Uruguay violates GPL by deleting root on OLPCs
Ignoring the fact that some deployments ship without root access. Is the practice of completely locking-down the laptops something we'd even want to encourage? Shipping the laptops TiVoized like Uruguay does has put them into serious legal trouble. OLPC should definitely not encourage anybody else to do this. Why bankrupt your project by losing a copyright enforcement lawsuit? Shipping the laptops without root access is a direct violation of the GPLv3 license on a dozen packages (probably 50+ packages in later Fedoras). They have shipped binaries, while using technological means to deny the recipient the practical ability to upgrade or replace them with versions modified or chosen by the recipient. Only an idiot would distribute hundreds of thousands of units while setting themselves up to pay the Free Software Foundation any amount of money they demand. (Given the way OLPC and Uruguay have ignored the notice that they're in violation, for years, I do hope FSF extracts both future compliance, and its next ten years of operating expenses, from these scofflaws.) Or does Uruguay think, Sue us for copyright violation in our own courts -- we'll make sure you lose?? In other words, do they just brazenly steal the GNU Project's software, knowing it's wrong? John Gilmore ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: Uruguay violates GPL by deleting root on OLPCs
Please, when you say Uruguay you should just say Plan Ceibal. Has anyone formally requested Plan Ceibal to correct this situation? Thanks, Gabriel 2010/7/7 John Gilmore g...@toad.com: Ignoring the fact that some deployments ship without root access. Is the practice of completely locking-down the laptops something we'd even want to encourage? Shipping the laptops TiVoized like Uruguay does has put them into serious legal trouble. OLPC should definitely not encourage anybody else to do this. Why bankrupt your project by losing a copyright enforcement lawsuit? Shipping the laptops without root access is a direct violation of the GPLv3 license on a dozen packages (probably 50+ packages in later Fedoras). They have shipped binaries, while using technological means to deny the recipient the practical ability to upgrade or replace them with versions modified or chosen by the recipient. Only an idiot would distribute hundreds of thousands of units while setting themselves up to pay the Free Software Foundation any amount of money they demand. (Given the way OLPC and Uruguay have ignored the notice that they're in violation, for years, I do hope FSF extracts both future compliance, and its next ten years of operating expenses, from these scofflaws.) Or does Uruguay think, Sue us for copyright violation in our own courts -- we'll make sure you lose?? In other words, do they just brazenly steal the GNU Project's software, knowing it's wrong? John Gilmore ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: Uruguay violates GPL by deleting root on OLPCs
Please explain your statement that lack of root violates GPLv3. Couldn't the owner of the system insert a SD card with a developer's version of Linux, mount the internal drive of the XO, and tinker with the installed packages as root from the external OS? Does GPLv3 expressly mention root access? I think Ubuntu disables root logins, but allows sudo access for root permissions. Is that a violation of the GPLv3? On Wed, Jul 7, 2010 at 2:32 AM, John Gilmore g...@toad.com wrote: Ignoring the fact that some deployments ship without root access. Is the practice of completely locking-down the laptops something we'd even want to encourage? Shipping the laptops TiVoized like Uruguay does has put them into serious legal trouble. OLPC should definitely not encourage anybody else to do this. Why bankrupt your project by losing a copyright enforcement lawsuit? Shipping the laptops without root access is a direct violation of the GPLv3 license on a dozen packages (probably 50+ packages in later Fedoras). They have shipped binaries, while using technological means to deny the recipient the practical ability to upgrade or replace them with versions modified or chosen by the recipient. Only an idiot would distribute hundreds of thousands of units while setting themselves up to pay the Free Software Foundation any amount of money they demand. (Given the way OLPC and Uruguay have ignored the notice that they're in violation, for years, I do hope FSF extracts both future compliance, and its next ten years of operating expenses, from these scofflaws.) Or does Uruguay think, Sue us for copyright violation in our own courts -- we'll make sure you lose?? In other words, do they just brazenly steal the GNU Project's software, knowing it's wrong? John Gilmore ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: Uruguay violates GPL by deleting root on OLPCs
On Wed, Jul 7, 2010 at 5:32 AM, John Gilmore g...@toad.com wrote: Shipping the laptops without root access is a direct violation of the GPLv3 license on a dozen packages (probably 50+ packages in later While I understand and agree with the spirit of what John wants, direct violation is a strong thing to say. Is it true? If you can get the src, compile and install and use the GPLv3 software. A quick check of old official images that I have around shows very few gplv3 packages, all of them things that I can easily recompile and put in my ~/bin, tweak my PATH envvar, and use from there. these scofflaws These scofflaws are trying to protect kids from theft, John. Userbase 6 to 12 years old. cheers, m -- martin.langh...@gmail.com mar...@laptop.org -- School Server Architect - ask interesting questions - don't get distracted with shiny stuff - working code first - http://wiki.laptop.org/go/User:Martinlanghoff ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Eben Moglen: Re: Uruguay violates GPL by deleting root on OLPCs
[I didn't see a copy of this come through on devel, so assumed that it bounced because he's not a recipient. --gnu] Date: Wed, 7 Jul 2010 12:47:26 -0400 To: martin.langh...@gmail.com, g...@toad.com, ber...@codewiz.org, devel@lists.laptop.org, sugar-de...@lists.sugarlabs.org Subject: Re: Uruguay violates GPL by deleting root on OLPCs In-Reply-To: Martin Langhoff's message of Wed, 07 Jul 2010 11:21:27 -0400 aanlktikxexio9oikse4dugp2bdo55ain8xn0mruzh...@mail.gmail.com From: Eben Moglen mog...@softwarefreedom.org I don't know what the technical details are, but it sounds as though the right people are present in the conversation. For GPLv3 programs-- which would include bash, tar, and Samba as well as the toolchain, to take some examples--the requirement is for installation information to be provided to anyone who requests or receives source code. Installation information is defined as any methods, procedures, authorization keys, or other information required to install and execute modified versions of a covered work in [the laptop] from a modified version of its Corresponding Source. That requirement can be satisfied, for some programs, by informing the user how to run a replacement copy, without root privilege, out of the primary user's home directory. Some programs might require escalated privileges in order to install and run a modified version (of a daemon, for example). Side-stepping the OS on the hard drive, booting a system on removable media, and then installing the new version on the fixed disk would be a method within the meaning of the license in those cases. Details are crucial. Working with relevant parties to ensure compliance is SFLC's purpose in a situation such as this. We'd be happy to help if there is interest. Regards, Eben ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: Uruguay violates GPL by deleting root on OLPCs
Please explain your statement that lack of root violates GPLv3. Couldn't the owner of the system insert a SD card with a developer's version of Linux, mount the internal drive of the XO, and tinker with the installed packages as root from the external OS? Does GPLv3 expressly mention root access? The laptops refuse to boot a developer's version of Linux. They require a signed kernel and initrd. Some people call this DRM; it's definitely TiVoization (check Wikipedia if you don't know the term). I think Ubuntu disables root logins, but allows sudo access for root permissions. Is that a violation of the GPLv3? As Eben explained, the GPLv3 doesn't require root, it just requires that you be provided all the info you need to install modified software of your choice, in the environment in which the binaries were shipped. su is fine, if documented, and it is. John PS: Get a clue, folks. This is bigger than OLPC. You've been spoiled by 50+ years of general purpose computers without cryptographic access controls. Four big oligopolies (Intel, Microsoft, Hollywood, and NSA) are all trying to wipe out the general purpose computer and replace it with one that only allows running approved software. They've jiggered the law to make it illegal to circumvent such controls, even if you own the hardware and all the software is free. All the Apple products except the Macintosh are already this way (and they produce more revenue for Apple than the Macintosh), and their customers have barely noticed or complained. It gets harder in every generation of iPhones to jailbreak them, even if it was legal; they're closing in on shipping products that close *all* the exploitable holes, leaving the buyer totally at Apple's mercy. If even the free software community shuts up and demurs when one of our flagship projects locks down the hardware to disallow freedom, why should *any* evil empire delay going right ahead and screwing every consumer, every curious questioner, and every tinkerer? ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: Uruguay violates GPL by deleting root on OLPCs
I don't know what the technical details are, but it sounds as though the right people are present in the conversation. For GPLv3 programs-- which would include bash, tar, and Samba as well as the toolchain, to take some examples--the requirement is for installation information to be provided to anyone who requests or receives source code. Installation information is defined as any methods, procedures, authorization keys, or other information required to install and execute modified versions of a covered work in [the laptop] from a modified version of its Corresponding Source. That requirement can be satisfied, for some programs, by informing the user how to run a replacement copy, without root privilege, out of the primary user's home directory. Some programs might require escalated privileges in order to install and run a modified version (of a daemon, for example). Side-stepping the OS on the hard drive, booting a system on removable media, and then installing the new version on the fixed disk would be a method within the meaning of the license in those cases. Details are crucial. Working with relevant parties to ensure compliance is SFLC's purpose in a situation such as this. We'd be happy to help if there is interest. Regards, Eben ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: Uruguay violates GPL by deleting root on OLPCs
On Wed, Jul 7, 2010 at 3:42 PM, John Gilmore g...@toad.com wrote: The laptops refuse to boot a developer's version of Linux. They require a signed kernel and initrd. Some people call this DRM; it's definitely TiVoization (check Wikipedia if you don't know the term). I think it is a very well understood concept around here. And it is also well understood that not all developers complain about TiVo. Major projects are holding to GPLv2. As Eben explained, the GPLv3 doesn't require root, it just requires that you be provided all the info you need to install modified software of your choice, in the environment in which the binaries were shipped. su is fine, if documented, and it is. And I think PATH=~/bin/:$PATH is fine too :-) PS: Get a clue, folks. This is bigger than OLPC. I understand and value that 'macro' fight, but OLPC, and OLPC deployments are not the enemy. You also need to know that OLPC is about a lot more than just software. We are a very big tent, and we work in some very hard places. Think of explaining this to teachers, or to the parents of children. I can only suggest getting closer to a large real life deployment (not just Uruguay) to get a sense of the challenges we face on the ground in the work we do... and to get a sense of what our who our users actually are. locks down the hardware to disallow freedom, Let's leave hyperbole for another day. It is a very practical concern -- across the varied world of our deployments *theft* is a very real concern. My personal experience in a very cottoned middle-class environment in latam is that by age 15 everyone in my age group had had something stolen in one way or another -- mostly in relatively low-key muggings. I will be optimistic and hope that 1% of the kids needs root at some point. Most places I go to in latam is about the same -- with of course some exceptions in both directions. cheers, m -- martin.langh...@gmail.com mar...@laptop.org -- School Server Architect - ask interesting questions - don't get distracted with shiny stuff - working code first - http://wiki.laptop.org/go/User:Martinlanghoff ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: Uruguay violates GPL by deleting root on OLPCs
Eben - Hi; thanks. Chris Ball and I had some correspondence with Brett Smith a few months ago in order to make some introductions and get the FSF and Plan Ceibal talking. It seems that that didn't quite happen, and we've asked Martin Langhoff (who's responsible for OLPC technical work with Plan Ceibal) to pick up the ball and try again. If Brett's not the right person to do that, just let Martin know. - Ed Ed McNierney CTO / VP of Engineering One Laptop per Child e...@laptop.org +1 (978) 761-0049 On Jul 7, 2010, at 12:47 PM, Eben Moglen wrote: I don't know what the technical details are, but it sounds as though the right people are present in the conversation. For GPLv3 programs-- which would include bash, tar, and Samba as well as the toolchain, to take some examples--the requirement is for installation information to be provided to anyone who requests or receives source code. Installation information is defined as any methods, procedures, authorization keys, or other information required to install and execute modified versions of a covered work in [the laptop] from a modified version of its Corresponding Source. That requirement can be satisfied, for some programs, by informing the user how to run a replacement copy, without root privilege, out of the primary user's home directory. Some programs might require escalated privileges in order to install and run a modified version (of a daemon, for example). Side-stepping the OS on the hard drive, booting a system on removable media, and then installing the new version on the fixed disk would be a method within the meaning of the license in those cases. Details are crucial. Working with relevant parties to ensure compliance is SFLC's purpose in a situation such as this. We'd be happy to help if there is interest. Regards, Eben ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: Uruguay violates GPL by deleting root on OLPCs
Ed, Thanks for helping me to understand the context here. Brett is certainly the right person at FSF. I'm happy to do anything I can to help further the conversation, and am always available to answer any questions anyone may have. Best regards, Eben On Wednesday, 7 July 2010, Ed McNierney wrote: Eben - Hi; thanks. Chris Ball and I had some correspondence with Brett Smith a few months ago in order to make some introductions and get the FSF and Plan Ceibal talking. It seems that that didn't quite happen, and we've asked Martin Langhoff (who's responsible for OLPC technical work with Plan Ceibal) to pick up the ball and try again. If Brett's not the right person to do that, just let Martin know. - Ed Ed McNierney CTO / VP of Engineering One Laptop per Child e...@laptop.org +1 (978) 761-0049 ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: Uruguay violates GPL by deleting root on OLPCs
forgive an honest question that may spark a philosophical debate: Since the Linux kernel and Fedora are both licensed under GPL.2, how would this violate an unrelated license? (which reading, it may or may not...) * Message: 4 Date: Wed, 7 Jul 2010 16:23:55 -0400 From: Martin Langhoff martin.langh...@gmail.com Subject: Re: Uruguay violates GPL by deleting root on OLPCs To: John Gilmore g...@toad.com Cc: OLPC Devel devel@lists.laptop.org,Sugar Devel sugar-de...@lists.sugarlabs.org,Bernie Innocenti ber...@codewiz.org, mog...@softwarefreedom.org Message-ID: aanlktilduwmzykcr2b8t2fsyp4hsh_halfs11qrg-...@mail.gmail.com Content-Type: text/plain; charset=ISO-8859-1 On Wed, Jul 7, 2010 at 3:42 PM, John Gilmore g...@toad.com wrote: The laptops refuse to boot a developer's version of Linux. ?They require a signed kernel and initrd. ?Some people call this DRM; it's definitely TiVoization (check Wikipedia if you don't know the term). I think it is a very well understood concept around here. And it is also well understood that not all developers complain about TiVo. Major projects are holding to GPLv2. As Eben explained, the GPLv3 doesn't require root, it just requires that you be provided all the info you need to install modified software of your choice, in the environment in which the binaries were shipped. ?su is fine, if documented, and it is. And I think PATH=~/bin/:$PATH is fine too :-) PS: Get a clue, folks. ?This is bigger than OLPC. I understand and value that 'macro' fight, but OLPC, and OLPC deployments are not the enemy. You also need to know that OLPC is about a lot more than just software. We are a very big tent, and we work in some very hard places. Think of explaining this to teachers, or to the parents of children. I can only suggest getting closer to a large real life deployment (not just Uruguay) to get a sense of the challenges we face on the ground in the work we do... and to get a sense of what our who our users actually are. locks down the hardware to disallow freedom, Let's leave hyperbole for another day. It is a very practical concern -- across the varied world of our deployments *theft* is a very real concern. My personal experience in a very cottoned middle-class environment in latam is that by age 15 everyone in my age group had had something stolen in one way or another -- mostly in relatively low-key muggings. I will be optimistic and hope that 1% of the kids needs root at some point. Most places I go to in latam is about the same -- with of course some exceptions in both directions. cheers, m -- martin.langh...@gmail.com mar...@laptop.org -- School Server Architect - ask interesting questions - don't get distracted with shiny stuff - working code first - http://wiki.laptop.org/go/User:Martinlanghoff ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: Uruguay violates GPL by deleting root on OLPCs
Hi, forgive an honest question that may spark a philosophical debate: Since the Linux kernel and Fedora are both licensed under GPL.2, how would this violate an unrelated license? (which reading, it may or may not...) Because it's not true that Fedora is licensed under GPLv2 -- it's licensed under a mix of licenses, including some GPLv3. - Chris. -- Chris Ball c...@laptop.org One Laptop Per Child ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: Uruguay violates GPL by deleting root on OLPCs
I agree with you completely. This is bad, it's just not complete TiVoization: If you insert a USB flash drive or SD card, the boot firmware will only boot from it if the files are tested and cryptographically signed by OLPC. What stops one person of then adding root access again? This will hardly deter theft. Best regards, Tiago On Wed, Jul 7, 2010 at 8:42 PM, John Gilmore g...@toad.com wrote: Please explain your statement that lack of root violates GPLv3. Couldn't the owner of the system insert a SD card with a developer's version of Linux, mount the internal drive of the XO, and tinker with the installed packages as root from the external OS? Does GPLv3 expressly mention root access? The laptops refuse to boot a developer's version of Linux. They require a signed kernel and initrd. Some people call this DRM; it's definitely TiVoization (check Wikipedia if you don't know the term). I think Ubuntu disables root logins, but allows sudo access for root permissions. Is that a violation of the GPLv3? As Eben explained, the GPLv3 doesn't require root, it just requires that you be provided all the info you need to install modified software of your choice, in the environment in which the binaries were shipped. su is fine, if documented, and it is. John PS: Get a clue, folks. This is bigger than OLPC. You've been spoiled by 50+ years of general purpose computers without cryptographic access controls. Four big oligopolies (Intel, Microsoft, Hollywood, and NSA) are all trying to wipe out the general purpose computer and replace it with one that only allows running approved software. They've jiggered the law to make it illegal to circumvent such controls, even if you own the hardware and all the software is free. All the Apple products except the Macintosh are already this way (and they produce more revenue for Apple than the Macintosh), and their customers have barely noticed or complained. It gets harder in every generation of iPhones to jailbreak them, even if it was legal; they're closing in on shipping products that close *all* the exploitable holes, leaving the buyer totally at Apple's mercy. If even the free software community shuts up and demurs when one of our flagship projects locks down the hardware to disallow freedom, why should *any* evil empire delay going right ahead and screwing every consumer, every curious questioner, and every tinkerer? ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: Uruguay violates GPL by deleting root on OLPCs
Jacob - The Linux kernel question is easy, as it's largely GPL v2; the Fedora one is by no means easy. The Fedora Project maintains a list of software licenses which are considered acceptable for software to be packaged in Fedora. That doesn't mean *all* these licenses are in use in any particular Fedora release, but it does give you a sense of the possibilities. You can find the list, with all 206 good software license possibilities (26 of which are GPL variations) at http://fedoraproject.org/wiki/Licensing#SoftwareLicenses - as well as the acceptable documentation licenses. It's a fine list, but the 49th license listed stands out from a crowded pack, and rewards the modest effort required to count up to 49. - Ed On Jul 7, 2010, at 6:23 PM, Chris Ball wrote: Hi, forgive an honest question that may spark a philosophical debate: Since the Linux kernel and Fedora are both licensed under GPL.2, how would this violate an unrelated license? (which reading, it may or may not...) Because it's not true that Fedora is licensed under GPLv2 -- it's licensed under a mix of licenses, including some GPLv3. - Chris. -- Chris Ball c...@laptop.org One Laptop Per Child ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel