Rocky Strikes Back At Red Hat

The world of Linux has seen some disquiet over recent weeks following the decision of Red Hat to restrict source code distribution for Red Hat Enterprise Linux (RHEL) to only their paying customers. We’re sure that there will be plenty of fall-out to come from this news, but what can be done if your project relies upon access to those Red Hat sources?

The Red-Hat-derived Rocky Linux distro relies on access to RHEL source, so the news could have been something of a disaster. Fortunately for Rocky users though, they appear to have found a reliable way to bypass the restriction and retain access to those RHEL sources. Red Hat would like anyone wanting source access to pay them handsomely for the privilege, but the Rocky folks have spotted a way to bypass this. Using readily available cloud images they can spin up a RHEL system and use it to download their sources, and they can do this as an automated process.

We covered this story as it unfolded last week, and it seemed inevitable then that something of this nature would be found, as for all Red Hat’s wishes a GPL-licensed piece of code can’t be prevented from being shared. So Rocky users and the wider community will for now retain access to the code, but will Red Hat strike back? It’s inevitable that there will be a further backlash from the community against any such moves, but will Red Hat be foolhardy enough to further damage their standing in this regard? They’re certainly not the only large distro losing touch with their users.

Et Tu, Red Hat?

Something odd happened to git.centos.org last week. That’s the repository where Red Hat has traditionally published the source code to everything that’s a part of Red Hat Enterprise Linux (RHEL) to fulfill the requirements of the GPL license. Last week, those packages just stopped flowing. Updates weren’t being published. And finally, Red Hat has published a clear answer to why:

Red Hat has decided to continue to use the Customer Portal to share source code with our partners and customers, while treating CentOS Stream as the venue for collaboration with the community.

Sounds innocuous, but what’s really going on here? Let’s have a look at the Red Hat family: RHEL, CentOS, and Fedora.

RHEL is the enterprise Linux distribution that is Red Hat’s bread and butter. Fedora is RHEL’s upstream distribution, where changes happen fast and things occasionally break. CentOS started off as a community repackaging of RHEL, as allowed under the GPL and other Open Source licenses, for people who liked the stability but didn’t need the software support that you’re paying for when you buy RHEL.

Red Hat took over the reigns of CentOS back in 2014, and then imposed the transition to CentOS Stream in 2020, to some consternation. This placed CentOS Stream between the upstream Fedora, and the downstream RHEL. Some people missed the stability of the old CentOS, and in response a handful of efforts spun up to fill the gap, like Alma Linux and Rocky Linux. These projects took the source from git.centos.org, and rebuilt them into usable community operating systems, staying closer to RHEL in the process.

Red Hat has published a longer statement elaborating on the growth of CentOS Stream, but it ends with an interesting statement: “Red Hat customers and partners can access RHEL sources via the customer and partner portals, in accordance with their subscription agreement.” What exactly is in that subscription agreement? Well according to Alma Linux, “the way we understand it today, Red Hat’s user interface agreements indicate that re-publishing sources acquired through the customer portal would be a violation of those agreements.” Continue reading “Et Tu, Red Hat?”

Fighting The Good Fight

We here at Hackaday are super-duper proponents of open source. Software, hardware, or firmware, we like to be able to see it, learn from it, modify it, and make it ourselves. Some of this is self-serving because when we can’t see how it was done, we can’t show you how it’s done. But it’s also from a deeper place than that: the belief that the world is made better by sharing and open access.

One of the pieces of open-source firmware that I have running on no fewer than three devices in my house right now is grbl – it’s a super-simple, super-reliable G-code interpreter and stepper motor controller that has stood the test of time. It’s also GPL3 licensed, which means that if you want to use the code in your project, and you modify it to match your particular machine, you have to make the modified version available for those who bought the machine to modify themselves.

So when Norbert Heinz noticed that the Ortur laser engravers were running grbl without making the code available, he wrote them a letter. They responded with “business secrets”, he informed them again of their responsibility, and they still didn’t comply. So he made a video explaining the situation.

Good news incoming! Norbert wrote in the comments that since the post hit Hackaday, they’ve taken notice over at Ortur and have gotten back in touch with him. Assuming that they’re on their way to doing the right thing, this could be a nice win for grbl and for Ortur users alike.

Inside the free software world, we all know that “free” has many meanings, but I’d bet that you don’t have to go far outside our community to find people who don’t know that “free” software can have tight usage restrictions on it. (Or maybe not – it all depends on the license that the software’s author chose.) Reading software licenses is lousy work better left for lawyers than hackers anyway, and I can no longer count how many times I’ve clicked on a EULA without combing through it.

So what Norbert did was a good deed – educating a company that used GPL software of their obligations. My gut says that Ortur had no idea what they needed to do to comply with the license, and Norbert told them, even if it required some public arm-twisting. But now, Ortur has the opportunity to make good, and hackers everywhere can customize the firmware that drives their laser engravers. Woot!

It’s probably too early to declare victory here, but consider following Norbert’s example yourself. While you can’t bring a lawsuit if you’re not the copyright owner, you can still defend your right to free software simply by explaining it politely to companies that might not know that they’re breaking the law. And when they come around, make sure you welcome them into the global open-source hive mind, because we all win. One of us!

Showing an Ortur lasercutter control module in front of a screen. There's a serial terminal open on the screen, showing the "Ortur Laser Master 3" banner, and then a Grbl prompt.

Watch Out For Lasercutter Manufacturers Violating GPL

For companies that build equipment like CNC machines or lasercutters, it’s tempting to use open-source software in a lot of areas. After all, it’s stable, featureful, and has typically passed the test of time. But using open-source software is not always without attendant responsibilities. The GPL license requires that all third-party changes shipped to users are themselves open-sourced, with possibility for legal repercussions. But for that, someone has to step up and hold them accountable.

Here, the manufacturer under fire is Ortur. They ship laser engravers that quite obviously use the Grbl firmware, or a modified version thereof, so [Norbert] asked them for the source code. They replied that it was a “business secret”. He even wrote them a second time, and they refused. Step three, then, is making a video about it.

Unfortunately [Norbert] doesn’t have the resources to start international legal enforcement, so instead he suggests we should start talking openly about the manufacturers involved. This makes sense, since such publicity makes it way easier for a lawsuit eventually happen, and we’ve seen real consequences come to Samsung, Creality and Skype, among others.

Many of us have fought with laser cutters burdened by proprietary firmware, and while throwing the original board out is tempting, you do need to invest quite a bit more energy and money working around something that shouldn’t have been a problem. Instead, the manufacturers could do the right, and legal, thing in the first place. We should let them know that we require that of them.

Continue reading “Watch Out For Lasercutter Manufacturers Violating GPL”

Vizio In Hot Water Over Smart TV GPL Violations

As most anyone in this community knows, there’s an excellent chance that any consumer product on the market that’s advertised as “smart” these days probably has some form of Linux running under the hood. We’re also keenly aware that getting companies to hold up their end of the bargain when it comes to using Linux and other GPL licensed software in their products, namely releasing their modified source, isn’t always as cut and dried as it should be.

Occasionally these non-compliant companies will get somebody so aggravated that they actually try to do something about it, which is where smart TV manufacturer Vizio currently finds itself. The Software Freedom Conservancy (SFC) recently announced they’re taking the Irvine, California based company to court over their repeated failures to meet the requirements of the GPL while developing their Linux-powered SmartCast TV firmware. In addition to the Linux kernel, the SFC also claims Vizio is using modified versions of various other GPL and LGPL protected works, such as U-Boot, bash, gawk, tar, glibc, and ffmpeg.

According to the SFC press release, the group isn’t looking for any monetary damages. They simply want Vizio to do what’s required of them as per the GPL and release the SmartCast source code, which they hope will allow for the development of an OpenWrt-like replacement firmware for older Vizio smart TVs. This is particularly important as older models will often stop receiving updates, and in many cases, will no longer be able to access all of the services they were advertised as being able to support. Clearly the SFC wants this case to be looked at as part of the larger Right to Repair debate, and given the terrible firmware we’ve seen some of these smart TVs ship with, we’re inclined to agree.

Now of course, we’ve seen cases like this pop up in the past. But what makes this one unique is that the SFC isn’t representing one of the developers who’s software has been found to be part of Vizio’s SmartCast, they’re actually the plaintiff. By taking the position of a consumer who has purchased a Vizio product that included GPL software, the SFC is considered a third-party beneficiary, and they are merely asking the court to be given what’s due to them under the terms of the license.

As firm believers in the open source movement, we have zero tolerance for license violators. Vizio isn’t some wide-eyed teen, randomly copying code they found from GitHub without understanding the implications. This is a multi-billion dollar company that absolutely should know better, and we’ll be happy to see them twist in the wind a bit before they’re ultimately forced to play by the rules.

Muse Group Continues Tone Deaf Handling Of Audacity

When we last checked in on the Audacity community, privacy-minded users of the free and open source audio editor were concerned over proposed plans to add telemetry reporting to the decades old open source audio editing software. More than 1,000 comments were left on the GitHub pull request that would have implemented this “phone home” capability, with many individuals arguing that the best course of action was to create a new fork of Audacity that removed any current or future tracking code that was implemented upstream.

For their part, the project’s new owners, Muse Group, argued that the ability for Audacity to report on the user’s software environment would allow them to track down some particularly tricky bugs. The tabulation of anonymous usage information, such as which audio filters are most commonly applied, would similarly be used to determine where development time and money would best be spent. New project leader Martin “Tantacrul” Keary personally stepped in to explain that the whole situation was simply a misunderstanding, and that Muse Group had no ill intent for the venerable program. They simply wanted to get a better idea of how the software was being used in the real-world, but after seeing how vocal the community was about the subject, the decision was made to hold off on any changes until a more broadly acceptable approach could be developed.

Our last post on the subject ended on a high note, as it seemed like the situation was on the mend. While there was still a segment of the Audacity userbase that was skeptical about remote analytics being added into a program that never needed it before, representatives from the Muse Group seemed to be listening to the feedback they were receiving. Keary assured users that plans to implement telemetry had been dropped, and that should they be reintroduced in the future, it would be done with the appropriate transparency.

Unfortunately, things have only gotten worse in the intervening months. Not only is telemetry back on the menu for a program that’s never needed an Internet connection since its initial release in 2000, but this time it has brought with it a troubling Privacy Policy that details who can access the collected data. Worse, Muse Group has made it clear they intend to move Audacity away from its current GPLv2 license, even if it means muscling out long-time contributors who won’t agree to the switch. The company argues this will give them more flexibility to list the software with a wider array of package repositories, a claim that’s been met with great skepticism by those well versed in open source licensing.

Continue reading “Muse Group Continues Tone Deaf Handling Of Audacity”

Hackaday Links Column Banner

Hackaday Links: June 6, 2021

There are a bunch of newly minted millionaires this week, after it was announced that Stack OverFlow would be acquired for $1.8 billion by European tech investment firm Prosus. While not exactly a household name, Prosus is a big player in the Chinese tech scene, where it has about a 30% stake in Chinese internet company Tencent. They trimmed their holdings in the company a bit recently, raising $15 billion in cash, which we assume will be used to fund the SO purchase. As with all such changes, there’s considerable angst out in the community about how this could impact everyone’s favorite coding help site. The SO leadership are all adamant that nothing will change, but only time will tell.

Continue reading “Hackaday Links: June 6, 2021”