|
|
Log in / Subscribe / Register

The exfiltrated exFAT driver

By Jonathan Corbet
July 24, 2013
The exFAT filesystem is a Microsoft product, designed for flash media. It lacks support in the Linux kernel; as a proprietary, heavily patented filesystem, it is not the sort of thing one would expect to see free support for. Still, when the exfat-nofuse repository showed up on GitHub, some dared to hope that Linux would gain exFAT support after all. Instead, what we appear to have gained is an ugly licensing mess and code that is best avoided.

From what can be determined by looking at the repository, the code appears to work. It was originally written by Samsung, it seems, and was shipped with one or more Android devices. The problem is that, as far as anybody can tell, Samsung never intended to distribute this code under the GPL. Instead, a GitHub user who goes by "rxrz" somehow came by a copy of the code, removed the original proprietary licensing headers, and inserted a GPL license declaration into the code. The code claimed to have a GPL license, but the copyright owner never released the code under that license.

On July 9, another GitHub user filed a bug noting that the license declaration was incorrect and suggesting a removal of the repository. The entity known as rxrz was not impressed, though, saying:

It's a leaked code of a proprietary exfat driver, written by Samsung, Inc. It works, you can use it. What else do you want, a signed paper from your parents on whether you can or can not use it? I'm a programmer, not a lawyer. You got the code, now decide what to do with it, it's up to you.

The code has since been edited to remove the GPL declaration and restore the proprietary license, but it remains available on GitHub and rxrz evidently feels that nothing wrong was done by posting it there. It also appears that GitHub has no interest in pulling down the repository in the absence of an explicit takedown notice from Samsung, so this "leaked" driver may remain available for some time.

This whole episode seems like a fairly straightforward case of somebody trying to liberate proprietary code by any means available. There are some interesting questions raised by all of this, though. The first of those is: what if somebody had tried to merge this code into the mainline kernel? The immediate answer is that they would have been chased off the list once developers actually had a look at the code, which, to put it gently, does not much resemble Linux kernel code. In the absence of this obvious barrier, one can hope that our normal review mechanisms would have kept this code from being merged until the developer was able to provide a satisfactory explanation of where it came from.

But it is not clear that all of our code is reviewed to that level, so it is hard to be sure. An exFAT implementation is likely to attract enough attention to ensure that the right questions are asked. Had the code in question been a driver for a relatively obscure piece of hardware, instead, it might not have been looked at very closely.

Then, one might ask: why is Samsung shipping this as a proprietary module in the first place? After all, Samsung appears to have figured out how Linux kernel development works and has made a solid place for itself as one of the largest contributors to the kernel. One can only guess at the answer, but it likely has to do with claims that Microsoft makes over the exFAT format. Microsoft has shown itself to be willing to assert patents on filesystem formats, so taking some care with an implementation of a new Microsoft filesystem format would seem like an exercise in basic prudence. Whether this exercise led to ignoring the GPL in an imprudent manner is the subject of another debate entirely.

Similarly, some prudence would be advisable for anybody thinking to use the code as a reverse-engineering tool for a new exFAT implementation. It is hard to reverse-engineer one's way around patent problems. exFAT may well be a format that is best left alone.

Finally, for those who have been in this community for a long time, the attitude revealed by a number of participants in the GitHub issue thread may be surprising. Licensing, GPL or otherwise, appears not to matter to many of these people. All that matters is that the code can be downloaded and that it works. This attitude can be found elsewhere on GitHub; indeed, many have complained that GitHub itself seems to be indifferent at best to the licensing of the code it distributes.

Perhaps we are heading into some sort of post-copyright era where licensing truly no longer matters. But it would not be surprising if those who are interested in copyright resist that future for a while yet. We are not just talking about the entertainment industry here; the simple fact of the matter is that anybody who values the provisions of the GPL is indeed interested in copyright. It is hard to demand respect for the GPL while refusing to respect the terms of other licenses.

Among other things, that means that the kernel community must continue to be careful not to incorporate code that has not been contributed under a suitable license. So code that shows up on the net must be looked at carefully, no matter how useful it appears to be. In this case, there was no danger that the exFAT code would ever be merged; nobody even suggested that it should be. But there will be other modules of dubious provenance in the future, some of which may seem more legitimate at first glance. Even then, though, our processes should be good enough to find the problems and avoid a merger that we will later regret. Hopefully.

(Thanks to Armijn Hemel for the heads-up).

Index entries for this article
KernelCopyright issues
KernelFilesystems/exFAT

to post comments

The exfiltrated exFAT driver

Posted Jul 25, 2013 2:36 UTC (Thu) by Russ.Dill@gmail.com (guest, #52805) [Link] (2 responses)

The more interesting issue to me is the possibility that code was taken from linux/fs/fat/, pasted into exfat_super.c, relicensed as proprietary, and distributed by Samsung.

The exfiltrated exFAT driver

Posted Jul 25, 2013 6:59 UTC (Thu) by felixfix (subscriber, #242) [Link] (1 responses)

Presumably you mean not copied literally, but used as the basis for some heavy editing into the new driver.

The article says the code does not follow kernel practices. That seems to indicate it was not based on good driver code, or, if it was, it has been so heavily edited as to lose all resemblance to the original.

The exfiltrated exFAT driver

Posted Jul 25, 2013 13:54 UTC (Thu) by Russ.Dill@gmail.com (guest, #52805) [Link]

I'd rather not come out and accuse Samsung of literally copying GPL code, relicensing it under a proprietary license, and distributing it, but encourage people to take a look at exfat_super.c and notice the coding style matches the kernel coding style, not that of the rest of the driver.

Compare instead with the contents of fs/fat/misc.c, fs/fat/dir.c, fs/fat/namei_vfat.c, and fs/fat/file.c. Functions like __fat_readdir, vfat_create, parse_options, and many others.

The exfiltrated exFAT driver

Posted Jul 25, 2013 3:05 UTC (Thu) by bergwolf (guest, #55931) [Link] (1 responses)

Kernel treats the kind of issue much more seriously than other projects AFAIK. I once talked to a multimedia developer who told me that in the multimedia encoding/decoding area, they tend not to ask where the encoder/decoder code originates. All they tend to care is that, "ah, I copied the code from project X that appears to claim it open source. If anything goes wrong, that's project X's fault. So I'm fine with that."

The exfiltrated exFAT driver

Posted Jul 26, 2013 18:51 UTC (Fri) by giraffedata (guest, #1954) [Link]

All they tend to care is that, "ah, I copied the code from project X that appears to claim it open source. If anything goes wrong, that's project X's fault. So I'm fine with that."

Are you saying they misunderstand copyright law and think they can pass liability on to Project X, or that they're only concerned about some kind of fault other than legal?

The exfiltrated exFAT driver

Posted Jul 25, 2013 5:24 UTC (Thu) by rsidd (subscriber, #2582) [Link] (3 responses)

I suspect Samsung has a policy of not complaining about leaked software, perhaps even leaking software deliberately. The Odin software, widely used for flashing/rooting Samsung devices, is supposedly a leak from Samsung. But it seems a bad idea to have leaked the exfat driver. Samsung is in a quandary here: they make very high-quality micro-sdxc cards, but exfat is part of the sdxc specification and they find it hard to support exfat on their own devices.

The exfiltrated exFAT driver

Posted Jul 25, 2013 7:22 UTC (Thu) by Cyberax (✭ supporter ✭, #52523) [Link] (2 responses)

ODIN leaked from some service center (there are tons of them, so such leaks are inevitable). It's officially used to restore firmware on b0rked phones.

The exfiltrated exFAT driver

Posted Jul 25, 2013 19:19 UTC (Thu) by marcH (subscriber, #57642) [Link] (1 responses)

Can you also confirm it's coming from Samsung?

(Sorry if this is an obvious question - I never used ODIN... yet)

The exfiltrated exFAT driver

Posted Jul 25, 2013 19:21 UTC (Thu) by Cyberax (✭ supporter ✭, #52523) [Link]

Yes, it's definitely coming from Samsung.

The exfiltrated exFAT driver

Posted Jul 25, 2013 7:59 UTC (Thu) by lkundrak (subscriber, #43452) [Link] (14 responses)

I'm wondering: isn't this a "derived work" of Linux as understood by GPL?

The exfiltrated exFAT driver

Posted Jul 25, 2013 10:35 UTC (Thu) by etienne (guest, #25256) [Link] (13 responses)

> I'm wondering: isn't this a "derived work" of Linux as understood by GPL?

And because it "was shipped with one or more Android devices", it was released as GPLv2 (or free-er) whatever the header of the source file tells, because anything else would be illegal?
Obviously this company could claim that it was an error, recall every Android device they ever produced (with compensation) and contact every kernel contributors to get their GPLv2 rights re-instantiated - if they ever want to sell a Linux kernel again. In a timely manner.
No wonder people in the street do not care about copyright laws when massive amount of money is made by a lot of companies ignoring those laws.

The exfiltrated exFAT driver

Posted Jul 27, 2013 2:47 UTC (Sat) by malor (guest, #2973) [Link] (12 responses)

and contact every kernel contributors to get their GPLv2 rights re-instantiated

They don't need to do that. A fresh download, upon complying with the GPL, would suffice. The transfer of rights logically must happen alongside the code, and it must happen each and every time, as that code is constantly changing.

As long as they're compliant with the license after a new download, they're in the clear.

The exfiltrated exFAT driver

Posted Jul 27, 2013 5:10 UTC (Sat) by mjg59 (subscriber, #23239) [Link] (10 responses)

That is one possible interpretation. However, GPLv3 makes that explicit and GPLv2 doesn't, so it's not the only possible interpretation.

The exfiltrated exFAT driver

Posted Jul 27, 2013 8:31 UTC (Sat) by malor (guest, #2973) [Link] (9 responses)

It can't really work any other way, as the license must transmit with each copy made. If it didn't, nobody would be allowed to copy GPL code, as the license clearly states that all people downstream from you must receive the same rights you have.

If it only transferred once, then we couldn't distribute GPL code with patches, either, as updates to GPL software can't transmit the GPL license on only part of the whole work. Any additional code, to have GPL status, must also include GPL status on all code that makes up the work, and must transfer those rights to downstream recipients.

Ergo, the license transfers, in full, each time a copy is voluntarily made.

Further, it doesn't have to be the same person or entity making the transfer. Anyone in good standing could do it. Only if nobody were willing to make you a copy, would you be permanently enjoined from distributing the software.

The person restoring the license by making the copy might not even need to be in good standing themselves, though that's somewhat questionable. I'm not sure whether you need an unbroken chain of licensors-in-good-standing. I suspect you probably do, as being out of compliance with the GPL at the time the copy is made would render the copy illegal, so the person copying would have no rights, themselves, to grant.

If, however, a person making a voluntary copy is in good standing, then you must also get a new license with the copy. If you didn't, then they would be out of compliance with the GPL, and the copy would be illegal.

The exfiltrated exFAT driver

Posted Jul 27, 2013 16:48 UTC (Sat) by mjg59 (subscriber, #23239) [Link] (8 responses)

You have references to established case law to support these assertions?

The exfiltrated exFAT driver

Posted Jul 27, 2013 18:23 UTC (Sat) by mathstuf (subscriber, #69389) [Link] (7 responses)

Has there been much case law for either argument? Given what is written here, a new license being granted with each copy of the code makes more sense, but then I'm not versed in the legal dialect of logic much, so who knows.

The exfiltrated exFAT driver

Posted Jul 27, 2013 18:38 UTC (Sat) by mjg59 (subscriber, #23239) [Link] (6 responses)

I don't know - I'm not asserting that Malor's interpretation is incorrect, just that I know lawyers who disagree with it (and other lawyers who disagree with them). As a result, I think that it's inappropriate to describe this as if it's settled.

The exfiltrated exFAT driver

Posted Jul 27, 2013 18:45 UTC (Sat) by mathstuf (subscriber, #69389) [Link] (5 responses)

Oh, I agree its not settled, but if you could reiterate (or link to) some of the reasons behind your lawyer acquaintances' views, that'd make for a better discussion than "so?" or "and?".

The exfiltrated exFAT driver

Posted Jul 27, 2013 19:23 UTC (Sat) by mjg59 (subscriber, #23239) [Link] (4 responses)

The relevant part of GPLv2 is:

"6. Each time you redistribute the Program (or any work based on the
Program), the recipient automatically receives a license from the
original licensor to copy, distribute or modify the Program subject to
these terms and conditions."

Arguing that downloading a new copy provides a new license requires arguing that the original licensor is deliberately providing you with a new license despite the fact that your original license was terminated under section 4. That seems to be a reasonable literal reading of the text, but it's not explicitly stated and so it's arguably going to be influenced by the interpretation of the (a) license authors and (b) copyright holders. I don't know that it's been explicitly stated, but GPLv3's re-instatement clause would be pretty pointless if downloading a new copy granted you a new license and so it seems safe to assume that the license authors don't agree with the "new license per download" case. Whether copyright holders agree with that position or not is less obvious, but there are certainly some Linux copyright holders who believe that termination isn't rectified by downloading a new copy.

The exfiltrated exFAT driver

Posted Jul 29, 2013 5:17 UTC (Mon) by mathstuf (subscriber, #69389) [Link] (3 responses)

> but GPLv3's re-instatement clause would be pretty pointless if downloading a new copy granted you a new license and so it seems safe to assume that the license authors don't agree with the "new license per download" case

So my question here is: how can the GPLv3 affect GPLv2 (in the legal sense)? What the authors intended might be nice and all, but intentions aren't what matter most in the court room (for contracts and such at least) since there are written words to quibble over that both parties agreed to. So while the reinstatement clause of v3 may exist, I'd think that the courts like explicit statements much more than implicit implications read between the lines (I believe the colloquial term is "covering your [b]as[e]s"), but that only really affects the GPLv3, not v2.

I imagine one thing to quibble over is "distribute". What action is it referring to? The upload to a public-facing server, or the act of downloading from said server? Would all it take is to have some middle man who hasn't lost their license to download the original, upload somewhere else and then the entity which lost its license download from there, getting their rights back transitively? Can I not distribute some piece of GPLv2 software to someone who lost their license to it since I can't give them the same rights? What happens to my license in that case (I'd imagine "nothing")?

The exfiltrated exFAT driver

Posted Jul 29, 2013 5:26 UTC (Mon) by mjg59 (subscriber, #23239) [Link]

Absolutey, GPLv3 probably has little influence on GPLv2. But both are based on the same legal system, and so if downloading a new copy granted you a new license in GPLv2, it should do in GPLv3 as well. GPLv3 behaves as if that's not the case, so GPLv2 is (probably) equivalent in that respect.

But, like I said, I don't believe that anyone's attempted to test this specific case. To the best of my knowledge, no GPL cases that have gone to court have attempted to claim that they'd gained a new license through an additional download.

The exfiltrated exFAT driver

Posted Jul 29, 2013 7:15 UTC (Mon) by marcH (subscriber, #57642) [Link] (1 responses)

> So my question here is: how can the GPLv3 affect GPLv2 (in the legal sense)? What the authors intended might be nice and all, but intentions aren't what matter most in the court room (for contracts and such at least) since there are written words to quibble over that both parties agreed to.

Sure written words matter most. IANAL but I'm pretty sure most courts consider intentions as well to a lesser degree. Among many other examples, in some jurisdictions some contracts do not even need to be written. A hand shake or even phone call can be enough.

The exfiltrated exFAT driver

Posted Aug 2, 2013 16:43 UTC (Fri) by Wol (subscriber, #4433) [Link]

The written word trumps the spoken word.

But where the written word is ambiguous / doesn't exist, the intentions and spoken words have legal force.

Of course, proving intentions and spoken words can be very difficult, which is why it's important to make sure the written word says what you mean.

For the most part, contracts by mouth/handshake were enforced by trust. In a small market where everyone knew everyone you had a symbol (such as a handshake) that said "okay, we have a contract". Get a reputation for walking away from agreements, and you would rapidly find yourself unable to do business.

Cheers,
Wol

The exfiltrated exFAT driver

Posted Jul 29, 2013 10:02 UTC (Mon) by etienne (guest, #25256) [Link]

> The transfer of rights logically must happen alongside the code

IANAL, but the "transfer of rights" can only happen in between the copyright holder (i.e. initial author) and final user.
You are entering a can of worms by pretending a new download does matter, I am not even sure what happens when the copyright holder dies.
If you had a license before he dies, then you should be safe.

Now, it does not change anything about the exFAT driver, I see 3 ways:
- such company recalls all devices containing that code and pretends that it is now fine so can continue business.
- such company make their move legal by officially releasing the source involved and settling any patent issues with the patent holders.
- such company has a secret agreement with most government to catch terrorist, so they install backdoors and help recording anything on their network for free - in exchange they can continue helping catching terrorist by selling them phones which contains illegal software, with "government protection".

The exfiltrated exFAT driver

Posted Jul 25, 2013 12:13 UTC (Thu) by linusw (subscriber, #40300) [Link] (3 responses)

The notion that the public respect for copyrights is on a decline is certainly true, and I would describe the situation as similar to mercantilism (guilds and strict trade regulations) in the late 1700s: people are starting to ignore it, because it makes no sense and is just getting in the way of efficient societies. It seems the asian countries are leading the way here somewhat.

As to the reasons why Samsung does this, we need to realize that this company is the size of a small country, there is no guarantee that the left hand knows what the right hand is doing, atleast not in such small matters.

The exfiltrated exFAT driver

Posted Jul 25, 2013 17:42 UTC (Thu) by jackb (guest, #41909) [Link] (1 responses)

The notion that the public respect for copyrights is on a decline is certainly true, and I would describe the situation as similar to mercantilism (guilds and strict trade regulations) in the late 1700s: people are starting to ignore it, because it makes no sense and is just getting in the way of efficient societies. It seems the asian countries are leading the way here somewhat.
Good riddance. Just imagine how much more productivity would have been available to open source developers over the last decade and a half if they didn't have so much of their attention, time, and mental focus siphoned away into the black hole of copyright compliance.

The exfiltrated exFAT driver

Posted Jul 26, 2013 9:44 UTC (Fri) by armijn (subscriber, #3653) [Link]

I know of more than one case where a developer gave up on making source available because the license conditions were not met and the code was exactly treated as "ah, I'll just take it and do whatever I want", so the "good riddance" thing is definitely not true for everyone.

The exfiltrated exFAT driver

Posted Jul 30, 2013 15:28 UTC (Tue) by Seegras (guest, #20463) [Link]

> The notion that the public respect for copyrights is on a
> decline is certainly true

Of course. Thomas Babington Macaulay explained it in 1851:

"And you will find that, in attempting to impose unreasonable restraints on the reprinting of the words of the dead, you have, to a great extent, annulled those restraints which now prevent men from pillaging and defrauding the living."

http://homepages.law.asu.edu/~dkarjala/opposingcopyrighte...

The exfiltrated exFAT driver

Posted Jul 25, 2013 13:59 UTC (Thu) by smitty_one_each (subscriber, #28989) [Link] (13 responses)

What if:
(a) Dubious code becomes available.
(b) Somebody writes a spec that MAY be based upon (a).
(c) Somebody else writes a driver based upon (b).
I'd venture, based upon the last couple of decades of observation, that nobody is going to waste the resources to get all legalistic about it.
Cui bono? Probably everyone, except a few sharks.

The exfiltrated exFAT driver

Posted Jul 25, 2013 17:14 UTC (Thu) by zuki (subscriber, #41808) [Link] (12 responses)

What you're hinting at is reverse engineering, not overcoming patent issues.

The exfiltrated exFAT driver

Posted Jul 26, 2013 18:48 UTC (Fri) by giraffedata (guest, #1954) [Link] (10 responses)

And as for copyright, which was the main subject of this article, preparing or copying the C code can't possibly violate anyone's copyright in the A code.

As for patents, the use of the C code violates the same patents as use of the A code.

The exfiltrated exFAT driver

Posted Jul 30, 2013 15:41 UTC (Tue) by Seegras (guest, #20463) [Link] (9 responses)

> As for patents, the use of the C code violates the same patents as use of
> the A code.

And any patent which could be violated by code, violates the patent law itself, because mathematics is not patentable.

The exfiltrated exFAT driver

Posted Jul 31, 2013 15:45 UTC (Wed) by giraffedata (guest, #1954) [Link] (4 responses)

I don't think it's meaningful to say a patent violates patent law, but I think you're saying a patent that could be practiced by code isn't valid. And you must also mean shouldn't be valid, because there is ample evidence that in the world in which we live, a device that behaves a certain way because of its programming can infringe a patent because of that behavior. We see people forced by courts to pay royalties for making and selling such devices all the time.

And that gives rise to my point that if a device that uses Code A infringes a patent because of what Code A makes it do, then a device that uses Code C to do the same thing does too.

The exfiltrated exFAT driver

Posted Aug 2, 2013 16:57 UTC (Fri) by Wol (subscriber, #4433) [Link] (3 responses)

You're missing the parent's point.

Any patent granted on actions THAT ARE PERFORMED BY SOFTWARE is an invalid patent. Because software is maths, maths is unpatentable, and any patent that says "you can't run that software" is an unlawful patent.

Patents get granted all the time. The USPTO doesn't bother reviewing them for validity. Damages get awarded for invalid patents. If you want a classic case of some poor defendant getting screwed for millions over invalid patents, look at the Blackberry case! (Though if you actually read what happened, rather than get taken in by the propaganda, RIM screwed themselves.)

You are correct to say that if a device using Code A infringes a patent, then another device using Code C to do the same thing will also infringe. But that is a clear statement that the patent protects an idea, which is NOT ALLOWED by patent law! In other words, any such patent *must* *be* illegal! Patent law is only permitted to protect "reductions to practice". So any patent that covers Code A can't also cover Code C because it is a different reduction to practice!

Cheers,
Wol

The exfiltrated exFAT driver

Posted Aug 2, 2013 17:41 UTC (Fri) by giraffedata (guest, #1954) [Link] (2 responses)

Damages get awarded for invalid patents.

This statement pretty much sums up how you and probably the author of the comment to which I responded are talking about something different than I am - and different from what many other readers would understand.

You're apparently talking about some kind of spiritual quality of a patent you call "invalid." I'm talking about what people care about more in discussing patent law: under what conditions can you expect to be forced to pay someone something? That's why most people say that whatever the courts decide is by definition the law, but apparently in your terminology, a court can get the law wrong.

You are correct to say that if a device using Code A infringes a patent, then another device using Code C to do the same thing will also infringe. But that is a clear statement that the patent protects an idea, ...

I wouldn't say it's clear. Patent claims come in all levels of abstractness, and the border between claims that describe a reduction to practice and those that merely state an idea is wide and fuzzy. That's why there are trials. Long ones.

Based on a scant exposure to patent law, it seems to me patents are being enforced on ideas, algorithms, and obvious inventions all the time, but if you ask me what patents are valid, I'm going to talk about the ones that can be enforced, not my impressions.

a court can get the law wrong.

Posted Aug 6, 2013 17:07 UTC (Tue) by Wol (subscriber, #4433) [Link] (1 responses)

Only too easily, unfortunately.

Or are you saying the legislature is irrelevant, and the law is only what the courts say it is?

The US copyright code says you cannot patent ideas.

The US Supreme Court says you cannot patent ideas.

The Patent Office grants patents on ideas as a matter of course.

Who is right? And given the US tendency to sue at the drop of a hat, and as we have seen the tendency of the courts of first instance to just assume that patents are valid, then you're on to a crap shoot.

So, to take your "the ones that can be enforced", well, it depends, as a defendant, to what extent you are willing and able to defend it. Chances are, the lower court will stiff you. Chances are, if you're still in business, the Supreme Court will declare it invalid. So is that a patent that fits your description, or not?

Cheers,
Wol

a court can get the law wrong.

Posted Aug 6, 2013 17:53 UTC (Tue) by giraffedata (guest, #1954) [Link]

are you saying the legislature is irrelevant, and the law is only what the courts say it is?

The law is determined by all three branches of government working together, but where what you think the courts say the law is is different from what you think the legislature says the law is, yes, the latter is irrelevant for most purposes. The former is what is going to keep you out of jail and wealthy.

But remember this is just a matter of definition. You can define the law as something independent of court rulings, and I'm just saying you can't have a very useful conversation using that definition.

Chances are, the lower court will stiff you. Chances are, if you're still in business, the Supreme Court will declare it invalid.
I haven't heard that claim before - that the Supreme Court usually declares patents invalid after lower courts enforce them. As far as I know, the lower courts do their best to avoid being overruled and usually succeed.

I also don't think the Supreme Court has said that all patents on inventions that could be implemented in software are invalid. (Or that they are patents on ideas, algorithms, or mathematics).

So is that a patent that fits your description, or not?

If the patent would be invalidated by the Supreme Court and the only reason people have to pay royalties on it is because they can't afford to get the Supreme Court to consider it, I would call it an invalid patent.

The exfiltrated exFAT driver

Posted Aug 1, 2013 14:49 UTC (Thu) by Jonno (guest, #49613) [Link] (3 responses)

While no jurisdiction but US allows patents on software (or mathematics) per see, in most jurisdictions the process of a special-purpose machine can be patented, even if (part) of that process is implemented in software, just as the process of a special-purpose machine can be patented even if (part) of the process is implemented using bolts-and-nuts (which isn't patentable either).

The problem is that some patent lawyers argue that whenever you put a piece of software into a general-purpose computer, you are effectively manufacturing a special-purpose machine, which can infringe on the patent. This interpretation is generally favoured by the European Patent Office, which are therefore happy to grant a patent on using a general-purpose computer to do "one click shopping". However, as of this moment, no court outside of Germany will buy that argument, making those patents unenforceable.

Unfortunately European courts can not actually strike down an already granted patent (only a patent re-examination by the European Patent Office can do that), but have to look at each case individually to determine whether the subject of the lawsuit is violating the patent in question. The answer to that question is generally going to be "No", but each and every user will still need their own lawyer and court date to get to that point...

The exfiltrated exFAT driver

Posted Aug 2, 2013 2:49 UTC (Fri) by mathstuf (subscriber, #69389) [Link] (2 responses)

> While no jurisdiction but US allows patents on software (or mathematics) per see

The US explicitly forbids patents on mathematics.

Check Groklaw.net, what we want and what USPTO/Courts does are not the same

Posted Aug 3, 2013 11:41 UTC (Sat) by jjs (guest, #10315) [Link] (1 responses)

While it's certainly true many of us here believe (and can mathematically prove) software is math, and thus not eligible for patents, USPTO routinely grants patents on software, and they are upheld in courts. Until the Supreme Court of the US issues a definitive ruling that software is math, this battle will continue. That also means large companies suing over software patents (MS vs Motorola, Apple vs Samsung, etc). You need to be prepared to defend if you write software, unfortunately. Thankfully there are some large organizations that are beginning to see the light, and some large non-profits that are on the side of programming=math.

Check Groklaw.net, what we want and what USPTO/Courts does are not the same

Posted Aug 4, 2013 7:48 UTC (Sun) by mathstuf (subscriber, #69389) [Link]

Oh, I agree. The missing part here is to convince courts that software is math. I was just pointing out that the "mathematics" part is definitely wrong barring new legislation.

The exfiltrated exFAT driver

Posted Aug 2, 2013 14:29 UTC (Fri) by ssam (guest, #46587) [Link]

Are the patents around exFAT any more scary than the ones around FAT? FAT is already in the kernel, so why not include an exFAT (and ZFS) driver?

Also why not encourage UDF as a filesystem with read and write on linux, windows and mac, with support for files over 4GB (the only limitation I have ever hit with FAT removable drives).

The exfiltrated exFAT driver

Posted Jul 25, 2013 19:23 UTC (Thu) by marcH (subscriber, #57642) [Link] (1 responses)

> We are not just talking about the entertainment industry here; the simple fact of the matter is that anybody who values the provisions of the GPL is indeed interested in copyright. It is hard to demand respect for the GPL while refusing to respect the terms of other licenses.

I don't think this was RMS's state of mind when he created the GPL.

I understand the GPL as fighting fire with fire, i.e., a necessary evil. In other words, if there was no proprietary licences then the GPL would not have been created.

The exfiltrated exFAT driver

Posted Jul 25, 2013 23:36 UTC (Thu) by mst@redhat.com (guest, #60682) [Link]

> In other words, if there was no proprietary licences then the GPL would not have been created.
This is educational:
http://www.free-soft.org/gpl_history/

Wired picked this up also...

Posted Jul 26, 2013 20:32 UTC (Fri) by tbird20d (subscriber, #1901) [Link]

There is more coverage of this at: http://www.wired.com/wiredenterprise/2013/07/samsung_code/

The exfiltrated exFAT driver

Posted Jul 29, 2013 7:18 UTC (Mon) by marcH (subscriber, #57642) [Link]

By the way I use UDF as a cross-platform filesystem and so far so good.

The source of the code was...

Posted Jul 29, 2013 21:37 UTC (Mon) by iam.TJ (guest, #56644) [Link] (2 responses)

Looking at the git history and doing some related research and correlation reveals the following history.

2013-02-36 Tuesday 21:30:41 -0800 Author: Kenneth R. Crudup <kcrudup@lytro.com>

Until a few days ago the github account belonging to Mr Crudup was "kcrudup". It has since been deleted. It can be seen in the Google Cache at: http://webcache.googleusercontent.com/search?q=cache:pxB7...

That account owned a repository called "gt-n8000-kernel" which had a branch "kernel-forward".

Parts of that branch were cherry-picked into Xstacy's github "kernel-N8000" repository at https://github.com/xcstacy/kernel-N8000

$ gitlog --author="Kenneth R\. Crudup"
e62b5bc Fri Apr 26 03:56:19 2013 +0100 Kenneth R. Crudup init/calibrate.c: Allow forcing computing of lpj value
f509082 Mon Apr 15 22:55:27 2013 +0100 Kenneth R. Crudup Makefile: fix building for all modules
8feddc4 Mon Apr 15 22:20:25 2013 +0100 Kenneth R. Crudup [CIFS] fix building for GCC 4.7
63fb779 Mon Apr 15 22:13:26 2013 +0100 Kenneth R. Crudup Fix some "may be used uninit" warnings
33072ea Mon Apr 15 22:13:21 2013 +0100 Kenneth R. Crudup fs: add miscellaneous FS
560f61d Mon Apr 15 22:11:44 2013 +0100 Kenneth R. Crudup Fix some -Werror/-Wall compilation warnings/errors for GCC 4.7
7628062 Mon Apr 15 22:11:05 2013 +0100 Kenneth R. Crudup Various fixes to allow building with GCC 4.7

$ git show --format=fuller 33072ea
commit 33072ea2382661f1d5b08d785516e2901803438d
Author: Kenneth R. Crudup <kcrudup@lytro.com>
AuthorDate: Tue Feb 26 21:30:41 2013 -0800
Commit: xcstacy <zkchong2005@hotmail.com>
CommitDate: Mon Apr 15 22:13:21 2013 +0100

fs: add miscellaneous FS

diff --git a/fs/Makefile b/fs/Makefile
index 2999b4d..638fa09 100644
--- a/fs/Makefile
+++ b/fs/Makefile
@@ -127,3 +127,5 @@ obj-$(CONFIG_PSTORE) += pstore/

# Patched by YAFFS
obj-$(CONFIG_YAFFS_FS) += yaffs2/
+
+obj-y += exfat/

Mr Crudup appears to be an experienced embedded Linux engineer. He has a personal web-site that includes a recent resumé at http://www.kennethcrudup.com/resumes/resume.html and an XDA profile with prolific postings including one that describes his github repository "My kernel has a few selected bits here and there from diverse places like CyanogenMod, Francisco Franco, Xstacy, the upstream kernel, Qualcomm, NVidia ..." http://forum.xda-developers.com/showpost.php?p=43688443&...

His LinkedIn profile is at http://www.linkedin.com/in/kennethcrudup

What I find interesting is that in the period 2012-06 through 2013-01 he worked for Broadcom, apparently "...Involved in the development of Kernels and Device Drivers for Samsung Android handsets using Broadcom chipsets..." (LinkedIn).

The code in the kernel-N8000 repository includes the following extract:

+++ b/fs/exfat/exfat_version.h
@@ -0,0 +1,18 @@
+/************************************************************************/
+/* */
+/* PROJECT : exFAT & FAT12/16/32 File System */
+/* FILE : exfat_version.h */
+/* PURPOSE : exFAT File Manager */
+/* */
+/*----------------------------------------------------------------------*/
+/* NOTES */
+/* */
+/*----------------------------------------------------------------------*/
+/* REVISION HISTORY */
+/* */
+/* - 2012.02.10 : Release Version 1.1.0 */
+/* - 2012.04.02 : P1 : Change Module License to Samsung Proprietary */
+/* - 2012.06.07 : P2 : Fixed incorrect filename problem */
+/************************************************************************/

The entry - if genuine - for 2012.04.02 makes one wonder what the previous license was bearing in mind that some parts of the driver appear to be directly copied from the Linux fs/fat/ driver and would, I presume, therefore be derivative works under the GNU GPL v2.

It would seem to be a plausible source for the exfat code that ended up in the github account of "rxrz".

HOWEVER

Posted Aug 2, 2013 17:14 UTC (Fri) by Wol (subscriber, #4433) [Link] (1 responses)

If the modifications were only ever intended for internal Samsung use, while Samsung is in the wrong for changing the licence header, the real copyright criminal is rxrz for releasing the code into the wild and changing Samsung's copyright notices.

Okay, this is speculation, but with no evidence that Samsung ever actually distributed the code, there is no evidence of Samsung doing anything that was actually *wrong*.

Cheers,
Wol

Conservancy Helps Samsung Resolve GPL Compliance Matter Amicably

Posted Aug 17, 2013 10:10 UTC (Sat) by iam.TJ (guest, #56644) [Link]

The original violation was Samsung's in respect of GPLv2§3.

"Conservancy's GPL Compliance Project for Linux Developers is pleased to announce its role in assisting Samsung in a recent public compliance issue. The compliance issue was brought to Conservancy's attention when source code of an exFAT filesystem driver for Linux was unintentionally released via GitHub, and Conservancy later determined that similar code appeared in binary form only (thus violating GPLv2§3) in a Samsung Linux-based tablet. Samsung has made a source release available on their Open Source Release Center website."

"Conservancy's GPL Compliance Project for Linux Developers worked collaboratively with Ibrahim Haddad, the Group Leader for Open Source at Samsung Research America, and fellow community leaders, throughout the process after this code first appeared on GitHub. Conservancy's primary goal, as always, was to assist and advise toward the best possible resolution to the matter that complied fully with the GPL. Conservancy is delighted that the correct outcome has been reached: a legitimate, full release from Samsung of all relevant source code under the terms of Linux's license, the GPL, version 2."

See: http://sfconservancy.org/news/2013/aug/16/exfat-samsung/

The exfiltrated exFAT driver

Posted Aug 1, 2013 10:16 UTC (Thu) by callegar (guest, #16148) [Link]

It is hard not to think that this would not have ever happened if UDF had been taken a little more seriously.

If linux/android had a good support of UDF, maybe now UDF instead of exfat would be part of the SD cards standard. And even if the standard had sticked with exfat anyway, android devices could have easily reformatted their card to UDF at first use, which would have quickly practically lead to cards on the market capable of working well with UDF (wrt wearing for instance).

Someone here is saying that he is using UDF with satisfaction, but personally I would not dare. I have given up using read/srite media with UDF (like CD-RW, DVD+-R with packed writing and DVD-RAM) since a fs without a file system checker seems a very bad idea. It is unfortunately UDF has more or less been abandoned since 2007 at udftools 1.0b3. At http://tanguy.ortolo.eu/blog/article93/usb-udf commenters are also reporting a lot of issues with UDF on linux when trying to use it on USB sticks.

The exfiltrated exFAT driver

Posted Aug 1, 2013 17:12 UTC (Thu) by heijo (guest, #88363) [Link]

What's the point?

I mean, other than patent issues, how hard can it be to write a new GPL-licensed exFAT driver from scratch?

Conservancy Helps Samsung Resolve This Matter Amicably

Posted Aug 16, 2013 14:55 UTC (Fri) by bkuhn (subscriber, #58642) [Link]

Conservancy has been working with Samsung since this issue began, and Conservancy is pleased to announce that the situation is resolved, and Samsung has released the exfat source code themselves on the Samsung OSRC site. I also created a git repository with Samsung's legitimate exfat releases in it.

The exfiltrated exFAT driver

Posted Aug 16, 2013 16:50 UTC (Fri) by zblaxell (subscriber, #26385) [Link]

It is hard to demand respect for the GPL while refusing to respect the terms of other licenses.
No it's not. That is precisely what the GPL is for.

Some of the factions intent on reforming the copyright system would have it presume licenses equivalent to the GPL, and make it harder to enforce any others. The GPL is an adaptor for copyright systems that is only necessary while different license terms are presumed and enforced. The GPL is, in and of itself, and always has been, a statement of protest against every other copyright licensing scheme, with protests against various other restrictions (patents, DRM, etc) and limitations (can't sue vendors for not providing source under, say, consumer protection or competition law) bolted on in later revisions.

Demanding respect for what one would have be the law while refusing to respect things one would have be illegal is not hard at all. Activist groups seeking legal reform do exactly this all the time (e.g. people who want to legalize marijuana, want gay rights in Russia, or want immunity from prosecution when they attack computer systems that support copyright infringement). Respect for law enforcement's powers of seizure and incarceration should never be confused with respect for the laws they enforce.

Getting respect before the law actually changes to agree with this position is the hard thing to do here.


Copyright © 2013, Eklektix, Inc.
This article may be redistributed under the terms of the Creative Commons CC BY-SA 4.0 license
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds