Fighting The Good Fight

July 16, 2022 by Elliot Williams 21 Comments

We here at Hackaday are super-duper proponents of open source. Software, hardware, or firmware, we like to be able to see it, learn from it, modify it, and make it ourselves. Some of this is self-serving because when we can’t see how it was done, we can’t show you how it’s done. But it’s also from a deeper place than that: the belief that the world is made better by sharing and open access.

One of the pieces of open-source firmware that I have running on no fewer than three devices in my house right now is grbl – it’s a super-simple, super-reliable G-code interpreter and stepper motor controller that has stood the test of time. It’s also GPL3 licensed, which means that if you want to use the code in your project, and you modify it to match your particular machine, you have to make the modified version available for those who bought the machine to modify themselves.

So when Norbert Heinz noticed that the Ortur laser engravers were running grbl without making the code available, he wrote them a letter. They responded with “business secrets”, he informed them again of their responsibility, and they still didn’t comply. So he made a video explaining the situation.

Good news incoming! Norbert wrote in the comments that since the post hit Hackaday, they’ve taken notice over at Ortur and have gotten back in touch with him. Assuming that they’re on their way to doing the right thing, this could be a nice win for grbl and for Ortur users alike.

Inside the free software world, we all know that “free” has many meanings, but I’d bet that you don’t have to go far outside our community to find people who don’t know that “free” software can have tight usage restrictions on it. (Or maybe not – it all depends on the license that the software’s author chose.) Reading software licenses is lousy work better left for lawyers than hackers anyway, and I can no longer count how many times I’ve clicked on a EULA without combing through it.

So what Norbert did was a good deed – educating a company that used GPL software of their obligations. My gut says that Ortur had no idea what they needed to do to comply with the license, and Norbert told them, even if it required some public arm-twisting. But now, Ortur has the opportunity to make good, and hackers everywhere can customize the firmware that drives their laser engravers. Woot!

It’s probably too early to declare victory here, but consider following Norbert’s example yourself. While you can’t bring a lawsuit if you’re not the copyright owner, you can still defend your right to free software simply by explaining it politely to companies that might not know that they’re breaking the law. And when they come around, make sure you welcome them into the global open-source hive mind, because we all win. One of us!

Showing an Ortur lasercutter control module in front of a screen. There's a serial terminal open on the screen, showing the "Ortur Laser Master 3" banner, and then a Grbl prompt.

Watch Out For Lasercutter Manufacturers Violating GPL

July 15, 2022 by Arya Voronova 84 Comments

For companies that build equipment like CNC machines or lasercutters, it’s tempting to use open-source software in a lot of areas. After all, it’s stable, featureful, and has typically passed the test of time. But using open-source software is not always without attendant responsibilities. The GPL license requires that all third-party changes shipped to users are themselves open-sourced, with possibility for legal repercussions. But for that, someone has to step up and hold them accountable.

Here, the manufacturer under fire is Ortur. They ship laser engravers that quite obviously use the Grbl firmware, or a modified version thereof, so [Norbert] asked them for the source code. They replied that it was a “business secret”. He even wrote them a second time, and they refused. Step three, then, is making a video about it.

Unfortunately [Norbert] doesn’t have the resources to start international legal enforcement, so instead he suggests we should start talking openly about the manufacturers involved. This makes sense, since such publicity makes it way easier for a lawsuit eventually happen, and we’ve seen real consequences come to Samsung, Creality and Skype, among others.

Many of us have fought with laser cutters burdened by proprietary firmware, and while throwing the original board out is tempting, you do need to invest quite a bit more energy and money working around something that shouldn’t have been a problem. Instead, the manufacturers could do the right, and legal, thing in the first place. We should let them know that we require that of them.

Continue reading “Watch Out For Lasercutter Manufacturers Violating GPL” →

Vizio In Hot Water Over Smart TV GPL Violations

October 22, 2021 by Tom Nardi 70 Comments

As most anyone in this community knows, there’s an excellent chance that any consumer product on the market that’s advertised as “smart” these days probably has some form of Linux running under the hood. We’re also keenly aware that getting companies to hold up their end of the bargain when it comes to using Linux and other GPL licensed software in their products, namely releasing their modified source, isn’t always as cut and dried as it should be.

Occasionally these non-compliant companies will get somebody so aggravated that they actually try to do something about it, which is where smart TV manufacturer Vizio currently finds itself. The Software Freedom Conservancy (SFC) recently announced they’re taking the Irvine, California based company to court over their repeated failures to meet the requirements of the GPL while developing their Linux-powered SmartCast TV firmware. In addition to the Linux kernel, the SFC also claims Vizio is using modified versions of various other GPL and LGPL protected works, such as U-Boot, bash, gawk, tar, glibc, and ffmpeg.

According to the SFC press release, the group isn’t looking for any monetary damages. They simply want Vizio to do what’s required of them as per the GPL and release the SmartCast source code, which they hope will allow for the development of an OpenWrt-like replacement firmware for older Vizio smart TVs. This is particularly important as older models will often stop receiving updates, and in many cases, will no longer be able to access all of the services they were advertised as being able to support. Clearly the SFC wants this case to be looked at as part of the larger Right to Repair debate, and given the terrible firmware we’ve seen some of these smart TVs ship with, we’re inclined to agree.

Now of course, we’ve seen cases like this pop up in the past. But what makes this one unique is that the SFC isn’t representing one of the developers who’s software has been found to be part of Vizio’s SmartCast, they’re actually the plaintiff. By taking the position of a consumer who has purchased a Vizio product that included GPL software, the SFC is considered a third-party beneficiary, and they are merely asking the court to be given what’s due to them under the terms of the license.

As firm believers in the open source movement, we have zero tolerance for license violators. Vizio isn’t some wide-eyed teen, randomly copying code they found from GitHub without understanding the implications. This is a multi-billion dollar company that absolutely should know better, and we’ll be happy to see them twist in the wind a bit before they’re ultimately forced to play by the rules.

Muse Group Continues Tone Deaf Handling Of Audacity

July 13, 2021 by Tom Nardi 132 Comments

When we last checked in on the Audacity community, privacy-minded users of the free and open source audio editor were concerned over proposed plans to add telemetry reporting to the decades old open source audio editing software. More than 1,000 comments were left on the GitHub pull request that would have implemented this “phone home” capability, with many individuals arguing that the best course of action was to create a new fork of Audacity that removed any current or future tracking code that was implemented upstream.

For their part, the project’s new owners, Muse Group, argued that the ability for Audacity to report on the user’s software environment would allow them to track down some particularly tricky bugs. The tabulation of anonymous usage information, such as which audio filters are most commonly applied, would similarly be used to determine where development time and money would best be spent. New project leader Martin “Tantacrul” Keary personally stepped in to explain that the whole situation was simply a misunderstanding, and that Muse Group had no ill intent for the venerable program. They simply wanted to get a better idea of how the software was being used in the real-world, but after seeing how vocal the community was about the subject, the decision was made to hold off on any changes until a more broadly acceptable approach could be developed.

Our last post on the subject ended on a high note, as it seemed like the situation was on the mend. While there was still a segment of the Audacity userbase that was skeptical about remote analytics being added into a program that never needed it before, representatives from the Muse Group seemed to be listening to the feedback they were receiving. Keary assured users that plans to implement telemetry had been dropped, and that should they be reintroduced in the future, it would be done with the appropriate transparency.

Unfortunately, things have only gotten worse in the intervening months. Not only is telemetry back on the menu for a program that’s never needed an Internet connection since its initial release in 2000, but this time it has brought with it a troubling Privacy Policy that details who can access the collected data. Worse, Muse Group has made it clear they intend to move Audacity away from its current GPLv2 license, even if it means muscling out long-time contributors who won’t agree to the switch. The company argues this will give them more flexibility to list the software with a wider array of package repositories, a claim that’s been met with great skepticism by those well versed in open source licensing.

Continue reading “Muse Group Continues Tone Deaf Handling Of Audacity” →

Hackaday Links: June 6, 2021

June 6, 2021 by Dan Maloney 12 Comments

There are a bunch of newly minted millionaires this week, after it was announced that Stack OverFlow would be acquired for $1.8 billion by European tech investment firm Prosus. While not exactly a household name, Prosus is a big player in the Chinese tech scene, where it has about a 30% stake in Chinese internet company Tencent. They trimmed their holdings in the company a bit recently, raising $15 billion in cash, which we assume will be used to fund the SO purchase. As with all such changes, there’s considerable angst out in the community about how this could impact everyone’s favorite coding help site. The SO leadership are all adamant that nothing will change, but only time will tell.

Continue reading “Hackaday Links: June 6, 2021” →

Can You “Take Back” Open Source Code?

September 27, 2018 by Tom Nardi 155 Comments

It seems a simple enough concept for anyone who’s spent some time hacking on open source code: once you release something as open source, it’s open for good. Sure the developer might decide that future versions of the project close up the source, it’s been known to happen occasionally, but what’s already out there publicly can never be recalled. The Internet doesn’t have a “Delete” button, and once you’ve published your source code and let potentially millions of people download it, there’s no putting the Genie back in the bottle.

But what happens if there are extenuating circumstances? What if the project turns into something you no longer want to be a part of? Perhaps you submitted your code to a project with a specific understanding of how it was to be used, and then the rules changed. Or maybe you’ve been personally banned from a project, and yet the maintainers of said project have no problem letting your sizable code contributions stick around even after you’ve been kicked to the curb?

Due to what some perceive as a forced change in the Linux Code of Conduct, these are the questions being asked by some of the developers of the world’s preeminent open source project. It’s a situation which the open source community has rarely had to deal with, and certainly never on a project of this magnitude.

Is it truly possible to “take back” source code submitted to a project that’s released under a free and open source license such as the GPL? If so, what are the ramifications? What happens if it’s determined that the literally billions of devices running the Linux kernel are doing so in violation of a single developer’s copyright? These questions are of grave importance to the Internet and arguably our way of life. But the answers aren’t as easy to come by as you might think.

Continue reading “Can You “Take Back” Open Source Code?” →

GPL Violations Cost Creality A US Distributor

August 27, 2018 by Tom Nardi 92 Comments

One of the core tenets of free and open source software licenses is that you’re being provided source code for a project with the hope that you’ll “pay it forward” if and when you utilize that code. In fact some licenses, such as the GNU Public License (GPL), require that you keep the source code for subsequent spin-offs or forks open. These are known as viral licenses, and the hope is that they will help spread the use of open source as derivative works can’t turn around and refuse to release their source code.

Unfortunately, not everyone plays by the rules. In a recent post on their blog, Printed Solid has announced they are ending their relationship with Chinese manufacturer Creality, best known for their popular CR-10 printer. Creality produces a number of printers which make use of Marlin, a GPLv3 licensed firmware that runs (in some form or another) a large majority of desktop 3D printers. But as explained in the blog post, Printed Solid has grown tired with the manufacturer’s back and forth promises to comply with the viral aspects of the GPL license.

Rather than helping to support a company they believe is violating the trust of the open source community, they have decided to mark down their existing stock of Creality printers to the point they will be selling them at a loss until they run out. In addition, for each Creality printer that is sold Printed Solid has promised to make a $50 USD donation to the development of Marlin saying: “if Creality won’t support Marlin development then we will.”

As is often the case when tempers are high and agreements break down, Printed Solid has also pulled back the curtain a bit as to the relationship they have had thus far with the manufacturer. According to the blog post, Printed Solid claims that some models of Creality printers have had a 100% fault rate, and that the company needed to repair and tweak the machines before sending them out to customers. The not so subtle implication being that Creality printers have been benefiting from the work Printed Solid has been doing on their hardware, and that purchasing a unit direct from the manufacturer could be a dicey proposition.

We’ve previously covered an issue with Creality’s CR-10S printer that required the end-user to replace an SMD capacitor just to get reliable results out of the machine, and of course we’ve talked of the extra work that’s often required when wrangling a low-end Chinese printer. It’s even more disheartening when you realize cheap machines sold by shady manufacturers are pushing open source manufacturers out of business.