07.28.09
Gemini version available ♊︎Microsoft Did Violate the GPLv2
Image from Wikimedia
Summary: A red-handed Microsoft did after all violate the GNU GPL, according to the SFLC
Microsoft’s rather belated claim that its self-serving [1, 2, 3, 4, 5, 6] loadable module for Linux was in compliance all along is more or less being refuted or at least contradicted by the SFLC.
Kuhn had a few words to say on the subject:
Microsoft violated the General Public License v2 (GPLv2) when it distributed its Hyper-V Linux Integration Components (LinuxIC) without providing source code, says the Software Freedom Law Center (SFLC).
The violation was rectified when Microsoft contributed more than 20,000 lines of source code to the Linux community last week. The drivers are designed to improve the performance of the Linux operating system when it is virtualized on the Windows Server 2008 Hyper-V hypervisor-based virtualization system.
[...]
“It seems to me that Sam [Ramji] is likely correct when he says that talk inside Microsoft about releasing the source was under way before the Linux developers began their enforcement effort,” said Bradley Kuhn, a policy analyst and tech director at the SFLC.
“However, that talk doesn’t mean that there wasn’t a problem. As soon as one distributes the binaries of a GPL’d work, one must provide the source for those binaries, so Microsoft’s delay in this regard was a GPL violation.
“The important thing to note from a perspective of freedom is that this software, whether it is released properly under the GPL or kept proprietary in violation of the GPL, is a piece of software designed to convince people to give up free virtualization platforms like Xen and KVM, and [to] use Microsoft’s virtualization technology instead,” Kuhn added.
Almost a week after the initial announcement, two pro-Microsoft journalists from IDG are still pushing this old news as though it is an endless PR campaign which struggles to portray what Microsoft did as an act of goodwill. It was a selfish deed. Get over it. The GPL was a requirement, neither a privilege nor choice. And it’s all about selling Windows. █
ᶃ Gemini Space
This post is also available in 
Content is available under CC-BY-SA
zatoichi said,
July 28, 2009 at 10:28 am
However, that talk doesn’t mean that there wasn’t a problem. As soon as one distributes the binaries of a GPL’d work, one must provide the source for those binaries, so Microsoft’s delay in this regard was a GPL violation.
Bradley’s incorrect, and he knows better, too. Bring up someone who received the binaries of the drivers from Microsoft, requested the corresponding sources from Microsoft, and failed to receive them.
Absent that, there’s no actual violation, and claims to the contrary are incorrect and irresponsible.
Jose_X Reply:
July 28th, 2009 at 11:25 am
From the GPLv2
***
3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following:
a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or,
b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or,
c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.)
***
Reading over this superficially (and trying to recall things), it seems to me that Microsoft would have to indicate (more or less) that the source would be available upon request. The violation happens when they fail to fulfill this section 3 (code or offer) regardless of whether anyone demands source or not.
BTW, I originally thought you were correct (I even gave you a 5 and did not comment to an earlier reply you made some days back saying basically the same thing).
So am I reading the above correctly? Was Microsoft in fact in violation as the SFLC stated?
Jose_X Reply:
July 28th, 2009 at 11:39 am
>> Bring up someone who received the binaries of the drivers from Microsoft, requested the corresponding sources from Microsoft, and failed to receive them.
So perhaps the test would be instead:
Bring up someone who received the binaries of the drivers from Microsoft and did not receive an offer or the source at that time.
If the binaries were available to the public (eg, a free download to anyone), then we could tell by visiting the website.
Many people have not been in compliance before, but the issue BN took up was whether or not Microsoft had the obligation to produce source or whether they voluntarily donated code.
Once they took the GPL kernel and compiled and distributed it for their business needs, they became obligated to produce source. At least I think that is the interpretation most that use the GPL have accepted based on the GPL text (and I expect this would include the vast majority of those that contributed GPL code to the kernel).
zatoichi Reply:
July 28th, 2009 at 11:39 am
No, they were not, not based on the available evidence, and not based on established practice. Neither you nor I (nor the SFLC) to the best of my knowledge has gone through the materials Microsoft provided along with the drivers to determine that there was no offer. So, you again have no evidence to support the claim.
Moreover, whenever gpl-violations.org finds an oversight, and leaving out the notice is a common error, they give the company an opportunity to correct that oversight–something Microsoft has arguably done in full–before they claim that the organization is in “violation”. That’s the difference between “collaboration” and “demonization”.
The SFLC seems to be pushing a political agenda here, rather than operating based on the facts of the matter. That’s actually pretty disturbing, and seems to be more of the sort of “exclusionism” that Linus spoke about.
Why treat Microsoft differently than the literally hundreds of companies that have made–and corrected–exactly the same sorts of errors? If Harald and Armijn of gpl-violations.org aren’t claiming a violation here, and the engineer who found the issue isn’t claiming a violation, on what basis do you or Roy or the SFLC claim one?
Jose_X Reply:
July 28th, 2009 at 12:01 pm
>> Neither you nor I (nor the SFLC) to the best of my knowledge has gone through the materials Microsoft provided along with the drivers to determine that there was no offer. So, you again have no evidence to support the claim.
BN is taking the SFLC on their word. They are a reputable source to many here (can you pinpoint a nontrivial number of past mistakes?). I think you should go speak to them if this really worries you. For various reasons they may not want to make the evidence public. Then again, the evidence might be easily accessible to those that know where it is.
>> Moreover, whenever gpl-violations.org finds an oversight, and leaving out the notice is a common error, they give the company an opportunity to correct that oversight–something Microsoft has arguably done in full–before they claim that the organization is in “violation”. That’s the difference between “collaboration” and “demonization”.
I did go to gpl-violations.org, and they said they don’t update the website frequently for lack of resources. Where would one find who they have stated had been in violation?
Assuming the evidence exists (something apparently you and I don’t know), I think Microsoft would be in violation technically whether there was an unintentional oversight or something else.
And did they have the code ready to hand out upon request or not? From the quotation at the top, I get the impression that they were unprepared to give out source upon request.
Did the SFLC or anyone else cancel Microsoft’s access to the code? I don’t think so.
Has Microsoft called the GPL a cancer? I think so.
I don’t think Big Mighty Monopolysoft had their feelings hurt when Kuhn used the accurate word “violation” instead of the softer “oversight”, not to mention it appears Microsoft likely knew their obligations (they have plenty of lawyers and awareness of the GPL) yet apparently weren’t prepared to fulfill them.
Microsoft would likely challenge the GPL as necessary. They didn’t here for obvious reasons, I’d say (to be on good terms to help their situation). Microsoft has challenged many things in the past and lost in court. The vast number of people accept the interpretation that source code was necessary.
Roy Bixler said,
July 28, 2009 at 10:45 am
Here’s what Stephen Hemminger wrote in his blog:
It sounds to me like someone wanted the source and was unable to find it.
zatoichi Reply:
July 28th, 2009 at 11:25 am
Doesn’t matter in the slightest. If they either a) didn’t receive a “distribution” of the drivers from Microsoft, or b) didn’t make the request to the provider of the drivers (i.e. Microsoft) for the sources, and c) having satisfied a and b, failed to get the sources as described, then there’s no violation, none at all, and it’s incorrect and irresponsible to claim otherwise.
“A little googling” doesn’t trigger any obligations under the terms of the GPL, nor does “wanting the source”, nor does asking random passersby for sources corresponding to binary code you may or may not have had distributed to you. (Have you read the GPL, Mr. Bixler…?)
Hemminger’s specifically said that there was no violation, so why are you quoting his blog to support a contention he’s specifically denied ever making?
Roy Bixler Reply:
July 28th, 2009 at 12:16 pm
I acknowledge that we don’t have all the facts here and that you still may be right that, in a very narrow technical sense, Microsoft might not be found in violation of the GPL. That would only be true if everything is as you surmise, there was an offer but nonetheless someone wanted to push a political agenda and we see the present story. My reading of Hemminger’s blog, that he just wanted to solve the problem and did not want to make an issue of it, and the timeframe involved in solving the problem, a matter of months, make your reading of events unlikely.
zatoichi Reply:
July 28th, 2009 at 4:01 pm
…someone wanted to push a political agenda and we see the present story…
Indeed. The “someones” in this case are Roy and the SFLC; the “political agenda” they’re pushing is exactly the one of unreasoning hatred of Microsoft, under all circumstances, at which Linus expressed dismay.
…he just wanted to solve the problem and did not want to make an issue of it…
Which is the correct way to approach such a problem, and in fact, the way such compliance issues typically are approached, even by gpl-violations.org; so why is this case different than all other cases, if not a “political agenda”?
zatoichi Reply:
July 28th, 2009 at 1:20 pm
You’re sidestepping the facts, Mr. Bixler. A violation can be claimed by two parties, and by no one else:
One, a person supplied with binaries from Microsoft, who requested sources from Microsoft, and who failed to receive them.
Two, the holder of the copyright on the code which was allegedly infringed.
No one else has the standing to assert a violation under the GPL in this instance. None of the folks currently claiming a violation, including Roy Schestowitz and Bradley Kuhn, have the standing to make such a claim on their own say-so.
Evidently you’re completely unfamiliar with the work of gpl-violations.org and the way they go about things; given your keen interest in violations, this is a little surprising. I’d point out that Harald Welte of that organization is—to the best of my knowledge—the only person on earth who’s ever won a court case based on a violation of the GPL. I’m pretty confident that the SFLC hasn’t won a single one.
Roy Bixler Reply:
July 28th, 2009 at 1:42 pm
You’re talking about someone bringing a court case and winning. No one ever claimed that this issue resulted in a court case. I thank you for the clarification but I can’t help but notice that you are moving the goal posts in order to try to win rhetorical points.
zatoichi Reply:
July 28th, 2009 at 3:50 pm
Check the SFLC web site, Mr. Bixler—you’ll find that they’ve only previously dragged out this sort of rhetoric in cases where they were bringing a court case.
Trotting it out now, in the wake of an act of actual compliance, seems like churlish grandstanding, or maybe some sore of strange, after-the-fact, “ambulance chasing” after the case has already been settled out of court.
Maybe Bradley’s distressed that Microsoft complied and the SFLC never even got a chance to get in on the act.
If you think I’m off the mark here, please show me another case of Bradley, or the SFLC, or gpl-violations.org for that matter, claiming a “violation” after an organization has addressed a compliance issue correctly.
saulgoode Reply:
July 29th, 2009 at 5:25 am
Zatoichi wrote:
I imagine Roy Bixler provided Mr Hemminger’s quote (written by Mr Hemminger on Mr Hemminger’s website) because it shows, contrary to your claim, Mr Hemminger stating “… so this was an obvious violation of the license”.
Where is your link supporting your claim that Mr Hemminger denied ever making that statement? I find it hard to believe he is denying something that is still plainly posted on his weblog.
zatoichi Reply:
July 29th, 2009 at 9:27 am
Here.
News stories like the half dozen which Roy has pumped out on this. Also, you might want to read my last comment: according to Jo Shields’ investigation, there may not have been any violation in the first place—not unless you consider the Nvidia and ATI drivers to be violations as well (and I don’t see the SFLC screaming about, or even mentioning those…)
saulgoode Reply:
July 29th, 2009 at 10:47 am
So your assertion that Mr Hemminger specifically denied ever claiming a violation took place was entirely unfounded; fabricated out of whole cloth, as it were.
Also included in the very statement which Roy Bixler quoted directly, Mr Hemminger’s stated “The driver had both open-source components which were under GPL, and statically linked to several binary parts.”
While dynamic linking of GPLed code to closed source code may enter into a gray area of copyright law, if you’re planning on arguing that static linking of software components does not result in a derived work under copyright law, you’d better have a pretty strong legal team ready to overturn thirty+ years of software copyright precedent and redefine the very meaning of derivation.
zatoichi Reply:
July 29th, 2009 at 2:46 pm
Vyatta has publicly stated that there was no claim of “violation”; the word “violation” doesn’t appear in Mr. Hemminger’s blog. You’d seem to be one of the ones who’s “putting words into the mouths of both Vyatta and its employees” here.
While dynamic linking of GPLed code to closed source code may enter into a gray area of copyright law, if you’re planning on arguing that static linking of software components does not result in a derived work under copyright law, you’d better have a pretty strong legal team ready to overturn thirty+ years of software copyright precedent and redefine the very meaning of derivation.
If it’s a “gray area”, then—unless you’re arguing a case in court—it’s unclear how you can assert that it’s a violation. And if there’s so much precedent, how can it be “gray”? You seem to be lighting your candle at both ends here, but it’s not shedding a lot of light.
In any case, if there indeed was a violation—and directhex’s comments in Hemminger’s blog cast that assertion into some significant doubt—then why why flog a company after they’ve corrected said “violation” when no one seems to be complaining about the numerous other companies that are still shipping exactly the same sorts of “violations” and haven’t done anything to comply?
We’d seem to be punishing those who comply for past sins while giving ongoing “violators” a free ride here. That makes no sense to me.
I’ve got a couple of ideas about it, though: grandstanding; a political agenda.
saulgoode Reply:
July 29th, 2009 at 3:53 pm
So you’re insisting that the word “violation” doesn’t appear in the fourth sentence of the second paragraph of Mr Hemminger’ weblog entry dated Monday, July 20, 2009 — right after the word “obvious”?
Click on the link. Read what the man wrote. This isn’t rocket science.
zatoichi Reply:
July 29th, 2009 at 5:50 pm
Fine, he used the word “violation”. I think your pettifogging is losing the main point here (notwithstanding that you ignored the bulk of my comment).
Microsoft got into compliance. Willingly. “Eagerly”, if you believe Sam Ramji (I imagine this unlikely). Note the title of Stephen Hemminger’s blog posting: “Congratulations, Microsoft”. That seems the right spirit to me, and I guess I’m in agreement with Linus on that.
You folk, and worse, the SFLC, seem to want to flog Microsoft (although why you are apparently okay with giving others a pass for similar misdeeds is still a mystery) for doing the right thing. How is that not exclusionary? How does that encourage other companies, the ones the SFLC is strangely not complaining about, to do the right thing?
No one suggests they’re our new best friends, or that they have Mother Teresa-like motives, but they’re doing the right thing. Give credit where credit is due. Stop being a bunch of sore winners.
saulgoode Reply:
July 30th, 2009 at 9:15 am
The bulk of your comment was about the “gray area” of derivative works with regard to dynamic linking of code; however, Mr Hemminger specifically stated that the Microsoft binaries were statically linked to the GPLed code. Statically linking code is entirely black & white with regard to copyright law — the result is necessarily a derived work, no ifs, ands, or buts. So if I ignored the bulk of your comment it was owing to it being premised upon incorrect assumptions and an invalid comparison (nVidia drivers are linked to dynamically by end users).
I remain reticent to further address your comments given the lack of general reading comprehension you’ve thus demonstrated, your misinterpretation of the terms and conditions of the GPL, and your misapprehension of copyright law in general. You are welcome to your opinion about whether or not Microsoft should be lauded for their actions; I would extend the same courtesy to everyone else.
zatoichi Reply:
July 30th, 2009 at 9:25 am
Unless Mr. Hemminger is wrong in his assertion, as Jo Shields asserts, and as you’re (conveniently) ignoring. As far as whether Microsoft should be “lauded”, thanks for demonstrating that you’re not even bothering to read comments before responding, that’s about par for the course around here.
Dylan McCall said,
July 28, 2009 at 12:15 pm
Roy, I don’t have any stakes in this so don’t take it the wrong way…
…didn’t you say you were finished talking about this about 10 articles ago?
It isn’t like there’s anything useful, or interesting, or for that matter even new being uncovered here.
zatoichi said,
July 28, 2009 at 5:12 pm
Some late-breaking news which further casts the actions of this site and of the SFLC into some serious doubt: Jo Shields has poked further into these Microsoft drivers, and discovered that they are structured, to all appearances, exactly like Nvidia’s and ATI’s proprietary drivers for Linux: a GPL-licensed shim that’s link to the kernel, and which pulls in a binary blob dynamically at boot time. As Hemminger agrees, this is okay with Linus, it seems, and certainly there’s been a marked absence of hysteria from the SFLC—or this site, for that matter—about such practices.
So why is this one thing different from the others? Political agendas, perhaps?