FSF Rattles Tivo Saber At Apple

Ohreally_factor takes us back to Friday when both the iPhone and the GPLv3 were released. "This article at Tectonic suggests that Apple's iPhone might run afoul of the GPL. Peter Brown, executive director of the FSF is quoted as saying: 'Today, Steve Jobs and Apple release a product crippled with proprietary software and digital restrictions: crippled, because a device that isn't under the control of its owner works against the interests of its owner. We know that Apple has built its operating system, OS X, and its web browser Safari, using GPL-covered work — it will be interesting to see to what extent the iPhone uses GPLed software.' Might there really be GPLed code in the iPhone? It's well known that OS X built on BSD, which of course uses the BSD license. Webkit is based on KHTML which uses the LGPL."

Re:Apple running afoul of Microsoft licensing?

[arivanov]

You are mistaking patents for copyright and vice versa.

As far as the iPhone software is concerned this is all a storm in a teacup. The real storm will start later.

If the postings so far on various security boards are correct it looks like it indeed runs something OSX like enough and runs everything even the web browser as ROOT. Now if that is not a hacker dream dunno what is. Every exploit no matter how small will provide the attacker with full access to the system including ability to break out of the ghastly contract obligations to ATT and Apple. While the lack of fine grained privilege system is a general problem for all smartphones, in the apple's case it is made worse by the platform being "bigger" and everything having direct access to the iron.

It is too early to say if the iPhone will be the first phone where the admin vs user and privilege control issue will be finally forced, but there is a considerable likelihood of this happening. Once this happens, it will also inevitably open up as a platform (and we will soon know exactly how much (X)GPL code it contains).

Re:"Run afoul?"

[Enderandrew]

Even then, wouldn't the new license only apply to new releases?

If the GPL v3 was retroactive, Tivo would have to recall all their boxes right this second. However, I don't think you can have a retroactive license. You can't invent terms today and say that people agreed to them in the past.

Can you imagine what that would open the door to?

I'm sorry, you inherently agreed to anything Microsoft ever wants from you when you agreed to use any flavor of Windows at any point in your life. We can invent new licenses and terms that go back and override any previous license agreements.

New license

[Enderandrew]

I think we do need a new license for OSS projects, and it isn't GPL v3. Consider this scenario:

BSD licenses allow for people to take and never give anything back. The GPL has evolved into its own form of shackles, loopholes and lengthy clauses. CC is a pretty decent concept to protect your work. Sun has been under all this pressure to GPL Java for ages. Adobe releases API and code for certain products and technologies like Flash and PDF, but needs to protect their interests. What if I have a technology that I wish to be fairly open, and allow the community to help develop. I want people to be able to see the libraries and API to extend the technology. But I also need to protect against forking and theft.

What we need is a license that is simple and short like a BSD license but provides these basic functionalities.

1 - The material may be distributed freely so long as the copyright and license agreement stays with it.
2 - The material may be altered for personal use and/or community development.
3 - If you choose to alter the material, if requested, you must pass your changes upstream to be reviewed.
4 - You may not distribute forks or derived materials without explicit permission. For this there would be a specific license to grant a "fork" which also must remain open to allow changes to drift back upstream.

Wouldn't a license like this be absolutely perfect for a great deal of scenarios?

Java, Flash, and PDF technologies could be protected from forks and theft, but we could compile plugins for any OS and architecture. This license would also be perfect for NVidia or ATI's drivers. ATI could open their drivers without fear of NVidia stealing technology, because NVidia can't fork it, or take part of it without explicit permission, and vice-versa. This would save these companies money by allowing the community to develop and maintain ports of their software products.

Imagine how this would apply to Tivo.

Let's say Tivo and the software they use is now part of license X. Since the source is open, you can install upgrades, recompile, or even tweak and extend the software on your personal box. Tivo wants to protect themselves that they aren't losing on the service. They can ask to see modifications that people make, which is a provision of the license, and thusly keep on pace with the hackers to make sure they aren't circumventing the Tivo service.

Honestly, if Tivo did such a thing, most of the hackers would buy Tivo boxes, and likely even pay for the service instead of circumventing it. Now they'd have an easier, and legal method to extend their boxes, fully supported by Tivo. Add new codecs, or features, or heck run an emulator on your Tivo box.

Seriously, someone with any legal knowledge should draft such a simple license.

Re:Harmful

[joe 155]

I hate to cast aspersions on you and whether or not you might actually be "FUD-ing", but it seems like you might be.

The GPL is extremely permissive (although short of a BSD style, of course), use it if you want - you don't even have to agree to the license for that. Use someone else's software if you want - you're free to do that too. But surely it is nice, and only fair, that if you give away your software to anyone who wants to use it that they tell you what they've done with it and how. The FSF are not saying "OMG!!11! WE'LL SUE APPLE FOR 1 TRILLION DOLLARS!!" they are saying "if there is a license violation, which we are not sure that there is, then they would need to make sure that the software that WE wrote can be accessed by us and we know what has been done with it"

When you put it like that I think they sound a whole lot more reasonable

Re:GPL 3

[Enderandrew]

The supposition hangs on two points. First, that the iPhone is using LGPL code. The second is that Apple intends to violate the license and not allow for people to install updates.

Given that the phone has a browser, and that it can sync with iTunes, applying updates is something that is built into the system. iPods update their firmware when you sync them.

If you have proof the phone has LGPL software, and that Apple intends to refuse updates, then by all means get upset. Until then, this is still FUD.

Re:New license

[mr_matticus]

Point 3 causes a problem in that it stipulates oversight of code released "into the wild." It also affects secondary developers. Consider the following:

Google creates some YouTube software and releases it under this new license. Tivo gets the software and modifies it, including some new features it wishes to keep proprietary. Under this license, they would be forced to share with Google upon request. The license therefore only protects the originator.

Allowing subsequent developers to reserve portions as proprietary would of course defeat the whole purpose, since the upstream developer couldn't be assured that the secondary developer really was sharing all the non-proprietary code. To pull a Rumsfeld, it would be a known unknown and an unknown unknown at the same time.

It really is quite difficult to write a license which *requires* a return of contribution from developers.

Re:New license

[Enderandrew]

Exactly my point.

The license wouldn't suit all projects obviously, but for several scenarios such as Java, PDF, Flash, video drivers, etc. it would be perfect. It prevents someone else forking, or developing their own proprietary version while still allowing the code to be redistributed, community developed, and even modified for personal use.

The entire purpose of the license is to protect those who under most circumstances wouldn't fully open up their sources under any other terms. Consider it a "better than nothing" license. ATI or NVidia could open their drivers under this license, and it beats not releasing the code.

Re:How isn't this FUD?

[mr_matticus]

It certainly is free in different ways, but a lot of that depends on what you need from it. Take, for instance, a proprietary development license scenario--say something written with XCode and Core APIs, since you like Apple examples. You can do whatever you want with Apple's libraries and on the compilers provided. You don't have to share your code with anyone if you don't want to (not even Apple). If you choose to release your code, it can be under whatever terms you want. The proprietary platform and proprietary license are more "free" to that developer than the (L)GPL, but they are more restrictive to secondary developers who want more than the primary developer wants to provide. The GPL tries to "force" the system to prevent what RMS perceives as abuse, attempting to guarantee rights for both the primary developer and secondary developers, but ultimately alienating a lot of primary developers and secondary developers (because of how it works down the chain even on tertiary developers). Like I said, though, (L)GPL is great if its caveats don't get in your way, and generally speaking, it is indeed "more free" than proprietary offerings, from our perspective. But it's not more free from Apple's, so I'm not sure the net balance actually changes from a "universal" standpoint. I agree that something completely free doesn't require a license--that would be "libre" software. Unfortunately "noone's ever said it was free of restrictions" isn't quite the case, because "libre" has been claimed for the RMS licensing models. It's deceptive, because it's not truly *libre* at all. It's important to note that I don't disagree with what you're saying, and I don't disagree with the existence of these licenses, or even with the restrictions they impose. I only disagree with the idea that it's intrinsically "THE" solution to writing software, and that anyone who would *choose* to use proprietary tools is a moron or greedy or evil in some other capacity.

Tivoization...

[DrYak]

...and the usual TiVo-like excuse to this is :

"Yes, you CAN rebuild a firmware. All the necessary tools can be found on our website or in your Linux distro.
If you follow the procedure, no error message will stop you from linking your new stuff.
This firmware can even be executed inside an emulator, as an added bonus.

It only happens that the hardware refuses to run non-signed and/or non-crypted code, even if that code is valid. But the produced binary code it selft *is* valid."

Those company usually try to give a very specific interpretation to what "operating code" means. To their interpretation, it only means that the users should be able to compile a new valid binary. That's why the GPLv3 had to be made, to make it explicit for LGPL, and to add similar protection against tivoization of the baseline GPL.

Apple and TiVo are intentionally making that interpretation. Because they want to keep exact control on what the iPhone can and can't do. The iPhone can't transfer files over bluetooth (no way to send each other ringtones and MP3 music like usual with other Bluetooth enabled device. Apple is affraid of copyright infringement, even if the Bluetooth falls clearly under the same provision as home taping in most juridictions), the iPhone enforces DRM on played media, etc...

A modified WebKit could clearly play a role as an entry point to allow such actions : after all, it's the code that handles how pages are drawn. It's not impossible to invent a new "tag", include support for this extension into the iPhone, and use that tag to manipulate media while circumventing DRM or exchanging it over bluetooth. And then design a custom .HTML file that uses those custom tags to serve as a menu for this added functionality.
It's a little bit weird and far fetched. But it's exactly the kind of stuff corporation like Apple and TiVo are afraid of : people using GPL to circumvent their precious restrictions. And is exactly what the FSF is fighting for :
{commandment-like voice:ON}A USER SHALL HAVE THE RIGHT TO DO WHAT PLEASES HIM WITH FREE(dom)-SOFTWARE HE RECEIVED, AS LONG AS THE USERS PASS ALONG THOSE FREEDOMS ON THE NEXT IN LINE{/commandment-like voice:OFF} (even if that includes completely subverting the initial GPLed code purpose in order to make it do something completely different than initially planed. In fact, even more so, because it's such creative subversions that can lead to inventing new interesting stuff and develop FLOSS. As said in some /. sigs, after all, GNU/Linux is nothing more than a printer driver gone terribly wrong).

Tinkering = Voided Warranty

[goldspider]

I think that Apple should allow users to tinker with the internal workings of the iPhone, but they would be justified in cancelling the warranty of modified devices.

Is the typical Slashdot tinkerer willing to assume that risk on a device that costs so much?

Re:How isn't this FUD?

[mrchaotica]

What I'm saying, is that if you really think that just because something _can_ be done, it _is_ being done, well, you're just not that interesting. Sorry. Nobody cares if you went to the beer store on thursday instead of wednesday this week. Unless you're an active suspect that is specifically being watched, there's no reason to watch you. And, if you are an active suspect, you're being watched anyway. So this is a null problem.

It's not a null problem! Why? Because you could become interesting. For example, what if you happened to frequent the same restaraunt as some criminal? Even though you had no association with him, the cellphones records would show the two of you "meeting" regularly, which could land you on a watch list purely by dumb (bad) luck. Or what if you witness a government official doing something he shouldn't, and he wants to shut you up? Well, congratulations: he now has a record of all your movement habits. Or what if your health insurance company decides that going to the Taco Bell drive through twice a week is too often, and raises your rate? What if your psycho ex happens to work at the phone company, and decides to start stalking you?

Here's my point: tracking data could be abused in an unlimited number of ways, even if you're a "normal" person.