back to article Judge rm -rf Grsecurity's defamation sue-ball against Bruce Perens

Linux kernel security biz Grsecurity's defamation lawsuit against open-source stalwart Bruce Perens has been dismissed, although the door remains open for a revised claim. In June, Perens opined in a blog post that advised companies to avoid Grsecurity's Linux kernel security patches because it might expose them to claims of …

  1. Anonymous Coward
    Anonymous Coward

    Nice knowing you, Grsec.

    1. Anonymous Coward
      Anonymous Coward

      I seriously doubt that GR Security are going to go away. There's plenty of people out there who want (for various reasons) a hardened Linux kernel, and the Linux kernel community aren't fully interested in providing it or interested in accepting contributions from some people who have.

      Whilst there is a CVE list for the Linux kernel that's not getting cleared by the mainstream kernel community, GR Security (or someone else doing similar modifications) will exist and will be doing something like this. In effect GR Security exists simply because it is a pooling of interests from companies who want what the mainstream Linux community won't provide. And until someone actually wins against GR Security or one of their customers in court, they're free to carry on as they are. It's a "put up or shut up" thing, and so far there's not a whole lot of "put up" going on.

      1. razorfishsl

        That is not the issue.

        The issue is that they are taking "free" software modifying it AND THEN SELLING it back as closed source.

        The argument is that it breaches the license they took the original software under.

        You can modify & keep the software PRIVATE, but you cannot SELL it back without releasing the modifications.

        In reality they could still earn a good profit AND comply with the licensing, but it might be a bit more work for them.

        1. Anonymous Coward
          Anonymous Coward

          The issue is that they’re taking “free” software modifying it AND THEN SELLING it back as closed source.

          No they don’t. They’ll give you a patch set that is GPL2. That’s open source.

          They won’t give you another update (they’re choosing to keep their later modifications private) if you then onward distribute the patch set. That is a matter on which GPL2 is silent. GPL3 is more explicit, but doesn’t apply to the Linux kernel.

          They’re only doing what other companies are doing (eg RedHat want money for their binaries compiled from GPL2 source code using GPL licensed tools), which is operating at the limits of what GPL2 permits.

          They used to be freer with their distribution, but got fed of their trademark being abused by some pretty big companies who should have known better and by a lack of appreciation for their efforts from others in the community. So they left. Whatever you might think of them; they do have that absolute right. They’re not operating in a totalitarian society (which is what the Linux kernel community seems to want to be sometimes), like the rest of us they’re in the real world where the letter of what is written into a license is what matters, and nothing else.

          1. bombastic bob Silver badge
            Devil

            "RedHat want money for their binaries compiled from GPL2 source code using GPL licensed tools"

            As I understand it, RH and other companies that ship linux binaries [either as a BLOB with a wrapper, or as a userland-only application] do so with code that they have the rights to do so with.

            And GPL licensed tools don't require that the application you build ALSO be GPL [that would be silly], even though FreeBSD [and probably others] switched from gcc to clang to avoid that possibility. And I'm starting to like clang more than gcc.

            Anyway, as long as they're not violating the GPL outright, I have no problems with BLOB and closed-source binaries statically linked with an application that may be 'mostly GPL' [such that you can modify the GPL-covered code and re-build it yourself]. These don't violate GPLv2, to the best of my knowledge, though they may be explicitly "verboten" in v3. But I don't want to argue v2 vs v3 so I'll stop now.

            [worthy of note, I am _VERY_ glad that Linux has stayed with v2 for the kernel]

        2. gnasher729 Silver badge

          "You can modify & keep the software PRIVATE, but you cannot SELL it back without releasing the modifications."

          The SELL isn't even the point. If it is GPL licensed, you also cannot give it away for free without releasing the modifications.

    2. asdf

      how cute

      Guess we found one of their devs. Completely indifferent to the company but if they want to survive they best pick their battles a little more carefully sounds to me. Then again maybe they were counting on the Streisand effect from this legal action against someone with a name to keep them relevant. Shouldn't be so cynical before xmas but here I am.

  2. Anonymous Coward
    Anonymous Coward

    Hmmm well, is it really the case that Perens can say what he's saying in perpetuity? If that does end up being detrimental to GR Security, how do they themselves cannot get a fair hearing?

    Not that I think GR Security or their clients will pay any attention to Perens. So far as I can see GR are not actually breaking the letter of GPL2, and if that were ever to be tested in court then I reckon they'd win. I reckon their clients know that too.

    We might not like what they're doing, but it's the letter of the license that matters. Whinging about it simply means that we're not prepared to take licensing seriously, and not prepared to get it right.

    If no actual GPL2 enforcement cases arise from this then it's going to make Perens (and the EFF?) look pretty toothless. If they do, and lose, we can all do what GR security is doing; it would a settled matter. If they don't, then they're just wasting everyone's time, and that diminshes them.

    1. Tom Samplonius

      "Hmmm well, is it really the case that Perens can say what he's saying in perpetuity? If that does end up being detrimental to GR Security, how do they themselves cannot get a fair hearing?"

      It is not about whether it is detrimental or not, but whether it is provable incorrect statement. Clearly there is not enough substance to the defamation lawsuit for it to continue. To prove the grsecurity license is not the mess that Perens says it is, you would have to prove that the grsecurity licensing is perfect. That is a very hard thing to do, as every non-trival software source code repository generally has debatable issues around certain contributions.

      And many people have said a lot worse things about grsecurity. I'll also add to that, and say that grsecurity is junk.

      1. Anonymous Coward
        Anonymous Coward

        Perens' statement is proven correct if Perens (or someone like him, the EFF for example) successfully gets a GPL2 enforcement against either GR or one of their clients through all possible stages of the legal system. So far as I know there is nothing happening whatsoever, and so Perens statement is for the moment incorrect. And therefore, currently, garbage.

        GR Security aren't imposing any license conditions beyond GPL2 on their clients. They are free to do whatever they want with the patch set GR give them. AFAIK There is GR "license" addded to the GPL2 license declaration. What GPL2 does not mandate is for GR to have to give the patch set away to the whole world. So they don't, and that's all it is. Can't blame GR Security for that omission...

        I can't speak out of personal experience of GR Security's patch set, though I think it notable that some quite large companies seem to trust them. BlackBerry are one, their version of Android runs a GR Security patch set and has never once been rooted AFAIK. Not even Google have managed that. That ought to be something to be impressed by, rather than something to be despised. Intel used it through their subsidiary VxWorks for their hardened embedded Linux offering, until GR Security got fed up of being taken for a ride. Clearly from some points of view there is merit to what they're doing. Why should they or anyone else care whether or not the rest of the mainstream Linux kernel community agree with them?

        Different points of view in the mainstream Linux community seem to be a problem for the community. I very much like the PREEMPT_RT patch set, but just you try persuading a Linux kernel community purist of its merits. I know that it's being "brought into the fold" now, but that's after years of opposition from certain key players...

        1. barbara.hudson
          Facepalm

          That's not how the law works.

          > Perens' statement is proven correct if Perens (or someone like him, the EFF for example) successfully gets a GPL2 enforcement against either GR or one of their clients through all possible stages of the legal system. So far as I know there is nothing happening whatsoever, and so Perens statement is for the moment incorrect.

          That's not how the law works. It is unproven in a court of law. Same as many (most) other legal claims that get dropped or settled before trial. Same as GR hasn't proven that Peren's statement is false. By your logic, Perens must be telling the truth because GR wasn't able to get a judgment against him. Again, nothing has been proven from either side.

          Look - Wookie!

          1. Anonymous Coward
            Anonymous Coward

            Re: That's not how the law works.

            That's not how the law works. It is unproven in a court of law. Same as many (most) other legal claims that get dropped or settled before trial. Same as GR hasn't proven that Peren's statement is false. By your logic, Perens must be telling the truth because GR wasn't able to get a judgment against him. Again, nothing has been proven from either side.

            Er, AFAIK GR aren't trying to prove Perens statement is correct or not, just that he (in his position as a star witness in previous open source license court cases and therefore a public authority on such matters) is intending on doing damage to their business. Whether they can in court prove that to be the case or not has so far been so far been unsuccessful.

            However, Perens' blog post itself:

            "It’s my strong opinion that your company should avoid the Grsecurity product sold at grsecurity.net because it presents a contributory infringement and breach of contract risk"

            is thus far incorrect. As far as we know not one single GR security customer has had a GPL2 enforcement action thrown at them, nor has GR security themselves. With no court case on that matter, and no actual enforcement order in place from a judge, there is no infringement and no breach of contract (or at least, nothing that matters commercially), and his opinion is misplaced. And until someone does get the matter settled in court against GR or one of their customers, it will remain misplaced.

            I am wary of Perens' motivation in all this. Specifically, I cannot see his opinion being turned into an infringement / contractural court case without the support of the EFF, FSF or some other similar body, and he would naturally take a starring role. However I don't think such a case would stand a chance of actually succeeding. GPL2 makes zero mention of an obligation to distribute future modifications. It would be a waste of the EFF's or FSF's money if a case failed, and frankly there's more pressing electronic freedom matters to be worried about at the moment. It is notable that searches of both www.eff.org and www.fsf.org bring up no mention of GRSecurity. It is also notable that they're seemingly not actively pursuing Ubuntu in the courts for shipping a ZFS kernel module.

            I also worry that matters such as this will simply drive projects away from using Linux. Security really, really matters to a lot of people these days. The demand for secure operating systems is only going to increase, and the Linux Kernel community is not particularly focused on providing that. Let's face it, Linux is far from being the last word in secure operating systems. I know that the community isn't offering Linux for that purpose (or, strictly speaking, any purpose), but the community thrives on it being used. With a CVE list like this (2017 looks to have been a bad year), it's getting harder to justify using it. Nasty security holes turn into huge problems for desktop and server users alike, increasingly with employment-ending finality.

            The Linux world deems GR to be an irrelevance, but actually they're an irrlevence with paying customers. There is a demand for what they're offering. So, highly relevant then. It would be a terrible pity if good ideas fail to make it back into the mainstream simply because they weren't invented in the mainstream community.

            There are other ways in which the Linux Kernel community could be diminished. What "Linux" means to most people is the Linux system call interface. People experience userland tools that come with their favourite distribution. They don't make direct use of the kernel itself.

            The things is that the system call interface is not unique to Linux. Solaris, QNX, Windows, FreeBSD all support the Linux system call interface (to varying extents). You can run a linux x86 compiled binary on Solaris, Windows and FreeBSD, and QNX (if BlackBerry put it into their spin of QNX for x86). The cost in setting up servers, websites, etc is in the time and people who use the userland tools. What if you could get those with a Windows kernel underneath? Better security, same user experience?

            1. Comments are attributed to your handle

              Re: That's not how the law works.

              Get lost Brad.

            2. Anonymous Coward
              Anonymous Coward

              Re: That's not how the law works.

              @ Other AC

              Er, AFAIK GR aren't trying to prove Perens statement is correct or not,

              They are. They are trying to prove what he has said is incorrect. If it is correct, it doesn't matter how much damage it causes their business. They can only claim harm from his opinion if they can prove it is authoritative and incorrect.

              At the moment he has simply voiced an opinion, which suggests you should avoid their chickenshit stuff and no one has demonstrated he is wrong for doing so.

            3. Kiwi

              Re: That's not how the law works.

              he ... is intending on doing damage to their business.

              Looks more like he is intending on protecting other businesses from using software that maybe falls into a legal grey area, which if said businesses are found to be using such software they could open themselves up to a lawsuit.

              Even if those businesses were to eventually win the suit it can be costly and time-consuming to have to fight a case.

              Suggesting certain risks with certain software is something a lot of people do. For that matter lots of us do it in other fields as well.

          2. Anonymous Coward
            Anonymous Coward

            Look wookie

            Talk some more shite

            1. Kiwi
              Facepalm

              Re: Look wookie

              Look wookie

              Talk some more shite

              Wow. What a convincing argument! I'm gonna rush out now and and start supporting GRS. </sarc>

        2. Phil Lord

          "So far as I know there is nothing happening whatsoever, and so Perens statement is for the moment incorrect. And therefore, currently, garbage."

          "It’s my strong opinion that your company should avoid the Grsecurity product sold at grsecurity.net because it presents a contributory infringement and breach of contract risk."

          Am afraid it is your statement which is garbage. As you can see from the quote, BP suggested that is presents an infringement risk. So, a) his statement is an given as an opinion and b) as a risk. So, not incorrect at all.

          If I say, "travelling at 40mph in a 30mph area puts you at risk of a fine" this is true, regardless of whether or not you get stopped.

        3. DavCrav

          "So far as I know there is nothing happening whatsoever, and so Perens [sic] statement is for the moment incorrect. And therefore, currently, garbage."

          No, that is not true. An absence of evidence is not evidence of absence. Perens's statement is not known to be correct, but not known to be incorrect either. In fact, the only one to make a provably incorrect statement is you, just now; better ring your lawyer?

        4. Steve Knox

          Binary Logic in a Ternary World

          Perens' statement is proven correct if Perens (or someone like him, the EFF for example) successfully gets a GPL2 enforcement against either GR or one of their clients through all possible stages of the legal system. So far as I know there is nothing happening whatsoever, and so Perens statement is for the moment incorrect. And therefore, currently, garbage.

          No. Perens' statement is neither correct nor incorrect. The correctness of the statement has not been determined -- and as the judge has ruled, Perens is not qualified in the eyes of the legal system to evaluate the correctness of it. So from a legal perspective, his statement can only be considered opinion.

          It becomes a fact if and only if there is a legal judgment concerning GR's compliance or lack thereof with GPL2. This needs to be tried in a case specific to it, and not in a defamation suit, so the judge has ruled correctly here.

          1. Anonymous Coward
            Anonymous Coward

            Re: Binary Logic in a Ternary World

            Just being pedantic, but you've said "No", and then basically restated the text you quoted...

            1. Anonymous Coward
              Anonymous Coward

              Re: Binary Logic in a Ternary World

              @ other AC

              Just being pedantic, but you've said "No", and then basically restated the text you quoted...

              I don't think that is the case. The first post said Perens hasn't been proven correct and is therefore incorrect. The "no" one said, "no, it is neither correct or incorrect".

          2. gnasher729 Silver badge

            Re: Binary Logic in a Ternary World

            "No. Perens' statement is neither correct nor incorrect. The correctness of the statement has not been determined -- and as the judge has ruled, Perens is not qualified in the eyes of the legal system to evaluate the correctness of it. So from a legal perspective, his statement can only be considered opinion."

            Perens' statement is that using GR's software is _a legal risk_. Nobody knows right now that what they do is legal, but fact is that you can be sued even if what you do is legal, and it is likely to happen if people have strong opinions that it is legal, and even if it is legal, there is _still_ the risk of losing a court case because the other side has much better lawyers, or the judge/jury are stupid, or both. So I would say that he is correct.

            Now obviously if he is correct then GR has no case, and if he is not correct then because he is not a lawyer he is free to tell anyone his legal opinion, so they still don't have a case. A lawyer could get into trouble for uttering the same opinion.

        5. bombastic bob Silver badge
          Linux

          "If no actual GPL2 enforcement cases arise from this then it's going to make Perens (and the EFF?) look pretty toothless"

          so, all it consists of is a set of patches?

          theoretically this is fine if the end-user then builds the patched kernel from source and does not distribute it to 3rd parties. However, if it's shipped AS a binary, it may be 'questionable' since, as I understand it, shipping source + patches makes the patches part of the source, which then implies it's GPLv2 being "a derived work".

          I don't know the details of what they're actually doing, though. Does the end-user have to build the modified source? If you modify source yourself and do NOT distribute binaries, you don't have to publish the modified source. Does GR restrict (in any way) the publishing of their patches? If they do not, then they should just publish the derived kernel source and be done with it...

          (I wonder if the reasoning behind some of this issue involves the money being exchanged)

      2. Anonymous Coward
        Anonymous Coward

        Red California!

        Yeah. Skeleton SCO's claim of "owning Linux" were not immediately provable or disprovable either, so that Penguin-groping effort powered by regular botox-like cash injections from "sources" (probably not equal to Putin) has been dragging on for 15 years.

        It would have been nice to throw SCO out into the gutter because its claims "hurt Linux" (well, someone would have have had to come forward as the "hurtee" stand-in, maybe IBM?)

        "This is certainly not the end of it.”

        Please no. Like for any Hollywood movie, bad or good, a zero-nutritional-value sequel is not what we need.

    2. Lee D Silver badge

      "Peugeot cars are rubbish".

      That may be an opinion. It may be said by me, Jeremy Clarkson, or just about anyone else. It's not provably false. Peugeot can't "prove" that their cars aren't rubbish, any more than they can prove that green is the best colour.

      But no matter WHO says it, it's not going to damage Peugeot's business to any significant extent. Now, if someone said "Peugeot cars are dangerous, the seatbelts are non-standard, the engine's explode, etc." then that's a potential provably-false statement (simple statistics) and which could impact on the business of Peugeot if enough people see it, read it and believe it to be true.

      In this case, however, someone has expressed an opinion on a legal interpretation that nobody has ever yet ruled on. So it's still opinion at this point. Additionally, no matter how influential Mr Perens might be - ala Jeremy Clarkson - in and of itself it's not wrong enough to warrant charges, nor is it damaging enough to warrant business interference claims. If it was, you would be able to subpoena the business records of said business and see the downward drop in sales immediately the words were uttered (P.S. last time I looked up grsecurity, I found a single entry for the american naval contracts which lists their TOTAL company value, it was a pittance much less than I have invested in a house before now).

      Grsecurity is, essentially, one man. Who's a bit of a pillock. I've had regular run-ins with him on LWN.net and mailing lists. The reason he can't sell what he's selling is not that Perens is disparaging him (he's not... he's questioning the legality of a tactic used to sell GPL-licenced software in a way that essentially "revokes" the GPL of future versions should you give it away... an action which you're perfectly entitled to do with GPL software, which means it's legally dubious at best), but because he's rubbish at business - which includes an element of treating your customers fairly and respectfully, selling something they can't get elsewhere, putting value into that thing you sell, and not being hostile towards your necessary suppliers (in this case, the entirety of the GPLv2-only Linux kernel).

      I'm sure the patch set is really cool, but that he's never been able to break it down to get through the kernel submission process (and even refuses to try, he just wants people to pick up a multi-megabyte patch and throw it into the kernel on his sole say-so, without review, and take no consequences for the results either) tells me a lot. Go wander through his comments online on the mailling lists and LWN.net. The guy is obnoxious and over-bearing and thinks he rules the world.

      To be honest, given the legally-required business declarations to get the entry on the public naval contracts database I mention above, I'm amazed he has the money to even initiate a lawsuit.

      1. Anonymous Coward
        Anonymous Coward

        I'm sure the patch set is really cool, but that he's never been able to break it down to get through the kernel submission process (and even refuses to try, he just wants people to pick up a multi-megabyte patch and throw it into the kernel on his sole say-so, without review, and take no consequences for the results either) tells me a lot.

        The Linux PREEMPT_RT patch set used to suffer a similar problem. I can recall Linus' vehemence regarding things like having the kernel resolve priority inversions, etc. Some kind of broad generalisation about coders having written their code wrong if they have priority inversions (which I considered extremely cheeky, this being the era of the big kernel lock; what was ever right about that?!). Besides, you can do some cool things with priority inversion resolution.

        So for those of us who wanted a Linux-ish RT-ish kernel, we were basically outcasts on our own due to the "not interested" attitude. But that was fine. We were quite happy ploughing our own furrow. Then the guy who maintained it announced that he was ceasing his tiring labours. Cue a round of applause, and adoption of the patch set by the mainstream kernel community. Huh? What gives? Did anyone tell Linus?

        Go wander through his comments online on the mailling lists and LWN.net. The guy is obnoxious and over-bearing and thinks he rules the world.

        I hope you don't mind, but I think I'll give that a skip for the moment. Would I be right in guessing that the history is something along the lines of a spurned (for whatever reason) contributor who has decided that he's going to run with his ideas anyway and make a living out of it? Can't blame him for that. Is he legal? Despite what Perens has opined, I think probably yes, just. The letter of the license is all that matters, and there's nothing in it that seemingly stops anyone doing that.

        Whether or not GR security has some good ideas, I am not qualified to say. No doubt the people who do use it do their own review, and satisfy themselves. Intel used to make a big thing about their secure embedded Linux through WindRiver (until GR got fed up of Intel using their trademark). It does seem that no one has successfully rooted a BlackBerry Android mobile, which apparently does use the GR patch set. In not being rooted I think I'm safe in saying that that is unique in the Android pantheon. So perhaps there is some merit to GR.

        There is a space out there for an open source security focused OS. NetBSD and some of the other *BSDs fill that niche at the moment. Whether or not the Linux community wants to move into that area remains to be seen. Whilst they don't, there's space for someone like GR Security to exist outside the mainstream.

    3. eldakka

      Hmmm well, is it really the case that Perens can say what he's saying in perpetuity? If that does end up being detrimental to GR Security, how do they themselves cannot get a fair hearing?

      They get a fair hearing by engaging in the same channels Perens has and presenting their side. Just because their presentation and facts on their side are not supporting them, does not mean they have not received a fair hearing.

      Court is only a response to actions that breach the law or tort, it is not a venue to express hurt feelings in or disagreement with someone else.

    4. bombastic bob Silver badge
      Devil

      "If no actual GPL2 enforcement cases arise from this then it's going to make Perens (and the EFF?) look pretty toothless"

      I'm actually more concerned with the 'SLAPP' effect of the GR Security lawsuits. It makes them look/sound a bit like SCO, throwing sueballs like that.

      Apparently the judge didn't see any proof of wrongdoing possible in what was seen as "opinions" in a blog, regardless to its similarity to published works and related libel statutes.

      If EFF believes GR violated the GPLv2, they should sue on that basis. That is, if they have sufficient proof... [but I bet they don't]

  3. Anonymous Coward
    Anonymous Coward

    Reading the court order, Perens has the right to refile his anti-SLAPP even if Grsecurity does not amend their complaint. It was only dismissed to give Grsecurity a chance to amend, because federal court rules require that the court allow amendment when the court holds a pleading to be insufficient. And since the court did not find anything to criticize in Perens anti-SLAPP motion, he could probably re-file the present text verbatim get his legal fees charged to Grsecurity, unless they pull a rabbit out of their hat with their amendment.

  4. Hans 1
    WTF?

    Grsecurity

    Warning: Grsecurity: Potential contributory infringement and breach of contract risk for customers

    There, I did it also, sue me, bloodsuckers!

    1. Anonymous Coward
      Anonymous Coward

      Re: Grsecurity

      They might, but I suspect they're not going to take you seriously...

    2. Kiwi

      Re: Grsecurity

      Warning: Grsecurity: Potential contributory infringement and breach of contract risk for customers

      There, I did it also, sue me, bloodsuckers!

      Me to.

      I consider the use of GR Security's products to potentially place your company at risk of contributory infringement and to also potentially place you at risk of breach of contract.

      Make mine a sueball thanks!

  5. ma1010
    Stop

    Everybody is entitled to an opinion

    Anybody can spout off opinions about this or that, as various media, including many so-called "news" outlets do for a living these days. This fellow expressed an opinion that he thought something might be illegal, and so what? He's no lawyer. And even lawyers have been known to spout total bollocks (even when not being paid for doing it).

    Instead of filing a lawsuit, how about asking the fellow to give Grsecurity a chance to reply on his web site or, if he won't let them, simply issue a press release, preferably from their own lawyer, saying that in his opinion, the other guy's opinion is legal bollocks.

    In any event, the way it works in the legal world, nobody knows for sure if something legally untested like Grsecurity's code is or is not legal until someone files a challenge against them in court, and the case is completely adjudicated, including any appeals. And, of course, that applies only in the jurisdiction of the court - other jurisdictions may develop other opinions.

    So, as the judge points out quite clearly, this guy's opinion has no more legal standing than the opinion of some bloke down the pub about Brexit being a bad or good idea.

    1. bazza Silver badge

      Re: Everybody is entitled to an opinion

      Perens is not just a.n.other person. He’s been a fairly high profile expert witness in some court cases related to open source licenses.

      His utterances in such matters can therefore be considered to have been said with deliberate intent, rather than the spurious ill judged mumblings of a commentard like me. Thus the consequences, should GR ultimately win, would be more severe. I don’t know why he’s bothering to take the risk. If as many people argue GR is an irrelevance, why stick one's neck out?

      Indeed, why raise the whole spectre of the corner cases of GPL2 (which is what GR are relying on) when really we'd all rather pretend that GPL2 is fit for the intent of projects like the Linux kernel, when actually it comes up a bit short? If GR did win a GPL2 enforcement case, what's to stop a company like RedHat doing the same thing?

      1. Woodnag

        Re: Everybody is entitled to an opinion

        Your opnion is protected, expert or idiot.

      2. John Smith 19 Gold badge
        Unhappy

        "I don’t know why he’s bothering to take the risk."

        Maybe because it's an issue he cares about?

        Maybe he agrees the GPL2 is not quite 100% fit for purpose and would like to stress test it in court?

  6. Anonymous Coward
    Anonymous Coward

    The heading picture of Bender as presumably a lawyer in court. Which series/episode? Don't remember seeing that one.

    1. My Alter Ego

      I think it's the evolution episode, seeing as the humans are in threadbare clothes and the courtroom is full of robots.

      "I don't want to live on this planet anymore"

      1. Anonymous Coward
        Anonymous Coward

        "I think it's the evolution episode, [...]"

        Thanks - Season 6 Episode 2. Found an opening clip on YouTube.

        Hadn't realised Futurama had so many series. Looked at buying the Season 6 DVD set - then found I could buy a Seasons 1-8 boxed set (23 DVDs, 124 episodes) from several ebay suppliers for about £30. Gives me duplicates of the early seasons' sets - but a home can be found for those.

  7. EveryTime

    "This is certainly not the end of it.”

    No, it doesn't appear to be. The court almost invited a re-filling of the anti-SLAPP motion.

    GRSecurity should just tip-toe away and hope that doesn't happen. Filing an amended complaint will almost certainly insure that it does, and unless they pull a rabbit out of their dunce hat they'll be paying the lawyer bills all around.

    1. Anonymous Coward
      Anonymous Coward

      That’s probably what’ll happen (the tip toeing). I also suspect that no one is going to bring a successful GPL2 enforcement case against GR either.

      I can see why some companies prefer to base things on FreeBSD.

      1. bombastic bob Silver badge
        Devil

        "I can see why some companies prefer to base things on FreeBSD"

        as well as 'clang'

  8. John Smith 19 Gold badge
    WTF?

    "“While..the court did not agree with us, this is certainly not the end of it.” "

    He's a lawyer on a fee.

    Exactly like the law firm that continued to drag the SCO BS through the courts for decades.

    Let's see if GR security's CEO is dumb enough to full for the old "Your honor is tarnished, you're reputation defamed in the court of public opinion. You owe it to your self respect to pursue this to the end"

    Translation.

    If he falls for this that's my pension taken care of and the kids sorted till College.

  9. sweh
    Megaphone

    Sveasoft

    This all reminds me of the early-ish days of WRT54G router hacking. Early/mind 2000s. A company called Sveasoft produced some quite interesting firmware, but then went to a subscription only model; pay a subscription, get their firmware and (to be GPL compliant) get the sources. However if you then passed the source on (as is your right under the GPL) they would terminate your subscription, your support, and refuse to sell to you ever again.

    All the discussions around GRSecurity are the same as the discussions around Sveasoft.

    Some fun at https://slashdot.org/~TheIndividual/journal/ and http://wrt54g.oliver-arp.de/

    Sveasoft are now dead in the water (there's a stub web page still taking subscriptions, but I don't think James Ewing actualy delivers anything any more - http://www.linksysinfo.org/index.php?threads/sveasoft-did-i-just-mess-up-here.33599/ - It's been 10 years quiet), while OpenWRT, DD-WRT et al are going gangbusters.

    1. Mephistro
      Thumb Up

      Re: Sveasoft

      Yep, I remember them. In my opinion, it's a very similar case.

    2. Solmyr ibn Wali Barad

      Re: Sveasoft

      Yup. Still have a WRT54G with Sveasoft firmware. After reading some diatribes of the developer I thought that this guy has really gone off the rails. Pity.

  10. arctic_haze

    Congratulations Mr. Perens

    However it was not difficult to prevail. Under the US libel law the company would have needed to prove he not only was wrong but also knew he was wrong. And because he was right that is next to impossible.

    1. Anonymous Coward
      Anonymous Coward

      Re: Congratulations Mr. Perens

      On reading GPL2 it's difficult to see how he is right.

      There is zero obligation under GPL2 to supply future source code having supplied source code just once. Indeed after three years you no longer have to supply source code at all.

      It's a nasty corner case of the GPL2, unforeseen by the original authors, but there it is. What we cannot have is popular perceptions of the license taking priority over what the text of the license actually says. If the GPL2 can be retrospectively re-interpreted, then unpopular re-interpretations are also possible.

  11. a_yank_lurker

    Real Issue

    Perens was complaining about an attempt to subvert GPL by claiming patches are not covered. GPL requires (intends to) all modifications to the code be released under the same license. The court ruled that there was no applicable case on the GPL and its derivative requirements and that his comments were a valid opinion about the GPL. Thus there is no defamation possible.

  12. Anonymous Coward
    Anonymous Coward

    Someone'll need to explain what rm -rf means...

    ....for all the Windows users reading this.

    1. Kiwi
      Boffin

      Re: Someone'll need to explain what rm -rf means...

      Someone'll need to explain what rm -rf means...

      ....for all the Windows users reading this.

      What it means is your system is borked because you forgot where you were when you typed it out of habit.. :)

      rm = ReMove (I believe, could be corrected if necessary) -Recursive and -Force - ie delete all files, any subfolders and all of their contents, and do it without any further question/warning. Similar to the old "delete" or "Deltree" commands in windows (not sure if Delete could remove folders etc recursively).

      (rm filename would just delete the file, but if there's an issue (aside from file ownership/permissions) it would prompt for further handling, the "-f" stops that)

    2. Paul Crawford Silver badge

      Re: Someone'll need to explain what rm -rf means...

      DEL /F /S /Q *.*

      (I think that leaves directories though)

      RMDIR /S /Q *.*

      (On later Windows instead of deltree)

      Please don't try this at home folks! More so if you had to ask...

    3. bombastic bob Silver badge
      Trollface

      Re: Someone'll need to explain what rm -rf means...

      tell them to try it out in their "ubuntu on windows" bash shell

  13. Anonymous Coward
    Anonymous Coward

    I want cake

    Why can't gr security go to court, prove what they do is indeed legal under gplv2, and assure their former, current and future customers?

    After all these are two opinions, and it is in grsecurity's business interest to set the ambiguity right. That is a justifiable business expense, as much as the defamation suit is.

    What they want is to play in the grey area AND have no one call them out. Now that's a double standard and makes grsecurity the disingenuous party with a defamation suit.

    The truth really is that they don't want their opinion regarding licensing tested either.

    1. The First Dave

      Re: I want cake

      "Why can't gr security go to court, prove what they do is indeed legal ..."

      Who would be the other party?

      1. gnasher729 Silver badge

        Re: I want cake

        Who would be the other party? Anyone who has a copyright in Linux, that's probably thousands of developers, and some smaller and bigger companies. I would bet that Microsoft, Google, Apple etc. have at some time contributed a few lines of code to Linux, so they could keep GR busy in court if they wanted to.

        1. bombastic bob Silver badge
          Devil

          Re: I want cake

          "Who would be the other party? Anyone who has a copyright in Linux..."

          yeah, it's kinda like suing your neighbor because your dog is NOT crapping in his yard (to prove your dog doesn't crap in his yard), particularly when your neighbor isn't complaining about it, even though the guy 3 houses down wrote about "curbing your dog" in his blog.

          I think you have to have an actual FILED COMPLAINT before a court case is heard. Otherwise, what's the point?

          IANAL and this is *entirely* my bombastic opinion.

  14. sloshnmosh

    I could be mistaken...

    But wasn't the GRsecurity patch freely available to download a while back?

    I vaguely remember (attempting to) compile a Linux kernel with their patch a few years ago.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like