GPL violation follow-up - some bad news and some good news

ExtremeDullard@lemmy.sdf.org to Open Source@lemmy.ml – 639 points –

You might recall a few weeks ago that I requested from a well-known large and somewhat litigious company the source code of the modification they made to a certain GPL debugger, and that they grudgingly agreed after a long time.

So I set out to work on the pile of code they sent me and managed to extract their modifications and port them fo the latest version of that GPL tool... apart from one driver for their debug probes that we use throughout our company: the cunning bastards left a stub in the open-source debugger (I have the code for that) and that stubs talks to the rest of the driver in the form of a closed-source TCP server.

It's a blatant trick to go around the GPL by taking advantage of the grey area surrounding linking in the GPL - i.e. the question of whether a closed-source program can be linked to GPL code and not become GPL itself, which still hasn't been tested in court to my knowledge. If I recall correctly, the FSF is of the opinion that anything that dynamically links to GPL code becomes GPL too, but that's just an opinion.

And of course, here in this case, the aforementioned company added one degree of separation between their closed-source driver and the GPL tool that uses it by making it a server, so whatever argument against linking to GPL code becomes even weaker.

Anyway, as you can imagine, I'm disappointed: my work is 90% there, but I still don't have that one driver and their closed-source faux-server is half-broken and dog-slow because of the time it takes to spawn the server and communicate with it through TCP, and I can't fix it. And I'm 100% certain that if I asked them to send me the source code for that, they'd tell me to suck eggs.

But here's what happened: I got so tired of their shenanigans that I started investigating other debug probes I could use instead of their proprietary junk. And after quite a lot of investigation, I found one solution based on open hardware and open software that, with some careful configuration, works 2x to 3x faster than their proprietary debug probe. Wow! I didn't even know it was possible, and I probably wouldn't have researched it if I had had all I needed to make what we already own works.

Long story short: I proposed that my company replace all our existing proprietary debug probes with the open hardware one and my boss agreed. That's like 20 probes in total, between R&D, testing and production, and at the tune $266.99 per probe for the original proprietary one, that's $5339.80 the egregious GPL-violating company won't get from us. Not to mention renewal of the license for their IDE that we've been using for almost 2 decades, because finally, at long last, after over a month of solid work, I finally managed to free up our source code from their vendor lock-in and make it compile, debug and flash using open-source tools from start to finish!

So yeah, I didn't get what I originally wanted from that company. That's the bad news. But in the end I ended up better off without it, and that's the good news 🙂

45

FOSS needs more people like you. Thanks for your contributions.

I love these kinds of stories. Thanks for writing the follow up!

So what's the open source alternative you found? Sounds like it needs more advertising.

I can't really say because it would make it obvious which debugging tool I'm talking about and that would out me. And then the company could put 2 and 2 together and find out who my employer is and... you know, our orders might become slow or mishandled, that sort of things. My company's entire business depends on that one supplier, so it wouldn't be good.

Sometimes people in OP's situation don't say too much information because they don't want to jeopardize their professional relationship with the other party.

You are a superhero, one of the likes we rarely see.

God bless you, your work has returned some hope on humanity for many of us.

Great to hear this story of success. That plus

$266.99 per probe for the original proprietary one

Reminds me of Schneider's stupid proprietary dongle for programming their PLCs. It's just a CH341 in a funny shaped case that fits into the funny shaped slot on the PLC, where it plugs onto an ordinary 0.1" pin header to talk logic level serial.

Plus it has a custom USB ID of course. Probably costs $2 to manufacture, sells for almost $300 as well.

This one is kind of the same thing: it's a bone-stock FTDI 4232H probe with a bit of logic tacked on to disable the chip without a custom init command and a custom USB PID/VID. All I need their driver for is to enable the chip. After that, I can just use the open-source FTDI driver. But the driver makes everything super-slow, so the point is kind of moot anyway.

Probably another attempt to go around the GPL actually, because they use the FTDI driver to talk to the chip (because the open-source libusb is very slow in Windows) and that too can't be linked to the GPL debugging tool. So the probe masquerades as a custom device.

Wow people actually do this??? Good job

It's rare that the business would give them the slack to be able to, usually there's plenty of intent

My employer is openly willing to let the engineers work on whatever they want, however long it takes to make things good or better, not just good enough. The bean counters don't run this place: we take the time to do things right.

It's a policy that has worked for us for the past 40 years, and it's the main reason why our customers come back to us and we've been consistently very successful over the decades.

Anyhow, originally one of my colleagues asked me if it would be possible to compile and debug our code in VSCode instead of the company's IDE. I said I'd try to see if it's possible, and then I went down the rabbit hole - with my boss' blessing 🙂

I hope you understand how truly fortunate you are to both be able to do that, and work at a place that allows you to do that

Of course I do. That job is the best gig I've ever had and it's one of the best things I have going on in my life. That's why I'm particularly cautious in this thread and I don't say anything that could put my employer of my employment in jeopardy in any way, even though it's highly unlikely.

More software and competitors are born from spite, versus anything else I'd bet.

GNU was founded because Richard Stallman was frusterated with a printer's proprietary software.

Thankfully all printers are frustration free now.

As much as that extracted a snort from me, it's almost true, at least in the sphere of printers that talk one of the few major print languages

@ExtremeDullard Can you share the name of the new open source tool you found? Spread the knowledge, make more people leave the proprietary litigious vendors.

And thanks for sharing your story.

I can't sadly. It would make it obvious which company I'm talking about, and if ever read this thread, they could retaliate against us.

@ExtremeDullard Au contraire - if the information is public, you may say you just found it here.

Well possibly, but here's the thing: if I don't say anything, I don't have to worry about having to explain myself later.

This is just a software project, I really really like my job and I have other hills to die on frankly. So I just don't need the aggravation.

Now thats something I'd slap on my resume. Hope you get a bonus or something for saving your company money cause it'd be well deserved.

It only cost 20k worth of work to save 5k of fees

Spending 20k to unchain yourself from a clearly ill-meaning vendor can be seen as a good investment in itself. 5k saved in (recurring) fees is a bonus.

Lol.

May be those fees are annual licensing fees. And who knows what else is tied to that (support contracts, etc)?

I once enabled my company to forgo a license renewal of $10k...after 3 months of heavy work. Not really a big savings. But it also then eliminated an annual $1 mil in servicing fees that they would've had to pay for 10 years, by contract (so saved $10 mil). That we didn't know when I started.

You assume I'm paid 20k per month when I'm paid a lot more than that 🙂

Anyway, not to worry, we'll recoup that money next year when we won't have to renew our license for the 10-so development machines.

Yeah, but this is (according to OP) faster, which saves money. And, because it's open, if there are features that could add serious value, they could be added in-house.

But yeah, perhaps a bit of a pyrrhic victory.

1 more...

Super cool. Would AGPL fix the issues with the loop holes they used?

The particular open-source license doesn't matter: they're doing all they can to not release their source code and that's what I need to fix their stuff.

Excellent work, and thank you for sharing. What a win! I'm always heartened to hear about straightforward open source wins against leeches 👍

Good job, but is this something that us common folks can use?

Otherwise, as much as a noble cause that was, helping a for-profit company save money, for the same amount of pay is like, eh... it wouldn't be worth my time. But that's just me.

I posted what I could legally post on my Github, and I made sure it's easily discoverable. If you need it, you'll find it very quickly.

I have no reason to keep it for myself or my employer, since it's GPL. Also, I kind of like the idea of distributing what the unhelpful company I got it from only gives upon request: when they do that, they comply with the GPL, but in the most unhelpful way possible. With what I posted, nobody has to request that stuff ever again, and I cleaned up and updated their code too.

i understand, that you can't name and shame.
but at least show the open hardware guys some love.

They already know. I've posted all the good I think of their device, as well as the author of the open-source debugging app that runs on it (it's actually a generic device), on their official Reddit sub. But it's just a general comment, not tied to this account of my little GPL adventure.