It seems a simple enough concept for anyone who’s spent some time hacking on open source code: once you release something as open source, it’s open for good. Sure the developer might decide that future versions of the project close up the source, it’s been known to happen occasionally, but what’s already out there publicly can never be recalled. The Internet doesn’t have a “Delete” button, and once you’ve published your source code and let potentially millions of people download it, there’s no putting the Genie back in the bottle.
But what happens if there are extenuating circumstances? What if the project turns into something you no longer want to be a part of? Perhaps you submitted your code to a project with a specific understanding of how it was to be used, and then the rules changed. Or maybe you’ve been personally banned from a project, and yet the maintainers of said project have no problem letting your sizable code contributions stick around even after you’ve been kicked to the curb?
Due to what some perceive as a forced change in the Linux Code of Conduct, these are the questions being asked by some of the developers of the world’s preeminent open source project. It’s a situation which the open source community has rarely had to deal with, and certainly never on a project of this magnitude.
Is it truly possible to “take back” source code submitted to a project that’s released under a free and open source license such as the GPL? If so, what are the ramifications? What happens if it’s determined that the literally billions of devices running the Linux kernel are doing so in violation of a single developer’s copyright? These questions are of grave importance to the Internet and arguably our way of life. But the answers aren’t as easy to come by as you might think.
One of the core tenets of free and open source software licenses is that you’re being provided source code for a project with the hope that you’ll “pay it forward” if and when you utilize that code. In fact some licenses, such as the GNU Public License (GPL), require that you keep the source code for subsequent spin-offs or forks open. These are known as viral licenses, and the hope is that they will help spread the use of open source as derivative works can’t turn around and refuse to release their source code.
Unfortunately, not everyone plays by the rules. In a recent post on their blog, Printed Solid has announced they are ending their relationship with Chinese manufacturer Creality, best known for their popular CR-10 printer. Creality produces a number of printers which make use of Marlin, a GPLv3 licensed firmware that runs (in some form or another) a large majority of desktop 3D printers. But as explained in the blog post, Printed Solid has grown tired with the manufacturer’s back and forth promises to comply with the viral aspects of the GPL license.
Rather than helping to support a company they believe is violating the trust of the open source community, they have decided to mark down their existing stock of Creality printers to the point they will be selling them at a loss until they run out. In addition, for each Creality printer that is sold Printed Solid has promised to make a $50 USD donation to the development of Marlin saying: “if Creality won’t support Marlin development then we will.”
As is often the case when tempers are high and agreements break down, Printed Solid has also pulled back the curtain a bit as to the relationship they have had thus far with the manufacturer. According to the blog post, Printed Solid claims that some models of Creality printers have had a 100% fault rate, and that the company needed to repair and tweak the machines before sending them out to customers. The not so subtle implication being that Creality printers have been benefiting from the work Printed Solid has been doing on their hardware, and that purchasing a unit direct from the manufacturer could be a dicey proposition.
At this point, you’ve almost certainly heard the tale of Eric Lundgren, the electronics recycler who is now looking at spending 15 months in prison because he was duplicating freely available Windows restore discs. Of no use to anyone who doesn’t already have a licensed copy of Windows, these restore discs have little to no monetary value. In fact, as an individual, you couldn’t buy one at retail if you wanted to. The duplication of these discs would therefore seem to be a victimless crime.
Especially when you hear what Eric wanted to do with these discs. To help extend the functional lifespan of older computers, he intended on providing these discs at low cost to those looking to refurbish Windows computers. After each machine had its operating system reinstalled, the disc would go along with the computer in hopes the new owner would be able to utilize it themselves down the road.
It all sounds innocent enough, even honorable. But a quick glance at Microsoft’s licensing arrangement is all you need to know the whole scheme runs afoul of how the Redmond giant wants their operating system installed and maintained. It may be a hard pill to swallow, but when Eric Lundgren decided to use Microsoft’s product he agreed to play by their rules. Unfortunately for him, he lost.
Unless you’ve completely unplugged from the news, you probably are aware that the long-running feud between Oracle and Google had a new court decision this week. An appeal court found that Google’s excuse of fair use wasn’t acceptable and that they did infringe on Oracle’s copyrights to Java. Oracle has asked for about $9 billion in damages, although the actual amount is yet to be decided. In addition, it is pretty likely Google will take it up to the Supreme Court before any actual judgment is levied.
The news is aimed at normal people, so it is pretty glossy about what exactly happened. We set out to try to make sense of it all. We found a pretty good article from [Michaela Barry] about what the courts previously found. There were three main parts:
There were 37 API (Application Programming Interface) declarations taken verbatim from Java. This would be like a C header file if you aren’t familiar with Java.
Google decompiled 8 security files and used them.
The rangeCheck function — 9 lines of Java code — were exactly the same in Oracle’s Java and Android.
Years ago, while the GPLv3 was still being drafted, I got a chance to attend a presentation by Richard Stallman. He did his whole routine as St IGNUcius, and then at the end said he would be answering questions in a separate room off to the side. While the more causal nerds shuffled out of the presentation room, I went along with a small group of free software aficionados that followed our patron saint into the inner sanctum.
When my turn came to address the free software maestro, I asked what advantages the GPLv3 would have to a lowly hacker like myself? I was familiar with the clause about “Tivoization“, the idea that any device running GPLv3 code from the manufacturer should allow the user to be able to install their own software on it, but this didn’t seem like the kind of thing most individuals would ever need to worry about. Was there something in the new version of the GPL that would make it worth adopting in personal or hobby projects?
Interestingly, a few years after this a GPLv2 program of mine was picked up by a manufacturer and included in one of their products (never underestimate yourself, folks). So the Tivoization clause was actually something that did apply to me in the end, but that’s not the point of this story.
Mr. Stallman responded that he believed the biggest improvement GPLv3 made over v2 for the hobbyist programmer was the idea of “forgiveness” in terms of licensing compliance. Rather than take a hard line approach like the existing version of the GPL, the new version would have grace periods for license compliance. In this way, legitimate mistakes or misunderstandings of the requirements of the GPL could be resolved more easily.
We all owe [Richard Stallman] a large debt for his contributions to computing. With a career that began in MIT’s AI lab, [Stallman] was there for the creation of some of the most cutting edge technology of the time. He was there for some of the earliest Lisp machines, the birth of the Internet, and was a necessary contributor for Emacs, GCC, and was foundational in the creation of GPL, the license that made a toy OS from a Finnish CS student the most popular operating system on the planet. It’s not an exaggeration to say that without [Stallman], open source software wouldn’t exist.
Linux, Apache, PHP, Blender, Wikipedia and MySQL simply wouldn’t exist without open and permissive licenses, and we are all richer for [Stallman]’s insight that software should be free. Hardware, on the other hand, isn’t. Perhaps it was just a function of the time [Stallman] fomented his views, but until very recently open hardware has been a kludge of different licenses for different aspects of the design. Even in the most open devices, firmware uses GPLv3, hardware documentation uses the CERN license, and Creative Commons is sprinkled about various assets.
If [Stallman] made one mistake, it was his inability to anticipate everything would happen in hardware eventually. The first battle on this front was the Tivoization of hardware a decade ago, leading to the creation of GPLv3. Still, this license does not cover hardware, leading to an interesting thought experiment: what would it take to build a completely open source computer? Is it even possible?
We haven’t really dabbled in this type of equipment, though we did cover an STM earlier in the year. Take a look at the video after the break and then help jump-start are imagination by sharing your plans for this equipment in the comments.