Mikrotik source

Discussion:

Mikrotik source

2009-12-08 10:10:09 UTC

Hello.

We're using Mikrotik with RouterOS and we know is true that everything
else is missing.

This is only a little and old part of a lot of GPL software there are
selling without release source code.

http://www.routerboard.com/files/linux-2.4.31.zip

What can we do?

no, not without further information. What makes you think it's running
linux? What router is it? (please give a link to the product page). If
it's running linux, have you asked them for the source code?

Mikrotik OS is fully based on linux. some kernel sources are provided in

the past for the RB532. but everything else
(which is alot) is missing.

Sebastian

Regards,
Alan

Hi every body.
I try to find the source code of RouterOS (Mikrotik) but can't get any
notice about... some body knows?

2009-12-08 09:46:21 UTC

Permalink

Mikrotik OS is fully based on linux. some kernel sources are provided in

the past for the RB532. but everything else
(which is alot) is missing.

Sebastian

Regards,
Alan

Hi every body.
I try to find the source code of RouterOS (Mikrotik) but can't get any
notice about... some body knows?

2009-12-11 13:37:28 UTC

Permalink

I think we can make a version of text that Paolo sent to Unixmedia to
send to Mikrotik.

They are using GNU/Linux and they make changes and they don't providing
to distribute their changes, then it could be judged as a violation of
the GNU General Public License, which requires that source code should
be distributed, it is not possible make their software and market it
without distributing the source code.

But I need some help, my english is not good and I don't know about
legal expressions.

If you want, we're work in text in our wiki:
http://wiki.guifi.net/wiki/index.php/Contact_to_Mikrotik_to_stop_violate_GPL

Thanks.

I do not whether you had the chance to see the link below
http://www.mikrotik.com/pdf/MT_Manual.pdf
This software is provided by the regents and contributors “as is” and

any express or implied warranties, including, but not limited to, the
implied warranties of merchantability and fitness for a particular
purpose are disclaimed. bash, boa, dialog, e2fsprogs, fileutils,
getty_ps, gzip, modutils, mount, net-tools, procps, shellutils,
sysklogd, sysvinit, tar, textutils, updated, util-linux - For the above
GPL licensed programs in accordance with the GPL license, Mikrotikls
offers to organize a copy of the source code or it can be found on most
standard Linux distributions. Write ***@mikrotik.com for more
information. glibc, libstdc++, ncurses, termcap - For the above LGPL
licensed programs in accordance with the LGPL license, Mikrotikls offers
to organize a copy of the source code or it can be found on most
standard Linux distributions. Write ***@mikrotik.com for more
information.

I think this is not to comply with the GPL terms...I do not how you

see that...

Cheers,
Gustavo G. Mármol.
Hello.
We're using Mikrotik with RouterOS and we know is true that everything
else is missing.
This is only a little and old part of a lot of GPL software there are
selling without release source code.
http://www.routerboard.com/files/linux-2.4.31.zip
What can we do?

Mikrotik OS is fully based on linux. some kernel sources are provided in

the past for the RB532. but everything else
(which is alot) is missing.

Sebastian

Regards,
Alan

Hi every body.
I try to find the source code of RouterOS (Mikrotik) but can't get any
notice about... some body knows?

2009-12-15 17:27:48 UTC

Permalink

Post by al
I think we can make a version of text that Paolo sent to Unixmedia to
send to Mikrotik.
They are using GNU/Linux and they make changes and they don't providing
to distribute their changes, then it could be judged as a violation of
the GNU General Public License, which requires that source code should
be distributed, it is not possible make their software and market it
without distributing the source code.
But I need some help, my english is not good and I don't know about
legal expressions.
http://wiki.guifi.net/wiki/index.php/Contact_to_Mikrotik_to_stop_violate_GPL
Thanks.

We made some modifications.

Do you think is ready to send it to Mikrotik?

PD: (sorry for top-post before)

a***@blogmail.cc

2009-12-16 00:27:14 UTC

Permalink

Wow! Thank you very much!

I put it in wiki.

You don't need registration to edit. Maybe problem is that interface
it's only in catalan, sorry. You can edit here:
http://wiki.guifi.net/wiki/index.php?title=Contact_to_Mikrotik_to_stop_violate_GPL&action=edit

I respect all your text but we add text about distribute modifications
over GPL code. Because principal problem we think they make GPL licensed
software modifications without publish it.

If you agree, we are going to send it to Mikrotik in a few days.

Thanks again.

Neil Brown

2009-12-16 00:27:23 UTC

Permalink

Post by a***@blogmail.cc
You don't need registration to edit. Maybe problem is that interface
http://wiki.guifi.net/wiki/index.php?title=Contact_to_Mikrotik_to_stop_violate_GPL&action=edit

My mistake- thanks. I've made my additional modifications (described
below) within the wiki.

Post by a***@blogmail.cc
I respect all your text but we add text about distribute modifications
over GPL code. Because principal problem we think they make GPL licensed
software modifications without publish it.

Modifications made to the text in the wiki - primarily to clarify the
necessity of ensuring that the source code to be distributed / made
available is that which relates to the modified version of the covered
work, if modifications have been made, but also to highlight that the
source code distribution / make available obligation arises irrespective
of whether modifications have been made or not.

Regards

- --

Neil

Bradley M. Kuhn

2014-03-07 19:49:53 UTC

Permalink

Is it your perception that the majority of GPL violations arise from
"wealthy companies", or just that those which are most often brought to
light, or perhaps those which are considered worth pursuing, are by wealthy
companies?

When I line up just about any company next to Conservancy or FSF, they are
*all* wealthy compared to those orgs, so my perspective is admittedly skewed.

But, that said, the violators that give us the most trouble coming into
compliance are usually wealthy corporations who expend more resources on
skirting their responsibilities than on trying to comply.

In my experience, most violators that are small companies tend to be
regretful of their failure to comply and work quickly to come back into
compliance. Thus, they don't typically require long, drawn-out multi-year
efforts (with outside legal counsel involved) to achieve GPL compliance.

By contrast, in my experience, larger, wealthier violators effectively have
"money to burn" on fighting on every single compliance issue and seeing "what
they can get away with".

(There are exceptions to this, of course, the above is a generalization.)

However, what's worse is that these wealthy violators have created a
distributing cottage industry. There are now an entire group of well-known
outside counsel who specialize (in part) in defending wealthy violators that
want to avoid complying with GPL. An anecdote to exemplify that:

A few years ago, at OSCON, one of these lawyers came up to me, shook my hand,
and thanked me for enforcing the GPL because it had been "so good for his
business". I told him that he just made me want to puke, and I meant that
literally: I felt sick to my stomach the rest of that day just thinking about
what he'd said. Frankly and sadly, making a bunch of seedy lawyers rich has
been an unfortunate side-effect of upholding the rights granted by the GPL.

That said, the alternative is to let the violators get away with it, which is
a much worse outcome.

I should finish by saying that there are at least a few wealthy companies
that have a good ethos and have chosen to do the right thing and are
wonderful actors on GPL compliance. I don't want to name names lest I leave
any of them out, but some of their representatives even subscribe to this
mailing list and answer questions. :)

My view on that: it's really unfair to those few companies who spend so much
money on getting compliance right that there are so many competitors who
would rather pay high priced outside counsel than just comply with the
license.

-- bkuhn

Bruce Perens

2014-03-09 02:48:28 UTC

Permalink

Post by Bradley M. Kuhn
But, that said, the violators that give us the most trouble coming into
compliance are usually wealthy corporations who expend more resources on
skirting their responsibilities than on trying to comply.

I don't get connected with these guys. All of my customers have decided
to comply before they bring me on board.

However, when we talk about the attitudes that /lead/ to infringement,
we should be clear that these attitudes in general do not exist in the
management or legal staff of the company.

The folks with the bad attitudes are /inevitably/ engineers.

Often it's just bad training. They never got show how to combine
software with different licensing. They may been granted 4-year
engineering degree without a single class on copyright and patent
issues. The colleges that do this are behind the times if not
deliberately shirking their duty, since it's not possible for any of
their graduates to operate competently in producing a product that
combines the work of others - and that's pretty much every product today
- without this knowledge.

But it's also bad behavior: I have seen engineers at a major company who
deliberately rigged their system to obscure code so that Black Duck
would not flag issues in it, so that they could get their work done
without the bother of having to resolve them. The management who caught
this were entirely aware of the liability problems it would cause.

And it's often denial: At a customer where I have been engaged in a long
remediation effort, there is /still/ an engineer who angrily dismisses
the idea that they were ever infringing anything. Management and legal
are 100% on board with the program that this engineer rejects.

Thanks

Bruce

Joseph Heenan

2014-03-09 14:40:41 UTC

Permalink

Hi Bruce,

Post by Bruce Perens

Whilst I certainly agree that there are a lot of engineers who do not
understand these issues and very much agree that universities fall short
in this area, I'm not convinced the problem is restricted to engineers.

On one project I've worked on, the company I worked for was
subcontracted to build a particular linux device.

The engineers developed the product, and included in the deliverables
given to the customer was a tgz with all the source code necessary for
GPL compliance (which correctly excluded the proprietary application),
along with instructions on how to publish this to comply with the GPL,
what to put in the documentation, why this was necessary, etc.

The management at the customer outright stated they would not be
publishing the source code. Their argument was essentially "we've paid
for this, we don't want our competitors to be able to get it". (It was
explained several different ways that this wasn't optional if they
wanted to use linux etc, but it made no difference.)

Joseph

Bruce Perens

2014-03-09 17:05:36 UTC

Permalink

Perhaps the management of expectations at the start of the deal could have been done better. I can't tell at this distance.

However, if it is an consolation, this sort of company would not be able to pass the infringement audit which is generally required for a merger or acquisition, and if they went public they would be an uncomfortable enough target for bad news that would tank their stock that they would probably have to fix the issue before they went public.

Cisco had terrible bad attitude. They rejected all attempts to help them. Including one from me personally, and I've never been treated so rudely. In the end they paid a lot more than they would have otherwise.

Thanks

Bruce

Post by Joseph Heenan
Hi Bruce,

Post by Bruce Perens

Post by Bradley M. Kuhn
But, that said, the violators that give us the most trouble coming

into

Post by Bruce Perens

Post by Bradley M. Kuhn
compliance are usually wealthy corporations who expend more

resources on

Post by Bruce Perens

Post by Bradley M. Kuhn
skirting their responsibilities than on trying to comply.

I don't get connected with these guys. All of my customers have
decided to comply before they bring me on board.
However, when we talk about the attitudes that /lead/ to

infringement,

Post by Bruce Perens
we should be clear that these attitudes in general do not exist in

the

Post by Bruce Perens
management or legal staff of the company.
The folks with the bad attitudes are /inevitably/ engineers.

Whilst I certainly agree that there are a lot of engineers who do not
understand these issues and very much agree that universities fall short
in this area, I'm not convinced the problem is restricted to engineers.
On one project I've worked on, the company I worked for was
subcontracted to build a particular linux device.
The engineers developed the product, and included in the deliverables
given to the customer was a tgz with all the source code necessary for
GPL compliance (which correctly excluded the proprietary application),
along with instructions on how to publish this to comply with the GPL,
what to put in the documentation, why this was necessary, etc.
The management at the customer outright stated they would not be
publishing the source code. Their argument was essentially "we've paid
for this, we don't want our competitors to be able to get it". (It was
explained several different ways that this wasn't optional if they
wanted to use linux etc, but it made no difference.)
Joseph

--
Sent from my Android phone with K-9 Mail. Please excuse my brevity.

Ralph Corderoy

2014-03-09 17:01:48 UTC

Permalink

Hi Joseph,

Post by Joseph Heenan
On one project I've worked on, the company I worked for was
subcontracted to build a particular linux device.

I wonder if your employer could have put a clause in the contract that
the purchaser must comply with the licences of the supplied software?

Cheers, Ralph.

Joseph Heenan

2014-03-09 18:37:27 UTC

Permalink

Hi Ralph,

Post by Ralph Corderoy
Hi Joseph,

Post by Joseph Heenan
On one project I've worked on, the company I worked for was
subcontracted to build a particular linux device.

I wonder if your employer could have put a clause in the contract that
the purchaser must comply with the licences of the supplied software?

There was certainly a clause that the purchaser was *responsible* for
complying with the licence, and it was clearly stated that linux would
be used (in fact I think the use of linux was a request from the customer.)

It's an interesting thought though. I'm not sure if it would really be
commercially advantageous to do any more, I doubt anyone would see it as
a wise use of corporate funds to go around suing customers, unless the
owners are particularly into enforcing GPL compliance :-)

Joseph

Bruce Perens

2014-03-09 19:48:00 UTC

Permalink

Post by Joseph Heenan
There was certainly a clause that the purchaser was *responsible* for
complying with the licence, and it was clearly stated that linux would
be used (in fact I think the use of linux was a request from the customer.)

And then your employer went on to indemnify the customer, right? Because
they usually insist. But then they behave in a way that puts you at risk.

I always ask for /bilateral /non-disclosure agreements, because the
terms will be balanced if both parties have to abide by them. The
companies always have one on file, so it's no hassle for them. But it's
astonishing how often they go on to violate their own agreements by
publishing things about my involvement in their company that I've not
authorized.

It is true that management generally views the law as a tool to be used
against others. And the managers also don't understand their lawyers
well enough to manage them, so the lawyers end up running the company in
ways that should never be allowed.

Thanks

Bruce

Bruce Perens

2014-03-09 18:45:24 UTC

Permalink

Post by Ralph Corderoy
I wonder if your employer could have put a clause in the contract that
the purchaser must comply with the licences of the supplied software?

I definitely put these in any engineering contract. And "we are not your
legal counsel and your legal counsel is the only one who can give you
legal advice". On copyright engagements I generally report to the
counsel, on engineering issues I usually don't.

As it stands, your employer is potentially a co-defendant in an
infringement case, or has pass-on liability if the customer loses such a
case, and can certainly be subpoenaed and put on the stand (along with
you) to testify about their conduct.

Bradley M. Kuhn

2014-03-10 20:56:59 UTC

Permalink

However, when we talk about the attitudes that lead to infringement, we
should be clear that these attitudes in general do not exist in the
management or legal staff of the company.
The folks with the bad attitudes are inevitably engineers.

I disagree wholeheartedly. In almost every GPL enforcement matter I deal
with, I spent hours and hours begging them to "please just let's put the
engineers on a conference call with us and sort this out". Management and
lawyers refuse in these cases, and instead stonewall our efforts to explain
to them how their engineers really could easily put together a CCS if we
could just explain to them directly what's needed. [0]

As you say, Bruce, by the time a violator brings you in to help with
compliance, they've already decided they want to do the right thing. There's
a whole group of people -- even some you've worked with before -- who have
decided not to comply, and they likely *don't* call you on purpose, because
they guess that you won't help them in their efforts to "refuse to
comply". :)

[0] This thread inspired to me to start taking track of a specific statistic:
How much time, both in my hours spent working on it and wall-clock time,
is it from the moment I finally get to have a call with engineering to
compliance. My hypothesis based on anecdotal memory is that 80% of the
time in enforcement matters is spent begging to talk to engineering, and
20% is spent actually talking to them to get into compliance. I'll
collect data for a few years and let you know if my hypothesis is
confirmed. :)

-- bkuhn

Bradley M. Kuhn

2014-03-10 21:03:10 UTC

Permalink

As always, if anyone has specific evidence of any company that is
failing to comply with GPL -- including a case where a source release
doesn't build -- and you know the software contains Linux, BusyBox, or
Samba -- then please email <***@sfconservancy.org>.

I don't think it's fair to call out specific companies without reporting
such violations.

I'm not aware of anyone "circumventing the GPL" in any specific way as
Luke suggests, but if I were, I'd pursue the matter.

--
-- bkuhn

Neil Brown

2009-12-15 18:30:19 UTC

Permalink

This post might be inappropriate. Click to display it.

Nuno Brito

2014-03-09 15:38:47 UTC

Permalink

However, when we talk about the attitudes that _lead_ to
infringement, we should be clear that these attitudes in general do
not exist in the management or legal staff of the company.
The folks with the bad attitudes are _inevitably_ engineers.

Or project leads working for companies delivering some software to your
company.

They're paid to ensure other folks accept their software without being
picky in regards to compliance.

With kind regards,
Nuno Brito

---
email: ***@triplecheck.de
phone: +49 615 146 03187

Bruce Perens

2014-03-10 19:34:56 UTC

Permalink

This was certainly the case at one time. I know that a number of smaller
engineering or IC manufacturing companies delivered to larger companies
reference platforms for building products without sufficiently
explaining to those companies that there was a source code requirement
to be fulfilled. I had a large contract to clean up after one.

My feeling is that the larger companies are now more aware of the issue.

Thanks

Bruce

Post by Nuno Brito

Or project leads working for companies delivering some software to
your company.
They're paid to ensure other folks accept their software without being
picky in regards to compliance.
With kind regards,
Nuno Brito
---
phone: +49 615 146 03187