LSI's HomeBASE ADSL (my previous action)

Glenn McGrath bug1 at iinet.net.au
Sun Apr 17 06:48:19 CEST 2005


I felt compelled to involve myself in a GPL enforcment issue last year
(which i will describe below), and wanted to document it here incase its
of use to you.

First of, on a personal note, i really appreciate what you guys are
doing, I found dealing with Legal issues, and becoming more aware of the
the ethics of gpl-violators greatly reduced my motivation to continue my
volunteer programming efforts. I think your making a valuable
contriution to the Free software world.

Ive been involved with the busybox project for about 5 years, its used
in most emebedded Linux devices, im sure youve ran into it in some of
your actions, if you ever need help/advice tracking down changes to it
or other assistence related to busybox, feel free to mention it to me.


In August last year i purchased an A-Link Road Runner 64AP (1) its an
ADSL Modem with 4 port hub and wireless AP, i knew at the time of
purchase it used busybox and they had source code available.

I had some technical problems with it (couldnt ftp through it), so i
downloaded the source and started digging. I quickly discovered that
there was missing code.

Bascially, they have extended busybox's multicall binary by linking in
binaries from many sources, without disclosing the code the enabled them
to do it.

Software projects that had all been statically linked into the one
binary include;
boa v0.94.9
busybox v0.60.2
cron v3
ISC dhcp v3.0
pump v0.8.11
freeswan
inetd
inetutils v20010209
iptables v1.2.4
muddleftp v1.3.12.1
ntp v4.1.2
ppp v2.4.2
dropbear v0.33
telnetd
tftp-hpa v0.32
util-linux 2.4.10r
zebra 0.93a

They had not disclosed the changes to these projects that allowed them
all to be linked as a multicall binary (they did it differently to the
way busybox does it)

There was also functionality added to the multicall binary that had no
source at all.

There was a binary only kernel module running on the linux
v2.4.10-ac10-rmk1-lsi kernel (which is probably debatable wether its a
violation)

It was clear to me that they were violating the GPL at least a few
times.


I contacted A-Link and they said "We are only allowed to give you source
under GPL. Other part of code is under NDA with LSI.", which is to say
there was code that either
 - they didnt understand their obligations under the GPL, or
 - they where more worried about a disgruntled supplier than 1 customer.

I pressed them further and they said "All lisensing issues you should
deal directly with LSI, because they are owners of their code." and  "We
have only rights to give source code under GPL and we do not have
rights to give code under NDA."

I assume an NDA cant release A-Link from the obligations under the GPL,
but i came to the conclusion that A-Link wernt really the bad guys, they
had been ambushed by their supplier.


I changed my focus to LSI, looking around their website in found some
marketing for their "HomeBASE ADSL Modem Software" (2), which looked
technically the same as what was on my A-Link RR64AP. I had also
phyically pulled it appart and knew it was using their chip.

I used their online contact form to enquire about the availability of
the HomeBASE ADSL Modem Software, it was forwarded to a local reseller.

The local reseller said "It is my understanding that the ADSL chipset is
a volume product and unless the quantity exceeds 50K per annum you will
not receive data." and that an NDA would have to be signed by both
parties.

I then explained i was trying to follow up a possible GPL violation by
LSI and he said he would forward my query to the releavent person at
LSI.

Six weeks later i had not recieved a response, i contacted the FSF (3)
detailing the infrigment and they said that as FSF was an interested
party (GNU mount had been hacked in to replace busybox busybox) they
could help.

I contacted the Local LSI reseller, explaining that i consider the lack
of a response to indicate willfull infrigment and that i have notified
the FSF and as a concerned party they would assist with enforcement.

Suddenly they decided to give me the time of day... 

LSI responed claiming that my initial mail had been lost due to a fellow
employee leaving the company, which was given some credence when a
friend of a friend drew parallels between working at LSI to the TV show
"Survivor".

LSI also claimed it had always been their intention to abide by the GPL,
and asked if i could notify the FSF when i have all the GPL code.

I did get a new tarball which addressed most of my concerns, it looks
like they may have met their obligations under the GPL, they even
included some build scripts and documentation.

They didnt release the code to the kernel driver for the ADSL chip or
the user space application which controlls it, "The user-space ADSL DMT
driver remains proprietary as it is licensed from a third party."

They expect to be able to use (or create a new) interface at some level
to isolate their code from any GPL'ed code.


I tried to rebuild the image for my ADSL box, but ran into toolchain
problems building the kernel, it need gcc-2.95 based toolchain i think,
i spent a good week or so trying to build it, but in the end gave up.

The ADSL device i bought is no longer being sold.


Overall i found it be a very disheartening experience, looking back i
havent contributed much to busybox since i got involved with the whole
ordeal. Sometimes it seems like the more you try and help, the bigger
the line of people gets who just want to abuse/exploit the situation.

I have considered moving to a non-commercial license for future work to
make it harder for companies such as these to exploit the situation...
not sure though.

It is good to see gpl-violations is taking a strong, visible stance. I
would like to see someone stick the boots in and really make them hurt.


Main point i want to get across with this post is to be careful when
your dealing with LSI, they supply all sorts of third parties, so they
may be behind many more cases.



Thanks

Glenn



1) http://www.a-link.com/RR64AP.htm
2)
http://www.lsilogic.com/products/dsl_platform_solutions/hb_linuxr2_2.html
3) gpl-violations at gnu.org reference #210699




More information about the legal mailing list