Sunday, June 20, 2010

Survey Update

So far, I've gotten responses from 35 GNOME members, out of 192 respondents, total.

Of those GNOME members
  • 6 (17.6%) are members of the FSF
  • 21 (60%) of these respondents say that they routinely use the term "Linux" when referring to "an operating system based on a Linux kernel, etc."; 8 (22.9%) use "GNU/Linux", and 6 (17.1%) use some other term (including the interesting alternative of "Leftux"in one instance—I guess this respondent will be easy to spot should he-or-she be attending GUADEC)
  • When limited to the two alternatives, 25 (71.4%) chose "Linux" and 10 (28.6%) chose "GNU/Linux".
When given four potential focuses to prioritize for the Board, GNOME members ranked the alternatives as follows:

Focus
Most Important
More Important
Less Important
Least Important
Average Score
Overseeing the GNOME 3 road map
10
(30.3%)
13
(39.4%)
8
(24.2%)
2
(8.1%)
2.94
Building better bridges to corporate users of GNOME technologies
8
(25.8%)
12
(38.7%)
7
(22.6%)
4
(12.9%)
2.77
Providing technical oversight and direction
7
(24.1%)
7
(24.1%)
10
(34.5%)
5
(17.2%)
2.55
Educating users about the FSF's views on software freedom
6
(17.6%)
3
(8.8%)
7
(20.6%)
18
(52.9%)
1.91

Obviously, the more Foundation members who participate, the more authoritative the survey will be: the current number of respondents represents perhaps 1 in 10 Foundation members. If you haven't participated yet, please take a moment to do so.

Since I'm mainly interested in this issue as it affects the foundation-list and Board activities, I'm not reporting the overall totals at this point, but will do so once I've gotten what seem to be a large enough number of responses to be indicative of something.

Let's please remember that this was raised as an specific issue to prospective Board candidates by Mr. Stallman, a Foundation member, prior to the election. Head-shaking and moans of "Not again!" seem entirely inappropriate, unless our method of dealing with divisive issues is pretending that they simply don't exist....

Friday, June 18, 2010

The "Issue" That Would Not Die: Flog a Dead Horse for Richard

Yes, it's back. On the foundation-list, in spite of a direct request from the moderator that it be dropped. You know it! You love it! It's "GNU"/Linux! (And no, I didn't start it.)

However, this seems like an excellent opportunity to gauge the feelings of the GNOME community around this, and I've accordingly constructed a (in my belief) quite non-leading survey in order to see what people thought.

If anyone feels I'm engaging in "push-polling" here, please let me know, and I'll be happy to make any reasonable changes. I'd like to see this so-called "issue" settled once and for all, if only so that it doesn't get made into a hobbyhorse in future Board elections.

Sunday, June 6, 2010

ALERT: "Like-jacking" Exploits on Facebook

I wanted to alert folks that, if you are on Facebook, there's currently a potential issue where "like" can be "clickjacked". It's a browser-based exploit using an "invisible iFrame", I've posted a couple of things about it on my other blog if you want more details.

Long story short: be very careful what you "like" on Facebook right now.

Thursday, June 3, 2010

Some Odd Ideas About How GPL Licensing Works

There's been a lot of discussion of the FSF enforcement action here, on Twitter and identi.ca and elsewhere. It's been suggested to me that, since the "GPL is a 'distribution license'" and since Apple "distributed" copies of GNUgo, Apple must therefore "comply" with the GPL. I'm afraid this is sheer fantasy. Here's my reasoning:

1. Yes, the GPL is, indeed, a "distribution" license, i.e. certain obligations in the license are "triggered" by the act of "distributing" a "binary".

2. Distributing a binary and failing to meet those obligations, indeed, constitutes an infringement of the author's copyright on the code: the copyright grant in the GPL is contingent on meeting the GPL's obligations.

3. A "distributor" of a GPL-licensed binary thus has two options: meet the obligations, or be in infringement. "Meeting the obligations" and "complying with the GPL" are non-contractual choices that this "distributor" gets to make, of his own free will. He can, alternatively, choose to infringe, again of his own free will.

4. Apple cannot be held to be in infringement, thanks to the "safe harbor" provided by the DMCA, so long as they meet the obligations of that act, as indeed they have done in the past, and presumably continue to do.

5. Ergo, whether the FSF imagines that Apple is a "distributor" of GPL-licensed "binaries" means nothing whatsoever: the DMCA says they can't be held liable for infringement as long as they observe the requirements of the Act. The most that the FSF can legitimately say is that Robota Softwarehouse evidently placed what seems to be an infringing copy of the GNUgo program in Apple's store.

6. The remedy for such an infringement would have been for the FSF to provide Apple with a DMCA infringement notification, to which Applewould have responded by removing the application, presuming that Robota Softwarehouse didn't provide a DMCA counter-notification stating that they believe the FSF is mistaken and that they're willing to settle the matter in court.

7. If Robota did file a counter-notification, the FSF would have no recourse but to sue Robota Softwarehouse if they wished to get the situation redressed. They couldn't sue Apple, even though the program was still up on the App Store, still getting "distributed", still merrily infringing the GPL: the DMCA says they couldn't. And they couldn 't even force Apple to take it down, not without a court order coming out of their winning their case against Robota.

At no point in any of this does the GPL license on the code actually matter in the slightest to Apple.

That's my understanding of things. Does that gibe with other people's?

Wednesday, June 2, 2010

Further Issues With the GPL and "App Stores": An In-the-Wild Example

Even though the issue of the provision of source code isn't (apparently) an actual issue in the specifics of the FSF's enforcement action against Apple, there are some interesting points which it does raise, and I've been able to find a concrete example of what I'm talking about here.

The "FileHippo" site hosts a variety of "freeware" for download. (I haven't used this site, and can't speak to the safety of their downloads, but it gives a useful example.) I can, for example, download the (GPL-licensed) Handbrake program for Windows from here.

Now, while it includes a copy of the GPL in the COPYING file, etc., the installer does not contain sources for Handbrake. I can get those sources from the developer at handbrake.fr, but that's irrelevant: the FSF's interpretation of "distribution", as we've seen, includes anyone through whose hands a binary passes.

Now, if I go to FileHippo, who "distributed" the copy of Handbrake to me and demand the sources, as is my right, they can't help me: they don't have them, and they don't especially want to have them, I'd think. From their point of view, it's the developer's responsibility to make them available, if that's what the developer chooses, or is obligated, to do.

By simply having had a copy of Handbrake uploaded, and making it available to the general public, it would seem that the site is in (completely inadvertent, and probably unbeknownst-to-them) technical violation of the GPL. In fact, one could put such a site (or someone's web site, if they had an ftp client which allowed uploading) in technical violation, it seems, by placing a GPL-licensed binary there but not the corresponding sources and waiting for someone to download it.

Sites like download.cnet.com circumvent this issue by not hosting the downloads themselves, but by directing the user to the developer's site.

Here's an interesting question to ask: the Apple iTunes App Store and the Android Market don't really require or support the uploading of source code as part of placing a program for sale in their respective stores. They don't support the downloading of source associated with an application which someone purchases.

So, if someone demands sources from them for a GPL-licensed program, having received a binary through the store, what are they to do? They can't provide what they don't have, and I'm sure they're not looking to become a repository for GNU code on the FSF's behalf because some third-party decided to use the GNU code in their own app.

Again, whether the source code is or isn't available from the developer makes no difference. In the FSF's view, since the store is where you got the binary from, the store is where you must be able to get the corresponding sources from.

It seems the app stores are left with two choices: change their procedures entirely around to support a very small number of (probably unprofitable) applications in the way the FSF insists, or simply disallow GPL-licensed applications from the stores entirely.

I predict they'll do the latter.

Tuesday, June 1, 2010

An Open Letter to Brett Smith

I've sent the following email to Brett Smith, the FSF's Licensing Compliance Engineer, with some questions I have about the recent FSF enforcement action against the Apple iTunes App Store


Dear Brett:

I've been analyzing the recent enforcement action by the FSF against the Apple iTunes Store, and wondering about the implications for other "app stores" which I seem to be finding in the reasoning you describe in your blog postings.

1) You specifically call out point (i) of Apple's App Store Usage Rules, which specify that you must accept the prevailing third-party license (in the case of GNUgo, the GPL) as well as the App Store's own Terms of Use.

Is it simply the requirement to accept terms above and beyond those in the GPL which, in and of itself, constitutes a violation? Would the required pre-acceptance of _any_ terms or conditions constitute a violation?

2) In examining the Terms of Service for Google's Android Market, I find some interesting issues in there. §2.4 specifies that

"From time to time, Google may discover a Product on the Market that violates the Android Market Developer Distribution Agreement or other legal agreements, laws, regulations or policies. You agree that in such an instance Google retains the right to remotely remove those applications from your Device at its sole discretion."

As we have seen today, Google removed some dozen or more trademark-infringing "Tetris" applications from their Android Market, and also from the phones of the users who purchased such applications. This is completely in accordance with the terms of service one is obligated to accept as a pre-condition of obtaining application from the Android Market.

I believe that—in spite of the language in §4.2, which specifies that, in the case of a "conflict" with a third-party license, the third-party license terms would take precedence—Google would be obliged to forcibly and unilaterally remove even GPL-licensed applications under a variety of circumstances.

A hypothetical example:

I write an Android application which is an MP3 and MP4 player. For whatever reason, rather than using the codecs built into Android, I use "free" (unlicensed) MP3 and MP4 codecs, which happen to be GPL-licensed. I place the app in the Android store, under a GPL license.

You are a US citizen, and get a copy from the Android store. The legitimate holders of the MP3 and MP4 patents sue me, and advise Google that they're doing so, as the app clearly infringes their patents.

I do not believe that §4.2 of the Google Android Market agreement is possibly going to trump §2.4, in a case like this.

In other words, the fact that the program is licensed under the GPL would not, I believe, keep Google from yanking it off your Android phone, and the phone of anyone else who had obtained a copy. I doubt Google is going to be willing to foot the damages associated with being a party to a clear case of willful patent infringement to maintain the freedom of the General Public License. This would constitute a pretty clear insistence that users abrogate their right to "Freedom Zero", and it's difficult for me to understand how such a situation would not constitute a violation of the GPL.

Do you agree with this analysis, and with the conclusion that the Android Market is equally in violation to the extent that it hosts GPL-licensed applications?

3) Very similar problematical language to that found in Apple's and Google's various Terms of Service can also be found in the terms and conditions associated with the Microsoft "Windows Marketplace for Mobile". On the assumption that my general reasoning here is correct, is it reasonable to expect that the FSF will next be conducting enforcement actions against Google and Microsoft?

4) Why did the FSF not apparently undertake a similar enforcement action against the developer of GNUgo, Robota Softwarehouse, who marketed the program for some time, evidently, while having only a comment on their site claiming that source would be available "next week"?

Thanks very much for any help you can provide in answering these questions.

Sincerely,

David "Lefty"Schlesinger



UPDATE: I had gotten a report that Tetris apps were removed from Android phones as well as from the market before I wrote this, and have since received a conflicting report in the comments. In any case, I stand by my reasoning around the hypothetical example: that case would certainly be one in which Google would find itself obliged to unilaterally remove a GPL-licensed app from a third-party user's phone.