Fire! Fire! Fire!

How to start a flame-war of misinformation on the internet in three easy steps:

1. Reverse engineer the firmware of a Linksys wireless and find that it uses open source, GPL‘ed software.

2. Write an entry on your O’Reily blog claiming that the company is in clear violation of the GPL because you can’t find the source code for the firmware on the company’s website.

3. Suggest a story to Slashdot about this blantant disregard of the GPL.

It’s sorta fun to watch these happen when it’s slow at work. The post hit Slashdot sometime mid morning, and I was interested just because we have a Linksys router/hub at home, and I wondered if I could glean anything about how it works. I won’t go into too many details, since everything is now available on the O’Reily blog, but here are some highlights:

Actually, let me briefly explain the GNU Public License, so you don’t have to sift through the legalese…basically, the GPL protects open source, free software code from being used and modified without re-releasing the source code. A simple example:

I write a brand new web browser, and release it under the GPL. My friend Matt decides he likes the web browser, but thinks it could use some other features. I have to make the source code available, either with the distribution of the software, or from a publically accessible website, or by request, so Matt can just download the source, make his changes, and release his modified version. Here’s the catch. Matt is required by the GPL to release his modified code with his software. This is why the GPL is often called a “viral” license…as long as you’re releasing software using GPL code (no matter how large or small the secion of GPL code is), you have to release the modified source code). Ok, enough of that….

1. Don’t Overreact
Rob Flickenger had noble motivates trying to protect the GNU Public License. But he really jumps the gun. His first stated reason for a violation of the GPL:

By opening the firmware file directly, as well as by making queries through the makeshift ping interface mentioned earlier, we noticed that the zebra running on the WRT54G doesn’t use the standard configuration file locations. This means that it must certainly be a modified binary.

As many, many Slashdot posts pointed out (and as Rob admits in an update to his blog), configuration file locations are generally defined as parameters in a ./configure used to build source code. Has Rob never built a piece of software on a *nix box with make?

2. Jumping the gun, part 2
Again, from Rob’s blog:

And evidently, I’m not the first to notice that these binaries are compiled with a modified GCC (with a signature string of “GCC: (GNU) 3.0 20010422 (prerelease) with bcm4710a0 modifications”). That bcm4710 refers to the Broadcom chipset that this AP is actually made from. If Broadcom is using a modified GCC for their reference design, and are making this available to their developers, aren’t they bound by the GPL to make the source code to those modifications available as well?

There could be a GPL violation here, but it’s not by Linksys. Broadcom, since they are releasing a modified version of the GCC (the Gnu C Compiler), have to release the source code to Linksys, but since Linksys isn’t distributing the GCC with the router, they are not obliged to release that code.

3. Do your homework
If you read his blog update, he’s basically recanted everything he’s said. Linksys provides a GPL source code repository on their site, and Rob downloaded the source for the router in question, and it did, in fact, have modifications made for their router. But, according to the GPL, that’s just fine, since the source was available for public download.

Yeesh. Do your homework. Even without all the Slashdot input, Rob should have at least looked closely at the source that was available before claiming GPL violations. Not only did he publically claim that Linksys was essentially breaking the law, he got the Slashdot community all riled up for no good reason.