https://www.theregister.co.uk/2017/08/03/linux_kernel_grsecurity_sues_bruce_perens_for_defamation/
In late June, noted open-source programmer Bruce Perens warned that using Grsecurity's Linux kernel security could invite legal trouble.
"As a customer, it's my opinion that you would be subject to both contributory infringement and breach of contract by employing this product in conjunction with the Linux kernel under the no-redistribution policy currently employed by Grsecurity," Perens wrote on his blog.
The following month, Perens was invited to court. Grsecurity sued the open-source doyen, his web host, and as-yet-unidentified defendants who may have helped him draft that post, for defamation and business interference.
Grsecurity offers Linux kernel security patches on a paid-for subscription basis. The software hardens kernel defenses through checks for common errors like memory overflows. Perens, meanwhile, is known for using the Debian Free Software Guidelines to draft the Open Source Definition, with the help of others.
Linus Torvalds, who oversees the Linux kernel, has called Grsecurity's patches "garbage".
... (read the rest at the register)
Related Stories
Big Telecom Convinces Missouri Lawmakers To Block Funding For Broadband Competition:
The Infrastructure Investment and Jobs Act (IIJA) set aside $42.5 billion to be spent by the states on expanding access to affordable broadband. But state by state, telecom lobbyists are working hard to ensure that this money only goes toward "unserved" locations, and can't be used to potentially create competition in markets they already serve.
Last month we noted how states like Illinois, at the direct demand of companies like AT&T, have been passing restrictions on who can or can't access these funds. That includes blocking some cooperatives or local governments from building broadband networks. Since that's expressly forbidden by the IIJA, these states are risking all broadband funding
In other instances it's a bit more subtle than that. Missouri, for example, just passed a bill (once again directly demanded by AT&T) stating that "no federal funds received by the state, political subdivision, city, town, or village shall be expended for the construction of retail broadband internet infrastructure unless the project to be constructed is located in an unserved area or underserved area."
On its face it doesn't seem controversial. But if you know how the U.S. telecom sector and policy actually works, its intention becomes more clear. The bill doesn't just block funding for areas that are already served, it blocks access to projects in areas incumbent ISPs claim they might serve someday:
the current version of the bill would allow incumbent ISPs to block federal funding to competitors if they vaguely indicate they have eventual interest in upgrading an area. Historically, state and federal regulators in fealty to regional monopolies aren't consistent about following up on fiber deployment promises, potentially perpetuating longstanding Internet access coverage gaps.
El Reg reports
Linux kernel security biz Grsecurity's defamation lawsuit against open-source stalwart Bruce Perens has been dismissed, although the door remains open for a revised claim.
In June, Perens opined in a blog post that advised companies to avoid Grsecurity's Linux kernel security patches because it might expose them to claims of contributory infringement under the Linux kernel license, GPLv2.
Grsecurity then accused Perens of fearmongering to harm the firm's business, and sued him in July.
On [December 21], the judge hearing the case, San Francisco magistrate judge Laurel Beeler, granted [Perens'] motion to dismiss the complaint while also denying--for now--his effort to invoke California's anti-SLAPP law.
SLAPP stands for Strategic Lawsuit Against Public Participation, and describes legal complaints aimed at silencing public discourse and free speech. In 1992, California passed its anti-SLAPP statute to provide a defense against such legal bullying. Many other states and countries have similar laws.
In addition, Beeler denied Grsecurity's motion for summary judgment, which amounts to asking the judge to agree that the facts are so clear a ruling can be rendered without a trial.
"The court holds that Mr Perens's [sic] statements are opinions that are not actionable libel, dismisses the complaint with leave to amend, denies the anti-SLAPP motion without prejudice, and denies the motion for summary judgment", Judge Beeler ruled.
The page links to another article where Torvalds' opinion (similar in nature to Perens', but more colorful, as usual) was discussed in June.
Previous: Linux Kernel Hardeners Grsecurity Sue Open Source's Bruce Perens
Bruce Perens Warns of Potential Contributory Infringement Risk for Grsecurity Customers
From The Register:
After three years of legal wrangling, the defamation lawsuit brought by Brad Spengler and his company Open Source Security (OSS) against open-source pioneer Bruce Perens has finally concluded.... Spengler and OSS sued Perens for a June 2017 blog post in which Perens ventured the opinion that grsecurity, Open Source Security's Linux kernel security enhancements, could expose customers to potential liability under the terms of the General Public License (GPL).
OSS says that customers who exercise their rights to redistribute its software under the GPL will no longer receive software updates – the biz wants to be paid for its work, a problem not really addressed by the GPL. Perens, the creator of the open-source definition, pointed out that section six of the GPLv2 prohibits modifications of the license terms.
In December 2017, San Francisco magistrate judge Laurel Beeler determined that Perens had expressed an opinion as allowed under American law and dismissed the defamation claim. Perens then sought to recoup legal expenses under California's Anti-Strategic Lawsuits Against Public Participation (SLAPP) statute, [and] a month later he was awarded more than $526,000 in damages.
Spengler and OSS then appealed, and managed to get the award reduced to about $260,000, but not overturned.... Perens gets nothing personally for his trouble, but his legal team will be paid. O'Melveny & Myers LLP will receive $262,303.62 for the district court litigation (fees and costs) and $2,210.36 for the appeal (costs) while the Electronic Frontier Foundation will be paid $34,474.35 (fees) and $1,011.67 (costs) for its role in the appeal.
Previously:
- Linux Kernel Patch Maker Says Court Case Was Only Way Out
- Court Orders Payment of $259,900.50 to Bruce Perens' Attorneys
- Bruce Perens Wants to Anti-SLAPP GRSecurity's Brad Spengler With $670,000 in Legal Bills
- Grsecurity's Defamation Suit Against Bruce Perens Dismissed
- Linux Kernel Hardeners Grsecurity Sue Open Source's Bruce Perens
- Bruce Perens Warns of Potential Contributory Infringement Risk for Grsecurity Customers
(Score: 5, Informative) by requerdanos on Sunday August 06 2017, @12:16AM (2 children)
As a FSF associate member and longtime Linux kernel user, it's my opinion that you could be subject to contributory infringement and breach of contract by using GRSecurity together with the Linux kernel under the extra no-redistribution restriction added by GRSecurity, requerdanos wrote on Soylent News, an important Tech news site.
Although they try to skirt requirements by claiming that their penalties apply only to future hypothetical versions, the fact rather is that their additional (forbidden) no-redistribution terms are very much present tense in the sense that you would be immediately materially (not future hypothetically) punished to the extent possible by GRSec, by their terminating immediately and materially (not hypothetically in the future) any and all rights you have under any agreement with them as a customer, to include their denying you even so much as download access to the source code of their current, tangible (not future, hypothetical) GPL'd product (also a no-no).
(Score: 0) by Anonymous Coward on Sunday August 06 2017, @12:18AM (1 child)
It is not a FSF associate member and longtime Linux kernel use.
(Score: 2) by requerdanos on Sunday August 06 2017, @12:22AM
but it is a customer?
(Score: 1, Interesting) by Anonymous Coward on Sunday August 06 2017, @12:41AM (7 children)
GRSecurity is pulling a trump move here (relax, despite the whack circus, I am somewhat neutral on Trump administration on the whole), but what are some viable models for people to make a living/run a business contributing to GPL software? Charging for support is the only model?
I mean, Red Hat, the biggest player in the sector, with the business model of charging for support, is doing its best to destroy Linux OS.
(Score: 5, Insightful) by jmorris on Sunday August 06 2017, @05:10AM (2 children)
There are many ways to make a living around the Free / Open Software ecosystem. Selling software ain't one of them. Packaged software is a small part of the software universe. Most people who depend on software are the only one who will use it. Selling them the service of taking a bunch of free bits and adding a few percent (by line count) of original code can pay well. Even if you modified GPL code, the one entity who you gave a copy to has no reason to redistribute it so it probably won't flow back into the repos but since it was specific to their needs that probably isn't a big loss. If some of the changes are generally useful you could upstream them to benefit from the bug fixing and such from the rest of the world and still not be giving away business logic that would harm your customer. Other money is available to FLOSS devels writing device drivers for the hardware makers who simply want to sell stuff.
But the big change in Free Software is we don't have to keep rewriting the same damned 90% of a software product over and over again, watch the company go bankrupt and somebody else have to assemble a team and start from zero yet again. Nobody is going to be writing another closed source web server. If that was your dream, sorry it has been smashed to bits. And from all appearances Windows and OS X are probably the last closed operating systems. Done with that. Eventually we will have a Free Software speech recognition engine cross the "good enough" line and all future development will happen there because writing a new one from scratch by any single entity is already at the edge of plausible but will be "no fricking way" by then. And so on. The Free Software phase is basically the "enough rewriting this damned class of software" phase.
(Score: 2) by JoeMerchant on Sunday August 06 2017, @12:50PM
Qt post-Nokia is back in the selling upgrades model - not sure who they get with that pitch but it must be working for them or they wouldn't put so much effort into it.
🌻🌻 [google.com]
(Score: 2) by cafebabe on Tuesday August 08 2017, @07:53AM
I considered this case a few days ago and I concur. Open source text to speech lagged proprietary implementations by almost 10 years. But where are we now? Open source software, such as Festival, is the most popular choice. Going the other way, closed source implementations of speech to text are sufficient for some applications and laughably inadequate for others. Closed sources implementations are likely to stradle this divide for prolonged period. Open source implementations may lag significantly during this period and encounter the similar dificiencies but then we'll have it forever.
One difficulty will be maintaining an open and current corpus of words. This is particularly problematic for real-time speech translation. If your corpus spans a decade or five then specific phrasing (or even specific intonation) may lead to a choice of phrase which is outmode or offensive. However, if the corpus is extremely current, it may be desirable to weight elements by demographic. Otherwise an elderly businessman may sound like an edgy youngster. This is not likely to have the desired gravitas and I doubt that the reverse situation is desirable either.
1702845791×2
(Score: 4, Insightful) by fido_dogstoyevsky on Sunday August 06 2017, @06:31AM (1 child)
A goal which they can only achieve if we actively assist them.
It's NOT a conspiracy... it's a plot.
(Score: 2) by kaszz on Tuesday August 08 2017, @07:21PM
I think they have effectively been doxxed on this behavior so they might be headed to some dark spot.
(Score: 3, Informative) by ledow on Sunday August 06 2017, @01:41PM (1 child)
It's like asking "What's the business model around a free hospital?" How do you monetise people choosing to give away their time, effort and skill?
Basic answer: You can't. You can ask for donations. You can setup a cafe nearby that costs money. You can ask the doctors to give a flyer to every patient (they are under no obligation to distribute it, though). Hell, you could go and paint the fences of the hospital for free and hope people see your work and choose to get you to come do their fence.
But, in the grand scheme of things, you can't really monetise the core product. The reason for that this that, basically, that's what the people MAKING that product don't want you to do.
If you can sell it, so can anyone else. But they can keep giving it away for free too. They don't care that you can't make a living selling it.
If you want to make a business SOLELY on GPL software, you're basically dead in the water. Like all businesses, you have to add value somewhere before anyone will touch it, but all the value you can possibly add to the software itself, under the GPL, must be given away on the same terms.
Hence you can't make money from contributing to GPL software. But you can - in theory - by providing side-services. Hell, you'd make more out of selling an IDE / SCM tool to the developers direct than you would out of trying to sell the GPL software or contribute to it yourself (Bitkeeper was one example, but see what happens when something better comes along or you fall out with the community?). But then you could just sell IDE/SCM software, generally, to anyone, and make more money. In those cases, the actual software is irrelevant. The second that you focus on "how can I make money out of GPL", you've failed, because - honestly - you can't.
It's a fundamental misunderstanding to expect to be able to monetise every possible thing in the world. It's also a little disheartening that you don't realise that.
It's like saying how can I run a business running a free food bank? You really can't. And anything you can do to provide profit (e.g. selling off excess donated food) might well be fraudulent if you don't tell people you're doing that, or discourage people from contributing at best. And it would NEVER meet your expenses.
And the beauty of the system is - if you believe Red Hat are destroying the OS, you have an immediate solution. Use one of the other myriad distributions that aren't, but are including the same bits of software that you want. Hell, I've never actually used Red Hat in my life, and I've deployed hundreds of Linux machines in all kinds of scenarios. I don't think I've ever seriously used Fedora, either.
The guy is talented, in every way except communicating with others. If he really wants to make a product that he can make a living out of, he either has to move to the services around it (good luck convincing people to use your services with his business attitude), or he could go make money on ALL KINDS of software security projects that are nothing to do with open-source. Fact is, he's trying to sell access to his "magic fixes" to free software that he refuses to contribute back in a useful way, but his code doesn't work without that same free software and co-operation. So he's sidelined. Ignored. His code is only in his project.
He's a guy trying to sell you "his" brand of free stuff, by taking other people's free stuff, putting it in a box with some cool stickers on it, then expecting you to pay for it. Meanwhile, he's also threatening to cut you off if you reveal that fact, and sue you if you disagree with what he's doing.
(Score: 2) by Immerman on Sunday August 06 2017, @02:11PM
>Hence you can't make money from contributing to GPL software
Nonsense - you probably can't make money *selling* GPL software, but lots of people make money *contributing* to GPL software. The trick is to find somebody wiling to pay you to add features or fix bugs for them because *they* need/want them. I.e. you get paid for your service in writing the software, rather than for the software itself.
Probably the bulk of total income earned that way is for folks like the programmers at Red Hat (and countless businesses who just need to use the software, and upstream improvements so they don't have to port them to every upgrade themselves) for whom making such improvements is a traditional job. There's also bounty programs, Patreon-style funding, and several other "non-traditional" approaches that are being tried.
(Score: -1, Troll) by Anonymous Coward on Sunday August 06 2017, @01:02AM (1 child)
Bruce Perens should retire from open source to a life of politics and curmudgeonhood.
With any luck, the court will order Linus Torvalds to step down from Linux development also.
Both of them are too old and need to be replaced by young hip rockstar coders.
(Score: -1, Troll) by Anonymous Coward on Sunday August 06 2017, @01:15AM
How much coding do you see Richard Stallman doing these days versus how much time does he spend on the political circuit giving speeches? Yeah. That's right. Time to put old man Bruce and old man Linus out to pasture like old man Richard.
(Score: -1, Troll) by Anonymous Coward on Sunday August 06 2017, @01:07AM (2 children)
Yes, it has been a long time since the Bruce was in the news! Kinda sad you got to get sued to get into the news, but better than being ESR and having to resort to begging.
(Score: -1, Troll) by Anonymous Coward on Sunday August 06 2017, @01:20AM (1 child)
Fuck Bruce. Let's see NCommander's face on every news site. Worldwide manhunt for NCommander wanted for mass murder while SoylentNews gets seized and replaced by a placeholder page.
(Score: -1, Troll) by Anonymous Coward on Sunday August 06 2017, @01:30AM
Raaaaaaggggggeeeeeee
(Score: 2) by Runaway1956 on Sunday August 06 2017, @01:16AM (17 children)
Once those idiot lawyers get started in court, they're going to try finding ways to challenge the GPL, in all of it's versions. And, the other idiots on the other side are going to be trying to defend FOSS, which has never been necessary before.
When they start arguing details, they're going to lose sight of The Big Picture ™ and FOSS is likely to take some hard hits.
As with any military campaign, the plan of battle is always the first casualty. GRSecurity is going to come up with something that nullifies all of FOSS plans, and vice versa.
“I have become friends with many school shooters” - Tampon Tim Walz
(Score: 0, Interesting) by Anonymous Coward on Sunday August 06 2017, @01:25AM (7 children)
As an author of free software covered by the GPL, I look forward to seeing the GPL invalidated and having my code stolen. I wouldn't have made the source code public if I didn't want people to have it, and I've never really cared about the petty distinction between free software and freeware.
(Score: 2) by pvanhoof on Sunday August 06 2017, @06:23AM (6 children)
If the GPL is nullified that would mean everybody who has a copy of your work falls under normal copyright restrictions. No matter if you've made its source code available publicly, would every owner of a copy still have to consider the standard copyright laws. You then own the copyright of the work, they don't and they have no right to use of distribute your work.
The GPL license gives them rights. It doesn't take away any rights. By nullifying the GPL, they would have less rights on your work.
(Score: 1, Interesting) by Anonymous Coward on Sunday August 06 2017, @07:01AM (3 children)
Freeware is sale for free under copyright. All rights reserved. Except the author willfully sold the software for free. Permission to use was thereby granted.
If someone takes the source code and makes a derivative of the copyrighted work then the author can sue for damages. But that was always true under copyright.
What the GPL really does is it gives the author the right to sue the maker of a derivative work for very specific damages: the complete source code of that derivative work.
(Score: 2) by Immerman on Sunday August 06 2017, @01:57PM (2 children)
Not really - they could always settle for the usual copyright-infringement penalties as demonstrated by the RIAA and friends: ridiculous fines and potential jail time for each infringement, and a permanent injunction against any further distribution of any derived works.
What the GPL actually does is give infringers an "easy out" by getting into compliance with the terms of the only license that would allow them to have legally redistributed the work in the first place. Definitely not their first choice, but when they've been caught red-handed engaging in illegal activity with extremely steep mandatory penalties, settling for just sharing the work they've done no doubt starts looking really good. Especially when they realize that part of paying the fines is also to essentially throw away all their work because distributing it again would then unquestionably be willful infringement, with even worse penalties.
And actually, I don't believe it's even the GPL that does that so much as a community that's consistently been willing to "forgive and forget" once they get into compliance - pretty sure that legally getting into compliance only indemnifies their future activities, their past ones are still flat-out copyright infringement.
(Score: 2) by hendrikboom on Monday August 07 2017, @02:30AM (1 child)
They could pay the enormous penalties, and release their software with new code that replaces the GPL part of their product. Still costly. but it doesn't involve giving away their work.
(Score: 2) by Immerman on Tuesday August 08 2017, @03:05PM
Yes, they could. But in most cases the GPLed portion vastly outweighs their own contribution, so it's not very likely. The fact that so few companies choose to go that route when caught should suggest something about its relative appeal.
(Score: 0) by Anonymous Coward on Sunday August 06 2017, @10:49AM
Not me, you complete legal shibboleth! Ha! I got my copy, and now I can ban all of you from having your copy, if only I can date the copyright claim, or the negotiation of the copyright transfer, to earlier than everyone else! Ha aha ha! I am going to be rich! I will have total control! Look upon my power, and despair! I am the Software version of PharmaBro, bros!
(Score: 2) by mcgrew on Sunday August 06 2017, @01:30PM
You then own the copyright of the work
One doesn't own a copyright, one merely HOLDS copyright. It's a 95 year lease that starts when you die. And yes, I hold lots of copyrights, many or them registered with the copyright office. I still release them under a version of the GPL.
The GPL is a license to use the work, just as when a magazine publisher "buys" a story, what they are buying is a license to publish it, not the story itself.
The more I learn, the more I realize how abysmally ignorant I am.
(Score: 3, Interesting) by Whoever on Sunday August 06 2017, @02:08AM
Not these idiot lawyers, because they won't survive the inevitable anti-SLAPP motion. Their client will be paying Perens' legal bills.
(Score: 0) by Anonymous Coward on Sunday August 06 2017, @02:18AM (2 children)
Time to update your facts database. FOSS has been defended, and even uphold in court. See NeXT's ObjC contribution to GCC https://www.gnu.org/philosophy/pragmatic.html [gnu.org] for an out of court deal (and probably the reason Apple now goes with as much as BSD code as they can, they prefer one-way-sharing, "ours is ours and your is ours", or "we want to keep control" if you want to be polite, after all they opened Swift). But if you want a court case instead, see this one https://www.xda-developers.com/us-district-court-rules-gnu-gpl-is-an-enforceable-contract/ [xda-developers.com]
(Score: 3, Informative) by Runaway1956 on Sunday August 06 2017, @02:22AM (1 child)
It's the court cases that count. Settlements don't establish precedence for future court cases.
“I have become friends with many school shooters” - Tampon Tim Walz
(Score: 0) by Anonymous Coward on Sunday August 06 2017, @10:49PM
FWIW, settlements can establish precedence for future court cases in many court systems in the U.S. First is that they can function against mutual parties in any regard due to issue preclusion between them. Second is that many settlements, especially between parties with deep pockets, are ratified by consent decrees; this allows full collateral estoppel, even between non-mutual parties, and it can act as precedent, as it is considered a final judgment.
(Score: 4, Informative) by krishnoid on Sunday August 06 2017, @02:32AM
It's been defended before, once rather recently [lwn.net], in fact.
(Score: 0) by Anonymous Coward on Sunday August 06 2017, @03:25AM (1 child)
You weren't around for the SCO wars, were you?
(Score: 0) by Anonymous Coward on Sunday August 06 2017, @10:55AM
I was there when Pruce Berens screwed the pooch and realized that MBA types could not abide by "free software", and so he came up with "open source software", and with much anal sex and negotiation, managed to birth "FOSS", that terrible acronym that haunts the free software community to this day. If only Bruce had gone the way of ESR and become a scaredy-cat ammosexual. Please send some money to ESR, he is opposed to socialized medicine, but someone in his family needs some medicine, and Open Source Medicine is just not cutting it.
(Score: 3, Funny) by jasassin on Sunday August 06 2017, @06:05AM (1 child)
Somewhere, Sun Tzu is spinning in his grave.
jasassin@gmail.com GPG Key ID: 0xE6462C68A9A3DB5A
(Score: 0) by Anonymous Coward on Sunday August 06 2017, @10:59AM
Come, now! You were expecting strategic insight from a petty officer (extremely petty, or just an "able bodied seaman"!) who served for a couple months in a time of peace? It is Runaway, for Christ's Sake! He barely knows who to hate today, until he has tuned into Faux News.
(Score: 4, Insightful) by rigrig on Sunday August 06 2017, @04:27AM
Before:
If you do business with grsecurity and (they think) you distributed code that you were allowed to distribute, they'll terminate your business relationship.
Some people say this may put you in breach of the GPL.
After:
If you do business with grsecurity and (they think) you distributed code that you were allowed to distribute, they'll terminate your business relationship.
Most tech sites ran the story that some people say this may put you in breach of the GPL.
Also, apparently grsecurity is quite happy to sue people for merely stating their opinion of the grsecurity contract.
I'm not sure how the "After" situation is going to get them more customers.
(The cynic in me simply believes they are advised on legal matters by the people that will get paid more by having as many lawsuits as possible, but I'm sure they have better reasons.)
No one remembers the singer.
(Score: 3, Informative) by mcgrew on Sunday August 06 2017, @01:05PM
I distrust the Register. They often leave important information out in order to sensationalize a non-sensational story. Here it is, Straight from the horse's mouth. [perens.com]
The more I learn, the more I realize how abysmally ignorant I am.
(Score: 2) by kaszz on Tuesday August 08 2017, @07:31PM
Once the news came that GR security sues anyone for defamation when they are just pointing out valid and concerning issues. Their reputation is wiped out. It will be interesting to see how the community will treat them from now on. The wording "business interference" may just get some real implementation.