Amusing article about busybox

Felipe Contreras felipe.contreras at gmail.com
Mon Feb 20 18:07:31 UTC 2012


On Wed, Feb 15, 2012 at 5:46 PM, Ralf Friedl <Ralf.Friedl at online.de> wrote:
> Felipe Contreras wrote:
>>
>> On Sun, Feb 12, 2012 at 4:47 AM, Ralf Friedl <Ralf.Friedl at online.de>
>> wrote:
>>
>>>
>>> Felipe Contreras wrote:
>>>
>>>>
>>>> True, there are exceptions.
>>>>
>>>
>>> There are more exceptions.
>>> You seem to imply that without enforcement of the GPL, there would
>>> magically
>>> appear more companies who want to contribute to open source, but you
>>> provide
>>> no argument why that would happen.
>>>
>>
>>
>> It depends on what kinds of enforcement; abusive
>> company-wide-without-regards-to-specific-units, that is also started
>> as a proxy without consent from the original copy-right holders; no, I
>> don't think companies would be too happy to use such code, much less
>> contribute to it.
>>
>
> Let's get some facts straight.
> Sony wants to avoid the GPL busybox not because of busybox itself, but
> because they fear that they can be forced to comply with the GPL on Linux,
> and they want to avoid that. They know that they break the license, and they
> want to replace busybox so that they can continue to break the kernel
> license. There are different opinions about this behavior. You want to
> defend Sony's god given right to violate the kernel license, I think it's a
> shame that the kernel license isn't enforced by the developers themselves,
> but the fact is that Sony intends to continue to violate the kernel license
> and replacing busybox is just a means to the end.

I already explained why this view is wrong. I am not going to repeat it.

> I already mentioned that it is not possible to enforce copyright without
> consent from the copyright holders, and you repeat it here anyway, so it
> seems that inconvenient facts don't influence your opinion.

Do you have explicit consent from Linux developers? No. Is enforcement
for their pursued despite this? Yes.

> Again you imply that Sony might contribute something at some point, so I ask
> you: why would Sony suddenly start to contribute to busybox or toybox on a
> voluntary base, when they don't want to contribute to the kernel despite
> their obligation to do so?

Why did any company did? Because new developers pushes for a culture change.

> Well, maybe some companies learned that they should avoid the GPL, others,
> even those that were the targets of enforcement probably learned that it is
> a license they have to comply with (gasp!), just like all their other
> licenses and contracts.

Companies are not people.

> You might consider the bare minimum to be be almost worthless, but without
> enforcement the bare minimum is zero and therefor completely worthless.

I prefer my code being used by millions of users even if I get no
contributions, rather than few users, and a few lines contributed, or
a totally unusable patch dumped somewhere.

>>> If you say the the code is licensed under the GPL, but you promise to
>>> never
>>> enforce the license, you might as well call it public domain.

> I didn't tell you what to expect from a license, so please leave your straw
> men at home.

You just said that if I don't expect the same as you do, I shouldn't
be using the license.

> I said that there is in effect no difference between "public domain, please
> please share your modification" and "GPL, but I won't do anything if you
> violate it".

I just explained that there is.

> By your own definition, Sony is not a good member of society. And please
> provide examples where the bad publicity has resulted in code contributions.

Android.

> I know of enough examples where vendors provide source for GPL programs
> because they have to, and don't provide source for BSD programs because they
> don't have to.

So? Who cares.

> By the way, which code is it where it is up to you to decide which license
> you want to use? You remember, you as in "we, the developers"?

My own.

> Of course it's up to you whether you care or not. But you are strongly
> advocating that others shouldn't care.

I am not advocating anything, that is already the case, that's why you
don't have hordes of people saying "please, please, enforce my code!".
I am merely explaining why.

> As someone else has written, the code quality from most companies is just
> bad. But you can't know that if you don't get to see the code. I'm sure the
> reason why the Android changes are not in the kernel is not that nobody has
> figured out how to run diff.

Again, you don't seem to have an idea of what a company is. It's a
*collection* of people. And there's *plenty* of people that can write
good patches, and they are in many companies. You must not follow
Linux development, where *tons* of clean patches come from all kinds
of companies.

The reason Android changes are not in the kernel is that they are not
part of the community. They don't communicate what they are doing,
they don't communicate what they plan to do, they don't try to send
patches first, they don't know the culture, etc. Plenty of other
companies do. BTW Android is not a company, it's main a team within
Google, but there are many other companies involved, some which
contribute directly to the kernel. And and other teams within Google
also contribute.

Again, a company as a single entity is a myth.

>>> Companies don't ignore the GPL because it is so hard
>>> to understand, they deal with much more complicated contracts. They
>>> ignore
>>> the GPL because they can, and you seem to imply that they should be free
>>> to
>>> do so.
>>>
>>
>> Companies are not single entities, like people, but it seems that
>> concept just doesn't sink in with many people.
>>
>
> Another nice straw man.
> Yes, companies typically consist of many people. Yet, most of the time they
> can do what has to be done. It may not be as efficient as you would like,
> but that is another point.
> Suppose, Sony (or Nokia) had to license a patent where they have to pay a
> certain amount for each device produced. At regular times they must report
> "we produced X devices, at Y$/device this means Z$, here is your check". Now
> suppose, instead of this report, they write "Companies are not single
> entities, it is so difficult to count all these devices, let's just ignore
> this license agreement". What do you think would happen?
> So, somehow companies are able to write such reports and send the checks at
> the right time. I'll also give you a hint why this is so: they dedicated
> people to this task (whether full time or not). Yes, doing so costs money.
> But it would cost them more to not comply with the license.

And again you show how you don't understand how big companies work.
The software on big companies is no different as the open source
software in how easily it can step unto a patent mine. They most
definitely don't pay *all* the patent royalties, and sometimes it's
even deliberate: we know there's patent X, but we would rather risk a
lawsuit than pay it; it's a simple game of chances and gain. Sometimes
they don't agree with the patents and are willing to fight in court.
There's many different scenarios.

Plus, open sourcing stuff is not that easy. The company would have to
check first that there's no IP been leaked by the released code, and
if they think there might be, there would need to be some effort to
rewrite some code. All this takes a lot of resources.

You are supposing they *never* miss any patents, which is clearly not
true. Having so many moving parts is not an excuse, but it's one
reason for these mistakes, but missed patents are not difficult to
resolve; here's X amount of money. Done.

> So to repeat, companies ignore the GPL because they can, and you seem to
> imply that they should be free to do so.

The GPL is irrelevant. What is relevant is what the copyright holders want.

>>> The sources are available, that does not mean that anybody is forced to
>>> use
>>> these modification.
>>> As you specifically mention the Linux kernel, a lot of companies have
>>> contributed code that is in the main kernel, so there has been benefit
>>> for
>>> the original developers.
>>>
>>
>> Not thanks to enforcement. There's no stick you can use to achieve that.
>
> In some cases, the code came as a result of enforcement.

Really? Code *contributed* directly to the Linux kernel? Following the
development procedures, addressing all the comments, all the way until
the patch was merged? I find that hard to believe.

>>> Other code is considered not good enough for
>>> inclusion in the main kernel, but the code it there, and it is possible
>>> to
>>> use and improve this code.
>>>
>>
>> It's _possible_ but nobody is going to do it. The only *efficient* way
>> to achieve this without loosing one's sanity is to actively invite
>> companies to become part of the community, and educate them about the
>> benefits, and only then, they might go through all the processes
>> needed to write clean patches, so one, as a maintainer of a project,
>> can just apply them, and only _then_ does everybody wins. Sticks don't
>> help that.
>>
>
> Do you have facts to support the claim that nobody ever used the code?
> And how do you educate the companies? Remember, "companies are not single
> entities".

Projects usually have enough in their to-do list to also port mostly
undecipherable, and probably dubious changes. I have rarely seen
people pick other people's patches and try to clean them up, and apply
them, much less the patches of a whole product program. Again, see
Android.

You don't educate companies, you educate people working on companies,
and more specifically, developers. Slowly but steadily, the more
developers in the industry that "get it" the more companies eventually
would be forced to change from *within*. You can see this with
embedded, and for example ELC, which is basically a big educating
conference (plus other stuff).

> I never said Sony should do this. I said they *could*. If Sony's lawyers (or
> Nokia's) aren't aware of this, maybe I should tell them and charge a
> consulting fee.

What you think they can do, and what they lawyers think are different
things. Of course, you think you are perfect and they don't know
squat, but the fact of the matter is that they probably understand a
lot of business constraints that you don't.

> But it doesn't change the fact that they violate the kernel license. And
> there is a reason why they use Linux, or they would switch to BSD or
> something else.

And that's irrelevant. What is relevant is what copyright holders are
going to do about it. So far they don't seem worried _at all_.

You are inserting your own agendas and assumptions. The intent of the
GPL (according to you) is X, so if they picked the GPL the must want
Y, and since Y leads to Z, and I'm all about Z, I'm going to do Y.

>>> Microsoft could send an update that breaks an important application, they
>>> reserved the right to do that in the EULA, and it has happened in the
>>> past.
>>> They could come and audit Sony's use of OEM licenses, or force them to
>>> buy a
>>> license even for machines that don't use Windows. All of this is more
>>> likely
>>> to happen.
>>>
>>
>> No, it's not, because Sony (or rather some people inside Sony) knows
>> _exactly_ how to retaliate, and Microsoft knows that.
>>
>
> Now this is funny, even more so then "Sony the good corporate citizen".
> Actually, it was (is?) common that OEMs must buy a Windows license for every
> machine, whether they use it or not. And you want to tell me that people
> inside Sony knew _exactly_ how to retaliate, but for some reasons didn't?

Ah, you mean for end-user software. I don't see what laws could
possibly allow Microsoft to force this, but most likely would only
apply in the U.S. which has crazy laws, and even there I don't think
that's possible.

If you seriously think that's more likely, I don't think you have a
good grip on reality.

If Microsoft could seriously do that, why don't they? More money is more money.

>> They can't do absolutely anything if the SFC pursues these courses of
>> actions.
>
> They could simply comply with the GPL, and the SFC would have neither
> motivation nor standing for any of these actions.

That might not be as easy as you think. It's much easier to avoid
busybox in the first place.

>>> And as I mentioned, complying with the GPL is really easy, and that
>>> removes
>>> even the last shadow of any risk of becoming the target of GPL
>>> enforcement.
>>>
>>
>> Not for a big company.
>>
>
> Ok, I'll qualify that statement. It is easy to comply for a company of any
> size, if it is seen as important enough. That means, as long as the cost for
> complying is lower then the cost of not complying. Note that this implies to
> any license or contract. Any the cost to comply with the GPL is less then
> most other licenses. If their lawyers don't realize that, there is also a
> cost associated with bad legal advice.

You are wrong. It's not easy. It takes resources,

>>> - SFC is not the developer, they can't do anything themselves. They just
>>> act
>>> on behalf of the developer, so they can't go against the wishes of the
>>> developer, which you imply not just as a possibility but as a fact.
>>>
>>
>> Unless the developer is not aware of what you are doing, or doesn't
>> care enough to contact you. Since you have not *explicitly* requested
>> permission, that's a very valid (and quite likely) possibility.
>>
>
> What am *I* doing? Why should any developer contact me? Do you confuse me
> with SFC? Remember, organizations are not people.

You are clearly advocating what the SFC is doing.

> Did it occur to you that if SFC could enforce busybox compliance without
> consent from the busybox develpers, they could also enforce Linux compliance
> without consent from the Linux develpers?

You only need explicit request of *one* GPL component to use it as a
proxy for all the others without explicit request.

>>>> Probably not thanks to enforcement.
>>>
>>> Actually most likely due to enforcement.
>>>
>>
>> Sure, now you rely on Stockholm syndrome. You stay with your sticks, I
>> prefer carrots.
>>
>
> Let's say you prefer to be on the receiving side of the carrot rather then
> the stick. Actually you didn't even say what your carrot is, other then
> hoping for the best.
> Can you name a single instance where a company that was reluctant to provide
> sources changed its opinion due to this carrot, and what the carrot was in
> that case?

I already mentioned one example: TI, and for that matter Nokia as
well, and the carrot is all the advantages that being a community
member brings; free top-notch code-review, easier maintenance, better
talent is attracted by the development model. I mean, this is obvious.
There's tons of people trying to convey these messages to people
working on companies, in conferences, documents, etc.

> Nobody relies on Stockholm syndrome. It's just that the companies realize
> that it is cheaper to use Linux, even if they have to comply with the
> license, then to use any of the BSD alternatives or develop something
> themselves. And Linux is cheaper, even if they are not allowed to ignore the
> license completely.

Bullshit. You have been explained the situation *over and over*, it
seems you are just not willing to listen; *nobody* is trying to ignore
the license completely. I'm not going to explain it again.

What big companies will end up doing is _publish_ as much as it's
legally required, contribute as much as the internal culture has
managed to convey it's useful, and avoid legally troublesome
components (busybox) just to be safe.

>>> The main point of the GPL since v1 to give the uses of the software the
>>> rights and the possibility to modify the software and to use this
>>> modified
>>> software.
>>>
>>
>> That's the main point *for you*. For open source people it's to get
>> contributions back. The license is *for developers*.
>>
>> As tivoization exemplifies, you can't do squat for users with a
>> *software* license, and that's fine.
>>
>
> The main point of the license is clearly stated in the license. There is
> nothing subjective about that. And tivoization just demonstrates that nobody
> considered that possible when GPLv1 and GPLv2 were written. GPLv3 addresses
> this, and it's also a software license.

Bullshit. You are again avoiding the fact that there's GPLv2 users
that don't like the GPLv3. _You_ think _your_ interpretation of the
license is what everybody else intended, when that's *clearly* not the
case. People use GPLv2 *only* because of what the GPLv2 says, and
nothing else.

How convenient for your own agenda.

>>> From GPLv1: "The license agreements of most software companies try
>>> to keep *users* at the mercy of those companies. By contrast, our ...".
>>> It seems (once more) you don't know what you are talking about. The start
>>> of
>>> the GPL was that RMS was, as a user of a printer driver, unable to adapt
>>> it
>>> because he didn't get the source.
>>>
>>
>> What RMS intended and what the copyright holders intended can be
>> diametrically opposed. See Linus Torvalds.
>>
>
> If what the license clearly states and what the copyright holders intended
> is opposed, then maybe the copyright holders picked the wrong license.
> I personally think that Linux would not be what it is today it had a BSD
> license.

Clearly. Fortunately, there's no need to create yet another license,
for practical purposes, avoiding busybox does the trick just fine.

>> I hope I don't have to tell you that there's plenty of people that
>> don't like GPLv3 and prefer to stay with GPLv2 *precisely* for this
>> reason. How do you explain that?
>>
>
> Everybody is entitled to their opinion.

Yeah, avoid the question. You know the answer would undermine your
idea that "everyone choose the GPL because they interpret it _exactly_
the same way I do".

>> I thought Sony was pushing for toybox, so I supposed they would
>> contribute back. If they are not going to do that _today_, that's
>> fine, I'm sure they will eventually understand the benefits of open
>> source, not thanks to the SFC.
>>
>
> Many of your points reply on speculation.

It's the other way around. My points point out gaps in your theories
and leave possibilities *open*.

You are the one speculating that companies would do the opposite. Even
if your data was strong, which it isn't, correlation != causation.

> This "eventually" can be a very long time, up to "infinity".

Speculation.

> Actually enforcement has brought many contributions back.

Code dumps != contributions.

> What would you suggest instead,and in what time frame would that work?

See what Linux people do, like Greg Kroah-Hartman; educate people.

Cheers.

-- 
Felipe Contreras


More information about the busybox mailing list