This is not unusual, there are many cases of GPL violations out there and if someone puts energy into them they are solved. Harald Welte and gpl-violations.org [1] have been doing good work for many, many years in this regard.
From their about page:
"By June 2006, the project has hit the magic "100 cases finished" mark, at an exciting equal "100% legal success" mark. Every GPL infringement that we started to enforce was resolved in a legal success, either in-court or out of court."
gpl-violations.org is in an extraordinary good position to help when it comes to GPL violations in the Linux kernel, because they work closely with some kernel developers that
"[..] have transferred their rights in a fiduciary license agreement to enable the successful gpl-violations.org project [..]"
Their website looks a little bit outdated but from what I understood from a talk that Harald Welte gave last year[2], they are still active. If someone wants to report the Onyx case you can do it at [email protected] but be prepared to provide solid information[2].
This was a problem with Creality in the 3d printing world two years back. They used Marlin - a program for the embedded micros used in them - which is licensed under the GNU GPLv3+. Creality refused to release their contributions until they were convinced by Naomi Wu (Sexy Cyborg) that the community would actually refuse to purchase from them unless they did, which they probably would’ve.
Monoprice was guilty of this for a number of years... as I suspect Lerdge is as well, they encrypt their firmware and bootloader, and there's just no reaosn for it.
This kind of behavior is one of the things that kills me about grsecurity. They're completely abusing the spirit of the GPLv2 license but are probably following the letter of it.
If you choose to exercise your GPLv2 rights, your contract with them is terminated and you will receive no further security updates (considering this is a security product, it makes it pretty useless to you). You are then blacklisted from doing business with them ever again.
Bruce Perens argues[1] that this is a penalty for exercising your rights under the GPL and therefore violates section 6[2]: "You may not impose any further restrictions on the recipients' exercise of the rights granted herein"
Brad goes into this here. Grsecurity has written extensively about this.
Read the links to their site where they go even further into detail.
Grsecurity is not violating any license. There are multiple quotes from authorities on the matter in that link. If they were, so would Redhat, Canonical, etc.
After you are blacklisted, can't you still get security updates from other grsecurity subscribers? I suppose grsecurity could also blacklist any subscribers sharing to blacklisted people, but how could they possibly enforce this, if your friendly subscriber doesn't tell?
I've said this elsewhere. But I genuinely don't think that they know what the gpl means. Maybe someone could approach them in Chinese preferably directly to the company instead of the forum minion. The forum minion always responds with the same answer to any question that is asked. That person gives the same answer to a quick switch option between the notes and library app.
Usually what happens in the onyx customer forum is that a person asks for something. The forum minion says it's been forwarded and being worked on and then the cycle repeats until one of the customers gets pissed and starts threats.
I tend to license my stuff MIT. That’s mostly because I don’t want to deal with legal agita. It helps to avoid people suing me because the hammer they stole from me bends their screws.
We basically live in a digital kleptocracy. Everyone steals from everyone. I tend not to, but that’s because I’m a complete control freak, and have a hard time letting go.
I think that decompilers are so good, these days, and the use of intermediate steps like LLVM, mean that people won’t have much difficulty figuring out what’s going on, under the hood. With the financial incentives, it is quite possible to hire top-notch folks to implement, and even improve the work.
Also, I don’t think anything I do is so great that I want to hide how I do it. In fact, I see people do stuff in more clever fashion all the time. My own advantage is in how I do stuff, and it would be great if folks copied it. I don’t think many would. It’s a pain, and is only efficient once it becomes habit.
Go ahead and steal my stuff. Get rich. I doubt my stuff will be the “secret” to your success. My only hope is that, if you do use it, there might be a tiny piece of high-quality software in there. I do feel as if we should all strive to do the best quality work possible, and take some personal pride in our craft.
I don’t mind that going viral, and I don’t think a license will affect that.
As the link warns, this is a secondhand translation, and my summary is thirdhand. Do your own reading, especially in the original language, if able.
The general point here is that the Chinese legal system declared that the GPL legalese is OK, but that judges have the power to evaluate it in context of the case and retain the authority to override the legalese when it results in inappropriate outcomes.
In this specific ruling, the judges ruled that bundling ('aggregation') of GPLv3 and unlicensed code did not infect the unlicensed code with the GPLv3, resulting in a loss for the defendant.
If Onyx is bundling GPLv3 code with non-GPLv3 code, based on this single case, they are not required to disclose the source of the non-GPLv3 code that is aggregated with the GPLv3 code. If they have also/instead modified GPLv3 code, then they would probably be required to publish the source for the works derived from GPLv3 code.
The usual arguments here are that modifying a bundle of GPLv3 code to include non-GPLv3 code is itself a 'derivative work' of GPLv3 code, or that the GPLv3 specifies that such bundling shall result in the bundled code being forcibly licensed under GPLv3. The Chinese court apparently did not accept this line of reasoning.
Import halt via complaint in appropriate US Customs regulatory regime and / or court, about infringement of intellectual property. This can embargo a company's product nationally in the US, and gets the attention of the producer.
That is where MIT license is largely superior to GPL, you know what you are buying for... ;)
GPL put enforcement without the cops to maintain it ;)
With MIT, everyone is free to do whatever they want.
In a way GPL recreate (unnecessary) bureaucraty, where MIT generate pure liberty.
[+] [-] weinzierl|5 years ago|reply
From their about page:
"By June 2006, the project has hit the magic "100 cases finished" mark, at an exciting equal "100% legal success" mark. Every GPL infringement that we started to enforce was resolved in a legal success, either in-court or out of court."
gpl-violations.org is in an extraordinary good position to help when it comes to GPL violations in the Linux kernel, because they work closely with some kernel developers that "[..] have transferred their rights in a fiduciary license agreement to enable the successful gpl-violations.org project [..]"
Their website looks a little bit outdated but from what I understood from a talk that Harald Welte gave last year[2], they are still active. If someone wants to report the Onyx case you can do it at [email protected] but be prepared to provide solid information[2].
[1] https://gpl-violations.org
[2] https://www.luga.de/static/LIT-2019/events/84.html
[3] https://gpl-violations.org/helping/.
[+] [-] colejohnson66|5 years ago|reply
https://hackaday.com/2018/08/27/gpl-violations-cost-creality...
[+] [-] artsyca|5 years ago|reply
I worked at a big bank too, you'd think they would understand about investment? No. They simply leeched off open source in the same way.
[+] [-] oceanghost|5 years ago|reply
[+] [-] Teknoman117|5 years ago|reply
If you choose to exercise your GPLv2 rights, your contract with them is terminated and you will receive no further security updates (considering this is a security product, it makes it pretty useless to you). You are then blacklisted from doing business with them ever again.
[+] [-] andreareina|5 years ago|reply
[1] https://perens.com/2017/06/28/warning-grsecurity-potential-c...
[2] https://www.gnu.org/licenses/old-licenses/gpl-2.0.html
[+] [-] staticassertion|5 years ago|reply
Brad goes into this here. Grsecurity has written extensively about this.
Read the links to their site where they go even further into detail.
Grsecurity is not violating any license. There are multiple quotes from authorities on the matter in that link. If they were, so would Redhat, Canonical, etc.
[+] [-] sanxiyn|5 years ago|reply
[+] [-] crazypython|5 years ago|reply
[+] [-] elliekelly|5 years ago|reply
[+] [-] mindB|5 years ago|reply
[+] [-] rjzzleep|5 years ago|reply
Usually what happens in the onyx customer forum is that a person asks for something. The forum minion says it's been forwarded and being worked on and then the cycle repeats until one of the customers gets pissed and starts threats.
[+] [-] ralph84|5 years ago|reply
[+] [-] numpad0|5 years ago|reply
That’s what’s in violators’ minds. NDA and multi million lawsuits like they are doing anything.
[+] [-] coldtea|5 years ago|reply
Unless it can be enforced, it means absolutely nothing more than a wish...
[+] [-] ChrisMarshallNY|5 years ago|reply
We basically live in a digital kleptocracy. Everyone steals from everyone. I tend not to, but that’s because I’m a complete control freak, and have a hard time letting go.
I think that decompilers are so good, these days, and the use of intermediate steps like LLVM, mean that people won’t have much difficulty figuring out what’s going on, under the hood. With the financial incentives, it is quite possible to hire top-notch folks to implement, and even improve the work.
Also, I don’t think anything I do is so great that I want to hide how I do it. In fact, I see people do stuff in more clever fashion all the time. My own advantage is in how I do stuff, and it would be great if folks copied it. I don’t think many would. It’s a pain, and is only efficient once it becomes habit.
Go ahead and steal my stuff. Get rich. I doubt my stuff will be the “secret” to your success. My only hope is that, if you do use it, there might be a tiny piece of high-quality software in there. I do feel as if we should all strive to do the best quality work possible, and take some personal pride in our craft.
I don’t mind that going viral, and I don’t think a license will affect that.
[+] [-] stefan_|5 years ago|reply
[+] [-] applecrazy|5 years ago|reply
[+] [-] floatingatoll|5 years ago|reply
As the link warns, this is a secondhand translation, and my summary is thirdhand. Do your own reading, especially in the original language, if able.
The general point here is that the Chinese legal system declared that the GPL legalese is OK, but that judges have the power to evaluate it in context of the case and retain the authority to override the legalese when it results in inappropriate outcomes.
In this specific ruling, the judges ruled that bundling ('aggregation') of GPLv3 and unlicensed code did not infect the unlicensed code with the GPLv3, resulting in a loss for the defendant.
If Onyx is bundling GPLv3 code with non-GPLv3 code, based on this single case, they are not required to disclose the source of the non-GPLv3 code that is aggregated with the GPLv3 code. If they have also/instead modified GPLv3 code, then they would probably be required to publish the source for the works derived from GPLv3 code.
The usual arguments here are that modifying a bundle of GPLv3 code to include non-GPLv3 code is itself a 'derivative work' of GPLv3 code, or that the GPLv3 specifies that such bundling shall result in the bundled code being forcibly licensed under GPLv3. The Chinese court apparently did not accept this line of reasoning.
YMMV, IANYL
[+] [-] redtexture|5 years ago|reply
Import halt via complaint in appropriate US Customs regulatory regime and / or court, about infringement of intellectual property. This can embargo a company's product nationally in the US, and gets the attention of the producer.
Not quite on topic:
Stopping Infringing Products From China: Section 337 Cases. By Bill Perry - China Law Blog -- August 22, 2016 https://www.chinalawblog.com/2016/08/stopping-infringing-pro...
[+] [-] yjftsjthsd-h|5 years ago|reply
[+] [-] rimutaka|5 years ago|reply
[+] [-] djeiasbsbo|5 years ago|reply
[+] [-] leijurv|5 years ago|reply
[+] [-] c-c-c-c-c|5 years ago|reply
[+] [-] adielsa|5 years ago|reply
[+] [-] unknown|5 years ago|reply
[deleted]
[+] [-] _sbrk|5 years ago|reply
[deleted]
[+] [-] LifeLiverTransp|5 years ago|reply
[deleted]
[+] [-] fierarul|5 years ago|reply
Turns out that one is called Oryx
[+] [-] nikita2206|5 years ago|reply
[+] [-] maitredusoi|5 years ago|reply
[+] [-] toyg|5 years ago|reply
[+] [-] zelphirkalt|5 years ago|reply