LWN.net Logo

Advertisement

TrustCommerce

E-Commerce & credit card processing - the Open Source way!

Advertise here

Not logged in

Log in now

Create an account

Subscribe to LWN

LWN Weekly Edition

Front page
Security
Kernel development
Distributions
Development
Linux in the news
Announcements
Letters to the editor
->One big page

 

This page

Previous week
Following week

Recent Features

LWN.net Weekly Edition for July 2, 2009

RealtimeKit and the audio problem

VFAT patent avoidance and patent workarounds

LWN.net Weekly Edition for June 25, 2009

Apache attacked by a "slow loris"

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

LWN.net Weekly Edition for June 12, 2003

Embedded Linux and the GPL

Linux and embedded systems are a natural combination. Linux provides the level of control and ability to customize that embedded vendors need; it can also be pared down into a (relatively) small footprint. And, of course, there are no per-unit royalties to be paid; that is a big deal for many applications. It is not surprising that an increasing number of gadgets have a Linux kernel running inside them.

Much of the code running in those systems is licensed under the GPL. While no royalties need be paid for the distribution of GPL-licensed code, there are other obligations which must be met. In particular, a Linux-powered gadget is supposed to come with either (1) a copy of the source for the code running inside, or (2) a written offer to ship the source anytime in the next three years. While some companies (e.g. TiVo) make their source available, it would seem that some other embedded system vendors are forgetting about this obligation when they ship their boxes.

Recently, Andrew Miklas noticed that his Linksys WRT54G wireless access point was running GPL-licensed software, including a 2.4.5 kernel and the BusyBox tool suite. The product contains no source, offer of source, or even acknowledgement of the GPL software running inside. Attempts to obtain source from Linksys have, so far, been unsuccessful. The Free Software Foundation is now taking an interest in this case.

Linksys, it seems, is not alone in this behavior. Products from Belken, Buffalo Technology, and QLogic have also been shown to have Linux inside, with no source forthcoming. Lest one despair completely, however, it's worth looking at Colm MacCárthaigh's experience with his Dell TrueMobile 1184 router. Not only was he able to (eventually) get the source from Dell; his efforts also convinced Dell to include a source CD with the product.

Mr. MacCárthaigh's experience is worth noting for a couple of reasons. The first is that Dell was simply unaware that it was supposed to make source available. In most GPL violation cases, the real problem is that the company involved is unaware of its obligations under the license; GPL violations tend to be unintentional. With some persistence - and politeness - it is usually possible to get these companies to move into compliance with the GPL. The Free Software Foundation has been very good at this in the past; in contrast with its loudness on other fronts, the FSF treats GPL problems with discretion and tact. As a result, most GPL violators are brought around to compliance without being pushed into full-scale defensive lockdown.

The other thing to note is that Mr. MacCárthaigh did not get anything all that exciting for his efforts: a stock 2.2.14 kernel with a widely-available patch set. In the Linksys case, many Linux users are getting worked up about the prospect of extracting a new set of wireless network drivers by forcing a release of code. These users will almost certainly be disappointed. The drivers in question will be implemented as loadable modules which, until some disgruntled kernel developer proves otherwise in court, are legal to distribute for use with the kernel. Linksys owes its customers the source for its Linux kernel, BusyBox, and any other GPL software that it includes in its product. But it is under no obligation to open up any proprietary drivers that it is using.

The truly sad part is that embedded system vendors need not even provide source which can be rebuilt and loaded into their devices. As reported here in May, there appears to be no legal impediment that can prevent systems vendors from requiring kernels to be signed by a private key before they can be run. You can look at what your Linux-powered device is running (if you trust the vendor to provide the true source for the binaries in the box), but you may not be able to change it.

Even so, it is important that distributors of GPL-licensed software live up to the obligations imposed by that license. There is a vast body of highly capable software which is available under the GPL, and all that's required to be able to use it is to make the source available under the same license. That is a small price to pay for free (of charge) access to software that, by some estimates, is worth over a billion dollars.

Update: since this article was first published, Linksys has stated that it will release the source for the GPL-licensed code running in the WRT54G router.

Comments (14 posted)

LZW is Free! (Almost)

[This article was contributed by Joe 'Zonker' Brockmeier]

The LZW patent is nearing its expiration date. Appropriately enough, patent 4,558,302 expires next Friday, June 20 -- plan your parties accordingly. At least if you're in the U.S. -- the patent will continue to be valid for a little longer in several other countries.

Unisys sat on the patent for nine years before it attempted to start collecting royalties on software that made use of LZW to create images in the Graphics Interchange Format (GIF), and for the use of GIFs on websites. Unisys really started putting the pressure on in 1999, however, asking web site operators to fork over a fee of $5,000 just to use GIFs on a publically-accessible website or an Intranet site. You could also get a license to cover both a "Billboard" site and an Intranet for the low, low fee of $7,500.

Pressure is a relative term. Unisys was never successful in garnering the licensing fees from the majority of sites that use GIFs, nor did they conduct an RIAA-style search for sites using GIFs to send threatening letters to. And, compared to Amazon's "one-click" patent, the LZW patent looks almost reasonable.

Nevertheless, the Unisys money-grab inspired a deep loathing in quite a few Webmasters and other users who had already been using GIFs or the LZW algorithm for quite some time, and who resented the sudden demand for royalties. Thus the Burn All GIFs day was born. Thanks to their GIF efforts, Unisys has the dubious honor of being one of the first companies to awaken the Free and Open Source software communities to the danger of software patents.

Don Marti, webmaster for the Burn All GIFs site, said it's yet to be seen how successful the Burn All GIFs project has been.

The real success of Burn All GIFs day will be measured by how well webmasters can stay away from patent minefields in the future. When you use a patent-encumbered format, you're setting yourself up to have the patent holder hold you up in the future.

The W3C's decision to declare itself a patent-shenanigans-free zone is a positive development, and other information technology standards bodies should also drop the idea of "UFO" (Uniform Fee Only) patent policies, which impose prohibitive transaction costs on free software and small companies.

Marti also noted that the W3C's royalty-free policy is a step forward for Free and Open Source software developers.

Of course, it's not all about GIFs. The LZW algorithm is also found in a number of other graphics formats and in programs that compress data. GIFs are merely the most widely-recognized use of LZW. For example, LZW is used in the Unix "compress" utility, which led to the creation of the widely-used gzip as a replacement.

It's unlikely that the Free and Open Source community will rush back to using the LZW algorithm, now that it has been effectively replaced. But even as it re-enters the public domain, the LZW tale serves as a cautionary tale of the dangers of software patents. It won't be the last.

Comments (4 posted)

Penguin Computing acquires Scyld

Penguin Computing announced on June 10 the signing of an agreement to acquire Scyld Computing, the Beowulf cluster software and services company started by Donald Becker. This acquisition is a significant step being taken by one of the true survivors among Linux companies. So we dropped Penguin Computing founder Sam Ockman a few questions; here's what he had to say.

Why has Penguin Computing decided to acquire Scyld at this time?

We've always sold Beowulf clusters. In the beginning it was mainly to universities and research laboratories. That market continues to grow, but now the corporate world is really interested in clusters as well.

Most of our business has historically come from our enterprise customers. About a year ago they started to get very interested in high performance computing (HPC). Now an increasing number of our customers have their own clusters.

Corporate customers really care about "total cost of ownership". It's a term that is used derisively in the Linux community, but in the enterprise it's very important. Scyld has engineered the best management framework for clusters, so it was a natural fit for us to buy them.

How do you expect Penguin's cluster offerings to change as a result of the Scyld acquisition?

The immediate focus of our combined organizations is to make our clusters easier to deploy, operate, and administer. We're also very focused on how to make clusters easily upgradeable. So a customer could start with a small cluster (around 16 nodes) and expand over time to be much larger.

Simultaneously, we will be concentrating on longer term goals. We have a very clear vision as to where clustering is going. There is going to be a lot of innovation in the next few years.

Based on extensive input from the existing customers of both companies, we have already begun work on the next generation of software and hardware solutions for the HPC space.

What are your expectations for the Linux cluster market over the next few years?

Every engineering group at every large corporation will need access to a cluster. We're already seeing the demand in fields like biotechnology, physics, computational fluid dynamics and electronic design automation.

Job scheduling and resource utilization will become more and more important as clusters are shared throughout a corporation. We're working on some very elegant solutions to these problems.

Some of your competitors have been targeting specific markets - bioinformatics, for example. Does Penguin anticipate taking a similar path with its offerings?

That's an interesting question. Penguin Computing was started when the market for Linux servers was still very small. Along the way we've helped grow the market with a lot of innovations. For example, we introduced the first Intel based 1U Linux server. We also had the first Linux server with hot-swap RAID. As different industries have adopted Linux, we've been there to support them with our servers and professional services. Now we'll be able to offer complete solutions in the rapidly growing cluster market.

What's great about Scyld is that it's an analogous situation. Don Becker, the founder and CTO of Scyld is the inventor of Beowulf. So Scyld's software and knowledge have grown with the market.

That said we're now seeing considerable growth in biotech, Computational Fluid Dynamics (CFD) and Electronic Design Automation (EDA). We're gaining customers that are using clusters in each of these fields. As we do, our knowledge increases, and new customers come our way, often recommended by word of mouth.

But it's not just those three fields either; it's amazing some of the things our clusters are being used for. Clusters are being used almost everywhere there is a computationally intensive problem. And it's not just in places where supercomputers would have been used before. Because the cost of a cluster is at least an order of magnitude less than a monolithic supercomputer, it has opened up whole new markets.

Penguin Computing has managed to survive in a market (Linux-installed systems) where many others have failed. What have you done differently to be able to succeed in this way?

We've always been highly focused on delivering great computer systems with great support. We purchased Scyld because the majority of our customers are or will soon be doing clustering. This is not a new market for us; but now we have a more complete solution for our customers.

Another way of phrasing that question, perhaps, is: why should a customer buy a server (or a cluster) from you, rather than from a large vendor like Dell?

Our rallying call since day one of our founding has been "the world's most reliable Linux systems". What we're about is making very reliable computers that are still cost effective, and providing really great support for those computers.

Dell's an interesting comparison choice. If you want real support from them you have to buy something called DLine Plus. For fifteen problems over three years you pay $2,999 extra.

At Penguin Computing we include all of our experience, and completely support the server for no additional charge. We've been engineering and supporting Linux servers longer than Dell and IBM.

On the cluster front, it's an even easier choice. With the acquisition of Scyld we have the best management framework for Beowulf clustering. And Don and his team have more knowledge about Beowulf than anyone else. After all Don invented it!

Scyld has a number of resellers, including Hewlett-Packard, and we definitely value those relationships. So, HP or any of Scyld's other resellers is also a very good choice for clusters.

Are you willing to release any sort of annual revenue information for Penguin Computing? Or, perhaps, some sort of server volume figures?

We are the largest pure-play Linux systems company. But as a private company we don't release any of those numbers. I can tell you that we're seeing significant growth, both quarter over quarter, and year over year.

Does Penguin employ contributors to any free software projects? Which ones?

Donald Becker was the leader of the team that invented Beowulf, and he's also one one of the primary contributors to the Linux Kernel. Don has written most of the commonly used Linux network drivers and continues to maintain many of them. Scyld has contributed to many, many Open Source programs and will continue to do so.

Another project that is near and dear to our hearts is lm_sensors. We often have to write new code to make lm_sensors work with our next generation servers, and we make sure that we GPL all of that. Some other projects that we've contributed to include LCDproc.

In addition to directly writing code, we do a lot to support the Linux and Open Source community. We're a corporate patron of FSF/GNU and have also donated servers to them (including the server they use to run their mailing lists). Penguin Computing has also given servers to H. Peter Anvin so he could develop RAID-6. Finally, along with BitMover, we provide and host kernel.bkbits.net, which is used by many of the senior kernel developers.

Comments (1 posted)

An open letter to SCO

We recently sent the following letter to several contacts at SCO and its public relations agency:

The SCO Group has made repeated claims that Linux contains code taken from proprietary Unix. On the basis of these claims, a $1 billion lawsuit has been filed against IBM, and letters have been sent to many Linux users warning that they may face legal liability. You have publicly compared the Linux community to thieves and liars. What you have not done is to back up your claims in any way, with the result that you have now been hit with legal notices for unfair competitive practices in two countries.

The Linux and free software communities take great pride in their ability to develop code which is inferior to none. They have no interest in stealing code from anybody; Linux hackers are not so dishonest, and, frankly, most of them believe that they can do a better job themselves. Linux is an implementation of a number of well-published standards, but it is an original work.

That said, if it turns out that there is stolen code in the Linux kernel (or elsewhere) the community very much wants to know about it. We would like to remove that code and find out how it came to be included in the first place. Anybody who turns out to have contaminated Linux with proprietary code will, to say the least, not be welcome in our community in the future. If this has happened, we want to get to the bottom of it even more than you do. We do not want it to happen again.

You have made grave accusations against our community and caused a great deal of concern in that community and beyond. You now owe it to us to back up those accusations.

You need not - at this point - reveal any proprietary code of yours. But you owe it to us to point out which code in Linux is, by your claims, stolen from you. This code, by virtue of having been distributed by many (including you) in source form, can no longer be held to be confidential; SCO's claims to that regard are unconvincing. You will not violate any confidentiality by simply indicating which code you are taking exception to.

SCO claims that the Linux community would use any such disclosure to remove the evidence ("That's like saying, 'show us the fingerprints on the gun so you can rub them off.'" - Darl McBride in the Wall Street Journal). This claim, too, is unconvincing. The development history of Linux is public and cannot be erased; all the evidence you need can be found on SCO's own distribution disks. There is no way to "rub off" those fingerprints. Yes, the Linux community would quickly remove any code that was shown to be proprietary, but that would not change the evidence for your case and you know it.

Making a demonstration for a limited number of reporters under NDA is inadequate. Your NDA excludes the people who can best make judgements on the origins of code and prevents the development community from addressing any wrongs that may have occurred.

Instead, if you point out the code the Linux community will track down its origins far more quickly and effectively than your lawyers ever could. Your refusal to do so only suggests that you fear exactly that: a careful investigation could show that any common code comes from a freely available source. If your claims are honest and legitimate, you owe it to the community to back them up.

If SCO is serious about its claims, it is time to show some integrity and expose those claims to general scrutiny. Please, SCO, show us the code.

We did actually get a response back from them. Here's SCO's statement:

Thanks for giving us the opportunity to respond. Our offer to show individuals the source code under non-disclosure at our corporate offices still stands throughout the month of June. Several analysts and journalists have seen the source code. I hope that the Open Source community will understand that we have to show this UNIX source code under non-disclosure because of the confidentiality agreements that we have in place with more than 6,000 UNIX licensees. We can not violate these agreements.

An SCO representative has since stated that the offending code is in the Journaling Filesystem (JFS), NUMA, and SMP support. JFS is an obvious, large contribution from IBM, and, though it originally comes from OS/2, it could conceivably contain some of SCO's code. JFS is good stuff, but its loss would affect very few Linux users.

The initial NUMA support was contributed by Kanoj Sarcar, then at SGI. IBM has since improved that code, of course. It is well known that Linux SMP support was initially helped by the company then known as Caldera. It has since seen work by a great many people. It is conceivable, though improbable, that a significant amount of proprietary code could have been sneaked in somewhere.

But, without knowledge of the code that SCO objects to, it will be impossible to independently verify whether any of it has been copied or not. SCO continues to hide behind the "confidentiality" of code which has been publicly distributed, with the result that nobody can ascertain whether its claims have merit or not. Perhaps that is the point.

Comments (16 posted)

Who is selling SCO stock?

SCO's stock has gone up significantly in value since the company filed its suit against IBM. There has been speculation that the real purpose of the whole operation was to inflate the stock price and give insiders a chance to cash out before it all falls apart. Insider trades must be publicly documented, of course, so we took a moment to see what has happened so far.

Perhaps the most interesting filing so far is this S/3A form, first filed in February and since updated several times. It appears that two external stockholders, John R. Wall and Morgan Keegan & Co., have decided to dump an even million shares that they hold. SCO has gone through the whole registration process - at its expense - to make this happen, but the proceeds go directly to the two sellers.

Mr. Wall got his (800,000) shares at the end of 2002 (along with $100,000 in cash) for a $1 million note payable by Vista.com, a company he founded. Those shares, at current prices, are worth nearly $7 millon. Not a bad deal.

Morgan Keegan was retained by the company "to act as an exclusive financial advisor to assist the Company in its analysis, consideration and if appropriate, execution of various financial and strategic alternatives available to it including, but not limited to, securing additional equity and/or debt capital and potential strategic transactions including mergers, acquisitions and joint ventures" (2002 annual report). The cynical among us might conclude that a "strategic alternative" has indeed been chosen. There is, however, no evidence that either of these two large shareholders have anything to do with the lawsuit - they are simply happy beneficiaries.

There have been some recent sales by SCO executives:

The record thus shows a small amount of cashing-in as the stock price goes up, but, with the exception of the large sale by John Wall and Morgan Keegan, nothing all that significant. If all this is truly an effort by SCO management to cash out, the people involved have not yet made their move.

Comments (4 posted)

Page editor: Jonathan Corbet

Inside this week's LWN.net Weekly Edition

  • Security: Linux security in the news; new vulnerabilities in atftp, eterm, gzip, KDE/SSL, mod_php, ...
  • Kernel: Reworking system devices; kernel janitor patchsets, what will be in 2.4.22?
  • Distributions: On SuSE's Dramatic Rise and Mandrake's Uninspiring Lethargy; Aurox Linux; CDLinux; System-Down::Rescue
  • Development: The LTI-Lib Computer Vision Library, new versions of Speex, Firebird, Sussen, Gallery, Meterbridge, Epiphany, Galeon, GTK+, XFce4, Pygame, Gimp, Samba, GStreamer, Gnumeric, OpenEJB, GCL, Pexpect, Conglomerate.
  • Press: Linux breakins, Embedded Linux, FSF probes Linksys, Ballmer on Linux, Merrill Lynch on Linux cost, gif patent near expiration.
  • Announcements: SuSE Linux Desktop, Setting up Samba, OLS registration deadline, Stallman at GWU, SANE 2004 CFP.
  • Letters: Strlcpy()
Next page: Security>>

Copyright © 2003, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds