Of VX30, and the parrot nailed to the perch
Maui X-Stream has posted an 'official statement' on their website regarding OSS-infringing code in their VX30 product lines. Because it's PDF, here is the text:
A Statement from Maui X-Stream re: VX30We have recently been asked whether VX30, Maui X-Stream’s video streaming software, is built on third-party code covered by a General Public License (GPL). The answer to that question is no. Some beta versions of VX30 were bundled with GPL code for purposes of testing product performance in specific customer usage scenarios. Maui X-Stream has completed that analysis and therefore no longer bundles GPL code with the current release of VX30.
VX30 is an original, proprietary product created over a three-year period by Maui X-Stream employees and contractors. The kernel of VX30 employs breakthrough innovations created by lead developer Arben Kryzieu. Maui X-Stream owns the copyright to VX30, and patents are pending on VX30 technology.
You might notice that this is an amazingly similar response to what we first saw with CherryOS, where they did admit to having code in earlier versions, but that everything is just fine now. For now, let's just ignore the whole 'beta' thing, and what they said in the publish.com article, as this much, much more amusing than that.
The 2005 VX30 Encoder that is available for download in the evidence mirrors (And found to have infringing code) were downloaded from their site in April. At that time, the sizes of the three apps were:
- VX30 Encoder: 2,379,459 bytes (2.2692 MB)
- VX30 Live: 2,593,168 bytes (2.4730 MB)
- VX30 Live Server: 335,613 bytes (327.747 k)
On May 11th, 2005, another set was downloaded:
- VX30 Encoder: 2,263,116 bytes (2.1582 MB)
- VX30 Live: 2,593,168 bytes (2.4730 MB)
- VX30 Live Server: 336,405 bytes (328.5205 k)
Basically, the Encoder app has lost 113.6 Kilobytes, the VX30 Live Server has gained less than 1 Kilobyte, and the VX30 Live application has not changed at all in size. I re-downloaded them again a few minutes ago also, and while I haven't looked inside, the archive download sizes haven't changed from May 11th. Just bizarre.
I'll let you do the math on the Encoder app, but considering just how much evidence was found within the VX30 Live application the fact that the file size hasn't changed whatsoever is really fascinating. It's almost as though they're just kinda hoping you'll take their word for it, and that no one will really check. I wouldn't be surprised if downloads of VX30 Live start getting smaller, so you might want to get it now.
It certainly feels like we're right back into Monty Python parrot territory again, and while I don't think anyone is looking forward to another long playing out of the CherryOS fiasco, here we are.
Now, lets say someone was curious as to whether:
- Just some strings have been removed from the current builds on their website available for download, versus just the code.
- Whether all the incriminating strings have been removed from all the apps that were found in the original demos of VX30 that were downloaded from their site in 2004 and 2005 (Remember, there are a few separate apps in the suite).
- Whether all the possible evidence in all the apps has even been found.
That person would probably want to go to the 'Verify for yourself, with mirrors' section of the big post, where they'd notice the Analysis #2 page that was put together by Ryan Thoryk, which has the process for finding the evidence that's been verified by a bunch of others.
If you have a Windows machine, a little time, and wanted to prove to yourself whether they really had removed everything, the method of finding those types of things hasn't changed. All that would change would be the date of the software, as you'd need to go download it from their site.
This is a community problem, and it's pretty much up to you.
Posted by drunkenbatmanMay 18, 2005, at 03:55 AM
Comments (13)
Posted by: mennonot at May 18, 2005 04:43 AM
Hey, the parrot link includes the lumberjack skit as a bonus! How appropriate.
Oh, and keep up the great reporting, drunken.
Posted by: Chris at May 18, 2005 07:53 AM
If that version was GPL, I want my rights to the source since I have the version he's referring to. I wonder if Jim is aware of what he's doing to himself.
Posted by: iznogoud at May 18, 2005 01:36 PM
Wether their beta was a beta or not, it was distributed with GPL code in it, they broke the GPL licence. Then, they disagree with the terms of the GPL. They aren't authorized to use GPL programs anymore.
More of all, if some has those beta with them, please ASK for the source code. They declared they used GPL code, you have the right to ask for all their source code. That would be quite interesting to have it...
Posted by: LD at May 18, 2005 03:30 PM
My friend Karl asked for the GPL source included with the betas and was basically referred to the statement. When he earlier asked about the source for AdStats they were happy to provide it under GPL since it was simply php and available to anyone who bought the product, which, by the way, is still a violation of GPL. You cannot require someone to purchase your product to get the source other than the actual cost of physically performing the source distribution. In other words, perhaps $5-$10 to make a CD copy.
They simply do not understand GPL.
Posted by: Sandberth at May 18, 2005 04:56 PM
You cannot require someone to purchase your product to get the source other than the actual cost of physically performing the source distribution. In other words, perhaps $5-$10 to make a CD copy.
I don't think this is true in general. Whoever you distribute the software to has to be able to be given access to the source for a nominal fee (and can then do whatever they want with it!). Since they distribute the software as a demo download, anyone can request the source to that for no more than a small fee. With Ad-Stats, the problem would be they do not acknowledge any GPL code in their products at all.
Posted by: dombrovsky at May 19, 2005 02:04 AM
word has it *all* their programmers are gone .. so there's no one there with technical knowledge to clean up their tracks.
Posted by: Adam at May 23, 2005 08:29 AM
You cannot require someone to purchase your product to get the source other than the actual cost of physically performing the source distribution.
That is flat out wrong. You can absolutely charge for the source, you just can't exceed the cost of the binary. Therefore, if the software is $30, the source could be that much. (See this link)
There's nothing in the GPL that says the source must be downloadable either, another common misconception. You only need to provide the source online if the binary is available for download.
Posted by: Anonymous Coward at May 23, 2005 02:49 PM
This is definately a violation of the General Public License. But what makes this a more important GPL than other violations? Dell and Google have been violating the GPL for *YEARS* and no one seems to care.
For example:
ftp://ftp.dell.com/fixes/boot-floppy-rh9.tar.gz
contains the Linux kernel, GPL covered init, etc. but is stripped of the actual text of the GPL itself.
If you go to http://www.google.com/enterprise you can order a Google appliance with GNU/Linux pre-installed. Again, the device comes stripped of any GPL text and Google is no honoring requests to provide the source code at this time.
Both of these violations have been occuring for a *LONG* time. Is it because these are major companies that the community has decided they aren't worth bullying? As far as I can tell, Maui X-Stream is a newbie to GPL violations in comparison to Dell and Google. Is it because Maui X-Stream is a small enough company to be easy to bully that makes their violation more important?
Posted by: Body Bagger at May 23, 2005 04:04 PM
Is it because Maui X-Stream is a small enough company to be easy to bully that makes their violation more important?
Yes!
Next!
Posted by: Anonymous Coward at May 23, 2005 07:51 PM
Has anyone considered that the larger companies (Dell, Google, etc) end up leading by example? That since large companies can get away with violating the GPL for years, that these smaller companies are figuring that the terms of the GPL aren't actually enforced.
This reminds me of a story about a husband that finds out his wife has been cheating on him and he is so angry that he gets his gun. After shooting her lover, she ends up cheating again. So, he gets angry and shoots the next lover. And the cycle continues until he shoots the cheating wife.
Why is it only the community problem to go after the "lovers"? Wouldn't it be better to take care of the companies that have spent years of demostrating that the GPL isn't enforced? If Dell and Google can redistribute GPL works without redistributing a copy of the GPL itself, why shouldn't Maui-X take advantage of the same loophole?
Posted by: MACC at May 24, 2005 06:53 AM
If these big companies lead by example Maui
x Stream should be made an example of. If not
in court then in public since most of the
code is gpled. It belongs to the public (sort of speak.)
Posted by: draconumpb at May 25, 2005 09:21 AM
Start where you can be effective.
This blog is being effective right now in this issue. And Dell, at the very least, is not making money off of distributing recovery/driver/whatever disks.
In any event, I'm now obsessed with finding out more about MXS. I agree with whoever said (on some other blog post perhaps) that this saga should be a novel. ;)
If I were Arben, I'd be getting a bit fed up that my employer/former employer can't even consistently spell my own bloody name. Not that it takes much effort for them to make themselves appear shoddy, but this looks pretty bad.