LWN.net Weekly Edition for April 13, 2017

Defending copyleft

For some years now, Bradley Kuhn has been the face of GPL enforcement. At LibrePlanet 2017, he gave a talk about that enforcement and, more generally, whether copyleft is succeeding. Enforcing the GPL is somewhat fraught with perils of various sorts, and there are those who are trying to thwart that work, he said. His talk was partly to clear the air and to alert the free-software community to some backroom politics he sees happening in the enforcement realm.

Most of the work that Kuhn's employer, the Software Freedom Conservancy (SFC), does is not dealing with licensing issues. But people love hearing about copyleft, he said. In addition, free-software developers like those at LibrePlanet have a right to know what's going on politically. There is a lot of politics going on behind the scenes.

Kuhn works for a charity, not a traditional company or a trade association. That means he has the freedom and, in some sense, the obligation to give attendees the whole story from his point of view, he said. He is lucky to be able to work in that fashion. Kuhn then took a bit of a spin through his history with copyleft and why he decided to step up for it.

He studied computer science, but at a liberal arts college, which has given him something of a interdisciplinary approach. He was the first to bring a laptop to class there (a Sager from 1992); it had a battery that lasted all of 25 minutes, so he had two to last for a whole class. He noted that in those days, people read Computer Shopper magazine and would order systems out of it by dialing companies on rotary phones.

He read Linus Torvalds's famous email, more or less in realtime (which, for Usenet, meant "within a few days"). The "just a hobby" phrase really struck him, because he was a part of that culture. In those days, that's who read Computer Shopper and bought computers. He needed an operating system, so he installed GNU/Linux on his computer. That meant he had the source and could make patches to fix problems that he had. He did not send his patches upstream, though, which is unfortunate because he could perhaps have become a Linux developer and could enforce his own copyrights, rather than others', if he had.

A strategy

Copyleft is simply a strategy, he said; it is a tool to try to ensure software freedom for everyone. It is not a moral principle, so if it doesn't work, we should switch to another strategy that does. There is no harm in asking whether copyleft is working, but we should avoid the "truthiness and revisionist history" about GPL enforcement that has become common.

For example, he pointed to a response from Greg Kroah-Hartman in the contentious discussion about GPL enforcement prior to the 2016 Kernel Summit. In it, Kroah-Hartman said that he did want companies to comply with the license, but didn't think "that suing them is the right way to do it, given that we have been _very_ successful so far without having to do that". Kuhn said he did not know what "quantum reality" Kroah-Hartman lives in, but that the GPL has been enforced with lawsuits a number of times along the way.

The enforcement of the GPL directly resulted in the OpenWrt distribution for wireless routers. The first commit to OpenWrt was the source release that Linksys and Cisco made due to the GPL compliance efforts. That has resulted in one of the most widely deployed Linux systems in the world. In an aside to Richard Stallman, Kuhn noted that he said "Linux", rather than "GNU/Linux", because these systems mostly consist of the Linux kernel plus BusyBox and not the GNU system.

Kuhn admitted that most of the code released did not go into the upstream projects, which has led to some criticism of those efforts. One persistent critic has been former BusyBox developer Rob Landley who said that the BusyBox compliance efforts had never resulted in any code that was useful to the upstream project. According to Kuhn, that idea is based on a misunderstanding, which he and Landley resolved at linux.conf.au 2017.

Getting code upstream is only a secondary effect of copyleft's primary goal, Kuhn said. Whether the projects get the code is not the fundamental reason that copyleft exists; instead, it is meant to ensure that downstream users of the software can get access to the code so they can become upstream developers. They may not do so, but they will have the opportunity to; that will also provide plenty of learning opportunities for those users.

Stallman said that getting contributions for upstream is a focus of the open-source movement, while getting the code into users' hands is what free software is all about. There is another concern, though, even when the source code is available, Kuhn said. Devices like those for the Internet of Things (IoT) and other embedded use cases often fail to release the "scripts used to control compilation" (from the GPLv2), which means that users cannot build and install the code onto their devices. That is an important part of the software freedom that copyleft tries to ensure.

He pointed to another response in the Kernel Summit discussion thread: Matthew Garrett pointed out that getting companies to participate has some positive effects, but that there are other considerations:

Today's teenager does not have Kuhn's luggable laptop, but does have access to routers, tablets, refrigerators, televisions, and so on. He noted that the SamyGO project got its start from a lawsuit filed to "liberate TV firmware hacking". The base for the project came from the source code released by Samsung due to a BusyBox GPL enforcement suit.

In addition, Harald Welte filed at least fifteen GPL compliance suits in Germany over ten years starting in 2004. So, to say that Linux has been successful without lawsuits, as Kroah-Hartman did, is not an accurate summary of the history. Kuhn would argue that Linux and other software released under the GPL have been successful because enforcement actions and lawsuits have happened regularly over the years.

We can't go to a parallel universe and replay the experiment without lawsuits to see what the outcome would be, but it is political FUD to say that GPL enforcement and lawsuits are some newfangled idea that endangers Linux. If that is true, it has been that way since the first suits were filed back in 2002.

Less compliance

In the meantime, though, compliance has become less common as more and more devices with GPL-covered code are released. If you go to Best Buy and buy an IoT gadget or other device, it almost certainly will contain GPL-covered code and is highly likely to be in violation of the license. It is not just BusyBox and Linux, either; Samba, FFmpeg, and other projects are also having their code built into these devices.

Welte discovered that GPL enforcement is not particularly enjoyable work; he is no longer enforcing the GPL and has moved on to other interesting projects. That leaves SFC as the sole organization doing community-oriented enforcement. The principles that have been used for years to govern what it means to do community-oriented enforcement were refined and published in 2015. The principles embody the idea of using the tool of copyleft to maximize software freedom for users, he said.

The principles also clearly state that legal action is a last resort. It is the last tool to be used, not the first. He and Kroah-Hartman agree on 99.99% of GPL enforcement strategy, Kuhn said, but differ on one minor point. He talked with Kroah-Hartman about the VMware lawsuit at a conference recently and it became apparent what the difference between their positions is. SFC had talked to VMware for years and the company said that it did not agree that it was violating the license, so it would never comply. According to Kuhn, Kroah-Hartman believes that Christoph Hellwig (and SFC) should have just walked away and let VMware violate the license forever. Kuhn said, at best, that would turn the GPL into the LGPL; "at the worst we would have completely eviscerated copyleft".

Kroah-Hartman's employer, the Linux Foundation (LF), has a more aggressive position, Kuhn said. He thinks that is because it does not have software freedom as a priority. As an example of that, he mentioned a conversation he had with LF legal counsel Karen Copenhaver at LinuxCon 2013; she told him that the LF prioritizes Linux jobs. If allowing proprietary kernel modules creates more Linux jobs, that, to her, is an acceptable tradeoff. But Kuhn believes there are some jobs that shouldn't be done, especially if they are harmful to the community.

Criticism

There is a strange element to the criticisms about lawsuits, he said. Companies in the tech industry sue each other all the time—hundreds of times each year. But even if he uses "aggressive overcounting", he can only come up with about 50 lawsuits against GPL violators in the last twenty years. The SFC has remained under continuous attack though it has only funded one lawsuit in its entire history, he said.

The politics surrounding our community are nasty and not transparent; much of what happens goes on in backchannels that our community does not have access to. The policies that various organizations are pushing are not in the open. For example, the LF has declared war on copyleft, he said. It is a trade association that is run by big companies that would prefer that copyleft would go away. They would also like enforcement to cease because it scares their customers.

Others, like VMware, thumb their noses at the GPL. That is because companies are not really interested in software freedom, which is logical from their point of view, Kuhn said, even though he disagrees. This bias against copyleft licenses has been going on for a long time; copyleft projects get replaced with non-copyleft alternatives so that companies can make proprietary versions when they wish to.

But a talk by Eben Moglen the previous day (which hearkened back to his talk at Columbia Law School in November 2016) suggested that lawsuits are driving companies away from copylefted code and away from copylefted kernels in particular. Kuhn does not see how that can be true since there have been non-copylefted kernels available for decades. It is also another example of a lack of transparency in the politics, Kuhn said, because Moglen and the Software Freedom Law Center (SFLC) are working with the LF on its anti-copyleft work.

Kuhn said he doesn't think of the LF, SFLC, or Moglen as enemies, though he does think they are misguided and a bit hypocritical. He said he would like to end the rumor mill and the backchannel politics to give all of the free-software community the ability to weigh in on these issues.

For another example of these politics, Kuhn pointed to a particular section of a video [WebM] of a talk by former Debian project leader Neil McGovern. Some ways into the talk, McGovern noted that Debian had asked SFLC for advice about distributing ZFS; even though SFLC opined that Oracle would not sue Debian for doing so, the project decided not to distribute ZFS in binary form for reasons of morality. When McGovern was asked about releasing the advice publicly, he declined since it was not something Debian wanted to advocate, but shortly thereafter something eerily similar was published—with "Debian's name filed off".

If there is a non-copyleft kernel coming for Android, as Moglen had predicted the previous day, it is not all that different from where things are today, Kuhn said. He has a hard time finding a Linux kernel in an embedded device that is complying with the GPL. In effect, Linux is a non-copyleft kernel in most cases because of that.

Not magic pixie dust

Copyleft is not "magic pixie dust" that you sprinkle on your code and magically get software freedom. It only works if someone does the work to ensure that the copyleft license is complied with. By some historical accident, he and Karen Sandler are the ones doing that for the Linux project. Kuhn is not in love with GPL enforcement. It is truly boring work and is politically dangerous. It has had an effect on his career, since there are probably only two organizations that he can ever work for: the SFC or the FSF. He would much rather be a free-software developer, but that doesn't seem to be in the cards.

He would not be doing this enforcement work without a mandate, however. Linux copyright holders asked the SFC to do this work. The future of copyleft is in the hands of the copyright holders, which are increasingly for-profit companies. The interests of those companies may align with the free-software community at times, but may not at other times. He advocated that free-software developers demand that they hold onto their copyrights in the code they create, rather than allowing the companies that employ them to hold them. It is clear that many companies are willing to leave copyleft undefended, he said. In order to defend it, we will need to have our own copyrights in the code.

Overall, he is rather baffled by how things have worked out. The SFC has spent years trying to work with the LF and others on GPL enforcement issues, but new heights of criticism are regularly reached, he said. His best guess is that powerful entities are concerned that developers will be the ones to determine the future of copyleft rather than the entities. Historically, free-software developers have been good at defending software freedom, he said, so we should hold our own copyrights, license code under the GPL, and defend the GPL when it is violated.

In "half a minute" of his reactions, Stallman noted that it would be really nice if the GPL enforced itself. If companies could be brought into compliance without harsh words and actions, that would be great, but it might not be enough. There is a need for visible action so that would-be violators recognize that there are effective actions that can be taken. There is tremendous hostility to the GPL and copyleft, but it is counterproductive to not do enforcement as a way to fend off that hostility. It may well be that Google's non-copyleft kernel becomes successful and replaces Linux, but if we try to avoid that by not enforcing the GPL, the outcome is the same.

For those interested, Kuhn's slides and a WebM video of the talk are available.

[I would like to thank the Linux Foundation for travel assistance to Cambridge, MA for LibrePlanet.]

Comments (23 posted)

Overlayfs snapshots

At the 2017 Vault storage conference, Amir Goldstein gave a talk about using overlayfs in a novel way to create snapshots for the underlying filesystem. His company, CTERA Networks, has used the NEXT3 ext3-based filesystem with snapshots, but customers want to be able to use larger filesystems than those supported by ext3. Thus he turned to overlayfs as a way to add snapshots for XFS and other local filesystems.

NEXT3 has a number of shortcomings that he wanted to address with overlayfs snapshots. Though it only had a few requirements, which were reasonably well supported, NEXT3 never got upstream. It was ported to ext4, but his employer stuck with the original ext3-based system, so the ext4 version was never really pushed for upstream inclusion.

One of the goals of the overlayfs snapshots (ovfs-snap) project is for it to be included upstream for better maintainability. It will also allow snapshots at a directory subtree level; the alternative mechanisms for snapshots, Btrfs or LVM thin provisioning (thinp), are volume-level snapshots. Those two also allow writable and nested snapshots, while ovfs-snap does not. The "champion feature" for ovfs-snap is that the inode and page cache are shared, which is not true of the others. For a large number of containers, it becomes inefficient to have multiple copies of the same data in these caches, he said.

Goldstein then moved into a demonstration of the feature. In previous versions of the talk, he did the demo at the end but, based on some feedback, has moved it near the beginning. It is a bit hard to describe, however, as with many demos. The basic idea is that snapshot mounts turn overlayfs on its head: the lower layer, which normally doesn't change in a normal overlayfs mount, is allowed to change, while the upper layer is modified to cover up the changes made in the lower so that the upper has the same contents as the lower at the time of the snapshot.

This is done using a special "snapshot mount" that is a shim over the lower layer to intercept filesystem operations to it. Before those operations are performed, the current state of the lower layer is copied up to the upper layer. The upper layer is a snapshot overlay (which is different from a snapshot mount) that effectively records the state of the lower layer before any changes are made to it.

So the lower layer must be accessed through the snapshot mount, but the upper layer is simply a regular overlayfs that can be accessed as usual to get a view of the filesystem at the time of the snapshot. Multiple snapshots can be supported by having a lower layer shared between multiple upper layers, each of which hides any changes made to the lower after they were mounted (which is when the snapshot is taken).

These snapshots can work for any size of directory tree. It will also work on top of Btrfs, XFS, or another local filesystem. The upper layer will record what has changed, but at the file level, not at the block level. One consequence of this design is that changing one byte of a large file results in a copy-up operation for the whole file. In addition, currently only one copy-up at a time is supported, so a large copy-up blocks any others.

Some new features are coming that will address some of these problems. For the container use case, Goldstein said, the copy-up performance issue is not usually a real problem. But for his use case, with large XFS files, copy-up performance is important. So, for 4.10, a "clone up" operation was added when the underlying filesystem supports the clone operation (as XFS and others do). The clone will do a copy-on-write "copy" of the file before it is modified so that only changed blocks actually get copied. There is also support for doing concurrent copy-up operations that is coming in 4.11.

Goldstein presented a couple of different use cases for ovfs-snap. For a short-lived snapshot for backup purposes, an ovfs-snap provides a file-level copy-on-write filesystem. Changes to the lower layer trigger the copy-up so the snapshot is consistent with the state at the time of the backup. The lower layer can be accessed at near-native performance, while accessing the snapshot can tolerate some lesser performance, he said.

One could also use ovfs-snap to allow access to multiple previous versions of the filesystem. Multiple upper layers can be composed to create a view of the filesystem at any of the snapshot times, while the lower layer remains mounted and accessible. Those snapshots are read-only, however, unlike Btrfs or LVM thinp snapshots.

The rules for maintaining an overlay that represents a snapshot are fairly straightforward. Files must copied (or cloned) up before they are modified or deleted in the lower layers. A whiteout marking a deletion must be added before a file gets created in the lower layer. A directory in the snapshot overlay must be redirected when a directory in the lower layer gets renamed. Finally, when a lower layer directory gets deleted, an opaque directory must be created in the snapshot.

Taking a snapshot is a somewhat complicated process (see slide 15 in Goldstein's slides [PDF] for more information). Simplifying that process is on the to-do list for the project. There are also plans to support merging snapshots as well as working on getting the code upstream. He finished the talk with the inevitable invitation to help work on the project; he pointed those interested at the project wiki.

[I would like to thank the Linux Foundation for travel assistance to Cambridge, MA for Vault.]

Comments (none posted)