EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

07.28.09

Microsoft Did Violate the GPLv2

Posted in Deception, GNU/Linux, GPL, Kernel, Microsoft at 9:53 am by Dr. Roy Schestowitz

Steve Ballmer license

Image from Wikimedia

Summary: A red-handed Microsoft did after all violate the GNU GPL, according to the SFLC

Microsoft’s rather belated claim that its self-serving [1, 2, 3, 4, 5, 6] loadable module for Linux was in compliance all along is more or less being refuted or at least contradicted by the SFLC.

Kuhn had a few words to say on the subject:

Microsoft violated the General Public License v2 (GPLv2) when it distributed its Hyper-V Linux Integration Components (LinuxIC) without providing source code, says the Software Freedom Law Center (SFLC).

The violation was rectified when Microsoft contributed more than 20,000 lines of source code to the Linux community last week. The drivers are designed to improve the performance of the Linux operating system when it is virtualized on the Windows Server 2008 Hyper-V hypervisor-based virtualization system.

[...]

“It seems to me that Sam [Ramji] is likely correct when he says that talk inside Microsoft about releasing the source was under way before the Linux developers began their enforcement effort,” said Bradley Kuhn, a policy analyst and tech director at the SFLC.

“However, that talk doesn’t mean that there wasn’t a problem. As soon as one distributes the binaries of a GPL’d work, one must provide the source for those binaries, so Microsoft’s delay in this regard was a GPL violation.

“The important thing to note from a perspective of freedom is that this software, whether it is released properly under the GPL or kept proprietary in violation of the GPL, is a piece of software designed to convince people to give up free virtualization platforms like Xen and KVM, and [to] use Microsoft’s virtualization technology instead,” Kuhn added.

Almost a week after the initial announcement, two pro-Microsoft journalists from IDG are still pushing this old news as though it is an endless PR campaign which struggles to portray what Microsoft did as an act of goodwill. It was a selfish deed. Get over it. The GPL was a requirement, neither a privilege nor choice. And it’s all about selling Windows.

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

22 Comments

  1. zatoichi said,

    July 28, 2009 at 10:28 am

    Gravatar

    However, that talk doesn’t mean that there wasn’t a problem. As soon as one distributes the binaries of a GPL’d work, one must provide the source for those binaries, so Microsoft’s delay in this regard was a GPL violation.

    Bradley’s incorrect, and he knows better, too. Bring up someone who received the binaries of the drivers from Microsoft, requested the corresponding sources from Microsoft, and failed to receive them.

    Absent that, there’s no actual violation, and claims to the contrary are incorrect and irresponsible.

    Jose_X Reply:

    From the GPLv2
    ***
    3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following:

    a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or,
    b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or,
    c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.)
    ***

    Reading over this superficially (and trying to recall things), it seems to me that Microsoft would have to indicate (more or less) that the source would be available upon request. The violation happens when they fail to fulfill this section 3 (code or offer) regardless of whether anyone demands source or not.

    BTW, I originally thought you were correct (I even gave you a 5 and did not comment to an earlier reply you made some days back saying basically the same thing).

    So am I reading the above correctly? Was Microsoft in fact in violation as the SFLC stated?

    Jose_X Reply:

    >> Bring up someone who received the binaries of the drivers from Microsoft, requested the corresponding sources from Microsoft, and failed to receive them.

    So perhaps the test would be instead:
    Bring up someone who received the binaries of the drivers from Microsoft and did not receive an offer or the source at that time.

    If the binaries were available to the public (eg, a free download to anyone), then we could tell by visiting the website.

    Many people have not been in compliance before, but the issue BN took up was whether or not Microsoft had the obligation to produce source or whether they voluntarily donated code.

    Once they took the GPL kernel and compiled and distributed it for their business needs, they became obligated to produce source. At least I think that is the interpretation most that use the GPL have accepted based on the GPL text (and I expect this would include the vast majority of those that contributed GPL code to the kernel).

    zatoichi Reply:

    No, they were not, not based on the available evidence, and not based on established practice. Neither you nor I (nor the SFLC) to the best of my knowledge has gone through the materials Microsoft provided along with the drivers to determine that there was no offer. So, you again have no evidence to support the claim.

    Moreover, whenever gpl-violations.org finds an oversight, and leaving out the notice is a common error, they give the company an opportunity to correct that oversight–something Microsoft has arguably done in full–before they claim that the organization is in “violation”. That’s the difference between “collaboration” and “demonization”.

    The SFLC seems to be pushing a political agenda here, rather than operating based on the facts of the matter. That’s actually pretty disturbing, and seems to be more of the sort of “exclusionism” that Linus spoke about.

    Why treat Microsoft differently than the literally hundreds of companies that have made–and corrected–exactly the same sorts of errors? If Harald and Armijn of gpl-violations.org aren’t claiming a violation here, and the engineer who found the issue isn’t claiming a violation, on what basis do you or Roy or the SFLC claim one?

    Jose_X Reply:

    >> Neither you nor I (nor the SFLC) to the best of my knowledge has gone through the materials Microsoft provided along with the drivers to determine that there was no offer. So, you again have no evidence to support the claim.

    BN is taking the SFLC on their word. They are a reputable source to many here (can you pinpoint a nontrivial number of past mistakes?). I think you should go speak to them if this really worries you. For various reasons they may not want to make the evidence public. Then again, the evidence might be easily accessible to those that know where it is.

    >> Moreover, whenever gpl-violations.org finds an oversight, and leaving out the notice is a common error, they give the company an opportunity to correct that oversight–something Microsoft has arguably done in full–before they claim that the organization is in “violation”. That’s the difference between “collaboration” and “demonization”.

    I did go to gpl-violations.org, and they said they don’t update the website frequently for lack of resources. Where would one find who they have stated had been in violation?

    Assuming the evidence exists (something apparently you and I don’t know), I think Microsoft would be in violation technically whether there was an unintentional oversight or something else.

    And did they have the code ready to hand out upon request or not? From the quotation at the top, I get the impression that they were unprepared to give out source upon request.

    Did the SFLC or anyone else cancel Microsoft’s access to the code? I don’t think so.

    Has Microsoft called the GPL a cancer? I think so.

    I don’t think Big Mighty Monopolysoft had their feelings hurt when Kuhn used the accurate word “violation” instead of the softer “oversight”, not to mention it appears Microsoft likely knew their obligations (they have plenty of lawyers and awareness of the GPL) yet apparently weren’t prepared to fulfill them.

    Microsoft would likely challenge the GPL as necessary. They didn’t here for obvious reasons, I’d say (to be on good terms to help their situation). Microsoft has challenged many things in the past and lost in court. The vast number of people accept the interpretation that source code was necessary.

  2. Roy Bixler said,

    July 28, 2009 at 10:45 am

    Gravatar

    Here’s what Stephen Hemminger wrote in his blog:

    This saga started when one of the user’s on the Vyatta forum inquired about supporting Hyper-V network driver in the Vyatta kernel. A little googling found the necessary drivers, but on closer examination there was a problem. The driver had both open-source components which were under GPL, and statically linked to several binary parts. The GPL does not permit mixing of closed and open source parts, so this was an obvious violation of the license.

    It sounds to me like someone wanted the source and was unable to find it.

    zatoichi Reply:

    Doesn’t matter in the slightest. If they either a) didn’t receive a “distribution” of the drivers from Microsoft, or b) didn’t make the request to the provider of the drivers (i.e. Microsoft) for the sources, and c) having satisfied a and b, failed to get the sources as described, then there’s no violation, none at all, and it’s incorrect and irresponsible to claim otherwise.

    “A little googling” doesn’t trigger any obligations under the terms of the GPL, nor does “wanting the source”, nor does asking random passersby for sources corresponding to binary code you may or may not have had distributed to you. (Have you read the GPL, Mr. Bixler…?)

    Hemminger’s specifically said that there was no violation, so why are you quoting his blog to support a contention he’s specifically denied ever making?

    Roy Bixler Reply:

    I acknowledge that we don’t have all the facts here and that you still may be right that, in a very narrow technical sense, Microsoft might not be found in violation of the GPL. That would only be true if everything is as you surmise, there was an offer but nonetheless someone wanted to push a political agenda and we see the present story. My reading of Hemminger’s blog, that he just wanted to solve the problem and did not want to make an issue of it, and the timeframe involved in solving the problem, a matter of months, make your reading of events unlikely.

    zatoichi Reply:

    …someone wanted to push a political agenda and we see the present story…

    Indeed. The “someones” in this case are Roy and the SFLC; the “political agenda” they’re pushing is exactly the one of unreasoning hatred of Microsoft, under all circumstances, at which Linus expressed dismay.

    …he just wanted to solve the problem and did not want to make an issue of it…

    Which is the correct way to approach such a problem, and in fact, the way such compliance issues typically are approached, even by gpl-violations.org; so why is this case different than all other cases, if not a “political agenda”?

    zatoichi Reply:

    You’re sidestepping the facts, Mr. Bixler. A violation can be claimed by two parties, and by no one else:

    One, a person supplied with binaries from Microsoft, who requested sources from Microsoft, and who failed to receive them.

    Two, the holder of the copyright on the code which was allegedly infringed.

    No one else has the standing to assert a violation under the GPL in this instance. None of the folks currently claiming a violation, including Roy Schestowitz and Bradley Kuhn, have the standing to make such a claim on their own say-so.

    Evidently you’re completely unfamiliar with the work of gpl-violations.org and the way they go about things; given your keen interest in violations, this is a little surprising. I’d point out that Harald Welte of that organization is—to the best of my knowledge—the only person on earth who’s ever won a court case based on a violation of the GPL. I’m pretty confident that the SFLC hasn’t won a single one.

    Roy Bixler Reply:

    You’re sidestepping the facts, Mr. Bixler. A violation can be claimed by two parties, and by no one else:
    One, a person supplied with binaries from Microsoft, who requested sources from Microsoft, and who failed to receive them.
    Two, the holder of the copyright on the code which was allegedly infringed.

    You’re talking about someone bringing a court case and winning. No one ever claimed that this issue resulted in a court case. I thank you for the clarification but I can’t help but notice that you are moving the goal posts in order to try to win rhetorical points.

    zatoichi Reply:

    Check the SFLC web site, Mr. Bixler—you’ll find that they’ve only previously dragged out this sort of rhetoric in cases where they were bringing a court case.

    Trotting it out now, in the wake of an act of actual compliance, seems like churlish grandstanding, or maybe some sore of strange, after-the-fact, “ambulance chasing” after the case has already been settled out of court.

    Maybe Bradley’s distressed that Microsoft complied and the SFLC never even got a chance to get in on the act.

    If you think I’m off the mark here, please show me another case of Bradley, or the SFLC, or gpl-violations.org for that matter, claiming a “violation” after an organization has addressed a compliance issue correctly.

    saulgoode Reply:

    Zatoichi wrote:

    Hemminger’s specifically said that there was no violation, so why are you quoting his blog to support a contention he’s specifically denied ever making?

    I imagine Roy Bixler provided Mr Hemminger’s quote (written by Mr Hemminger on Mr Hemminger’s website) because it shows, contrary to your claim, Mr Hemminger stating “… so this was an obvious violation of the license”.

    Where is your link supporting your claim that Mr Hemminger denied ever making that statement? I find it hard to believe he is denying something that is still plainly posted on his weblog.

    zatoichi Reply:

    Here.

    Vyatta Vice President Dave Roberts states that neither it, or principal engineer Stephen Hemminger, have accused Microsoft of GPL violations, as reported elsewhere. In a blog posting, Roberts says “news stories have started to circulate that have bordered on putting words into the mouths of both Vyatta and its employees”.

    News stories like the half dozen which Roy has pumped out on this. Also, you might want to read my last comment: according to Jo Shields’ investigation, there may not have been any violation in the first place—not unless you consider the Nvidia and ATI drivers to be violations as well (and I don’t see the SFLC screaming about, or even mentioning those…)

    saulgoode Reply:

    So your assertion that Mr Hemminger specifically denied ever claiming a violation took place was entirely unfounded; fabricated out of whole cloth, as it were.

    Also, you might want to read my last comment: according to Jo Shields’ investigation, there may not have been any violation in the first place—not unless you consider the Nvidia and ATI drivers to be violations as well (and I don’t see the SFLC screaming about, or even mentioning those…)

    Also included in the very statement which Roy Bixler quoted directly, Mr Hemminger’s stated “The driver had both open-source components which were under GPL, and statically linked to several binary parts.”

    While dynamic linking of GPLed code to closed source code may enter into a gray area of copyright law, if you’re planning on arguing that static linking of software components does not result in a derived work under copyright law, you’d better have a pretty strong legal team ready to overturn thirty+ years of software copyright precedent and redefine the very meaning of derivation.

    zatoichi Reply:

    Vyatta has publicly stated that there was no claim of “violation”; the word “violation” doesn’t appear in Mr. Hemminger’s blog. You’d seem to be one of the ones who’s “putting words into the mouths of both Vyatta and its employees” here.

    While dynamic linking of GPLed code to closed source code may enter into a gray area of copyright law, if you’re planning on arguing that static linking of software components does not result in a derived work under copyright law, you’d better have a pretty strong legal team ready to overturn thirty+ years of software copyright precedent and redefine the very meaning of derivation.

    If it’s a “gray area”, then—unless you’re arguing a case in court—it’s unclear how you can assert that it’s a violation. And if there’s so much precedent, how can it be “gray”? You seem to be lighting your candle at both ends here, but it’s not shedding a lot of light.

    In any case, if there indeed was a violation—and directhex’s comments in Hemminger’s blog cast that assertion into some significant doubt—then why why flog a company after they’ve corrected said “violation” when no one seems to be complaining about the numerous other companies that are still shipping exactly the same sorts of “violations” and haven’t done anything to comply?

    We’d seem to be punishing those who comply for past sins while giving ongoing “violators” a free ride here. That makes no sense to me.

    I’ve got a couple of ideas about it, though: grandstanding; a political agenda.

    saulgoode Reply:

    Vyatta has publicly stated that there was no claim of “violation”; the word “violation” doesn’t appear in Mr. Hemminger’s blog.

    So you’re insisting that the word “violation” doesn’t appear in the fourth sentence of the second paragraph of Mr Hemminger’ weblog entry dated Monday, July 20, 2009 — right after the word “obvious”?

    You’d seem to be one of the ones who’s “putting words into the mouths of both Vyatta and its employees” here.

    Click on the link. Read what the man wrote. This isn’t rocket science.

    zatoichi Reply:

    Fine, he used the word “violation”. I think your pettifogging is losing the main point here (notwithstanding that you ignored the bulk of my comment).

    Microsoft got into compliance. Willingly. “Eagerly”, if you believe Sam Ramji (I imagine this unlikely). Note the title of Stephen Hemminger’s blog posting: “Congratulations, Microsoft”. That seems the right spirit to me, and I guess I’m in agreement with Linus on that.

    You folk, and worse, the SFLC, seem to want to flog Microsoft (although why you are apparently okay with giving others a pass for similar misdeeds is still a mystery) for doing the right thing. How is that not exclusionary? How does that encourage other companies, the ones the SFLC is strangely not complaining about, to do the right thing?

    No one suggests they’re our new best friends, or that they have Mother Teresa-like motives, but they’re doing the right thing. Give credit where credit is due. Stop being a bunch of sore winners.

    saulgoode Reply:

    I think your pettifogging is losing the main point here (notwithstanding that you ignored the bulk of my comment).

    The bulk of your comment was about the “gray area” of derivative works with regard to dynamic linking of code; however, Mr Hemminger specifically stated that the Microsoft binaries were statically linked to the GPLed code. Statically linking code is entirely black & white with regard to copyright law — the result is necessarily a derived work, no ifs, ands, or buts. So if I ignored the bulk of your comment it was owing to it being premised upon incorrect assumptions and an invalid comparison (nVidia drivers are linked to dynamically by end users).

    I remain reticent to further address your comments given the lack of general reading comprehension you’ve thus demonstrated, your misinterpretation of the terms and conditions of the GPL, and your misapprehension of copyright law in general. You are welcome to your opinion about whether or not Microsoft should be lauded for their actions; I would extend the same courtesy to everyone else.

    zatoichi Reply:

    Unless Mr. Hemminger is wrong in his assertion, as Jo Shields asserts, and as you’re (conveniently) ignoring. As far as whether Microsoft should be “lauded”, thanks for demonstrating that you’re not even bothering to read comments before responding, that’s about par for the course around here.

  3. Dylan McCall said,

    July 28, 2009 at 12:15 pm

    Gravatar

    Roy, I don’t have any stakes in this so don’t take it the wrong way…

    …didn’t you say you were finished talking about this about 10 articles ago?
    It isn’t like there’s anything useful, or interesting, or for that matter even new being uncovered here.

  4. zatoichi said,

    July 28, 2009 at 5:12 pm

    Gravatar

    Some late-breaking news which further casts the actions of this site and of the SFLC into some serious doubt: Jo Shields has poked further into these Microsoft drivers, and discovered that they are structured, to all appearances, exactly like Nvidia’s and ATI’s proprietary drivers for Linux: a GPL-licensed shim that’s link to the kernel, and which pulls in a binary blob dynamically at boot time. As Hemminger agrees, this is okay with Linus, it seems, and certainly there’s been a marked absence of hysteria from the SFLC—or this site, for that matter—about such practices.

    So why is this one thing different from the others? Political agendas, perhaps?

What Else is New


  1. Today's Example of Microsoft's Faked 'Love'

    “On 7 September 2017, users began noticing a message that stated “Skype for Business is now Microsoft Teams”. This was confirmed on 25 September 2017, at Microsoft’s annual Ignite conference,” according to Wikipedia



  2. Links 10/12/2019: Kubernetes 1.17, Debian Init Systems GR

    Links for the day



  3. 'Cancel Culture' as 'Thoughtpolice' Creep

    Richard Stallman spoke about an important aspect of censorship more than 2 decades ago (before “Open Source” even existed); it was published in Datamation (“Censoring My Software”) 23 years before a campaign of defamation on the Internet was used to remove him from MIT and FSF (censoring or ‘canceling’ Stallman himself)



  4. Microsoft Still Hates GNU/Linux and Mark Shuttleworth Knows It (But He is Desperate for Money)

    We're supposed to believe that a PR or image management (reputation laundering) campaign alone can turn Microsoft from GNU/Linux foe into friend/ally



  5. Actions Against EPO Corruption and Unitary Patent (UPC) Injustice/Lobbying

    The EPO is apparently going on strike again and an action against the UPC is scheduled for later this week (protest in Brussels)



  6. “The Fifth Freedom as a Meme”

    The issue with systemd (or SystemD) has provoked or at least stimulated discussions about the limits of the famous Four Freedoms



  7. IRC Proceedings: Monday, December 09, 2019

    IRC logs for Monday, December 09, 2019



  8. Demonstration Against Unitary Software Patents, Thursday 12 Dec in Brussels

    FFII's call to demonstrate against the UPC



  9. Links 9/12/2019: China on GNU/Linux, Canonical Wants Help to Improve Ubuntu

    Links for the day



  10. Links 9/12/2019: Linux 5.5 RC1, EasyOS Buster 2.1.9

    Links for the day



  11. IRC Proceedings: Sunday, December 08, 2019

    IRC logs for Sunday, December 08, 2019



  12. Mandatory Education for Those Who Use and Misuse Buzzwords Would Go a Long Way

    In an age of substitution — where marketing terms replace meaningful words and concepts — it has gotten more difficult to have honest debates, for example about the scope of patents



  13. Once Upon a Time Banter Was Allowed on Mailing Lists

    Hours ago Torvalds announced RC1 of the next Linux (kernel) release; it has been a while since he last said something ‘controversial’ (following his month at the penalty box); free speech deficit can make us weaker, not stronger (advantage to those who work in the dark)



  14. Links 8/12/2019: Debian Init Systems GR, NomadBSD 1.3

    Links for the day



  15. Can We Quit Celebrating DRM in GNU/Linux?

    Over the past couple of days various news sites and "Linux" sites expressed great satisfaction [1-5] over the passive embrace of Disney's DRM ploy (Disney+), even when Disney itself rejects DRM, seeing the harms practically caused by it [6,7]



  16. You Know WSL is Bad for GNU/Linux Because Anti-Linux People, Microsoft and Its Propagandists, Want People to Use That

    Microsoft and its boosters (and media partners) haven’t grown tired of spreading falsehoods to stigmatise and take control of GNU/Linux by creating their own versions and traps for it



  17. IRC Proceedings: Saturday, December 07, 2019

    IRC logs for Saturday, December 07, 2019



  18. 5 Years Ago the Linux Foundation Turned Linux.com Into a Non-Linux Site

    One can leverage the Internet Archive’s Wayback Machine to better understand how, over time, the Foundation called “Linux” deviated or diverged away from its mission statement for the sole purpose of raising corporate funds and selling influence to corporations (passing the community’s hard work to them — a form of tacit privatisation)



  19. Microsoft Redefining Ownership and Identity of GNU/Linux

    The idea that “Microsoft loves Linux” is as insane as it gets; but the lie which is “Microsoft loves Linux” is a powerful enabler of Microsoft entryism, e.g. if Greg steps down, does a Microsoft employee become the deputy of Linus Torvalds?



  20. Things That Cannot Be Said

    The limits on what we can say are mostly defined by what sources permit us to say publicly (for the sake of source protection)



  21. Fake European Patents (on Algorithms) Leading to Fake Embargoes

    Law firms have gotten their way in Germany; instead of supporting the productive workers the patent system is nowadays promoting the litigation 'industry' and it ought to be corrected



  22. From Moderate Advice to FUD and Misinformation: The Case of a VPN Vulnerability (CVE-2019-14899)

    What should have been a trivial bugfix in a variety of operating systems and bits of software — both proprietary and Free software — somehow became anti-Linux FUD, clickbait and worse



  23. Dangerous Thinker

    Society oughtn't be alarmed by people who say unusual things; it should be wary and sceptical of those corporations ever so eager to silence such people



  24. Unitary Patent (UPC) Died Along With the Credibility of Managing IP and the Rest of the UPC Lobby

    It is pretty astounding that Team UPC (collective term for people who crafted and lobby for this illegal construct) is still telling us lies, even in the absence of underlying supportive facts, and pressure groups disguised as "news sites" latch onto anything to perpetuate an illusion of progress (even in the face of a growing number of major barriers)



  25. IRC Proceedings: Friday, December 06, 2019

    IRC logs for Friday, December 06, 2019



  26. Links 7/12/2019: Fedora 31 Elections Results, Lots of Media Drama Over VPN Bug

    Links for the day



  27. Links 6/12/2019: DRM in GNU/Linux and Sparky Bonsai

    Links for the day



  28. The EPO Rejects Innovation

    The EPO ceased caring about the needs of scientists whose work involves invention; instead, EPO management crafts increasingly lenient guidelines that yield illegal European Patents (not compatible with the EPC) that heavily-besieged EPO judges are unable to stop



  29. Startpage CEO Robert Beens in 'Damage Control' Mode, Trying to Get Startpage Relisted After Selling to a Massive Surveillance Company

    PrivacytoolsIO is being lobbied by the CEO of Startpage to relist Startpage, based on no actual refutations at all



  30. IRC Proceedings: Thursday, December 05, 2019

    IRC logs for Thursday, December 05, 2019


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts