Vizio In Hot Water Over Smart TV GPL Violations

As most anyone in this community knows, there’s an excellent chance that any consumer product on the market that’s advertised as “smart” these days probably has some form of Linux running under the hood. We’re also keenly aware that getting companies to hold up their end of the bargain when it comes to using Linux and other GPL licensed software in their products, namely releasing their modified source, isn’t always as cut and dried as it should be.

Occasionally these non-compliant companies will get somebody so aggravated that they actually try to do something about it, which is where smart TV manufacturer Vizio currently finds itself. The Software Freedom Conservancy (SFC) recently announced they’re taking the Irvine, California based company to court over their repeated failures to meet the requirements of the GPL while developing their Linux-powered SmartCast TV firmware. In addition to the Linux kernel, the SFC also claims Vizio is using modified versions of various other GPL and LGPL protected works, such as U-Boot, bash, gawk, tar, glibc, and ffmpeg.

According to the SFC press release, the group isn’t looking for any monetary damages. They simply want Vizio to do what’s required of them as per the GPL and release the SmartCast source code, which they hope will allow for the development of an OpenWrt-like replacement firmware for older Vizio smart TVs. This is particularly important as older models will often stop receiving updates, and in many cases, will no longer be able to access all of the services they were advertised as being able to support. Clearly the SFC wants this case to be looked at as part of the larger Right to Repair debate, and given the terrible firmware we’ve seen some of these smart TVs ship with, we’re inclined to agree.

Now of course, we’ve seen cases like this pop up in the past. But what makes this one unique is that the SFC isn’t representing one of the developers who’s software has been found to be part of Vizio’s SmartCast, they’re actually the plaintiff. By taking the position of a consumer who has purchased a Vizio product that included GPL software, the SFC is considered a third-party beneficiary, and they are merely asking the court to be given what’s due to them under the terms of the license.

As firm believers in the open source movement, we have zero tolerance for license violators. Vizio isn’t some wide-eyed teen, randomly copying code they found from GitHub without understanding the implications. This is a multi-billion dollar company that absolutely should know better, and we’ll be happy to see them twist in the wind a bit before they’re ultimately forced to play by the rules.

Muse Group Continues Tone Deaf Handling Of Audacity

When we last checked in on the Audacity community, privacy-minded users of the free and open source audio editor were concerned over proposed plans to add telemetry reporting to the decades old open source audio editing software. More than 1,000 comments were left on the GitHub pull request that would have implemented this “phone home” capability, with many individuals arguing that the best course of action was to create a new fork of Audacity that removed any current or future tracking code that was implemented upstream.

For their part, the project’s new owners, Muse Group, argued that the ability for Audacity to report on the user’s software environment would allow them to track down some particularly tricky bugs. The tabulation of anonymous usage information, such as which audio filters are most commonly applied, would similarly be used to determine where development time and money would best be spent. New project leader Martin “Tantacrul” Keary personally stepped in to explain that the whole situation was simply a misunderstanding, and that Muse Group had no ill intent for the venerable program. They simply wanted to get a better idea of how the software was being used in the real-world, but after seeing how vocal the community was about the subject, the decision was made to hold off on any changes until a more broadly acceptable approach could be developed.

Our last post on the subject ended on a high note, as it seemed like the situation was on the mend. While there was still a segment of the Audacity userbase that was skeptical about remote analytics being added into a program that never needed it before, representatives from the Muse Group seemed to be listening to the feedback they were receiving. Keary assured users that plans to implement telemetry had been dropped, and that should they be reintroduced in the future, it would be done with the appropriate transparency.

Unfortunately, things have only gotten worse in the intervening months. Not only is telemetry back on the menu for a program that’s never needed an Internet connection since its initial release in 2000, but this time it has brought with it a troubling Privacy Policy that details who can access the collected data. Worse, Muse Group has made it clear they intend to move Audacity away from its current GPLv2 license, even if it means muscling out long-time contributors who won’t agree to the switch. The company argues this will give them more flexibility to list the software with a wider array of package repositories, a claim that’s been met with great skepticism by those well versed in open source licensing.

Continue reading “Muse Group Continues Tone Deaf Handling Of Audacity”

Hackaday Links Column Banner

Hackaday Links: June 6, 2021

There are a bunch of newly minted millionaires this week, after it was announced that Stack OverFlow would be acquired for $1.8 billion by European tech investment firm Prosus. While not exactly a household name, Prosus is a big player in the Chinese tech scene, where it has about a 30% stake in Chinese internet company Tencent. They trimmed their holdings in the company a bit recently, raising $15 billion in cash, which we assume will be used to fund the SO purchase. As with all such changes, there’s considerable angst out in the community about how this could impact everyone’s favorite coding help site. The SO leadership are all adamant that nothing will change, but only time will tell.

Continue reading “Hackaday Links: June 6, 2021”

Can You “Take Back” Open Source Code?

It seems a simple enough concept for anyone who’s spent some time hacking on open source code: once you release something as open source, it’s open for good. Sure the developer might decide that future versions of the project close up the source, it’s been known to happen occasionally, but what’s already out there publicly can never be recalled. The Internet doesn’t have a “Delete” button, and once you’ve published your source code and let potentially millions of people download it, there’s no putting the Genie back in the bottle.

But what happens if there are extenuating circumstances? What if the project turns into something you no longer want to be a part of? Perhaps you submitted your code to a project with a specific understanding of how it was to be used, and then the rules changed. Or maybe you’ve been personally banned from a project, and yet the maintainers of said project have no problem letting your sizable code contributions stick around even after you’ve been kicked to the curb?

Due to what some perceive as a forced change in the Linux Code of Conduct, these are the questions being asked by some of the developers of the world’s preeminent open source project. It’s a situation which the open source community has rarely had to deal with, and certainly never on a project of this magnitude.

Is it truly possible to “take back” source code submitted to a project that’s released under a free and open source license such as the GPL? If so, what are the ramifications? What happens if it’s determined that the literally billions of devices running the Linux kernel are doing so in violation of a single developer’s copyright? These questions are of grave importance to the Internet and arguably our way of life. But the answers aren’t as easy to come by as you might think.

Continue reading “Can You “Take Back” Open Source Code?”

GPL Violations Cost Creality A US Distributor

One of the core tenets of free and open source software licenses is that you’re being provided source code for a project with the hope that you’ll “pay it forward” if and when you utilize that code. In fact some licenses, such as the GNU Public License (GPL), require that you keep the source code for subsequent spin-offs or forks open. These are known as viral licenses, and the hope is that they will help spread the use of open source as derivative works can’t turn around and refuse to release their source code.

Unfortunately, not everyone plays by the rules. In a recent post on their blog, Printed Solid has announced they are ending their relationship with Chinese manufacturer Creality, best known for their popular CR-10 printer. Creality produces a number of printers which make use of Marlin, a GPLv3 licensed firmware that runs (in some form or another) a large majority of desktop 3D printers. But as explained in the blog post, Printed Solid has grown tired with the manufacturer’s back and forth promises to comply with the viral aspects of the GPL license.

Rather than helping to support a company they believe is violating the trust of the open source community, they have decided to mark down their existing stock of Creality printers to the point they will be selling them at a loss until they run out. In addition, for each Creality printer that is sold Printed Solid has promised to make a $50 USD donation to the development of Marlin saying: “if Creality won’t support Marlin development then we will.”

As is often the case when tempers are high and agreements break down, Printed Solid has also pulled back the curtain a bit as to the relationship they have had thus far with the manufacturer. According to the blog post, Printed Solid claims that some models of Creality printers have had a 100% fault rate, and that the company needed to repair and tweak the machines before sending them out to customers. The not so subtle implication being that Creality printers have been benefiting from the work Printed Solid has been doing on their hardware, and that purchasing a unit direct from the manufacturer could be a dicey proposition.

We’ve previously covered an issue with Creality’s CR-10S printer that required the end-user to replace an SMD capacitor just to get reliable results out of the machine, and of course we’ve talked of the extra work that’s often required when wrangling a low-end Chinese printer. It’s even more disheartening when you realize cheap machines sold by shady manufacturers are pushing open source manufacturers out of business.

The Eric Lundgren Story: When Free Isn’t Free

At this point, you’ve almost certainly heard the tale of Eric Lundgren, the electronics recycler who is now looking at spending 15 months in prison because he was duplicating freely available Windows restore discs. Of no use to anyone who doesn’t already have a licensed copy of Windows, these restore discs have little to no monetary value. In fact, as an individual, you couldn’t buy one at retail if you wanted to. The duplication of these discs would therefore seem to be a victimless crime.

Eric Lundgren

Especially when you hear what Eric wanted to do with these discs. To help extend the functional lifespan of older computers, he intended on providing these discs at low cost to those looking to refurbish Windows computers. After each machine had its operating system reinstalled, the disc would go along with the computer in hopes the new owner would be able to utilize it themselves down the road.

It all sounds innocent enough, even honorable. But a quick glance at Microsoft’s licensing arrangement is all you need to know the whole scheme runs afoul of how the Redmond giant wants their operating system installed and maintained. It may be a hard pill to swallow, but when Eric Lundgren decided to use Microsoft’s product he agreed to play by their rules. Unfortunately for him, he lost.

Continue reading “The Eric Lundgren Story: When Free Isn’t Free”

Oracle V Google Could Chill Software Development

Unless you’ve completely unplugged from the news, you probably are aware that the long-running feud between Oracle and Google had a new court decision this week. An appeal court found that Google’s excuse of fair use wasn’t acceptable and that they did infringe on Oracle’s copyrights to Java. Oracle has asked for about $9 billion in damages, although the actual amount is yet to be decided. In addition, it is pretty likely Google will take it up to the Supreme Court before any actual judgment is levied.

The news is aimed at normal people, so it is pretty glossy about what exactly happened. We set out to try to make sense of it all. We found a pretty good article from [Michaela Barry] about what the courts previously found.  There were three main parts:

  • There were 37 API (Application Programming Interface) declarations taken verbatim from Java. This would be like a C header file if you aren’t familiar with Java.
  • Google decompiled 8 security files and used them.
  • The rangeCheck function — 9 lines of Java code — were exactly the same in Oracle’s Java and Android.

Continue reading “Oracle V Google Could Chill Software Development”