Is Linksys shirking the GPL? (Maybe not.)

by Rob Flickenger

It's Tuesday, so tonight is yet another Hack Night for SeattleWireless. The object of affection for wireless hackers in Seattle as of late is the Linksys WRT54G, one of their new line of Linux based APs. (For the technically minded in the audience, tales of SWN's 54G experiences are up on the SeattleWireless Wiki).


The goal of recent fiddling has been to get a captive portal (such as NoCatSplash) running on this puppy, as well as to clean up their sloppy web interface, and possibly add some nifty new features (like IP tunnels, IPv6, wireless client mode, as well as some other obvious nicities).


This project has not been without its technical hurdles. One early problem was that of the format of their firmware updates. While the code contained within might be released under the GPL, Linksys is under no obligation to release the details of this file format. And yes, I asked them directly, but to date have gotten no reply.


No matter, with the help of many interested people around the globe, we have been able to decipher the (relatively simple) firmware file format, and even make a little utility that will generate a valid firmware for you. (Note that it's really easy to kill your AP with "bad" firmware, but that's another story altogether...)


Now that we are able to execute arbitrary commands on the WRT54G, it is obvious that Linksys is running modified software covered by the GPL. One perfect example of this is Zebra, the advanced dynamic routing software package. By opening the firmware file directly, as well as by making queries through the makeshift ping interface mentioned earlier, we noticed that the zebra running on the WRT54G doesn't use the standard configuration file locations. This means that it must certainly be a modified binary.


So, naturally curious, I wanted to find out what Linksys had to do to get Zebra running on this hardware. I stopped by the Linksys "GPL Code Center", and downloaded their zebra archive.


You can imagine my disappointment when I realized that this is in fact just a copy of the original source code available from zebra.org. Where are the changes to the source tree? I have just asked Linksys that very question, but as they still haven't gotten back to my first query, I expect my email to be filed under irrelevant and forgotten.


I believe the GPL is an important document that is intended to prevent exactly this sort of theft of code. Any company that incorporates GPL software into a commercial product and attempts to skirt the licensing terms is nothing short of a thief, building on the stolen effort of countless contributors.


And evidently, I'm not the first to notice that these binaries are compiled with a modified GCC (with a signature string of "GCC: (GNU) 3.0 20010422 (prerelease) with bcm4710a0 modifications"). That bcm4710 refers to the Broadcom chipset that this AP is actually made from. If Broadcom is using a modified GCC for their reference design, and are making this available to their developers, aren't they bound by the GPL to make the source code to those modifications available as well?


I will definitely be interested to see what comes of this unprecedented interest in a mainstream Linux product. If you are interested in finding out about how the WRT54G (or other Linux router from Linksys) actually operates, I urge you to write to Linksys and Broadcom, and ask (politely but firmly) for the details. I hope we can get through to these large manufacturers that while they are certainly welcome to use Open Source software in their products (and thereby benefit from the tremendous public effort spent on them), the community expects them to likewise respect the terms of licensing.


*** Update: 11:54pm 7/29/03 ***


I just got a response from Linksys support! (I'd post the email, but their disclaimer asks me not to.)


Evidently, we've moved on to "2nd level support", whatever that means. Hey, it's one round further than last time. I will keep you posted.


Oh, and in other news, Ross Jordan got a shell on the WRT54G! I'm so jealous. We worked on this all Hack night and didn't get it first. Great work, Ross! NoCatSplash, you'll be next!


***Update: 11:42am 7/31/03 ***


Thanks, slashdot readers for your usual valuable insight and candor. ;)


As many have pointed out, I did overlook the fact that Zebra could be compiled with options that change the location of the default configuration files. Naturally, this isn't a source code modification, so it is entirely possible that Linksys is running a "stock" zebra.


Interestingly enough, now having pulled down several sources and compared them against the original distributions, it appears that Linksys is releasing at least some of their changes. I noticed differences in ppp, iptables, and udhcp (although the latter is missing the Makefile, probably just an oversight). There are also differences in the 2.4.5.kernel tree, although obviously there are no drivers for the wireless card.


What about other binaries in the filesystem? tftpd is heavily modified (ah, but it's released under the BSD license). The epi_ttcp program that Ross used to get a shell, based on ttcp? Also BSD licensed. Their very, very hacked httpd is evidently based on mini_httpd, which is (you guessed it) BSD licensed. As far as I can tell without having exhaustively looked at every piece of available code, Linksys appears to be trying to comply with the terms of the GPL (as I understand them anyway), and putting many customizations into BSD code, which doesn't require source distribution.


The question of the modified GCC is still open, but as many have pointed out, since Linksys doesn't distribute the modified GCC binary, they are under no obligation to provide the source. Fotunately for this project, our testing suggests that we may not need the modified compiler after all. If you are a developer using Broadcom's reference design, and they provided you with a binary GCC distribution, please request the source and redistribute it, as you would be well within your rights to do so.


For more updates on the continuing saga with Linksys and the Linux kernel, try this weblog.


Are Linksys and Broadcom in violation of the GPL?


42 Comments

jbeimler
2003-07-30 06:03:20
GCC Issues
I don't think you have much chance of getting the GCC patches. Linksys isn't shipping GCC, just code compiled with it. Whomever made the bcm4710 modifications is required to give Linksys the code if it is requested, but I can't see how an end user could get the code for gcc without getting the compiler directly from the distributor.
kbingham
2003-07-30 10:42:15
Linksys support
Rob,


Good luck with Linksys support. Last time I emailed them for support I received an unclear response. "Is Linksys farming their support overseas?", I inanely thought. I looked at the response's header, and yes, they do.


Keep up the good work!

rflicken
2003-07-30 11:06:33
GCC Issues
You're probably right there. It would make more sense to go bug Broadcom. But it can't hurt to ask, can it?


I'm also encouraged by the fact that the chap who got a shell running on it did so using code I compiled using a standard GCC on a Cobalt Qube. There might still be a licensing question, but if code from the standard compiler runs on the WRT54G, that's a relief.

anonymous2
2003-07-31 03:21:15
Contact copyright holder
You should notify the copyright holder(s) of the GPL package that is seemingly being misused. He (she, they) is certainly in the position of asking Linksys for clarification, and possibly threatening legal action.
anonymous2
2003-07-31 04:20:19
GCC Issues
Broadcom's under no obligation to release the mods to gcc except to their downstream users. According to RMS, use within a company does not constitute "distribution" in a sense that triggers the GPL. Linksys is also under no obligation to actually ask Broadcom for the source.
anonymous2
2003-07-31 06:50:38
GPL and GCC
You asked
"If Broadcom is using a modified GCC for their reference design, and are making this available to their developers, aren't they bound by the GPL to make the source code to those modifications available as well?"


No,the are not bound at all to release any changes to the gpl that the use internally, only if the release the binaries of that modified GCC do they have to publish the Source.


They can use thier own copy of the compiler to produce all the binaries that they want. That is why you can gpl source code that can only be compiled by a non-free compiler.


mike

anonymous2
2003-07-31 06:55:03
GCC and GPL
The author mentioned Linksys using GCC for the WAP software develpment, and suggested that if they were distributing the modified GCC to their developers, then they were obligated to make the source available publicly.


I do not believe this is correct, as I believe the GPL obligates companies to make the source code for GPL code they *sell* (perhaps distribute) available to those to whom they sell binaries.


So I agree that Linksysshould be making the modified zebra code available becuse they distribute the binary with their product, but I disagree that theya re obligated to distribute source forthe modified GCC which they kept internal to their company to compile that zebra software.


In other works a company could use a modified GCC to compile thousands of different proprietary programs for a radical new CPU, and be under no obligation to distribute the source for the modified GCC just because they used it to compile their software. They would have to give the GCC source if they also included the GCC binaries in what they sold so customers could compile programs for the radical new CPU.


My $0.02.

anonymous2
2003-07-31 07:21:08
File Locations?
Are you sure that the file locations aren't just configurable with a configure script? Perhaps they were using --prefix and --sysconfdir as well as other standard configure flags? This would not be a source modification.
anonymous2
2003-07-31 08:12:04
GCC Issues
No, Linksys IS in a position to ask them for the source if Broadcom gave them a modified GCC binary to use. You and I, having no modified GCC binary in our possession, have no right to the source, either.
anonymous2
2003-07-31 08:39:32
autoconf and an itchy trigger finger
Let's all bash SHO for yelling about an unproven violation of rights, then start bitching Linksys out when someone doesn't know how to use an autoconf'd package.


I hope this posts clearly -- Damned O'Reilly not having a preview option makes this a gamble...


chet@bunny:~/tmp/zebra-0.93b$ ./configure --help | grep dir
--srcdir=DIR find the sources in DIR [configure dir or `..']
Installation directories:
Fine tuning of the installation directories:
--bindir=DIR user executables [EPREFIX/bin]
--sbindir=DIR system admin executables [EPREFIX/sbin]
--libexecdir=DIR program executables [EPREFIX/libexec]
--datadir=DIR read-only architecture-independent data [PREFIX/share]
--sysconfdir=DIR read-only single-machine data [PREFIX/etc]
--sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com]
--localstatedir=DIR modifiable single-machine data [PREFIX/var]
--libdir=DIR object code libraries [EPREFIX/lib]
--includedir=DIR C header files [PREFIX/include]
--oldincludedir=DIR C header files for non-gcc [/usr/include]
--infodir=DIR info documentation [PREFIX/info]
--mandir=DIR man documentation [PREFIX/man]
LDFLAGS linker flags, e.g. -L if you have libraries in a
nonstandard directory
CPPFLAGS C/C++ preprocessor flags, e.g. -I if you have
headers in a nonstandard directory
chet@bunny:~/tmp/zebra-0.93b$

anonymous2
2003-07-31 08:40:20
autoconf and an itchy trigger finger
Make that SCO. I'm retarded.


...but not retarded enough to publicly bash Linksys without more than a slight hunch.


On O'Reilly's website, no less.


I guess that's why O'Reilly probably had editors look over your books before publishing them -- so they could filter out unfounded crap such as this.

anonymous2
2003-07-31 08:41:45
what other Linksys products use linux...
I've wondered if my BEFW11S4 uses linux under the covers... All the articles and code released seems to concentrate just on WRT54G...
what about all the other linksys routers out there?
Where's the source?
Anyone know?
anonymous2
2003-07-31 08:42:50
what other Linksys products use linux...
I've wondered if my BEFW11S4 uses linux under the covers... All the articles and code released seems to concentrate just on WRT54G...
what about all the other linksys routers out there?
Where's the source?
Anyone know?
anonymous2
2003-07-31 08:45:29
Provable GPL violation only by Linksys
Linksys has definitely violated the GPL by not making their source changes available to you, the consumer, after purchasing their GPL-enhanced product.


Broadcom, on the other hand, should they have provided Linksys with a modified gcc, MAY have violated the GPL, but no one (but Linksys) can prove that.


The GPL is a one-step process from distributor to distributee. After Broadcom got their copy of gcc, they can alter it all they want. As long as they don't plan on distributing this new gcc, then they're fine with not releasing the source. And if they DO plan on distributing their gcc, they can also limit distribution as much or as little as possible. It's their prerogative as distributor. GPL doesn't say that you have to give your code to EVERYONE yourself.


However, once they distribute their gcc, it is distributed under GPL, and Linksys can re-distribute it freely. Broadcom cannot make Linksys sign any additional agreements which infringe on the rights the GPL provides.

anonymous2
2003-07-31 08:46:16
Others
What about other vendors? I know that Watchguard uses Linux and a bunch of other utilities but, I don't see any mention of the source anywhere.


Further more, I believe that some of the Watchguard specific modules require GPL licensing or LGPL at the least because of their tie in to the kernel and the other GPL utilities. Where are they?

anonymous2
2003-07-31 08:46:52
Contact copyright holder
yeah, that's the ticket! The owner can threaten legal action! And a threat is alll you have because any real attempt to put the GPL in front of a judge would be disterous.


Where ya gonna get the money to hire a lawyer? What lawyer would be foolish enough to take the case? The GPL is a joke - people on this forum and on slashdot and elsewhere cannot even agree on what the license say, and it's written in plain english! One poster described it as a freshman high school philosophical diatribe. The first time this gets in front of a judge the whole house of cards that is the GPL license will come crashing down.

anonymous2
2003-07-31 08:55:51
Contact copyright holder
If that's the only way you can go to bed at night and sleep soundly, then more power to you. Don't worry about the fact that you're very, very wrong.


The GPL has been brought up in only a couple court cases, and one in particular (MySQL vs. whoever, can't remember). In all instances the judge in the case never, ever questioned the legality of the GPL document itself, the train of thought in the court room went straight to "are they complying?"

anonymous2
2003-07-31 09:01:58
Linksys support
Hehe, I was on the phone to Linksys support for 2 1/2 hours one time. Got to know the nice young lady real well, as she lived in Manila. As I hung up the phone I thought to myself, "I just made Linksys spend more money on the phone call to tech. support than I paid for this router..." Smiling, I chucked the router in the trash. :)
anonymous2
2003-07-31 09:17:03
GCC Issues
Read again, he said "not under obligation" not "have no right". They may not CARE what mods were made to the source.


I agree with a previous poster, changing the config file dirs is a simple matter of messin' with the Makefile. To prove they actually made changes to the source itself, you would have to prove that the binary does something different. Comparing MD5's with a known clean GPL copy (proabably) won't work either, as they used a modified compiler. You would have to prove that the program(s) in question do something in a basicly different way than a clean version of the sources with an unmodified compiler. Good luck with that, could take a LOT of testing.

anonymous2
2003-07-31 09:43:30
Linksys support
hate to burst your bubble, but it does not work like that. You know what a T1 is right? Do you know why the phone company sells these? Its NOT an internet connection, its a "leased line." Companies can rent T1, etc. to far destinations, and no longer pay per call. You are familiar with the "dial 9" to get out stuff? Do you know I can call Spain From Detroit without "getting out." That makes it not even register on the phone companies bill. All they know is they sold a few T1s...
anonymous2
2003-07-31 09:44:35
Linksys support
hate to burst your bubble, but it does not work like that. You know what a T1 is right? Do you know why the phone company sells these? Its NOT an internet connection, its a "leased line." Companies can rent T1, etc. to far destinations, and no longer pay per call. You are familiar with the "dial 9" to get out stuff? Do you know I can call Spain From Detroit without "getting out." That makes it not even register on the phone companies bill. All they know is they sold a few T1s...
anonymous2
2003-07-31 10:25:24
Noted on linux-kernel too
Might want to contact
Andrew Miklas
as well, he's noted the same thing and was also chugging through Linksys support.


Note that Dell did something similar, and resolved it admirably when Colm MacCárthaigh asked -- the source for the GPLed components of their Dell Truemobile 1184 is now up on the web, details here.
Take note Linksys! ;)

anonymous2
2003-07-31 10:37:13
Contact copyright holder
Yeah, that IS the ticket. That is precisely what people and companies do when there is a dispute. It's why we have laws and licenses and legal process.


People in the same organization disagree on what licenses say on many things. GPL is no exception. People in GPL are just more open to discuss it on public forums than in private meeting rooms. What's your point?


"The whole house of cards that is the GPL license will come crashing down." - That's quite a poetic prophecy. Tell me, do you charge by the hour or can I hire you for the whole day on my nephews birthday next week?

anonymous2
2003-07-31 10:41:46
What proof?
What proof is there that they've modified Zebra, except the different locations of configuration files?


Surely the changes to the source code made by autoconf don't count as vendor modifications.

anonymous2
2003-07-31 10:45:04
How I'd cheat
First, I'd hack on GCC to accept a table of line numbers, file names, line text, and "foreign text files". Next when I invoke GCC to read a GPL'ed source file, When GCC sees a matching line number and text, it sees an implied #include, and fetches whatever mods I want to make but not publish. So this way, I've modified the GCC (which mods I may keep private), but have not touched the source. Distribute new binary, Profit!
Sincerely (somewhat), phred.
anonymous2
2003-07-31 11:21:05
actually...
"(I'd post the email, but their disclaimer asks me not to.)"


IMBw, but I think that's just tough cookies for them - they can *ask* you not to all they like, but they can't stop you unless you signed an NDA...

anonymous2
2003-07-31 11:27:15
what other Linksys products use linux...
Their NAS appliances run linux
anonymous2
2003-07-31 11:34:47
autoconf and an itchy trigger finger
Well, with respect to Zebra you may be correct. However, we over at the "The Linux Broadcom 4301 Driver Project" (http://linux-bcom4301.sourceforge.net) were the ones that exposed Linksys initially. Their released "source" is bogus. The Broadcom driver that ships with the router relies upon specific routines that Linksys put into their modified kernel. The source of the kernel released by Linksys DOES NOT contain these routines. Basically, Linksys is shipping a modified kernel -- which definitely isn't in "user space" and a cannot be claimed to be exempt from GPL -- and yet the kernel source they posted is a generic kernel missing all of these modifications.


Brett Wooldridge
"The Linux Broadcom 4301 Driver Project"

anonymous2
2003-07-31 20:10:52
Other GPL Violations...
I had the priviledge of hearing Tim speak this past weekend. It's interesting he commented tangentally to this. He stated that Google, YahooMaps, PayPal, and eBay are all running linux, yet we've got no source from them. Does anyone believe they have not modified?


I'm not saying that they should turn over all thier assests, or even reveal what they have done, but it does provide some contrast to this story in that these are held as icons of the OSS movement, and not disected.

rflicken
2003-07-31 20:26:41
Other GPL Violations...
Well, the major difference is that sites that use Linux (like Google, Yahoo, PayPal, etc.) aren't bound by the GPL because they aren't redistributing binary copies of GPL software.


On the other hand, manufacturers that include Linux in a product (like Linksys, and from what I'm told, the WG-2100 BlueSocket for example) are responsible for making their source code available to their customers, or anyone who they distribute binary packages to. I believe it is perfectly permissible under the GPL for a company to incorporate software into an "in-house" solution. Things only get tricky once code starts changing hands.

rflicken
2003-07-31 20:27:49
actually...
Don't worry, it's not that exciting. The paraphrase says it all. That and that they are sorry for any inconvenience this may have caused me.
anonymous2
2003-07-31 20:28:44
Other GPL Violations...
If these companies are not distributing binaries of the GPL software they modified, they are under no obligation to provide you with source. The obligation to provide source is triggered only by distribution, not by use, which is explicitly *not* covered by the GPL (IIRC it explicitly says usage licenses are improper if not illegal).
anonymous2
2003-07-31 22:02:33
How I'd cheat
You still then would be releasing a modified binary. What does it matter how you modified it?
anonymous2
2003-07-31 23:10:05
All of this shows the danger of GPLed software to programmers and innovators
This whole affair demonstrates the true nature of the GPL. It's designed to sabotage businesses. In particular, it's intended to strip them of the ability to add unique value to their products -- which, in turn, is an essential element of success. VA Linux had to drop out of the hardware business because they couldn't get a competitive edge -- which happened, in turn, because they embraced GPLed code. Linksys, if the GPL zealots have their way, will go the same route.


Linksys was foolish indeed to use GPLed code at all. Instead, they should have used BSD-licensed code, which is friendly to programmers and to the businesses which issue their paychecks. The BSD and MIT licenses, as well as other truly free licenses, promote innovation and allow programmers to be rewarded for innovating. The viral, spiteful, anti-business, anti-programmer GPL does the opposite.


--Brett Glass

anonymous2
2003-07-31 23:40:36
Linksys support
Think again, fool, it actually DOES "work
like that" - sometimes.


Companies that purchase circuits like T1's do not overbuy. If for example they know that the average simultaneous calls is 200, and the peak is 500, and the peak lasts for 15 minutes ONCE a day, they will buy around 10 T1's, carrying 240 calls total.


They then program the phone systems at both ends so that if all the leased circuits are full, the phone systems dial through LD carrier for the excess calls. Since this only happens quite briefly, the LD charges are much less than another 10 T1s would cost.


Besides the cost savings, they have to do this in case there's a fiber cut and all 10 of their T1's fall down.


So you don't know if this guy's call was carried on private line or not. If it was, which is most likely, then yes the call didn't cost anything. But there is a chance it wasn't.


Furthermore Linksys does have to pay money to the support company to pay the salary of the girl sitting in Manilla.


To suggest that outsourced tech support is "free" for the hiring company is preposterous.

anonymous2
2003-07-31 23:50:31
What about section 2 of the GPL?
Couple of points people have missed in this debate:


1) Froom the GPL:


"...The "Program", below,
refers to any such program or work, and a "work based on the Program"
means either the Program or any derivative work under copyright law:
that is to say, a work containing the Program or a portion of it..."


Clearly, the firmware image on the Linksys router is a "work" containing the "Program"


2) From the GPL:


"...But when you
distribute the same sections as part of a whole which is a work based
on the Program, the distribution of the whole must be on the terms of
this License, whose permissions for other licensees extend to the
entire whole, and thus to each and every part regardless of who wrote it...."


This is in Section 2, under it, ALL files that make up the Linksys firmware are automatically GPLed because they are "part of a whole"


In summary, if the Linksys firmware was easily taken apart and the individual pieces easily modified, then the entire firmware would not be GPL. But because it isn't, the firmware, and all drivers and such in it, are under GPL.


- Ted Mittelstaedt
- Author, FreeBSD Corporate Networker's Guide



It is a single unified file, it cannot be eas

anonymous2
2003-08-01 04:32:52
autoconf and an itchy trigger finger
since when was it a violation of the GPL to release closed-source kernel modules? ever heard of nvidia? ati? surely any part of the kernel which contained these "routines" (care to share them with us so we have some information to go on?) could be modularized and modified or rewritten.
anonymous2
2003-08-01 05:34:52
All of this shows the danger of GPLed software to programmers and innovators
Brett --


there are also many, many successful companies out there who write GPL'd code, and many sucessful end-users of that code, which is something that cannot be denied. As usual, your remarks are pretty inflammatory, and reveals your lack of insight about the GPL and the companies that use it, and futhers the terrible (and incorrect) stereotype of veteran BSD users' rhetoric.


The common misconception (one that you fall prey to quite a bit) is that companies who write GPL'd code don't place all of their value of their business into just the code...they also hold value (and quite alot of it) in support and consultancy, something that the BSD community does not have in such a large scale. But that's ok, because BSD'd code and its commuities have other good points. Here are the apples, there are the oranges.


There are great things about BSD-licensed code. But there is also great things about companies who use GPL'd code. You're just not seeing them, because you have some blinders on. I would argue that the programmers who work for IBM, RedHat, Suse, etc. feel as though their paycheck is quite friendly.


Like I have said elsewhere, for every "viral" pro-GPL zealout out there, there is an equally zealous veteran pro-BSD person who may or may not be upset that their favorite OS isn't getting quite as much attention as Linux.


My unsolicited advice to you is: don't worry so much about it, and try to realize that the goals and characteristics of both licenses have their good and bad points.

anonymous2
2003-08-18 13:26:58
autoconf and an itchy trigger finger
The point of the GPL is that I could modify the Linux kernel 2.4.5 to suit my needs, recompile it (if I have the proper compiler, that's another story), and still link with the closed-source modules. For instance if I want better IPv6 support with USAGI. Currently I can't. It's a violation of the spirit and letter of the GPL.
anonymous2
2003-09-18 00:11:49
Linksys support
yes, I think linksys support has a big problem. I called for support so many time to solve a problem with my linksys router, and I got no where.
anonymous2
2003-10-28 10:12:14
WET54G
Will it work with Air Port card equipped iBook?
anonymous2
2003-11-27 06:24:06
All of this shows the danger of GPLed software to programmers and innovators
Your initials as well as your views are the same as that of another
B.G.
just a coincidence?