Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
BLACK FRIDAY DEAL: Trust the World's Fastest VPN with Your Internet Security & Freedom--A Lifetime Subscription of PureVPN at $48 with coupon code "BFRIDAY20" ×
Android Open Source Businesses Cellphones

CopperheadOS Fights Unlicensed Installations On Nexus Phones (xda-developers.com) 97

An anonymous reader writes: Earlier this week security-hardened Android build CopperheadOS temporarily blocked Nexus updates on its servers after finding out that other companies have been flashing the ROM onto Nexus phones and selling them commercially in violation of the CopperheadOS licensing terms. The incident highlights an inherent problem in getting open source to be used by the masses: the difficulty of organizations being able to build and monetize a successful, long-term open source business model...
"We've enabled over-the-air updates again," CopperheadOS tweeted Saturday, "to avoid impacting our remaining customers on Nexus devices and other legitimate users. However, downloads on the site will no longer be available and we'll be making changes to the update client for Nexus devices."

In an earlier series of tweets, they explained it's an ongoing issue. "It's not okay to disrespect our non-commercial licensing terms for those official builds by flashing and selling it on hundreds of phones... This is why we've been unable to sell access to Pixel images. There are people that are going to buy those and flash + sell devices in direct competition with us in violation of the licensing terms. Needing to deal with so many people acting in bad faith makes this difficult.

"It's not permitted for our official Nexus builds and yet that's what's happening. We do all of the development, testing, release engineering and we provide the infrastructure, and then competitors sell far more devices than us in violation of our licensing terms. Ridiculous."

CopperheadOS Fights Unlicensed Installations On Nexus Phones

Comments Filter:
  • by Luthair ( 847766 ) on Sunday November 12, 2017 @12:01PM (#55535673)
    If you look at their github account they've dropped their license into clones of Google's Android repositories. Even if you're adding commits you don't get to re-license the code.
    • Isn't the GPL specifically designed to prevent this?

    • by mysidia ( 191772 ) on Sunday November 12, 2017 @01:09PM (#55535959)

      The Apache 2.0 License most of Android is under permits Sublicensing, but not complete License Replacement --
      the new license needs to include the Apache terms.

      ALSO, the License they have cited the CreativeCommons-NonCommercial-ShareAlike is NOT DESIGNED to be used for software source code and binaries, and it does not even qualify as an Open Source software license.

      • by Anonymous Coward

        Are you certain of this?

        The GPL doesn't require that a vendor release binaries to anyone. The vendor is free to charge a fee or to only distribute the binaries to non-commercial users. They're also required to provide the source code upon request to users who have received the binaries.

        Those who receive the source code are free to modify and redistribute it under the GPL. It's clear to me that the GPL requires that source code can be redistributed. It's also clear that derivative works can be redistributed,

        • Can you point me to where in the GPLv2 it indicates that the original binaries must be able to be redistributed without restriction?

          You mean GPL v3. Don't you?

          In any case, you're asking the wrong question. CopperHeadOS is clearly implying that their new licensing applies to the entire source code, not just the binaries. And they're actually happy that this new license has had a chilling effect on their competitors capable of building their own binaries themselves.

          Aleksa Sarai: @LordCyphar - 23hr [twitter.com] Wouldn't that be an argument that GPLv3 would still work, you just need to not provide binaries that people can hock off for their own products? Bad actors will always exist, so I don't see how GPLv3 is less helpful than CC-BY-NC-SA in this area?

          CopperHeadOS: @CopperHeadOS - 23h [twitter.com] There are very few individuals and companies willing to build illegal businesses on our code. GPLv3 let them do it legally and we were unable to have even close to a sustainable business. CC-BY-NC-SA has substantially improved the situation.

          And if you don't believe my interpretation of CopperHeadOS's response, just read the content of their new CC-BY-NC-SA license [github.com] for yourself and take a look at one of the many lo

          • Of course they're happy that not letting competitors pick up their code for free and profit off it is stopping competitors picking up their code for free and profitting off it -- I hardly think that's what "chilling effect" means. They have produced something that is badly needed at considerable expense to themselves. They have made the source available for non-commercial uses, which is part self-promotion and part generosity, but mostly just a responsible, sensible move for something that claims to be secu
      • Also, if you sublicense the Apache software, you still only get to enforce the license on the pieces that you own, not the Apache pieces.

    • CopperheadOS uses the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International license as its compilation copyright and as the copyright on their new work. That isn't an Open Source license. It violates rule #6 of the Open Source Definition.

      6. No Discrimination Against Fields of Endeavor

      The license must not restrict anyone from making use of the program in a specific field of endeavor. For example, it may not restrict the program from being used in a business, or from being used for genet

  • by Anonymous Coward
    Maybe a poison pill update can be sent out that senses the illegal phones and bricks them? Or at least wipes the OS.
    • by mysidia ( 191772 )

      They could do that if they want to go to jail..... ILLEGAL.

      • FTDI got away with it.....
      • There are several legal issues here. You can't brick the phone preventing installation of a replacement for your software, and you can't prevent 911 calls. Other than that, you could indeed deny access to features by license violators or those who got their phones from license violators.

        That said, it bothers me that they misrepresent their system as Open Source (wrong license to be Open Source) and it sounds like they have less than a full understanding of what pieces their license applies to (only the ones

        • by mysidia ( 191772 )

          When the GP writes "Poison Pill" update, one thinks of a software update which is developed to be deliberately destructive --
          rendering the basic functions of phone inoperable, at least without manually re-installing the operating system...
          knowingly deploying such an update in way users would be expected to automatically receive it, is essentially writing and propagating sabotage malware through a system users expect to receive bug patches ---- the reason Jail time could result is that willfully dev

  • by johanw ( 1001493 ) on Sunday November 12, 2017 @12:49PM (#55535857)

    written by others, adapted by themselves, and now they are whining that someone else does the same with their variant? Another company that does not understand that there is no right to have paying customers.

    After these tricks and their anouncement I would not trust their software anymore. Who knows what malware thei are going to distribute to anyone they might think uses their software from other channels?

    • Not exactly. They are complaining about people using their compiled and packaged binary without paying the licensing fee.

      Note that this is not in violation of even the GPL as distribution costs can be charged.

  • by pthisis ( 27352 ) on Sunday November 12, 2017 @01:19PM (#55536009) Homepage Journal

    Earlier this week security-hardened Android build CopperheadOS temporarily blocked Nexus updates on its servers after finding out that other companies have been flashing the ROM onto Nexus phones and selling them commercially in violation of the CopperheadOS licensing terms. The incident highlights an inherent problem in getting open source to be used by the masses

    This is FUD. If CopperheadOS prohibits selling it commercially, then they are not using an open-source license. By definition, open-source licenses cannot prevent others from selling the software commercially or otherwise prohibit redistribution or discriminate against fields of endeavor (including business use).

    And, indeed, most sources (e.g. https://en.wikipedia.org/wiki/... [wikipedia.org]) call the Copperhead license "source available" rather than "open source" because of these non-open-source restrictions.

    See https://opensource.org/osd [opensource.org]


    1. Free Redistribution
    The license shall not restrict any party from selling or giving away the software as a component of an aggregate software distribution containing programs from several different sources. The license shall not require a royalty or other fee for such sale. ...
    2. 6. No Discrimination Against Fields of Endeavor
    The license must not restrict anyone from making use of the program in a specific field of endeavor. For example, it may not restrict the program from being used in a business, or from being used for genetic research.

    And flashing it onto a ROM would constitute a derived work covered under section 3 of the OSD.

    • You are correct that it's not an Open Source license. I do not, however, believe that a binary blob for an android install is a derivative work of the kernel in its entirety. It's an aggregation, like a Linux distribution CD. You can take it back apart. The GPL can be enforced on the GPL components in it and anything that is directly combined with the GPL program. But not just anything on the filesystem.

    • Agreed - developers conflating Open Source (OSI compliant) and proprietary licenses, including "non-commercial", causes wide-ranging problems. Not suggesting CopperheadOS do this, only a number of previous commenters

      1. Developers including open source code, to later find out that they have just sunk their company's product. Even with GPL, you can look at becoming compliant. Here, that means winding up your company
        • My Github code is MIT licensed, use for your project! (By the way, I built it on another MIT
  • Now what prevents someone from taking the source and just flashing it that way? Otherwise, it's just shades of Sveasoft with slightly different licensing.
  • by Bruce Perens ( 3872 ) <bruce@perens.com> on Sunday November 12, 2017 @04:03PM (#55536847) Homepage Journal
    CopperheadOS use the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International license as their compilation copyright. This is not an Open Source license, thus CopperheadOS is not Open Source.
    • Not this again. If you can download the sources, then it's Open Source [hyperlogos.org]. Stop saying "Open Source" when what you mean is "OSI Approved".

      • Hi Martin,

        I hope you're doing well and that this recent spate of nasty fires didn't harm you. My 17-year-old FIRE/EMS student fought the fire in Napa. Lots of smoke at my home.

        It's ironic that you want to credit SCO for a cut-down definition of Open Source at the same time you criticize the legitimacy of the Open Source I announced to the world. That's what Caldera became, of course, and we are clear that they bore ill will for our community and are now a bankrupt failure. More interestingly, their attorney

        • It's ironic that you want to credit SCO for a cut-down definition of Open Source at the same time you criticize the legitimacy of the Open Source I announced to the world.

          I don't actually. That's just the earliest reference for which I could find a citation. People in nerd communities like that in scruz (nominally centered around ucsc) were already calling it "open source" before SCO even had a product called "open desktop". That both I and SCO come from the same place is of course merely a coincidence, although I have been acquainted with many fine technical SCO employees including the lead developer of Xenix.

          Despite some infrequent use of the two words together before my announcement, "Open Source" is the proper name for a campaign that I first announced to the world and started with the same ESR who is under discussion in this article.

          It really is not. It really is the name for the practice of provi

          • I am> promoting Free Software. Just not to the community to whom the words Free Software are resonant. And any use of Open Source to deprecate Free Software was not done with my countenance and is no longer relevant in any case.

            You'll notice that even Bradley Kuhn of the Software Freedom Conservancy, a FSF-aligned organization, uses "FLOSS" [sfconservancy.org], which I find grating. But the reasons for not simply using "Free Software" in English are well known.

  • there immature devs rip off someone else work in this case android then hide it behind a paywall and think the rules dont apply to them. the issue is most company's dont bother to knock them off there cloud of stupid.

The more cordial the buyer's secretary, the greater the odds that the competition already has the order.

Working...