People are misunderstanding this and claiming it's not problematic. Ben Torrell (an OBS developer) notes later in the thread that there is indeed GPL code compiled into TikTok's executables; since source is not available and they have not got another license, it is unlicensed and hence illegal.
It is absolutely problematic. Corporations will go to hell and back to make sure their IP rights are respected. The open source community should expect nothing less from them.
My experience in companies using FOSS licensed code is a bit dated, but back then their opinion was more close to "we can do as we want with their code, those are just a bunch of hippies".
I'm sure things have changed in almost two decades, but the sooner TikTok gets a letter from a law firm, the better.
The problem is almost entirely because the hippies don't have money for the law firm or lawsuit. Only by projects joining groups like GNU or The Linux Foundation or Apache do the hippies suddenly have lawyers on tap.
too twitter; didn't read: there's apparently OBS code evident in the decompiled app, and other GPL code as well, and OBS found out independently and are working to resolve it
That's pretty fast for a beta released yesterday. Are the devs actively monitoring and reverse engineering every binary released that related to streaming? Also, where can I get the live studio executable? None of the links I found works, is that public release?
I'm the one on the OBS team who originally found this. I saw a tweet yesterday from someone that's in the beta, and as with any desktop live streaming software (and especially with "Studio" in the name) I was curious if they were using any OBS Studio code or if it was developed all in-house. The download link is available in their JS, you can find the most recent installer link here: https://tron-sg.bytelemon.com/api/sdk/check_update?branch=ma... (note: you probably won't be able to actually use it without being in the beta group)
Without even installing it, opening the setup files showed some immediate red flags, notably the "GameDetour64.dll", "Inject64.exe" and "MediaSDKGetWinDXOffset64.exe" look awfully similar to the way the OBS Studio game capture hooks work with our "graphics-hook64.dll", "inject-helper64.exe" and "get-graphics-offsets64.exe". I don't jump straight in to disassembling everything I come across, but when it's this obvious it begs further investigation, and after some disassembly I was able to confirm that OBS code was present in their binaries.
Reminds me how I caught someone stealing my mod code. Same variable names, and whereas I used spaces for indentation when most used tabs, this guy also coincidently also used spaces in the same areas.
Wow this is amazing, thanks for digging in and doing this work. If this were Reddit, I would give you a gold award, but since this is HN, all I have to give is my 1 upvote.
> and OBS found out independently and are working to resolve it
What has OBS to resolve there? They could send a letter with an offer for a special license for one million dollars. If all open source contributors agree on thqt and have worked out how to share the fee.
I wonder if the GPLv3 violation pulls in TikTok's other software and infrastructure under it. That'd be one for the ages (like OpenWrt was [0]) if FSF manages to reign it in!
No it doesn't that's not how GPL (or any license) works.
What happens is that it's a breach of contract (licenses are contracts) which lead to an termination that contract (1) (license) which grants the usage rights (copyright) for the software.
Which leads a company to (roughly) following choices:
- start complying with the license in time "before" the license gets invalidated
- buy a proprietary license from the license holder
- stop using the software, and pay damages for previous usage/contract violation/copyright infringement(1)
This means you are not ever forced by law to release your software under GPL, but you might be forced by economics to do so, as you might not be able to afford not doing so (or it's just simply cheaper).
(1): The topic how/when the contract becomes invalid and for which terms you can sue is tricky, and depends on the country in question.
EDIT: Also even if GPL would work like that, there is no reason why e.g. their non-OBS boundled apps or infrastructure should be affected.
In option 1, when does the license get invalidated? Is it invalidated in the first place because the offending software broke the license? Or is it invalidated after notification from OBS? Or even later, after some amount of time after notification and non-correction?
If it's violated before notification, then option 1 is not possible, and option 2 is at the discretion of OBS, so option 3 is the only real legal outcome.
But if it's violated after notification, it seems like the optimal strategy for any company using GPL software is to not comply, until they are notified of violation, which apparently is not that common unless you're already a major product.
> There is no provision in the Copyright Act to require distribution of infringing work on altered terms. What copyright plaintiffs are entitled to, under the Act, are damages, injunctions to prevent infringing distribution, and--where appropriate--attorneys' fees. A defendant found to have wrongfully included GPL'd code in its own proprietary work can be mulcted in damages for the distribution that has already occurred, and prevented from distributing its product further. That's a sufficient disincentive to make wrongful use of GPL'd program code. And it is all that the Copyright Act permits.
I thought the latest lawsuit from Software Freedom Conservancy was interesting, they are suing as a third-party beneficiary of the GPL (not as a copyright holder, although they probably could do that too in this case) and seeking specific performance of the GPL violator (Vizio) and of course legal costs, but no damages. The specific performance they want is of course GPL compliance. As part of the case, they are basically saying that the GPL is a contract and the contract says that third-parties can get benefits and so they want those benefits. Frankly this is a brilliant case and if they win the precedent will allow anyone to sue over GPL violation. If any trolls try it, all they get is GPL compliance, so they have no incentive to try it.
> If any trolls try it, all they get is GPL compliance, so they have no incentive to try it.
Not necessarily. The Conservancy chose not to ask for monetary damages, but that doesn't mean their legal theory inherently precludes asking for them; a troll could still do so. Though (IANAL) it seems like it might be hard as a TV buyer to prove that you were damaged in any significant monetary amount.
What would be the basis for those damages? The GPL itself couldn't provide any but I guess if the troll itself got sued by someone else for GPL violations, they could pass on the legal costs from that suit. Maybe the emotional pain of discovering a GPL violation is worth some damages :)
One bases for damage is that if that project would have complied with GPL you would have saved a lot of money by being able to use that instead of rolling your own, in which case the damage would be development time (potentially very specific) + damage due to time delays (vague).
Depending on the situation a 3rd party beneficiary might have a easier time to lay out the damages and the amount of damages then the first party.
Through not sure how far that would work.
But I mean it is a contract, you are a 3rd party beneficiary and the contract is breached. So it might work.
Anyway that still isn't useful for trolls because they don't lose out on anything as they tend to not produce anything.
Oh, I thought it was a variant of "mulch". As in, since these laws were basically written for books and other paper products, have the entire print run shredded.
The problem with answering your questions is that it dependents on the country and my knowledge about this topic isn't deep enough give an answer I would find satisfying.
> But if it's violated after notification
It's violated from the get to go, but it might only get terminated after notification (and a potential grace period) which can have all kinds of stage effects, like a different court being responsible or laws with "less bite" then copyright laws being the relevant laws. There was an interesting case where this happened in France not to long ago (but I forgot the name, it also seem to had other complications).
you are talking about the SSPL license, its not "open source license" like people will want you to believe but it sure is free software license giving more rights to users about where they get software/utility out of software
It really depends on the usage - if serverside components are also using OBS libraries for something then they'd be violating a contract in their server code regardless of the license version.
The use of GPLv2 code is fine for plain internal use.
Only when you distribute the GPLv2-using binaries to third parties comes the license in play: you must provide also the source code to those third parties.
obs should be able to do a cease and assist, right? hopefully more, that’s illegal to steal someone’s code so they must give it back and pay possibly pay retribution’s depending on the judgement
Computer programs are as copyrightable as literary works, and generally are counted as such within the context of copyright (see https://wipolex.wipo.int/en/text/295166). Please point out where it is determined that one has to demonstrate the "creativity" of a literary work before it is protected by copyright laws.
Oh, please. 2+2=4 is not copyrightable. I’d further that any program in a CS101 textbook is equally uncopyrightable. Computer programs are only copyrightable to the degree that they contain creative expression. Purely functional expressions are not copyrightable, regardless of the creative effort to derive them.
"2+2=4" is a computer program as much as "Hello world" is a literary work: you need to use better strawmen.
> I’d further that any program in a CS101 textbook is equally uncopyrightable.
Are you suggesting that the computer program that is the subject of this thread has the same creativity level as "2+2=4" or that of "any program in a CS101 textbook"?
Also, notice that your opinion on whether something is creative enough or not is pretty much irrelevant as far as copyright law is concerned.
> Purely functional expressions are not copyrightable, regardless of the creative effort to derive them.
Ok, so now you only need to demonstrate that the thing we are talking about (and not some other arbitrary hypothetical example) is a "purely functional expression" and not a "creative expression". Good luck with that.
Ok, I’ll put it this way. If every homework submission for a particular CS101 assignment was essentially identical, it’s not creative, it’s functional. That’s what I mean by 2+2=4.
Oracle tried to hang Google with copied code for max(x,y), which returned the greater of two parameters. That’s what you get when every single byte of software is a “literary work” worthy of independent copyright protection. Bullshit.
The issue is when does an expression of creativity manifested in code become uniquely copyrightable?
I mean... I empathize with your feeling. I'm not telling you how I think things should be, but more about how things are, in practice. In practice, algorithms are not copyrighteable, but specific implementations of algorithms are copyrighteable (and, by default, are copyrighted as soon as they are set in some fixed medium).
The issue of whether something is creative enough to warrant authorship rights or any other type of IP rights can be, as you know, murky, and sometimes has to be decided in court. Taking your example, if Google literally copied the code verbatim (rather than re-writing it themselves), then... technically... I guess it is a copyright violation (though not something serious).
The thing is... when you have something trivial that can be efficiently implemented in a very limited (and trivial) set of ways (e.g. 2+2=4, the definition of max(x,y)), it's easy to argue that it is plausible that you didn't copy the code (i.e. that you just independently reimplemented it yourself and it accidentally ended up looking exactly like someone else's implementation). On the other hand, when you have a large codebase, it becomes much harder to argue that (unless you use some obscene levels of obfuscation... and, even then...).
Are you really trying to argue that TikTok didn't just blatantly take large pieces of code from this opensource project? I didn't look into it too hard, but it seems like OBS might have a case here, unless we're assuming that this codebase has the complexity level of "2+2=4" and that TikTok just accidentally it.
Oh, the original topic? I didn’t consider it at all. I was just discussing copyright and how it applies to code. The Oracle/Google dust up was a great example of such ambiguity, and it didn’t help in drawing lines in the future.
As to how it works now? I agree with you.
But listen to the argument you’re making: The otherwise uncopyrightable functional code expression becomes copyrightable if and only if it is copied by another. The exact same expression, still uncopyrightable, is only free to use if independently created and only by those that created the expression, who may then restrict or license the uncopyrightable expression as they wish.
I would argue that everything creative has a functional side and everything functional has a creative side. The question is: where do we draw the line? How creative should something be before it is copyrightable and how functional should it be before it's not?
Currently, precedent is on the side of code being copyrightable.
What if I lift a minor function? What if I study yours and base mine off of it? What if I type it all except for three lines I pasted from yours? The whole idea that a recipe can be owned is fascinating.
Actual recipes, btw, are not considered copyrightable.
People are misunderstanding this and claiming it's not problematic because the tweet in the HN link is idiocy.
They show one URL in one installer script with an obsproject.com domain and conclude, from the presence of that URL alone, that the entire project is a whole cloth copy of OBS.
One of the first tests for infringement is "substantial similarity"(see [1] for example). If you claim copyright infringement on the basis of any small number of characters your case will be tossed by the judge. There isn't a specific number of characters that need to be copied before it becomes "substantial" because the court gets to rule on that based on the context etc.
The realm of what does and doesn't constitute a license violation is complex and, in the end, up to the whims of the legal system. For this particular issue it appears that an actionable amount of the project is in use.
Yes, clearly, the TikTok employee writing that original bog-boring DirectX dependency installer script felt his best choice here was to use the OBS URL as a URL shortener.
Truly this is the strongest possible interpretation of this circumstantial evidence and does not make you look like an idiot (re idiocy) at all. You would rather write this comment than simply navigate to the OBS github and find the copy of this installer script in there.
Why would a company the size of tiktok want to depend on some open source project maintaining a URL? Would they be liable if it instead redirected to malware?
Is made up of smaller teams composed of individuals who may or may not take shortcuts and make good decisions on behalf of their company. If the choice is between "executive said 'hey use this open source in secret'" or "programmer took shortcut," my bet is on the latter.
Possibly. But most likely there was a bug "crashing when DirectX is not installed" and some developer hacked a silent install for DirectX in without thinking too much.
Hopefully this is high profile enough to incur some consequences. GPL is ironclad on paper, but the sad reality is unscrupulous/international companies can and do just copy code directly off github into their products with no repercussions
Unless a major contributor of OBS sues, nothing will come of it. That's unfortunately very rare, the only one doing that with any frequency seems to be Harald Welte (one of the iptables developers) [1]
Here is a copy of my other comment in the thread, which I think is relevant to your post too:
I thought the latest lawsuit from Software Freedom Conservancy was interesting, they are suing as a third-party beneficiary of the GPL (not as a copyright holder, although they probably could do that too in this case) and seeking specific performance of the GPL violator (Vizio) and of course legal costs, but no damages. The specific performance they want is of course GPL compliance. As part of the case, they are basically saying that the GPL is a contract and the contract says that third-parties can get benefits and so they want those benefits. Frankly this is a brilliant case and if they win the precedent will allow anyone to sue over GPL violation. If any trolls try it, all they get is GPL compliance, so they have no incentive to try it.
On what grounds? The FSF has no standing to sue like that. The software freedom conservancy has lawyers who will work on copyleft infringement cases like this but a copyright holder still has to step forward as a plaintiff.
They could just provide legal support without being the plaintiff. They have done so before (or rather the Software Freedom Conservancy (Conservancy)):
>That is how the FSF and Conservancy have always handled compliance. The FSF has done compliance work for the GNU Project for decades, and in all that time, we have only been forced to file a lawsuit once. The suit came about after years of working with the violator trying to correct their compliance. Even in that instance, where the FSF eventually did have to sue, the violator later went on to become a contributor to the GNU Project, and continued other free software activities as well. Conservancy has a similar track record of avoiding lawsuits; they are currently funding Christoph Hellwig's lawsuit against VMware in Germany, which marks the first time Conservancy has ever been involved with a lawsuit regarding Linux, and their FAQ explains the lawsuit came after four years of friendly efforts by many parties asking VMware to follow the GPL's requirements.
>Conservancy maintains this FAQ list regarding Christoph Hellwig's lawsuit against VMware in Germany over alleged GPL violations on Linux as a service to the Free Software community, and in particular, the copyleft community. Conservancy realizes this lawsuit generates many questions and interest from the community. Legal counsel (both Conservancy's own, and Christoph's lawyer, Till Jaeger) correctly advise us to limit our public comments regarding specific details of the case while litigation remains pending in court.
The copyright holders can delegate the ability to sue to others, so FSF could do that if delegated. Software Freedom Conservancy have a similar delegation and copyright aggregation programs for Linux and Debian developers:
No, only the copyright holder. If it were an FSF program where they owned the copyright then they would (this is one of the reasons the FSF requires copyright assignment).
If the above poster never replies, I would assume that they're referring to (from a quick google) the fact that the EFF opposes laws that would put liabilities for blockchain software on the software author[1], and provides other similar defenses, similar to how the ACLU occasionally defends the free speech of white supremacists[2], to ensure equal protection under the law and avoid setting a bad legal precedent.
There is a "data minig" exception from copyright law, saying that you can use any available code to feed your AI and don't have respect the license. And the output of your AI is yours. So TikTok could claim they either use Copilot, which was fed OBS source, or that they created their own private AI similar to Copilot. Microsoft showed the way.
It hasn't been tested at court AFAIK, but if a company can use this defense to protect their profits, for sure they will try.
Can you point it out to me? I’ve looked, but haven’t been able to find it. I imagine it’d be somewhere on this page, in section 107 or later [0], but I haven’t actually found a clause which looks like it either has the intent or side-effect of making “data minig” exempt from having to obey copyright requirements.
In the UK there is a data mining exemption to copyright for non-commercial research if you otherwise have "lawful access" to the work [1] but it clearly wouldn't cover something like copilot and just allows you to build the model. It doesn't give you a copyright exemption if the outputs of the model would otherwise be infringing on the copyright of the input material.[2]
This is about EU and UK, but think about it, Microsoft Copilot is already doing it, and so far it seems like they will get away with it. So if feeding an open source code into AI and then using the output in a proprietary application is illegal in the US, then Copilot must be illegal. According to wikipedia in the US it falls under fair use because it is "transformative" https://en.wikipedia.org/wiki/Data_mining#Situation_in_the_U... however Copilot has been seen producing verbatim blocks of code matching some open source projects and so far no legal problems. Why couldn't TikTok claim the same?
Rebutting the argument doesn't rely on tech knowledge.
“But, your honour, I didn't copy this person's book! I used the autocomplete on my phone, and it just so happened to produce their 500 000 word novel!”
You need tech knowledge to think that's even plausible. Sure, they wouldn't dismiss it out of hand (I think “laughed out of court” is a figure of speech), but I wouldn't be surprised if it got a few giggles.
The OBS project has accused StreamLabs of copying their name and stealing their trademark (By naming their software StreamLabs OBS). I'm not sure about any source code thievery.
If nobody asked for the source and was denied, they were not yet in violation. They aren't required to actually post it online. They can simply send it to someone when asked.
“On display? I eventually had to go down to the cellar to find them.”
“That’s the display department.”
“With a flashlight.”
“Ah, well, the lights had probably gone.”
“So had the stairs.”
“But look, you found the notice, didn’t you?”
“Yes,” said Arthur, “yes I did. It was on display in the bottom of a locked filing cabinet stuck in a disused lavatory with a sign on the door saying ‘Beware of the Leopard.”
In almost all cases, TikTok's offering would be considered a derived work because you cannot swap out the OBS part for another and still have it work. So they are likely in full violation unless they agree to open source all their code.
Seems like a pretty open and shut case to be honest - that is, if they intend to pursue legal action and the powers that be rule appropriately.
Like others have said though, any derivative works of OBS must also contain the same GPL License. It was pointed out in that thread that Reddit also forked OBS for their live steaming but they didn't get into hot water because they followed the rules and open sourced their software like the License required them to.
Courts care about "equity" (restoring fairness). So the scope of the breach determines what is a fair remedy to make the plaintiff whole. A breach in a beta release (with lower circulation) would seem to be lower impact than a breach in a production release in that context.
Are you saying this based on actual knowledge of how this stuff works? I ask, because the person you're responding to definitely is (and also I like to keep track of who the lawyers are on HN.)
I'm definitely not a lawyer, but many things in law (especially around copyright) are based on "damage done".
Like if you distribute one illegal copy (1) you will get a very different penalty then if you distributed 1 Million illegal copies.
In case of TickTok it being in beta does indeed not matter but what matters is that it being in beta entailed it being used by a limited amount of users for a rather short time (in this case).
(1): It should be noted here that I heard of cases where copyright lawyers liked to argue that one copy was further distributed an lead to many many more copies, and in turn damage done. I have no idea how far this is the case in practice and how far this is legally successful. Either way in this case the infringing product seems to be rather tightly bound to a non-infringing service, including some license key/beta key mechanism. So it shouldn't matter in this case, I guess.
Yes, but court cares about damages done, number of infringing copies and duration of infringement, which in case of a newly started closed(?) beta are not much.
I'm out of my depth here, but what makes you say they can't swap out the OBS part for something else? Do you mean they can't swap it without modifying the rest of the code, or can't swap it at all?
If they swap it out, they have to build code which does exactly the same/ has the same interface. It can still be considered a "derived" work. I'm not a lawyer but that was what op meant.
I don't think the API part matters as much. What matters most is that they'd have to rebuild OBS capabilities from scratch and prove there is a clean separation. Otherwise, it's a derived work because separating them makes the TikTok offering useless / not functional.
No. I've read the license text though, and I've read countless articles on the GPL. You are welcome to research it yourself to confirm this if you'd like.
But you heard of google vs oracle, right? The curt didn't answer the question if reimplementing the api was copyright infringement.... It only ruled it's fair use (under the assumption it was copyright infringement).
To hell with this open source stuff then, the STUPID idea that these interfaces are copyrightable is total garbage.
That said, we should be able so sue open source developers - a fair bit of open source is reverse engineering interfaces (drivers, ACAPI, power management and more). If this violates the copyright of the underlying proprietary firmware - bring on the lawsuits!
The actual Studio app is in beta and is only available to a select group of testers. If you're on the list, you can grab the installer from https://tiktok.com/Studio/Download.
Yup. The best thing we can all do is shine a light on it. I'm a lawyer and one thing that's important to remember in all of this is the interconnectedness of things, and being strategic about how to proceed is important. Shine the light everywhere.
As in, one thing to consider is that some proponents of Free Software do not actually want certain types of high-profile public cases on the GPL even when they law appears to be very much on their side, mostly because it could be really bad if a judge gets it wrong and sets something stupid as precedent.
I'd say there's not "enough," and in a sense, precedent is never binary, like "yes or no?" The law having distinctions and extensions and so on. US will probably find EU law persuasive but not binding.
So broadly, I think at least part of the strategy is "don't wake the beast." You really don't want e.g. "Microsoft v. Tiny GPL guy" as a big case because the law is far from perfect and there would be a lot of potential incentive/influence in MS's favor. (True, you'd get lots of Amicus action from Mozilla et al, but that would probably not be enough)
I think it's useful for developers to have a rough mental model of how open source licensing works, as it's not that complicated yet affects what you can legally do, both as a user of open source software as well as as a contributor.
Coincidentally I recently did a Twitter thread on it, in case anyone's interested. I know not everyone like the medium, but at least it's also posted on Mastodon, so there's that: https://fosstodon.org/@VincentTunru/107382356640669971
American economy with the likes of youtube and facebook are built on copying and stealing copyrighted video and audio. That's literally how youtube captured all the users: become the go-to place for anyone to upload videos, also spreading copies of music videos.
Facebook captures a lot of video viewers by not controlling video sources either in a similar way.
Sure there are. There was a huge uproar on Facebook on how if you shared a video Facebook itself would show it from Facebook, not link the original source. That is 100% intentionally and deliberately. American companies are absolutely no better. If anything they are worse.
> Sure there are. There was a huge uproar on Facebook on how if you shared a video Facebook itself would show it from Facebook, not link the original source.
I find the notion that ideas can be owned to be anti-humanist. We finally invent something that costs nothing to share or copy, and we immediately invent reasons why we can't.
Imaginary property was invented by and for lawyers.
This notion that creators are motivated exclusively for monetary reward is absurd. But forgivable. Just because the corporate variant of creators tend to best proliferate does not mean that they best innovate.
I'm more talking about big budget projects that require large and expensive teams, rather than indie projects or music. Say, The Lord of the Rings or the Pfizer vaccine. Achievements of this scale can't be done by small groups of the intrinsically motivated. Without some IP protection, private capital wouldn't pursue these projects.
You may think that sacrificing these things is worth it, but at least be up front about that trade off when making the argument.
You must mean publicly funded, which I don't dispute.
> the economy would be a multiple of its current size
Why? I haven't heard reasoning presented in this thread as to why the negative consequence of removing incentive for private capital to invest in research doesn't outweigh the positive consequence of fostering an IP commons that can be leveraged by everyone. Maybe you can lay out the case for that.
Isn't it the best to have a middle ground where the worst parts of IP protection (e.g patent duration and insulin prices) are tamed, and the beneficial parts are kept (e.g. not letting people take wholesale another company's codebase, and allowing private ownership of movie rights for at least 5-10 years)?
I mean open source pushes things forward but lack of IP? I don't think so. Linux is a great example of how open source brings great things, it's also a great example of how IP has helped open source.
Not strictly enforcing license terms only deteriorates the standing of the license. A tweet or blog post is fine, but unless someone is willing to take TikTok to court over this the takeaway is clear - violate GPL if you want and nothing will come out of it.
The principles the FSF and Software Freedom Conservancy use when doing copyleft compliance actions encourage making legal action a last resort for when they refuse to comply. Legal action is a costly and time consuming process, so it makes sense to avoid it where possible.
Legal action is a last resort. Compliance actions are primarily education and assistance processes to aid those who are not following the license. Most GPL violations occur by mistake, without ill will. Copyleft enforcement should assist these distributors to become helpful participants in the free software projects on which they rely. Occasionally, violations are intentional or the result of severe negligence, and there is no duty to be empathetic in those cases. Even then, a lawsuit is a last resort; mutually agreed terms that fix (or at least cease) further distribution and address damage already done are much better than a battle in court.
This is exactly how licenses work. If there isn’t some entity willing to take people to court for instances in which the license is violated, it will have no teeth and people will steal and use licensed code with glee.
The commitment[1] appears to say, in summary, "you can violate the license anytime, and as long as you stop violating soon after we tell you to, there can be no financial penalties".
That makes the GPL substantially weaker, since now a company can use GPL code in any place they think nobody will look. They will never be on the hook for court ordered damages going back years for unlicensed use.
> That makes the GPL substantially weaker, since now a company can use GPL code in any place they think nobody will look. They will never be on the hook for court ordered damages going back years for unlicensed use.
In OBS' case, maybe. But OBS' developers' generosity doesn't automatically translate to other developers, and even in proprietary cases, there have been cases of a exact-copy contract that have gone significantly different ways.
I'm not a fan of the GPLv3 limiting the available response to copyright violations. Time limits in particular. It's one of the less clear parts of the license IMHO, and it affects the primary means of enforcement.
Fortunately a lot of GPLv3 code is actually 3+ so maybe if a version 4 ever comes along this nonsensical restriction on enforcement will be more limited. I do understand the reasons around accidental misuse, but I haven't really seen anyone getting into big trouble from accidental misuse. I have seen these high profile cases of deliberate misuse by big corporations.
I am very much in favor of laws that offer leniency for procedural violations. For example, I believe "You built this building before you got a permit to build it" shouldn't be a crime - there should only be a punishment if I cannot retrospectively get a permit in a reasonable timeframe.
This is a common misconception. I don't know about US law but in English law (including contract law) there is a well defined distinction between "wilful" and "non-wilful" misconduct that rests upon whether a violation is intentional. Definitionally violating a contract or clause that you are ignorant of cannot be intentional. I know in the US the same concept of wilfulness is used in the context of tax law at the very least.
tldr; in law ignorance is a defence, or at least a mitigating circumstance.
I worked at a medium size software company in New York and our team lead would always say "Why make what you can take?" when referring to finding open source code and running with it, regardless of licensing or anything.
People expecting OBS to get millions from this are naïve. Almost certainly TikTok will change the software to just use OBS independently to avoid the issue.
If OBS wants money they should use a dual license.
The reasons people want high damages are to discourage future GPL violations as retribution for the high damages proprietary software companies often demand where their copyrights are violated.
>> People expecting OBS to get millions from this are naïve.
IANAL but copyright violation has already happened. Due to our insane lobbyists the penalties for that are something like $150K per copy. If/when some copyright holder wants to make an example and get rich instead of settling for compliance, they should be quite able to do so. I would love to see a big evil company smacked down like that.
>> If OBS wants money they should use a dual license.
Are they technically obligated to provide the source code online, or could they just say: "Well it's available on request, and no one has done so"? The just mail out a USB stick or DVD to anyone who asks?
GPLv2 requires you to either distribute the source with the binaries, or provide the recipient information on how to obtain the source code. It also states that providing a link to the source code next to the binary download on your website is sufficient. See GPLv2 section 3 for more details.
TikTok have not provided a link to its source code, not are there instructions on their site or within the download package indicating where users can obtain the source code. Therefore, it's a violation.
The binaries must be accompanied with an offer of the source code. There is no mention of source code anywhere during the download, install or execution of TikTok Studio, nor any offer inside the application folder or similar.
It is not within the limits of GPLv2.
If you go the "written offer" route, you have to actually make the offer, and it must be valid to anyone for 3 years.
Sure but then couldn't whoever receives the USB or DVD post the source code someplace more convenient? I'm not sure what that "workaround" would accomplish.
It's much worse for them actually. They're obliged to offer this for no more than the cost, unlike a typical "cost plus" basis on which they could profit even minimally - and yet they're also obliged to fulfill all orders from anybody. The offer isn't valid only for whoever you gave binaries to, it's an offer to any third party that's what the requirement says.
In the CD era, it might have made sense to go with written offer if the source is far larger than the binary you ship (e.g you ship a 500MB game on CD, but the source would be 1400MB so that's like 3 CDs, ugh) and you're happy to periodically pay the office intern to burn some source CDs and post them off for the inquisitive customer who asked for them.
In the Internet era it definitely doesn't make sense. Just pop a link to the source next to the binaries and don't sweat it.
Unless, of course, you have no intention of complying anyway.
It's designed to discourage people from exercising their GPL rights. If they push code every day and the only way to get the most updated code is to pay for a CD to be mailed to you, it becomes quite tiring to keep an up to date online copy.
This is totally wrong.
It must be an explicit offer for source.
"
3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following:
...
b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or,
"
Note accompany it.
The only exception is this:
"If distribution of executable or object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution of the source code, even though third parties are not compelled to copy the source along with the object code.
"
The offer yes, but the code does not need to be that easy to publicly access. Of course once the first person to request the source via that offer gets it (assuming they come good in that respect) it might be made more easily available.
Remember that what you're legally entitled to is statutory damages ($50k per act of infringement or $150k for wilful infringement) plus whatever actual damages you can prove (probably 0 for a hobbyist).
You can negotiate whatever alternative settlement you like, which might mean e.g. regular audits of their code at their expense (the BSA does this kind of thing for a lot of commercial software). But they always have the option of just ponying up that $50k/copy, so you can't be too onerous.
Maybe; that's the argument that the MPAA etc. used to threaten people with, but I'm not aware of any court having ruled definitively one way or another.
I'm thinking of infringers in China, for example. You wont win any damages from them, but if the GPL says that by using it, you agree to also release you own code under GPL, then at least everyone could start copying China's code. And if they complain, just point to the GPL code they used and say "you agreed to this by using the GPL code in the first place".
That's not how the law works; you have certain rights, but you don't get to make up your own unilateral contract that says what you can do to someone infringing your rights, just like you can't e.g. steal someone's goat because they stole your cow (or vice versa).
That only works if they "agreed" to the license in the first place. Without a license, it's just copyright infringement which is controlled by statute. There is no shrink wrap license on source code.
apparently OBS devs don't want to share direct evidence yet and resolve it privately probably due to their GPL Cooperation Commitment. while I'm sure we all appreciate that, it would be nice to see the decompiled binaries and the exact violations, just so we can explicitly point them out and argue.
I find it VERY easy to believe that Tiktok are indeed in violation, but right now all we have are statements and a 302 redirect to Microsoft Directx download page.
Is it clear whether it's a "fork" (i.e. the entirety or a significant portion of the code is used in the derivative work), or whether they just found some utility snippet in an open source project and forgot to wash it?
That Chinese corporations traditionally don’t care much for IP law. I doubt that there would be any way to even target their operation in western countries.
If this is just a snippet copied then I assume the settlement will
be “oops, the beta contained a class with code but we removed it” (I.e anonymized the code).
If it’s more substantial use of the OBS code then I guess it could be more involved. My money is on that there won’t even be a legal process.
I find it amusing that there are (at the moment) 8 comments that label this "stealing", as does the submitted Tweet, with no one objecting to that terminology.
Whenever such usage comes up when movie or music piracy is discussed any such usage is quickly objected to.
Anyone want to have a go at trying to distinguish the two?
Its entirely possibly the devs responsible for this hadn't even heard of the GPL or hadn't even read the license or just did it and didn't care about the consequences for their employer.
It's perfectly legal/ethical, but it would not be open source at that point. Same as licenses that prevent companies from running the licensed product as a cloud service, even if the source is freely available to view or use in a private capacity.
You can of course create such a license, but it would not be an open source license, more like a shared source license or ethical license or something else.
I've always wondered if these license are legally enforceable. What if TikTok ignores the criticism and does nothing. Do the developers sue the company and will they get any money?
Enforcement of the GPL was done way back in 2003 against Linksys and resulted in the OpenWRT project. In Europe the GPL Violations project brought a lot of other cases. So there is plenty of precedent. The principles the FSF and Software Freedom Conservancy use when doing enforcement actions emphasise using legal action as a last resort and not prioritising financial gain (they usually just ask for legal costs and costs for verifying the violation).
They could try to get money but they could also try to get a cease and desist order to compel them to stop if they don’t even post suit. Not sure if that means violating is criminal or anything but means you’re ignoring a court order which is a big no-no legally.
I'd like to see HN shy away from posting twitter threads as news. There's almost always a hard link to the source material, and twitter threads are filled with emotional, truncated, nuance-lacking, trite clips that more often than not do little to promote healthy discussion of a topic. The goal of quality here really is noble.
> Please don't complain about tangential annoyances—things like article or website formats, name collisions, or back-button breakage. They're too common to be interesting.
I think the complaint is more about twitter being an unreliable trash news source akin to the daily mirror, rather than pedestrian complaints of how the format is annoying
The obvious difference is that it's impossible to explain any complex or in depth information using 280 characters or less. Trying to follow a thread of tweets (without using a 3rd party site) is painful. Heck, this throwaway response barely fits.
Yea, Twitter has vastly improved its UX here over the years. Thread unrolling isn't really necessary any more.
Twitter is actually an incredible feed if you meticulously scope your feed or lists to industry folks, people doing advocacy for various marginalized groups, and individual journalists (not their news outlets, whose editors add the clickbait). If you do this, Twitter becomes a place where people proudly try to summarize their own intensive research and journalism into 280 characters, and thus present varied insights at extremely high density. Every tweet tends to link the long-form work itself, as well as a thread, by them, that is essentially an abstract for their long-form work. And professionals who want to post off-brand content will often times open up a second account for trivialities, which you can choose not to follow.
To put it another way: If you wanted to capture the zeitgeist of, say, a machine learning conference, and made a user interface to let people summarize their work, speak excitedly about it, be able to present multiple levels of depth (single-sentence, abstract, images, full paper), and throw in the occasional meme whose comment section is actually an insightful take on challenges people are facing... odds are your interface would look very similar to Twitter as it currently exists. The difference, as always, is the content.
If only it were that easy. Twitter displays a complex mix of follow up tweets and replies from other people, so the follow up can be burried and hard to find. It also may require clicking to load more tweets and there is little indication when there is important information in the replies. There is no way to know if scrolling through the replies will be a worthwhile use of time, or just have useless twitter noise.
This very comment thread is evidence of this. Look at all the people who didn't know that there were infringing binaries, because that is only mentioned in a reply by an obs dev in another tweet.
Hacker News has a "post the original source" rule. In this case, Twitter is the original source.
One of my most recent grievances is with HN is the ranking penalty of Twitter submissions as that has been the primary source of news lately, for better or for worse.
The image you’re talking about in the tweet is of a Discord message — this tweet is presumably the most original source that’s linkable as a normal page on the web.
But the news isn’t that somebody on Twitter found this license issue, the news is that there’s a license issue. A tweet could be a good tip for a journalist to do journalistic things like finding out if its true and writing up some context of how this has happened before and what GPL is, that way the story can be understood by a wider audience.
Twitter is popular for people obsessed with hearing the latest rumor, but if TikTok is an illegal fork of OBS, I’d rather hear a few days later the well researched details - or if its a nothingburger overreaction, then I’d rather not hear about it at all.
>There's almost always a hard link to the source material...
Do you have a hard link to the source material in this instance? As far as I can tell[1], there isn't an article about this yet; the only results at the time of this comment are about how TikTok will be allowing "OBS-like streaming" soon.
In lieu of an actual article or blog post about this, what would you suggest people link to if not a Twitter thread? Should an issue not be discussed whatsoever if it's only on Twitter?
> There's almost always a hard link to the source material
I don't think that's true. Twitter threads, like it or not, are the medium for a great deal of original insight, public conversation, and ongoing developments.
It's concerning how many self-labelled software engineers on Twitter are chipping in with comments like "it's open source so it's fair game" or "they just need to add attribution".
It's reminiscent of people adding "no copyright intended" (sic) when posting other people's music online. It seems like intuitions about copyright have been shifting, even if the law hasn't.
> It seems like intuitions about copyright have been shifting, even if the law hasn't.
I think people actually know it's wrong and legally questionable.
I believe they do it because they simply want to do it and in the back of their minds, hope adding some bogus disclaimer will let them get away with it... because other people seem to be getting away with it.
I think people think it's legally wrong but not morally wrong, and so they add a bogus disclaimer hoping that they can get away with it because other people have.
At the least, the internet eventually realized that "you must delete your video game ROMs within 24 hours of obtaining them" is not a valid legal stance.
Anyone remember that disclaimer some pirate websites used to have where they said something starting with something like “On October 28, 1998, President Clinton signed into law the Digital Millennium Copyright Act”, and the disclaimer went on to mention some DMCA exceptions like learning and teaching or something? Always gave me a chuckle. As if saying that the DMCA does not apply for you is enough to make it actually so.
How do you think companies end up violating GPL. Maybe sometimes it's a heartless executive, but a lot of enterprise software devs are completely unconcerned with licenses. If they can get their hands on it, the license doesn't matter.
I had a senior dev at a past job who did this constantly. And when it was found out how much he actually stole, our entire team was laid off and replaced by the company that did the audit.
He just refused to believe that software licenses were real. That and I dont think he could actually code anything from scratch without stealing large swaths of code from open source repositories.
Organizationally he was given free reign to do whatever he wanted, and that lead to the entire teams downfall. He canceled code reviews... for himself. Well, he actually stated, all code reviews go through him, thus he "code reviewed" his own code. I remember he was once a few weeks late on delivering a basic landing page, and when it finally got to QA at 9pm on a Friday, our entire team was forced to work the weekend and QA gave me a TFS export of more than 200 defects I had to fix because he was unreachable. Needless to say, our entire team was upset we all got laid off, but also relieved because we all ended up in better jobs. At least everyone I've talked to, which is everyone but him, as he has never responded to a single text message or email since he quit after the layoff (he refused severance, and just walked out), all his socials went off line, and any record of his name has disappeared from the internet. I'm fairly certain he was a conman, but I have no way of finding out.
That takes some skill. I was almost duped like that by someone we nearly hired for a sales position, which is much easier to fake for a few months, especially working remote.
His resumé seemed to back up his claim. Not sure if it was real, though. HR called every one of my past employers and my references, so I figured they would have followed up on his, too.
Yes, I know the type - I have met a few of "senior" devs that were anything but. I can imagine their past employer didn't even know their true worth, or lack of. Sorry you had that experience.
In all the enterprise companies I worked for we are drilled with required learning and assessments which often include training on software licenses. The aim of these training is devs to keep an eye for license and defer to someone higher up if in doubt. These processes are manual and catch only so much.
In companies with mature software processes there is always tooling that will block a release if it finds unacceptable license. To me it looks like TikTok hasn't properly invested in tooling and this somehow slipped.
Enterprises of even modest size take it very seriously. They’ll be juicy targets to go after.
It’s everything between startups to midsize companies where this is not clearly defined. Just ask the VCs who do due diligence. Almost everyone of them will audit your licenses before they invest. One of the things they ask for is the list of libraries you use and their licenses.
As a open-source-license expert dev, in the past I've been able to offer a lot of value to my employer by assembling that list in such a way that the buyer could have high confidence in our audit of dependencies.
This doesn't protect anybody against illegal copy-pasta by ignorant/irresponsible devs, though.
We couldn't ship software until we cleared every bit of code flagged by a tool that scanned our code for open source. Most of the hits were for projects with a safe license and there were many false positives but all in all it was a great step in our static code analysis. I find it astonishing that a company of any size would skip this step.
I think a lot of software engineers nowadays write server software, where they can often be somewhat allowed to be unconcerned with licenses [1], since the actual binary produced from the code lives on the server, and is typically not distributed outside the company.
As a result of this, I think there's this mass misunderstanding of how licenses work in the software engineering field.
[1] With the exception of AGPL if I understand correctly.
A lot of companies do not hire software engineers to implement the system; instead, they contract it to third party (tech service companies such as Cognizant). I think some sort of auditing is done at the delivery, if they concern about the license. But in the context of Java web app, the enterprise software is usually built on dependencies under APA, so it should be of less concern
It might not be like this everywhere, but in the US all software engineers are self-labelled. It's not like medical doctor (MD) or professional engineer (PE) where the title actually implies some license to practice.
This does not deserve to be downvoted. A degree is secondary to actual talent. Too many students in my graduating class were undeserving of their degree, and plenty of folks can do the job without it.
yeah, that's fine. You should call yourself a software developer (or, as I call myself, a software plumber). An software engineer, minimally IMO, is someone who can 1) produce a software BOM, and 2) can craft an SLA. I can maybe do 1, and can't do 2. So, I don't call myself a software engineer.
The degree is part of the training of an engineer, not the professional designation itself. The challenge with our current understanding of the title software engineer is that practitioners are not held to the same standards and responsibilities as other engineering fields. It doesn't have anything to do with talent.
You can only be held to some standards if there exist a common set of standards that the entire industry can agree on. This is impossible for software.
Once you are an MD unless you challenge powerful forces in your association or hospital you are free to practice bad medicine as long as you can stay within some reasonable guidelines around billing and when to order tests. This gets exposed with surgery but is a lot easier with a GI doctor.
They both mean something. You have to dive in to get the real scope regardless. If you just need a title for your commerical MD would carry more weight around diet products and a developer around a new software offering.
It surely does, e.g. in Portugal you can't even name a Software Engineering degree without approval from the Order.
You are not required to do the exam, provided there is no civil liability or signing projects as the legally responsible Software/Informatics Engineering.
Especially without the accountability. Call yourself a software engineer? Did your code break? Is it vulnerable to exploits? What was the damage? Did you ship it knowing it was not fit for public usage?
Congratulations! you're no longer allowed to program for a living and the state is suing you and your employer for damages.
I think part of the problem is that compared to more traditional forms of engineering, software engineering is still really young and not as rigorous. Right now, _nobody_ can write code without any bugs it in whatsoever. If we banned people who wrote buggy code, pretty soon we'd have no software engineers left. Regardless of whether you think that's a good idea, it seems pretty clear that at the very least there is a lot of demand for programmers, so it's unlikely the industry would get behind limiting that further in such a drastic way.
That's not the standard for any kind of engineering. Professional Engineers make errors all the time. But they also design systems with fail safes, redundancies, safety factors, etc... You design systems with the expectation that failures will happen. Users will do stupid things. Highly improbably sequences will probably happen.
Not all code needs to be designed so carefully. Nobody cares if Hacker News is offline for a few hours. But the software systems in self driving cars or running an MRI machine probably should be designed by licensed professionals who can stand up to their bosses and say "this can't ship until these improvements are made" because if it does ship, they can be personally sued for malpractice and lose their license.
> In Europe being an engineer has civil accountability on issues. You can be fined really high if you hire a self-called engineer without a proper degree.
One more case of mistakenly presenting 'Europe' as an homogenous entity, whereas it depends on countries like anywhere else.
In France anyone can claim an engineer position, it is not licensed. You just cannot tell you hold an engineer degree if you haven't one; and that's pretty theoretical, because basically nobody uses the proper formal title (unlike for example in Germany where they always use the words Dipl. Ing.), so you can always fall back on claiming you are talking about the position and not the degree title.
It has been many years since After The Gold Rush was published and we are no closer today than we were then. At some point software engineering will be a real profession but I doubt anyone will take action before some huge catastrophe pushes the issue.
I don't like the idea of gatekeeping, it's hard enough to hire people.
In the US we don't really have licensing for engineers (there is PE, but it's not anything close to ubiquitous). I think it's one of the best parts of our engineering/tech culture.
You're an engineer based on the skills you employ to solve the problems you do, not because some body of people gave you a slip of paper that says you can employ those skills to solve those problems.
Gatekeeping in the software industry is a surefire way to slow down innovation. Software would stop eating the world, or only take a bite every couple of decades.
In the US, PE has made it so the word “engineer” is legally protected, like “doctor”. No one enforces it for software, so I wonder if it’s even enforceable anymore. But the law is there.
In some fields of engineering PE is pretty nonexistent. Some people come from other degrees (like math, physics) and call themselves engineer without difficulty. But engineering fields require a much more narrow and deep set of skills. generally the key classes to learn those skills come at the end of three or four years of prerequisite classes, so it's a pretty high barrier to starting without doing the degree.
In programming you can learn your way to advanced skills while getting paid. Once you know roughly one class worth of basics there's valuable contributions you can make, at least if you are decent at figuring things out on a computer.
Hate using this preface, but, unpopular opinion follows: The issue in the US is that the word engineer has been in common use to describe technical workers for a very long time. I've had friends who were:
* Engineers (and operated trains)
* Manufacturing Engineers (who were really equipment techs)
* Sanitary Engineers (who were really trash truck drivers)
* UX Engineers (who were really web designers)
* Software engineers (programmers)
* Data Engineers (kind of dba-ish, maybe)
* Culinary Engineer (restaurant kitchen designer)
Genericide has occurred. The boat sailed.
When the real estate industry wanted a word for "licensed seller of property" they had to make up a new word "Realtor" and protect that with a certification mark. The engineering industry really needs to do the same thing instead of harrassing the garbage truck driver, computer programmers and the guy who fixes the conveyor belt.
I think you are right and it's too bad. There are some fields that should have it.
For example, the software for self-driving cars should be signed off by a licensed engineer before it is allowed to go live. Many mechanical and electrical parts of the car have been designed by licensed professionals, why not the software?
One can verify and sign off on computations that approximate the physics or chemistry that will occur in a structure or machine, as a well established chain of procedures exist to go from crude formulaic approximations to micro or, if necessary, nano-scale simulations of electrical, mechanical, and chemical processes, and we know what to look for.
I don't think the same is true for software "engineering," as it seems that all possible forms of process can be subverted and cargo-culted, from agile methods down to code checking. Certainly there is room to remedy some shortcomings, but SWE definitely is the engineering discipline least based in physical fact.
The physics behind simulating the buckling of a structure is always the same, we can just choose more or less crude approximations of it, but SWE in general seems a lot more diverse. I can implement that simulation in assembly or some scripting language, and attach various bits and pieces to it to manage users and data; deploy it across the cloud if need be. But, there isn't a singular, time-invariant optimal path to achieving that, and what is true today may not be true tomorrow. One can work off basic principles, like the Agile Manifesto, but how can you quantify or even certify this shifting landscape?
Having studied both mechanical and software engineering at uni, I feel that you _can_ make the parallel between the two. It's just that in mechanical engineering we've converged a lot more over time. Out of convention and need for accountability much more than necessity. For example, for mechanical calculations we have converged on using mostly the same algebraic notation (never mind having minor differences here and there, such as in vector notation). Having an obscene amount of different notations, some so different that they are for the most part unintelligible to half the engineers out there, that would be unthinkable in ME, but is the norm in SE.
The _physics_ of a buckling structure may be always the same. But already the modelling techniques are far from obvious consensus: Do you do it analytically? Do you use FEM? BEM? Then there are a bunch of simulation techniques, i.e. for numerical integration, which you could use, much like you could use functional or imperative programming or OOP or whatever else.
So if we were to behave more like the _software_ branch of the engineering discipline in general, then we'd have a _much_ tighter space of languages that would be at all acceptable for any work deemed critical, like medical, administrative or aeronautical software.
I agree you can make software rigorous like in ME. The part which is hard is that debugging or proving properties about a program is much more difficult than writing the program. These costs are currently hard to amortize over multiple projects. Real-time systems have some of these facets (e.g., spacecraft).
For example, a memory allocator can be studied in the usual algorithmic sense or perhaps how they impact the stability of the system under randomized load. Can you prove the system remains stable? Yeah. Is it worth it when you can reboot machines and add some heuristics? No.
Currently, the big places which are getting any attention for verification of functionality are embedded applications and OS kernels. Even then, the depth of verification is limited to common bug categories.
> Many mechanical and electrical parts of the car have been designed by licensed professionals, why not the software?
Maybe some companies have some internal requirement for that, but generally speaking that's not true. Legal requirements for review and approval by a PE only apply to building drawings.
But you can be considered a software engineer by your peers, usually demonstrated through qualification and professional experience.
The differentiation I was trying to draw with those two words is: I don't know if they're actually working software developers or people who just hack on code in their free time. If they're professional devs, that's obviously much worse.
Honestly, not the part of that I was expecting to have to discuss.
If your project is going to be "real" (e.g., not some personal throwaway), you really need a lawyer if you are including anything other than MIT. Even Apache can be problematic when it comes to patenting.
I am not a lawyer, but the (2-clause) BSD and MIT licenses look nearly identical to me. The wording is slightly different, but I think they express the same intent.
In many jurisidictions "Engineer" is a licensed and regulated title, and their professional organizations have tried to regulate it, but lost the war. We know have actual engineering programs that focus on software and 6-week bootcamps graduating people who claim to be "Software Engineers", so add it to the list of appropriated words right next to "Geek".
And he is a foole, a sotte, and a geke also,
Which choseth a place vnto the same to go,
And where diuers wayes lead thither directly
He choseth the worst and most of ieopardie
If you saw, or were exposed to, how many thousands of dollars and hundreds of hours it takes native professionals to get licensed to do hair braiding or cutting, you'd be disenfranchised, too.
In my case I pay about 300 CAD a year to EGBC and have not heard from my colleagues that getting a P.Eng in BC is a significant time-sink. You have to have 4 years of work experience, get your work certified, and then do a couple exams. I would believe dozens of hours, but not hundreds.
So, I’m unclear on this if, and I don’t know if this is true, TikTok just creates a UI that “execs” commands to an unmodified OBS executable cli - What is their actual responsibility here?
They are distributing the OBS executable, therefore they have an obligation to also distribute the source to those same people on request, and to let them know about their rights to receive the source under the GPL.
If OBS really is running standalone, then that is the extent of their responsibilities. If on the other-hand, OBS is being combined with other software to create a derivative work, then they must distribute the full source of that derivative work as well. What constitutes a derivative work is more complicated. It is ultimately a decision for courts, though many folks (including FSF) have opinions on what should and shouldn't be considered a derivative work.
The title isn't what's important, it's your skills and what you can do with them. The MIT grad and 3 month bootcamp grad both have the same opportunity to complete and prove themselves, which is unique to the software field. Lack of artificial barriers and gatekeeping is the very reason why the industry is able to thrive.
Paying for a license would be nearly impossible, as the OBS team would need every contributor to sign a CLA to give the OBS team the rights to relicense/dual-license the OBS code base.
As long as they all pay a reasonable license fee, I don’t see a disaster. The OBS project could then pay developers to build open source features that benefit all. A lot of the forks would likely contain features that are not if interest to other users anyways.
At this point, it's not even clear to me that paying would rectify the legal issue with respect to the GPL. It's an amalgamation of source contributions over time. Any one contributor could, in theory, refuse any consideration other than an open sourcing of the software.
Of course, now I think about it, that could be an easy problem to fix. They say every man has a number.
Almost all relicensing efforts are actually most hindered by not being able to contact people. If you can't contact someone who holds the copyright to something, you can't change the licensing rights over it.
A lot of projects have copyright assignment, to allow for relicensing. They typically ask for you to assign copyright to them or to a company they control, so that they can still relicense as they see fit, in future.
It's worth noting that if someone can't be contacted, the maintainers aren't out of luck yet. If the contribution is deleted (and then possibly reimplemented later by someone with whom the project _is_ in contact) then the issue is resolved. It can be a lot of work, though, depending on the size and importance of the contribution, and reimplementing the code in a way that doesn't derive from the original submission can be difficult or ambiguous.
I guarantee you every big tech company "steals" GPL code without intending to steal. Most end up amending their mistake when they realize they misused a license.
You can legally dual license if you have ownership over all the code in question. This is common for open source industrial software; pay for a different license so you can embed it in a closed source project. The GPL doesn’t restrict you from offering the same code with a different license if you own it.
Often the issue is that some projects don’t require contributors to sign over copyright ownership as part of contributing. So you have a project that’s licensed uniformly, but each contributor still owns their individual contribution. Unwinding this after the fact can be a nightmare, as it involves either finding every contributor and asking them to sign over their code, or manually removing every bit of code you don’t own as a project.
This is why a lot of bigger projects require you sign a contributors agreement that assigns copyright before you can contribute to the main repo. Doing this in advance saves the project a lot of headaches down the road if dual licensing is deemed useful. This is true even if you want to license under two different open source licenses, as only the copyright holder can change the license.
The GPL itself offers no such option, but if the copyright holder(s) choose to they may offer whatever alternatives they choose. Many significant open source applications are offered under this model such as MySQL.
The catch is that the more copyright holders there are the more likely it is that someone who has contributed a non-trivial part of the project will not agree, in which case their work would have to be removed/replaced to allow for relicensing.
Large projects that have not required a CLA from contributors are effectively impossible to relicense.
Basically, it's practically (not ethically) fair game to use GPL in commercial software, until someone catches you. The only repercussion that the license provides is that your license is revoked until you resolve the violation (for the first violation).
Meanwhile, you got to release your product, and by the time you got caught you've had enough time to implement it yourself.
The authors of the software can create an additional licence that they could buy. Of course, that gets more difficult if there are many different, hard-to-contact authors.
I don't believe you need to demonstrate specific damages for a copyright infringement case in the US. You only need to demonstrate two facts: that you are the legitimate holder of the copyright, and that the other party did in fact infringe.
It's pretty funny that corporations can levy a multi-million dollar judgement against a single mother for pirating a CD, but then when the tables are turned, it's no big deal
As others have said, penalties are not related to how much you charge for the product itself. For example, when you start illegally distributing music your penalty won't be retail cost * number of copies. There's multipliers & things that get applied. Basically your judge/jury will figure out the damages amount after you're found guilty (assuming you don't settle).
This also makes sense when you factor in that retaining lawyer services to prosecute the infringement costs time and money (not to mention the court's time & resources to handle the case).
Suppose, I'm an author of GPL software. I think that my code costs $1M. I expected that if someone uses my software, according to license, then he will release his software under same license for me. Now, somebody used my $1M project in his $100M project in violation of my GPL license. My losses are $100M.
Only if the project owns the copyright or otherwise has been granted such powers in their contribution agreement. Otherwise, no. They’d have to get approval from every autho/rewrite the code they don’t have a license for to provide a copy that isn’t GPL.
The GPL contract only says you have to distribute source to the users you give binaries to. The only people who can ask for said source are the people receiving those binaries and the only people who have standing to sue when that doesn’t happen is the copyright owners.
That’s why you can use GPL software in your private CI system and not need to give anyone the source code.
My comment doesn't meet any of this criteria. The original article was about a Chinese company's unauthorized fork of OBS. It's semantics whether or not you consider an "unauthorized fork" as stealing, but I certainly do.
So it's neither unrelated or a generic tangent, as it relates to intellectual property theft. It's beyond question both that China as a country is known for stealing intellectual property, and that Chinese companies work closely with the CCP.
In the introduction of The Wires Of War by Jacob Helberg, he cites a statistic that estimates that "Chinese theft of intellectual property costs Americans anywhere from $225 billion to $600 Billion every year..."
It was a cheap and unsubstantive drive-by provocation on an inflammatory topic. Of course it meets the criteria—it's exactly the sort of thing the guidelines are asking you not to post here. Please don't do it again.
Do you have any examples where Google or Apple have been discovered to violate GPL? AFAIK, Google outright bans GPL usage internally for the majority of things, and it's well-documented that Apple almost exclusively uses BSD-licensed tooling.
This is a horrible take. A Chinese company stealing IP is very different from China stealing IP. Google was caught using IP from Sogou for its pinyin IME, but we don't say America stealing IP.
Basically every major Chinese company is partially controlled by the Chinese government. (Not trying to detract from your point, just providing context.)
Yes, I honestly think Washington doesn't exercise similar influence over Google or other American companies.
CNN likes to pop up a PIP view of what's being broadcast in China when they talk about things that embarrass the Chinese government. When they start talking about Peng Shuai it takes about two seconds before the Chinese broadcast becomes a test pattern.
When's the last time you saw a test pattern when watching a foreign news channel?
Where did I say that? Keep in mind that I'm not saying the US government has no influence, but it isn't anywhere close to what the situation in China is.
They are not correct about NSLs - the level of control exercised by those is not even remotely comparable to the level of power that the CCP holds (and exercises) over Chinese companies. Nobody thinks that NSLs don't exist, it's just that they're not comparable to the issue at hand.
And, in particular, the US government does not either possess or exercise the power over US companies to coerce them to steal IP from other countries - which is the issue under discussion.
The US government does not either possess or exercise the power over US companies to coerce them to steal IP from other countries (or companies thereof), which is the issue under discussion (despite attempts to redirect it). Neither NSLs nor Jigsaw give them that power. These are facts.
That would be moving the goalposts. We're concerned whether companies are de facto influenced by governments, not whether those companies produce PR material about said influences.
Moving goal posts would be more like claiming that, because we have evidence Google cooperates with the US Government for some investigations, the US Government has similar influence and control over Google as China does over ByteDance, without any scrutiny or review of the severity of China's influence on ByteDance.
Also, to the very point you bring up... recipients of an NSL can file a legal challenge to an NSL which would trigger a judge to have to review the request. NSL's also do not allow the government to request all sorts of data, but mostly direct PII and service metadata. NSLs are problematic but I seriously doubt any comparative limits apply to Chinese agencies' requests for data from ByteDance.
Bottom line: virtually all large (tech) companies are influenced by governments. They will surveil you on behalf of your government. Period.
Any attempts to muddy the waters for ideological point-scoring are beside the point. If you want to dig deeper, please bring evidence instead of speculation.
One of the parent comments in the chain that you wrote said "Do you honestly think Washington doesn't exercise similar influence over Google?"
Note the "similar".
You then amended your point to "virtually all large (tech) companies are influenced by governments", which is completely different than similar levels of influence.
Nobody cares that governments have some level of influence over companies - that's a feature, in fact, because some regulation is necessary for markets to work - the issue under hand is exclusively whether the level of control is excessive. (and, in this specific thread, whether "A Chinese company stealing IP" is comparable to "China stealing IP")
That's moving the goalposts.
(the answer to that last question is "yes" - the Chinese government does, in fact, use Chinese companies to steal IP from other countries (including, but not limited to, the US, Japan, and parts of the EU), while the US does not)
If only you (and others) would be as pedantic about verifying claims made by the Washington establishment/media about "the evil See See Pee" as you are about winning internet arguments.
It is impossible to have a practical discussion on these issues when one side unironically believes China is a Mordor-esque land ruled by comic book villains. Totally misinformed.
Anyways, the level of influence is similar. If the Washington wants my private data from Google, they will get it. No amount of wishful thinking and handwaving about "well Google could say no, but bytedance will definitely comply because reasons" will change that.
You completely ignored the points that I made, and instead chose to pontificate about things completely irrelevant as a distraction from the fact that you did, indeed, move your goalposts, and couldn't come up with any counter-arguments to the fact that:
The Chinese government does, in fact, use Chinese companies to steal IP from other countries, while the US does not and cannot.
Irrelevant chaff that you have attempted to throw up: "would be as pedantic about verifying claims" "winning internet arguments" "one side unironically believes China is a Mordor-esque land ruled by comic book villains" (yeah no) "If the Washington wants my private data from Google, they will get it" (also no)
> If the Washington wants my private data from Google, they will get it
> the level of influence is similar
As someone who works with the US government, I can verify that both of these statements are factually false. (and, again, still a diversion from the actual topic under discussion which is governments compelling companies to engage in IP theft)
It is non-trivial (in the legal sense) for the US government to get the data of a single US person, and it certainly cannot do it en-masse, nor force companies to hand over all of their data unencrypted, both of which are things that the CCP can (and does) do. Therefore, the levels of influence are not similar. End of argument.
It’s not ideological; one clearly exerts more control than the other, by an order of magnitude. To say the surveillance, censorship, or control on businesses are similar because Google has complied with some government requests (the only evidence _you_ have provided) is naive at best, or disingenuous at worst. Of course the US performs intelligence gathering on its citizens or foreigners for national security. The difference is the scope, oversight, and recourse businesses in the US have.
> The CCP is also known to enforce censoring government critical speech on their platforms including TikTok.
Donald Trump? Jan 6? Julian Assange? Chelsea Manning? There are countless examples of USG censorship. Just because you don't ideologically agree with the victims does not absolve the act of censorship.
> National Intelligence Law also allows the CCP to request from businesses any data unlimited in scope without a warrant or possible recourse.
Do you really believe that Washington doesn't have this same power? That they will just go "oh well, guess we can't investigate this national security crisis because Google said so". That's clearly ridiculous. Washington has the power and resources to break into datacenters if compelled.
> It’s not ideological; one clearly exerts more control than the other, by an order of magnitude.
It is clearly ideological (a priori, CCP = bad) and you have not demonstrated that one is vastly more controlling than the other.
> Donald Trump? Jan 6? Julian Assange? Chelsea Manning?
While I don’t agree with the prosecution of Julian Assange, Chelsea Manning was pardoned and censorship of Donald Trump was done by the businesses themselves due to cultural reasons. That had nothing to do with the US Government (of which Donald Trump was running the executive branch at the time). It’s also far different than having all dissent being censored, and as a business being liable for any and all dissent that is not censored on your platform.
> Do you really believe that Washington doesn't have this same power? That they will just go "oh well, guess we can't investigate this national security crisis because Google said so". That's clearly ridiculous. Washington has the power and resources to break into datacenters if compelled.
That’s pure conjecture. In your words, provide some evidence to dig deeper. Either way, Washington having to break into a domestic data center to get their information is different than the law explicitly stating that all domestic business are a part of the national security apparatus and requiring businesses hand anything over no questions asked — the latter of which is “vastly more controlling than the other”.
American tech companies can say no to data requests, they often do. Then they publish the details of those requests, publicly.
Chinese companies not only can't say when such requests were made, they cannot reject them either. Every Chinese firm must give all their data to the government, at all times, for any reason (which will remain secret of course).
The fact that you are trying to, as you say, "muddy the waters" (amazing the amount of projection you do) with conflating the two might work as an augmentation tactic (maybe fool a person or two), but logically it is unsound.
ByteDance doesn't issue such reports because everyone knows they cannot refuse a request by their government. Any report that says otherwise would be, as you say, "PR material".
3. All of the above can be improved, but shifting the argument to "what's bad about the US system" away from "what China is actually doing" is drifting into deflection.
It's not unique to China, but it's particularly prolific in China. One of the major reasons for the US tariffs against China was pressure for them to actually respect IP.
Good point and as expected, I have no idea. The question is if I have to file the lawsuit in China. My knowledge of law goes towards zero so I can’t even „armchair lawyer“ it. However, the question would be if it was possible to file the lawsuit in a country where TikTok has a headquarter.
US (and European) companies are typically a lot better about it, precisely because they fear lawsuits, they fear the consequences.
China and its large companies don't fear lawsuits the way US corporations do. That's how Jack Ma was able to steal Alipay from Yahoo shareholders and laugh all the way to the bank, there were no consequences to worry about. It's why Yahoo capitulated in dealing with Alibaba as a major shareholder, they knew the end result would have been their ownership stake could just be zero'd out at any time. That's why China can arbitrarily point at Didi and tell them to delist, regardless of what it does to foreign shareholders - there's nothing to worry about, there will be no meaningful consequences.
You can't get at them domestically if they don't want you to, because they're a nation that operates by the shielded, arbitrary dictate of the CCP rather than laws, and nearly everyone is afraid of their retaliation (including the richest corporations in the world like Apple).
Nobody much fears the US will retaliate the way China does. That's why the EU has been pounding US tech companies with mega fines, and wouldn't dare behave that way toward China. It's why the green virtue signalers are so very scared to publicly lambast China, and they'll harangue the US and EU all day. It's why the NBA will intentionally ignore any and all atrocities of China (they're intensely terrified to utter even the slightest of negative words toward China), yet they have almost zero fear of jabbing the US 24/7 - it's because for the most part nobody is afraid of the US.
They even refused to get in touch. Why would they when they have most Swedish political parties in their pocket? And that's in one of the world's least corrupt countries.
So will all those outlets that had "Trump's social network is violating the GPL" stories be jumping on this with equal fervour? Considering they didn't cover the compliance with the GPL that "truth social" (awful name) did, I think we can safely assume they won't.
Open source software license should include a clause saying that it is mandatory for commercial users to pay a certain amount of contribution annually, let's say 0.01% of gross revenue?
So if they find it too expensively they can simply turn away and build their own, which is good for whoever get the chance to do some lower level programming, and if they find it OK the open source authors/maintainers can get some good money. It's a win-win. Of course this might request open source authors/maintainers to form a more rigid organization (how to share the profit).
I suspect you're conflating Free, Libre, and Open-Source Software. The first can be free (as in beer), the second free (as in you can do whatever you please with it), and the last is that the source is publicly available.
GP's proposition would be Open-Source, but not FLOSS IIUC
In general people use the open source definition and the licenses approved by the OSI as what defines open source. These don't allow you to discriminate based on usage, such as commercial use. (If you own the copyrights, you can dual license under both an open source and a non-open source license of course.)
"Source available" or "shared source" licenses are not generally considered open source.
Open source software is a name for free software which was intended to make it sound less ideologically loaded.
Libre software, on the other hand, is a name for free software intended to make it less ambiguous while preserving ideology.
Anyone who claims otherwise is either: a) trying to be an ideological purist fighting with those not following their ideology to the maximum, or b) trying to mislead you to try and devalue the terms, or has been misled by (a) or (b).
The impetus for the term was supposedly that people kept being confused the distinction between free as in beer and free as in freedom/libre. However, to your point, one suspects that some prominent people like Tim O'Reilly latched onto "open source" as a less ideologically-aligned term.
sure but they're not compelled by the license itself. They are compelled to pay for the software in the form of hiring developers to work on it, donating to the foundation behind it, etc. Companies like Red Hat have done this very successfully for a long time because they prefer to keep the supply chain feeding the lifeblood of their enterprise healthy.
Could someone please help explain to me and (others who might not know) what is the concrete problem caused by this forking that doesn't comply with the license?
The GPL requires that any derivative work of GPL licensed code must also be licensed under the same (or compatible) license as the original GPL'd code. This is the "viral" aspect of the license. It applies even if the only interface between your code and the GPL code is dynamic linking, and not a single line of the GPL'd code is in your application.
There are acceptable ways to bundle GPL code with closed source software in a single distributable, however it must be made clear which parts of the distribution are licensed under the GPL and the GPL license must be clearly present. Even in the most charitable reading of the situation, TikTok violated this basic requirement.
It's important to honor the GPL here because these are the terms that the code was licensed to TikTok under. By violating the terms of the license, TikTok forfeits their right to use the code.
This is intended to protect the freedoms of the whole world, more or less. The GPL is intended to make software free and open for everyone, regardless of what their purpose of using the software for is. Free, Libre, Open Source Software is very valuable at this point, and the GPL generally mandates that you contribute back to the pool of FLOSS if you seek to benefit from it, making FLOSS even more valuable for everyone.
There is nothing forcing a company like TikTok to use GPL'd code in their software. Lord knows they have enough money to engineer a similar solution from the ground up, but they chose to use GPL'd code so they need to play by GPL rules.
A program is free software if the program's users have the four essential freedoms: [1]
The freedom to run the program as you wish, for any purpose (freedom 0).
The freedom to study how the program works, and change it so it does your computing as you wish (freedom 1). Access to the source code is a precondition for this.
The freedom to redistribute copies so you can help others (freedom 2).
The freedom to distribute copies of your modified versions to others (freedom 3). By doing this you can give the whole community a chance to benefit from your changes. Access to the source code is a precondition for this.
The original Tweet (embedded one from HunterAP) says TikTok installs OBS and uses it in the background with a TikTok front-end. It doesn’t say that they’ve illegally forked it.
EDIT: See comments from OBS developer below for a more clear explanation of the issues than the linked Tweet
OBS developer here. It doesn't "install OBS in the background". They ship several executables as part of their software that contain code derived from OBS and there is no offer of source code. They're currently in violation of the GPL, but per our GPL Cooperation Commitment we are trying to work this out with them privately.
Not at the moment, we're trying to resolve it in private. Similar to how the Streamlabs situation unfolded, we don't want to "go public" until all other options have been exhausted, though it's looking like this choice may be out of our hands.
> The original Tweet (embedded one from HunterAP) says TikTok installs OBS and uses it in the background with a TikTok front-end. It doesn’t say that they’ve illegally forked it.
It does say "illegal fork" below HunterAP's username and above the screenshot.
How do we make sure people invoking China-stealing-intellectual-property-yet-again don’t pile on this thread? If this is a case of a company wrongfully using IP we need to very much have a discussion about that topic alone.
Not only the license, the source code as well. The GPLv2 license exists for a reason.
"""
These restrictions translate to certain responsibilities for you if you
distribute copies of the software, or if you modify it.
For example, if you distribute copies of such a program, whether
gratis or for a fee, you must give the recipients all the rights that
you have. You must make sure that they, too, receive or can get the
source code. And you must show them these terms so they know their
rights.
If they are not already acknowledging and including the OBS license, then it's already in breach of the license (ie. "illegal" in the informal sense that you used).
The use of the word "illegal" seems problematic if this is a contractual dispute over (GPL) license terms. No one seems to be claiming that TikTok actually committed a criminal act (although, perhaps they did, if this was intentional as it appears, and TikTok is engaging in criminal-levels of distribution. Not a lawyer, so just speculating here.)
It probably would have been better if the OP had said "violated the license agreement".
Still, many other companies have eventually caved under GPL lawsuits, but apparently none in China; probably because it's virtually impossible as a foreigner to win a tort case against a Chinese company.
This definitely looks like egregious and apparently intentional infringement, but violating the GPL is not violating a law in most countries; it's violating a license agreement. Contracts are not law. Therefore, violating the GPL by itself probably isn't illegal (but it could probably become illegal if other statutes, like CFAA or RICO were brought into play.)
If I violate deed restrictions on my property by building a shed, then that wouldn't be illegal per se; it'd simply be a breach of contract and the private organization could sue me for redress.
But, if I built that same shed in the middle of a public street, then that might be illegal and the city might have me arrested and prosecuted.
> This definitely looks like egregious and apparently intentional infringement, but violating the GPL is not violating a law in most countries; it's violating a license agreement.
If they're not following the license, then aren't they breaking copyright laws?
Please cite an example. Most countries' copyright law tips civil license agreement disputes back into the civil courts, not criminal, with relatively few exceptions.
> The court disagreed that Neo4j granted a naked trademark license, pointing out that the open source licenses granted to third-parties on the open source software repository were copyright licenses, not trademark licenses. Users of the open source version of the software did not have any right to use the Neo4j trademark without a separate trademark agreement. Naked licensing does not occur where there is no trademark license.
Copyright infringement is always in civil court. What I was getting at is that you can view a license violation as a contract dispute or copyright violation. The latter may mean high statutory damages (i.e. a pre-set range of money values that can go as high as $150K per work infringed), whereas the former does not.
> OBS is free for anyone to use, for any reason. Other developers can use the OBS code in their own projects as long as they obey the guidelines set forth in the GPLv2 license. OBS has no watermarks or other limitations and can be used commercially with no restrictions.
It depends on how they integrated. GPLv2 requires that TikTok's version is either GPL-compatible itself (I doubt it), or they use OBS as an external program.
edit This comment [1] claims GPL code is compiled into their non-GPL program, which is a huge no-no
