the GPL is certainly the most valuable license in the furtherance of Linux.
Re:"viral license" (Score:5, Insightful)
...
While I'd personally rather see packages like Qt released under the LGPL...
Your opinion is perfectly valid but I'll just post the counter-argument for people to compare. If Qt released as LGPL, they would not make any money as anyone could use their library for free. An alternative is to make it closed source and sell their binary library to make money. That's fine but they wouldn't get much exposure.
GPL provides a middle ground for Qt. They say along the lines of, "You can use Qt for free so long as your produce is free (as in GPL) but if you want to make a commercial product, you will have to buy a license". IMHO, I think this is a good business model
Microsoft considers the GPL viral because if you use any GPL code for free, your produce must be GPL too. Fine, but look one step further. If they didn't make it GPL, you would be buying a license off a piece of closed source of software which wouldn't be any different to what MS does. At least with a business model like Trolltech's, you have a choice. For this reason I like Qt under GPL so that Trolltech could make money they wouldn't otherwise be able to under LGPL
Re:"viral license" (Score:5, Interesting)
You're a bit confused about when the GPL applies, but the original posting was confused on this point, too. If you process code with a GPL program, for example if you compile it with GCC, it does not apply the GPL to the processed code. Only in the case of linking or another means of creating a derived work, as in your example with Qt or KDE libraries, does the GPL apply.
Microsoft's talk about the GPL is just propoganda. They have no legal case against it. Any legal case they could construct would first have to invalidate Microsoft's own, more restrictive, licenses.
Bruce
Preferred form (Score:4, Informative)
Deliberately obfuscated high-level language code (which is no longer preferred, or even useful, for modifications) does not appear to meet this requirement.
Is it just me? (Score:2, Insightful)
Are you saying that using the GCC compiler means that you will then have an executable which you have to GPL the source code for?
Are you saying you are going to integrate GPL source code into a project?
I don't quite understand. Someone else enlighten me?
Re:No, because it's LGPL (Score:2)
Bruce
RTFGPL (Score:3, Redundant)
Shouldn't be too hard to prove that an obfuscated code isn't the preferred form for making modifications. [Unless its perl of course
Baz
Possible problem (Score:5, Insightful)
Not really... (Score:3, Informative)
of course, IANAL
It's clear. (Score:3, Redundant)
If this isn't the form your company prefers for doing their own internal modifications, then this isn't the source code!
Re:It's clear. (Score:2)
The fact is it should be very easy for a lawyer to prove that the release of intentionally obfuscated code violates that section of the GPL. , using the above logic and some expert testimony. Whether that would be enough to get an injunction or damages or a court order to release their non-obfuscated code, I don't know.
Re:It's clear. (Score:2)
If the product is ordersof magnitude better than anything else out there, then it may not be necessary to improve it. Merely sell/support it until the author is independently wealthy and then quit - why work when you can live off the interest? Most businesses/businessmen don't have this philosophy, though, and most software products ARE improved - that's the business plan. Produce something that works - barely - and sell the patches that make it work better. Thus Word 1.0, 2.0, 6.0 95, 97, 2000, XP, etc.
Legal Loopholes (Score:3, Insightful)
Nowhere does it say that that code has to be non-obfuscated. Nor do I think it should. Do we really want to try and formalize that gray area between "obfuscation" and just plain "sloppy code?"
Not all of the code released under the GPL is what we would consider "good code." By that, I mean people release all sorts of toy projects and junk code under the GPL, for learning purposes. They use bad variable names and inefficient algorithms, but when do we start to consider code "obfuscated?" And more importantly, do we want to leave it to a lawyer to make that decision for us?
I say if you're really concerned about it, then leave the company. Otherwise, just write it off as mean-spirited. There's no law against being mean. :(
Re:Legal Loopholes (Score:2)
It's underhanded, but then again, it's business.
As long as they're not actually screwing anyone over in the end, it doesn't sound as bad as some might make it out to be.
Total obfuscation is not possible (Score:4, Insightful)
Pretty boring stuff, but the overall point is that once the end product is GPL'd, it won't take long for someone in the bazaar to figure out a meaning for "asdfgh", and do a s/asdfgh/meaningfulName/g through the whole thing. Or even figure a way to diff it with the original source.
As long as it's GPL'd, the source will be available, and it'll be figured. You're wasting a lot of your time (and the rest of the community's) for very little reason.
No matter how complex your obfuscation, it's likely much less complex than, say, CSS or DES was.
Maybe not legal, but what about PR? (Score:3, Interesting)
As far as I can tell, AINL, as long as you do in fact release the source code (and all linked pieces... must be careful about this), you are in compliance with the GPL, even if the souce code has been obsufacated as much as possible. Just remember though, *everyone* will get to see this source code. They will either know that 1. You are ripping them off by 'working around' the GPL. Or 2. Think your company is staffed with the most incompetent imbecil programmers anyhwere. So my question for you is... Why would *any* company want to release something that makes them look bad??? What exactly is the advantage they think they will get from this?
Obfuscated source code is not GPLable..... (Score:2, Redundant)
"The source code for a work means the preferred form of the work for making modifications to it."
In this case - obfuscated code is not the preferred form of the work for making modifications to it - your company isn't going to be making the modifications to the obfuscated version - they're going to use an internal version and make modifications to that instead. In which case they would be in violation of the GPL. A bit of an arse to litigate I would guess.
One other issue (Score:2)
And while it's true that it's "Almost" as useless as reverse-engineered bytecode, it's not necessarily. Someone with the patience and, say, economic motivation, could still retrieve your full codebase, and be perfectly within their rights to do anything with it, including compete directly against the company.
If you really want to stop this, that's a tack you could take -- try to convince management that there IS a security risk in releasing even the obfuscated code.
I don't see companies like Microsoft or Cisco releasing even obfuscated source to code they consider valuable.
Xentax
Re:One other issue (Score:2)
But then, as I understand it, they could not use the GPL'd stuff they want to use, since use of GPL stuff mandates making the source code available.
Re:One other issue (Score:2)
The "real" problem, of course, is his company's attempt to obey the letter of the GPL but spitting in the face of its spirit. That sounds a bit dogmatic, I know.
It would be nice if he took a stand on the real issue, but I suspect then he'll have to choose between the ideal and his job. That's what I call a "sticky situation".
Xentax
Do it man. (Score:2, Funny)
are not in power, follow orders.
But as soon as you follow the wrong orders, and
break the law, you are instantly in power.
Do your job, get paid, and fucking report them if
they ever fire you.
It is a win-win situation for you.
--
What about Assembler? (Score:2)
There may indeed be an oversight in the GPL (Score:2)
My guess is that Section 2a is the only thing that may help here:
This may allow someone to at least track down what the code was before obfuscation, but I see no requirement to name the source of the original code.Worse, Section 3 -- which allows distribution in binary -- only requires the source to be "machine readable". Again, nothing against obfuscation. Section 1 only says you have to keep the copyright notices and references to such as well as the disclaimers in your code.
I'd like to see what the FSF has to say on this.
woof.
Source without comments is like a joke without the punchline.
Well I would you steal a commercial programs code? (Score:2)
Now 'shared source', and companies that provide Perl/PHP/JSP code with a commercial license *would* loose income! They don't have any more magic reverse engineering tools than the open source community.
What you're company is doing is morally very wrong but I don't think it'll kill the GPL as a license but it could have an impact on other ideas such as 'Shared Source'.
Semantics... (Score:2)
When it comes down to it, this is a really sticky question. There are certain algorithms which can only be done efficiently in one way. If I code a linked list in C++, and the optimizing compiler boils it down into the same object code as Microsoft's linked list class, do I owe Microsoft royalties? The source code is different, but it is very possible that the object code would be identical. If object code can be copyrighted, then this would place many open source projects in jeopardy, as they frequently borrow algorithms from the proprietary UNIXes.
I think a better approach for your company would be to have an analyst read through and analyze the GPL code, and then create something new based on the knowledge gained. Copy the algorithms, but not the code. This "black box" approach would take only marginally longer, and there would be no possibility that all of your code could be forced into open source status. Since the design is already proven with this approach, the only thing you would have left to do is the coding and testing (which should be about 8% of the total project cost.)
Is your software Complete? If it doesn't come with the source code, it's Incomplete Software .
Let 'em try (Score:2)
What could they possibly be working on that capable programmers couldn't write themselves? I don't think that this companies attempted theft is really that well thought through.
There is no loophole (Score:2)
"The source code for a work means the preferred form of the work for making modifications to it. "
This gooble-de-gook is by no means the 'preferred form' for making modification, thus it is not source code under the GPL.
Get another job, this company is going down.
-josh
Doesn't look legal (Score:2)
The source code for a work means the preferred form of the work for making modifications to it.
While this obsfucated form of the source is indeed machine-readable, you're going to have a hard time passing it off as the preferred form for making modifications. Seems fairly open and shut to me.
Here's a possibility (Score:2)
You company does not have permission (Score:4, Informative)
(BTW, I am not a legal advisor. This is my understanding of the GPL).
If you are including other people's GPL'd source code in a program which you distribute, then you must abide by the terms of that license. Section 3 of the GPL is precise enough to disallow scrambling the source code:
There is nothing to stop you changing all the variable names, or the style of someone else's code. However, if you distribute a GPL'd binary then the source you distribute with it must be the source that you prefer to use for modifying the program yourself. You may be called upon to prove this in a dispute.
For reference, section 3:
Obfuscation -is- a derivative work (Score:2)
By obsfuscating all you've done is create v+0.0.1 of whatever you started with in, but in your own fork. That means this alteration is covered by the GPL.
Standard not-a-lawyer stuff applies.
Cheers,
Ian
A bit shortsighted?? (Score:2)
It's a GPL violation, and more (Score:5, Informative)
The GPL states:
That term was written to prevent exactly the sort of obfuscation the attorney is proposing. Obfuscated code is demonstrably not the preferred version for creating modifications. So, what is being proposed is a GPL violation, and your company's attorney missed that part of the license. The talk about incidental resources isn't germane, it actually seems to be intended to confuse, because what is being proposed clearly is a derivative work, and the company attorney is acknowledging that when he suggests that the obfuscated code be GPL-ed.But there are simpler remedies than legal ones. If the free software developer community hears about a product using obfuscated code to circumvent the GPL, they will retaliate by creating a non-obfuscated version and using it to compete with your company's product. They are experienced at reverse-engineering, they have excellent tools for code reformatting and analysis, and there are a many programmers who will be angry enough to work on this.
If your employer wants to unashamedly take advantage, they are simply buying a lawsuit. The free software community does have the resources to bring one - it would probably be brought by law professor Eben Moglen of Columbia University. He wants more legal tests of the GPL, and would love to make an example of your employer. Don't go there.
Bruce
Look to the Tactics (Score:2)
Your company's tactics are clearly intended to violate the spirit of the GPL: to make the code unusuable. Usually when there's a violation of the spirit there's also a violation of the letter.
Incorporating code is NOT incidental use, by the way. Frankly, I don't see how the license of any tool can enforce a license on code (or text) that was created with it as a tool (e.g., a license on emacs couldn't force you to copyleft a novel you wrote on it), because the created code/text doesn't incorporate copyrighted intellectual property of the creator of the tool. But in your scenario, you ARE incorporating someone else's IP in your project, creating a derivative work, and so are guilty of violating the copyright on that IP - unless you follow the license.
Compare it to a translation: you are reproducing the meaning of the GPLed code with different words, which after all is what translation is. A translation of a copyrighted work must be licensed by the holder of the work's copyright.
If you (note that I said you, not your company: the moral responsibility here is the programmers', not the suits') do not want to follow the spirit of the GPL, I'd suggest looking for similar code that isn't GPLed but has a license that does not "contaminate" derivative works. If you can't find any, then you should take the 30% hit and write your own code. If it's such a lucrative project, and if the distribution of clear source code would represent a threat to your profit stream from the product, I would think you would be willing to accept such an expense to protect your own intellectual property - because if you violate the GPL and get caught, you could lose it all in court.
I am not an attorney, and the above does not constitute legal advice. You might want to ask an attorney of your own for advice, as you may find yourself caught in a situation in which you will be making yourself liable for the actions of your company.
Couple of points... (Score:4, Insightful)
IANAL, etc... etc... yadda, yadda, yadda.
The company then go all the way to production with it, but instead of finally compiling the actual project for distribution, they instead compile a bunch of incomprehensible gobbledygook that just happens to compile to the same bytecode.
You know the game: globally replace every function name, variable name, and so on from our code with nonsensical names (or random characters), remove all of the comments, and any other form of obfuscation they can introduce.
They will then GPL the obfuscated gobbledygook, which isn't much more useful to anyone than reverse-engineered bytecode would be (it is a complex project). 'Voila!' All the benefits of a huge GPL project and countless thousands of volunteer hours and unreadable, incomprehensible source tree.
Here is my take:
Other things to take into account:
Conclusion?
Bad idea. VERY bad idea. Release code under GPL, play nice, and nobody gets hurt... (wink! wink!)
IMHO, any company who tries that kind of stunt is going to end up on the trash-pit of dot-coms faster than you can say "GNU General Public License".
A two part problem (Score:5, Informative)
1. Is it in violation of the GPL? This question is not a simple one, but such actions may very well be violation of the GPL. If this matter reached court, the question would center on whether the process applied to the GPL'd code constituted part of the process to create the derivative work, as derivitive work is defined in the GPL. For example, an expert might argue that code obfuscation can be part of the compilation process. It is oversimplified to say that laws are reinterpreted on the fly to capture the intent of the law. What is true is that these sorts of questions - for example, what constitutes compilation - are likely to be viewed in a manner which assists the obvious intent of the applicable contract/law.
2. If it is a violation, can it be proved? Probably. Our company works for lawyers on code plagiarism cases all the time. There are many algorithms you can apply to show statistically significant relationships between a body of code and its obfuscated counterpart. The same should be possible with bytecode. Once a reasonable basis for suspicion is established, plaintiffs could get discovery of the company's code repositories and depose employees under oath.
Christian Hicks
Elysium Digital, L.L.C.
http://www.elys.com [elys.com]
Bad Engineering (Score:3, Interesting)
I can think of a few other, better ways, to use GPL code in commercial projects without pressing everyone's ethics button so hard. Better engineering, better PR, less work. Is that so hard? Sounds to me like the lawyer wants to have a few years steady work, and your CEO is too preoccupied with being evil.
Blow the whistle. (Score:3, Insightful)
Then, later, you can sleep like a baby, knowing you did the right thing.
Obfuscated translation is copyright infringement (Score:3, Interesting)
I'm not a lawyer, so don't use this as legal advice. Instead, you (the author of this slashdot article) may want to show it to your company's lawyer and suggest that he track this down.
According to this link [ladas.com], there is a case called "Whelan" that established that duplicating the detailed structure of a program was copying of expression rather than ideas, and therefore copyright infringement.
Also, I remember reading a very good article about ten years ago by law professor Pamela Samuelson, I think in Communications of the ACM or some other ACM publication, that talked about this decision and mentioned "detailed structure and flow", which would make the case for infringement even stronger.
Finally, I recall reading somewhere, perhaps in that same article, that there is some common law rule that the standard of similarity by which copyright infringement should be determined is supposed to correspond to how much access the alleged infringer had to the original work. In other words, if the alleged infringer had easy access to the original work (e.g., had carefully read the original GPL'ed source), then the standard for proving infringement is supposed to be easier.
Again, I'm just a layman. Don't use this as real legal advice.
misc thoughts, but im not a lawyer.... (Score:4, Insightful)
First arent all the copyright notices inside comments ?
Removing comments with the copyright notices would immediately violate T&C section 1. (while indicating acceptance of the whole document as per section 5), but then you aren't allowed to remove the comments. The obfusciation is seemingly permitted so long as the copyright comments still remain along with additional comments documenting the changes as required by section 2.
The obfusciation is seemingly a process of derivation, that is you start with GPL product and do some M-x replace-string's... This derivation process means that the "proprietary intellectual property" is still GPL'ed...
The GPL does NOT apply to sections not derived from GPL code, but only when they are published apart from the GPL portion. when the whole package is published it is still GPL'ed by inclusion of the GPL code (does anyone remember the Nvidia driver issues?)
Also according to section 5 the fact that you edited the GPL code at all indicates acceptance of GPL terms and conditions. Failure to accept prohibits you from making modifications (such as the string search and replace described)
The whole process seems expressly in violation of section 4, but i am no expert...
What I fail to see is how anyone can avoid GPL except by producing clean-room-code. I seem to recall Nvidia having this problem with their drivers a while back.
As an aside, isnt "chicken noodle soup" less than 30% chicken by volume? (but it is still considered a chicken product.) Your company's project might be 30% GPL code that was heavily edited (IMHO the only real weakness in the GPL is no "real" definition of "derived", however the common meanings of derive include "to trace the deveolpment of", which has been done...)
A couple of questions: Is it possible to write a perl/awk/sed script (or otherwise algorithmically describe the obfusciation? (since global replaces are used i would dare way yes...) If this is true then an argument can certainly be made that the work was "translated" from "ANSI c++" to "ANSI c++" (hasnt anyone done english-to-english translation between say a lawyer and an engineer? or perhaps heard of such things?). This translated copy would seemingly be covered by section 0 and all other sections (as incorporated into the defitition of modification)
just a few cents worth
-j.
Slimyness does not pay. (Score:4, Interesting)
Well, assuming what you say is correct, the benefits are few... The chances of getting caught are moderate, but if you or one of your staff is laid off/fired/quits then the word will get out and make its way to the original authors.
Nobody needs to "squeal" either. Say I write a lot of code for GPL's project X and this company comes out with product X' which is almost the same, but better. Their code is extremely obscure as well...
I might out of curiosity, run one of those web-based code checking tools. These are designed to find cheating students and do not require similar variable names, etc.
If caught the costs would be painfully high. I think most software companies would rather face a ravenous pack of lawyers than face the savage hordes of a jilted Open Source community. Every day operations would become difficult due to clogged email/phone lines, not to mention that your good corporate name would be mud.
The B/C analysis is vastly in favour of crediting the original authors. I think your managers and your lawyers are playing dice with your company's future. If I was a share holder (let alone an OS geek or an employee like yourself) I'd be quite pissed.
Good luck!
-b
No legal action possible until violation occurs (Score:3, Insightful)
Several posters have pointed out that obfuscation is a violation of GPL, or at least the spirit of the GPL.
Unfortunately, until your company actually releases a product based on obfuscated GPL code (commits a violation), you can't take legal action in the courts; you can only get a GPL-friendly lawyer to send nasty cease-and-desist letters.
In other words, you can't stop it until it's too late. And if you do sue, the copyright holder (the creator of the GPL code which was borrowed) will probably have to be named as a plaintiff, as the violation was commited against HIS copyright, or possibly the FSF as a plaintiff's representative yadda yadda yadda. YOU probably will not be able to file suit as a plaintiff directly, unless somehow you can do it as a representative of the party claiming loss.
If you do nothing else, inform the writer(s) of the original code of your company's intentions.
Obfuscating C Code (Score:3, Informative)
A context diff of the "obfuscated" code against the code it's derived from would rather quickly show that the only changes from one to the other was symbols and the lack of comments. Unless, that is, they resorted to some rather serious Obfuscation like operator and function overloading, or trick use of preprocessor errors, in which case, a diff of the preprocessor output from the two code trees would also damn the offender pretty quickly.
I AM a (recovering) Lawyer (I am non-practicing) and I would advise your company that they are playing with fire by trying this. You didn't reveal which GPL Code your company finds so useful, but there are MUCH smarter ways to play this game, especially if the authors of the code you like so much HAVE assigned their copyright to the FSF. (See, FSF v. NeXT Computer, (over gcc) for instance).
I question the degree of "tech-savvy"-ness of your company's counsel if he's advising them to go "full speed ahead" on such a transparent, bad faith abuse of the GPL (can't call it a violation
The Devil is in the Details (Score:3, Interesting)
I can think of a zillion reasons why the proposition described above would not work, but there simply isn't enough information to answer the question in slam-dunk fashion. Suffice it to say, however, that I am seriously doubtful that such a trivial pretense as a byte-code or object-code copy produced by other means could avoid a claim for copyright infringement.
Even so, to the extent that an "on the edge" defense is being prepared, the defendant had better be right. With such willfullness, a prevailing plaintiff is likely to obtain substantial statutory damages, perhaps as much as $150,000, an award of attorney fees, and an injunction against release of the product. If they made profits from the product in excess of that amount attributable to the taking, a prevailing plaintiff could elect for the greater amount.
In short, a commercial entity that tries to do so may well be poorly advised. But once again, I don't know enough particulars to make a determination one way or the other.
The question they have to ask themselves, "do I feel lucky?"
Re:Can't do it. (Score:2, Interesting)
Re:From the GPL (Score:2, Insightful)
Oh well, go ahead, Mod me to hell -- I never had any karma to begin with
Re:Your lawyer is a fucking retard (Score:2)
ALSO - he's not talking about removing comments variablenames & whitespace in the gpl'd source, but his company's.
Re:Your lawyer is a fucking retard (Score:5, Insightful)
From my reading, that is not the problem. It appeared that the company did release the code with source as GPL along with their product. They just obfuscated it before releasing it. That is not directly a GPL violation.
There have been cases before of obfuscated GPL code (Some video drivers in the Linux Kernel I believe) but those were original source from the manufacturer.
This article is about taking someone elses GPL code, obfusacting it, then re-releasing it with GPL intact.
Re:Your lawyer is a fucking retard (Score:2)
(IANAL, though).
Re:Your lawyer is a fucking retard (Score:2, Interesting)
(Of course I'm making the assumption that the original poster is governed by US law; it may be different in other countries)
Re:Your lawyer is a fucking retard (Score:2)