Empowering users of GPL software
Empowering users of GPL software
Posted Oct 21, 2021 15:19 UTC (Thu) by karim (subscriber, #114)In reply to: Empowering users of GPL software by geert
Parent article: Empowering users of GPL software
To be clear. Many of these companies working with such design houses only learn about this far too late. They originally start off with a simple idea to create a device that does foo. They quickly realize that while it looks good on a napkin that they don't have the technical knowledge to make it and/or money to do it all in house. They discover there are these design houses that will more or less cook whatever dish you want and deliver everything so that you label it with your brand.
The trouble comes later. When they want to customize what they got because users or customers are asking for something or the other. Then they discover that working with the design house is suboptimal. So they try to get the sources to work with someone else. But they never get it. In fact the design house likely got it under strict licenses from their SoC vendor -- surprise, they used a unfamiliar SoC (you kind'a asked for that since you were shopping for cheap hardware manufacturing), and they're not like this big vendor who actually plays by OSS rules. So the design house will claim it's not at the liberty of giving you the code.
So, in short, the fundamental problem is that many "device" manufacturers trying to get cheap devices to western markets neither have the interest nor the ability to do in-house development. Furthermore, few have the wherewithal to do legal due diligence of what their suppliers are giving them. They're far too eager and focused on short term making money to even care sometimes.
In this specific case it looks like Vizio actually really tried an honest approach of trying to get their SoC vendor to give them sources. And they weren't able. In other words, while this lawsuit might look like a nice show for some constituents, it's unlikely to result in a meaningful resolution. It looks like the sources aren't Vizio's to give.
Posted Oct 21, 2021 15:40 UTC (Thu)
by Nemo_bis (guest, #88187)
[Link] (2 responses)
If they have customers in the USA, and plan to have more, of course they care. Courts can simply seize all their future sales in the USA even without making any extraterritorial claim.
It's another matter if the supplier went bankrupt (which can easily happen, especially as it might be just a shell corporation for some subcontractor) or just shuts down business.
Posted Oct 24, 2021 3:48 UTC (Sun)
by developer122 (guest, #152928)
[Link] (1 responses)
That said, I think the end result is the same in both scenarios: the company either folds or is heavily damaged financially. The end result is that after a few of these events, companies might be a little more concerned about this issue and either
Posted Oct 25, 2021 7:35 UTC (Mon)
by geert (subscriber, #98403)
[Link]
Posted Oct 21, 2021 15:44 UTC (Thu)
by marcH (subscriber, #57642)
[Link] (2 responses)
Seeing that Vizio have apparently no idea what software their products are running (and that's just the GPL parts!) is also a red flag (pun intended) not to buy Vizio products. By now even people not familiar with computers know about malware and watching Vizio admitting in a court that they have no idea what they sell is going to be fun to watch, it could even make it to mainstream media - again for security reasons. The Software bill of materials idea is hopefully easier for the public to understand than the GPL and unlike the GPL is does not attempt to revolutionize the entire industry, it is something every business can and should do right now.
Posted Oct 21, 2021 16:19 UTC (Thu)
by jra (subscriber, #55261)
[Link]
Posted Oct 25, 2021 19:14 UTC (Mon)
by clump (subscriber, #27801)
[Link]
Posted Oct 21, 2021 17:29 UTC (Thu)
by pizza (subscriber, #46)
[Link]
That doesn't excuse Vizio not even _attempting_ to comply with the licenses of the stuff they are shipping.
(They don't have complete kernel sources? Fine. What's their excuse for not providing the sources they they do have? What's their excuse for not even providing a copy of the GPL in their documentation? It's one thing to fail at perfection; it's another thing entirely when they don't even bother to _try_)
Posted Oct 21, 2021 17:39 UTC (Thu)
by marcH (subscriber, #57642)
[Link] (2 responses)
Ask Meng Wanzhou (Huawei) or Frédéric Pierucci (Alsthom) how they liked American jails
Today's economy is a "global village" and very few actors are far away US jurisdiction. For electronic products it's probably none.
Now I don't think the USA care enough about the GPL for anything that extreme to happen but the SBoM is definitely appearing on their radar.
Posted Oct 21, 2021 18:53 UTC (Thu)
by eru (subscriber, #2753)
[Link] (1 responses)
Posted Oct 21, 2021 21:20 UTC (Thu)
by marcH (subscriber, #57642)
[Link]
I bet she loved the experience and that it had no impact on Huawei /s
Posted Oct 21, 2021 23:57 UTC (Thu)
by Hattifnattar (subscriber, #93737)
[Link] (1 responses)
Suppose Visio wanted some word processing in their smart TVs, and a supplier included a copy of MS Word (perhaps modified). What Microsoft would do? What courts would say?
I don't thing "sorry, this is the fault of a supplier, not ours" would fly. I think Visio would be told "tough luck".
(This analogy is to argue your points only; obviously there is a big difference with the actual situation, because it's not the copyright holder but a third party who brings the lawsuit. But this affects only standing question, not the question of responsibility)
Posted Oct 22, 2021 18:39 UTC (Fri)
by JanC_ (guest, #34940)
[Link]
Posted Oct 22, 2021 9:15 UTC (Fri)
by farnz (subscriber, #17727)
[Link] (5 responses)
We have existing mechanisms to deal with this.
The importer (not the manufacturer) is responsible legally for ensuring that products meet all requirements of the country they're being imported to. If they don't, then the importer is responsible for fixing it or taking the hit of destroying the product. For example, if I import automated coffee machines from Shenzhen that have pirated copies of Microsoft Windows Embedded on them, I am responsible for fixing that somehow; I can destroy the machines, I can come to an agreement with Microsoft that cures my infringement, or I can replace the software. What I'm not allowed to do is say "this is how they come from the manufacturer, not my problem".
This also applies to other standards; as importer, I am responsible for things like my product emitting toxic gases from its plastic components, and for things like fire safety standards. it is not enough to say "this is how I bought it", I have to ensure that what I bought meets the appropriate standards for the country in which I'm selling it.
Now, we have mechanisms for dealing with this; if I take legal advice before signing a contract with a design house, I will be supplied with a standard contract that (among other things) lists the sale jurisdiction requirements and ensures that the design house won't get paid if they don't meet these requirements. Design houses are used to this, and (e.g.) will use more expensive materials than they might otherwise, or better PCB design practices, in order to get paid.
If SFLC win (and I hope they do), those contracts will add a new term around GPL compliance, requiring the design house to supply a bundle of materials to meet the compliance burden. The design houses will charge a bit more for this, and will supply it, and GPL compliance will join UL marking, CE marking, FCC Part 15 compliance, ROHS compliance and others as one more thing that you simply get right.
This doesn't mean that all of the small companies with a good idea will use the updated contracts, of course. Just as today, you get small firms being surprised the hard way when they have to take their product off the market at short notice and end up with unsold stock because they failed to meet EMC or electrical safety, so you'll see small firms surprised the hard way because they failed to sort their copyright obligations.
Posted Oct 22, 2021 9:35 UTC (Fri)
by karim (subscriber, #114)
[Link]
But beyond how anyone in the present echo chamber (myself included), the reality is that there is a lot of this happening and the players are often too small for enforcement against them to set precedent.
Again, just to clarify, I am not endorsing, merely explaining.
Posted Oct 22, 2021 18:47 UTC (Fri)
by JanC_ (guest, #34940)
[Link] (2 responses)
Posted Oct 23, 2021 0:28 UTC (Sat)
by rgmoore (✭ supporter ✭, #75)
[Link] (1 responses)
In practice, of course, it's not cost effective for an individual consumer to sue their local retailer, which is why in the USA, at least, this kind of thing tends to be converted into a class action lawsuit. Since it all goes back to the importer, they're the ones who usually get sued. The exception is when the seller is bigger than the importer, e.g. Amazon.
Posted Nov 2, 2021 15:53 UTC (Tue)
by JanC_ (guest, #34940)
[Link]
Posted Oct 23, 2021 4:15 UTC (Sat)
by pabs (subscriber, #43278)
[Link]
Empowering users of GPL software
Empowering users of GPL software
A) start using a lot more BSD (though how many SoCs does that run on?)
or B) seek some "safe" chips for which source is easier to acquire and the price of which will be high.
Empowering users of GPL software
Empowering users of GPL software
https://en.wikipedia.org/wiki/Software_bill_of_materials
Empowering users of GPL software
Empowering users of GPL software
Empowering users of GPL software
Empowering users of GPL software
https://www.bbc.com/news/world-europe-47765974
Empowering users of GPL software
Empowering users of GPL software
Empowering users of GPL software
In other words, there is danger (i.e. cost) in using dodgy suppliers that appear to be cheap.
Empowering users of GPL software
Empowering users of GPL software
Empowering users of GPL software
Empowering users of GPL software
Empowering users of GPL software
Empowering users of GPL software
Empowering users of GPL software