The GNU GPL Is An Enforceable Contract At Last

It would be difficult to imagine the technological enhancements to the world we live in today without open-source software. You will find it somewhere in most of your consumer electronics, in the unseen data centres of the cloud, in machines, gadgets, and tools, in fact almost anywhere a microcomputer is used in a product. The willingness of software developers to share their work freely under licences that guarantee its continued free propagation has been as large a contributor to the success of our tech economy as any hardware innovation.

Though open-source licences have been with us for decades now, there have been relatively few moments in which they have been truly tested in a court. There have been frequent licence violations in which closed-source products have been found to contain open-source software, but they have more often resulted in out-of-court settlement than lengthy public legal fights. Sometimes the open-source community has gained previously closed-source projects, as their licence violations have involved software whose licence terms included a requirement for a whole project in which it is included to have the same licence. These terms are sometimes referred to as viral clauses by open-source detractors, and the most famous such licence is the GNU GPL, or General Public Licence. If you have ever installed OpenWRT on a router you will have been a beneficiary of this: the project has its roots in the closed-source firmware for a Linksys router that was found to contain GPL code.

Now we have news of an interesting milestone for the legal enforceability of open-source licences, a judge in California has ruled that the GPL is an enforceable contract. Previous case-law had only gone as far as treating GPL violations as a copyright matter, while this case extends its protection to another level.

The case in question involves a Korean developer of productivity software, Hancom Office, who were found to have incorporated the open-source Postscript and PDF encoder Ghostscript into their products without paying its developer a licence fee. Thus their use of Ghostscript falls under the GPL licencing of its open-source public version, and it was  on this basis that Artifex, the developer of Ghostscript, brought the action.

It’s important to understand that this is not a win for Artifex, it is merely a decision on how the game can be played. They must now go forth and fight the case, but that they can do so on the basis of a contract breach rather than a copyright violation should help them as well as all future GPL-licenced developers who find themselves in the same position.

We’re not lawyers here at Hackaday, but if we were to venture an opinion based on gut feeling it would be that we’d expect this case to end in the same way as so many others, with a quiet out-of-court settlement and a lucrative commercial licencing deal for Artifex. But whichever way it ends the important precedent will have been set, the GNU GPL is now an enforceable contract in the eyes of the law. And that can only be a good thing.

Via Hacker News.

GNU logo, CC-BY-SA 2.0.

Humans May Have Accidentally Created a Radiation Shield Around Earth

 

NASA spends a lot of time researching the Earth and its surrounding space environment. One particular feature of interest are the Van Allen belts, so much so that NASA built special probes to study them! They’ve now discovered a protective bubble they believe has been generated by human transmissions in the VLF range.

VLF transmissions cover the 3-30 kHz range, and thus bandwidth is highly limited. VLF hardware is primarily used to communicate with submarines, often to remind them that, yes, everything is still fine and there’s no need to launch the nukes yet.  It’s also used for navigation and broadcasting time signals.

It seems that this human transmission has created a barrier of sorts in the atmosphere that protects it against radiation from space. Interestingly, the outward edge of this “VLF Bubble” seems to correspond very closely with the innermost edge of the Van Allen belts caused by Earth’s magnetic field. What’s more, the inner limit of the Van Allan belts now appears to be much farther away from the Earth’s surface than it was in the 1960s, which suggests that man-made VLF transmissions could be responsible for pushing the boundary outwards.

Continue reading “Humans May Have Accidentally Created a Radiation Shield Around Earth”

Arduino Cinque – The RISC-V, ESP32, WiFi, Bluetooth Arduino

This weekend at the Bay Area Maker Faire, Arduino in conjunction with SiFive, a fabless provider of the Open Source RISC-V micros, introduced the Arduino Cinque. This is a board running one of the fastest microcontrollers available, and as an added bonus, this board includes Espressif’s ESP32, another wonderchip that features WiFi and Bluetooth alongside a very, very powerful SoC.

Details on the Arduino Cinque are slim at the moment, but from what we’ve seen so far, the Cinque is an impressively powerful board featuring the RISC-V FE310 SoC from SiFive, an ESP32, and an STM32F103. The STM32 appears to be dedicated to providing the board with USB to UART translation, something the first RISC-V compatible Arduino solved with an FTDI chip. Using an FTDI chip is, of course, a questionable design decision when building a capital ‘O’ Open microcontroller platform, and we’re glad SiFive and Arduino found a better solution. It’s unknown if this STM32 can be used alongside the FE310 and ESP32 at this point.

We’ve taken a look at SiFive’s FE310 SoC, and it is an extremely capable chip. It was released first at the HiFive1, and our hands-on testing revealed this is a chip that outperforms the current performance champ of the Arduino world, the Teensy 3.6. Of course, with any new architecture, there will be a few problems porting the vast number of libraries over to the FE310, but SiFive has included an Arduino compatible SDK. It’s promising, and we can’t wait to see SiFive’s work in more boards.

FAA’s Drone Registration System Struck Down For Hobbyists

The US Court of Appeals for the D.C. Circuit has struck down a rule requiring recreational drone users and model aircraft pilots to register their drones with the FAA.

This began when [John Taylor], an RC hobbyist and attorney, filed suit against the FAA questioning the legitimacy of the FAA’s drone registration program. This drone registration began early last year, with the FAA requiring nearly all drones and model aircraft to be registered in a new online system. This registration system caused much consternation; the FAA Modernization And Reform Act of 2012 states, ““…Federal Aviation Administration may not promulgate any rule or regulation regarding a model aircraft…”, defining model aircraft as any unmanned aircraft flown within visual line of sight for hobby or recreational purposes. Despite this mandate from Congress, the FAA saw fit to require registration for every model aircraft weighing between 0.55 and 55 pounds, regardless of the purpose of its flight.

In our coverage of the FAA’s drone registration program, we couldn’t make heads or tails of the reasons behind this regulation. In addition to the questionable legality of this regulation, there are questions over the FAA’s mandate to regulate anything flying under the 400 foot ceiling cited in the FAA’s rules. The question of safety is also open — a 2 kg drone is likely to cause injury to a passenger on a commercial flight only once every 187 million years of operation. In short, the FAA might not have the mandate of managing the air traffic, certification, and safety of the nation’s airspace when it comes to model aircraft.

While the Circuit court struck down the rule for registration concerning model aircraft, this still only applies to small (under 55 pounds) planes and quads flown within line of sight. Commercial drone operators still fall under the purview of the FAA, and for them the drone registration system will stand.

Blackberry Eyes Up Car Anti-Virus Market

[Reuters] reports that BlackBerry is working with at least two car manufacturers to develop a remote malware scanner for vehicles, On finding something wrong the program would then tell drivers to pull over if they were in critical danger.

The service would be able to install over-the-air patches to idle cars and is in testing phase by Aston Martin and Range Rover. The service could be active as early as next year, making BlackBerry around $10 a month per vehicle.

Since the demise of BlackBerry in the mobile phone sector, they’ve been hard at work refocusing their attention on new emerging markets. Cars are already rolling computers, and now they’re becoming more and more networked with Bluetooth and Internet connections. This obviously leaves cars open to new types of attacks as demonstrated by [Charlie Miller] and [Chris Valasek]’s hack that uncovered vulnerabilities in Jeeps and led to a U.S. recall of 1.4 million cars.

BlackBerry seem to be hedging their bets on becoming the Kingpin of vehicle anti-virus. But do our cars really belong on the Internet in the first place?

Yet Another IoT Botnet

[TrendMicro] are reporting that yet another IoT botnet is emerging. This new botnet had been dubbed Persirai and targets IP cameras. Most of the victims don’t even realize their camera has access to the Internet 24/7 in the first place.

Trend Micro, have found 1,000 IP cameras of different models that have been exploited by Persirai so far. There are at least another 120,000 IP cameras that the botnet could attack using the same method. The problem starts with the IP cameras exposing themselves by default on TCP Port 81 as a web server — never a great idea.

Most IP cameras use Universal Plug and Play, which allows them to open ports from inside the router and start a web server without much in the way of security checks. This paints a giant target in cyber space complete with signs asking to be exploited. After logging into a vulnerable device the attacker can perform a command injection attack which in turn points gets the camera to download further malware.

The exploit runs in memory only, so once it has been rebooted it should all be fine again until your next drive by malware download. Check your devices, because even big named companies make mistakes. IoT is turning into a battlefield. We just hope that with all these attacks, botnets, and hacks the promise of the IoT idea isn’t destroyed because of lazy coders.

Part of feature image from Wikipedia, Creative Commons license.

Patents on MP3 Format Due to Expire

MP3 took off in the late 90s as the digital music format. It then proceeded to slaughter the CD, and launch the file sharing revolution as well. It’s a proud format that has roots stretching all the way back to the early 1980s, when the possibility of sending music over ISDN lines was first considered. Now the patents on it are beginning to expire and its licencing program has been terminated.

The MP3 standard was the property of Fraunhofer IIS, and the original licencing model was intended such that encoders would be expensive, and decoders relatively inexpensive. This would allow people to buy software to listen to MP3s cheaply, but the creation of MP3s would be expensive, and thus handled by studios and music labels. This all changed when a high-quality MP3 encoder was leaked to the public, and suddenly it became possible to readily convert your CDs at home into the MP3 format.

One hangover of this ownership of the MP3 standard was that when you installed certain FOSS software, such as Audacity or a Linux distro, you would find that you had to go and do some legwork to find an MP3 codec. That was because it wasn’t worth the legal trouble for the FOSS authors to arrange a workaround, and trading in proprietary software is the antithesis to everything they stand for.

However, now that more of the relevant patents are expiring, you can now expect MP3 support to be baked into more software. It may be more than a little late, with more advanced audio formats beginning to take over, but it’s great to know that Fedora, for one, is starting to include MP3 support with their releases.

If you’d like to read more about the history of the MP3, check out this great article from NPR. Fraunhofer have their own great history site, too. If all this talk of advanced audio formats has gotten you excited, check out this MP3 decoder written for the ESP8266.

[Thanks to Tim Trzepacz for the tip!]