For the people who can’t see the page - I don’t have it open anymore, but it was someone asking for help to figure out what version of certain libraries was used in the BrickLink studio software, since some flags they expected to work weren’t working. Another user replied that they did some digging into the decompiled source and found which version it was, but they also found strings from that source that matched GPL-licensed libraries (including at least one that user had written himself, because he recognized hardcoded filepaths to locations on his own machine he had used when developing the library).
> Got bored, did some digging in their binary, they built using some of our our svn libraries (I know it’s our libs since the paths embedded for some of the source files are local to my computer :slight_smile: ) which makes it easy to track down
> they ship openimageio 1.7.15 which means the code is likely from somewhere in between 2017-06-04 and 2018-08-27 which is indeed around the 2.79 time frame.
> It would have been nice if they kept the code opensource, so it could get all the improvements blender makes easily, but they seemingly chose not to go that way. which is somewhat strange since they clearly lifted the GPL licensed bf_blenlib [1] so the closed source nature of eyesight is odd to say the least.
> [1] the executable contains strings like <inline>Error! Could not get the Windows Directory - Defaulting to Blender installation Dir! , Error! Could not get the Windows Directory - Defaulting to first valid drive! Path might be invalid!</inline> and <inline>BLI_dynstr_append text too long or format error.</inline> that can only could have come from bf_blenlib
UPDATE: Additional context from Orion Pobursky[0], the LDraw.org's webmaster:
> The https://Stud.io has been historically bad with attribution of their sources. LDraw had to contact them directly to get them to acknowledge use in their about page and most average users still don't know that the Stud.io's library is back by LDraw.[1]
Is there precedent for that holding in court? Saying something like "I put this unusual string in my software & it is also in theirs" seems pretty useless from a legal perspective.
>In cartography, a trap street is a fictitious entry in the form of a misrepresented street on a map, often outside the area the map nominally covers, for the purpose of "trapping" potential plagiarists of the map
I thought the same thing prior to seeing your comment -- yes, these are basically the first version of watermarks... so cartographers could silently 'sign' their work and see who steals it.
That would be nice, but the share of successfully litigated copyright cases that have video evidence of the act of copying, or something similar, is essentially zero.
Heck, criminal jury convictions, despite the much higher standard of proof, very often don’t have “video of the act being committed” kind of evidence.
IIRC there was a Mac program that proved it was being infringed on because the knockoff software implemented the same Easter egg when a certain series of hot keys was pressed
On the contrary, that seems more likely to be understood by a non-technical audience than any amount of decompiler output. Doesn't replace the latter, but it certainly removes a reasonable doubt.
Yeah if the string is something like "I sidewndr46 am the copyright holder for this software", I can't really see how it would be possible for a vendor to say they just happened to put that in their own independently created product.
Don't some map makers put ghost towns or roads that don't actually exist in their own maps as a sort of fingerprinting method? Unless you actually visit that particular spot, one might not know and inadvertently copy the proprietary map data,
"Unusual string" seems a lot more innocuous than unusual string referring to the product as another copywrited work by name which contains the same unusual string.
I'm not sure of the actual prevalence of police using fingerprints to track down theft. It is however accepted as a piece of evidence in various criminal courts, so one would expect it to hold up in a non-criminal court as well.
The difference is I didn't choose my fingerprints nor did the police. It's also really, really hard to get rid of them OR to have someone else with the same fingerprints as mine.
What I meant by faking fingerprints was creating another living human being with my same fingerprints. It's obviously trivial to create fingerprint evidence.
It is not just that you can create fingerprint evidence.
It is that you can create fingerprint evidence in normal interactions with fingerprint systems in ways that leave no other evidence, and are unlikely to draw scrutiny from nearby humans.
I think it is important to distinguish between Blender and Cycles and Eyesight, the render engine that Studio uses that is in question.
Blender is the application and Cycles is the render engine.
Studio itself is a Unity application that would almost certainly be incompatible almost in its entirety with any source code they could pull from Blender. At that point they would be porting logic.
Their Eyesight renderer is a separate application that looks to be a fork of Blender with everything but Cycles pulled out. COPYING.txt explains that Eyesight is based on Cycles using the Apache License v2.
C:\Program Files\Studio 2.0\PhotoRealisticRenderer\win\64\license if you're curious.
Not that it excuses them necessarily, but Studio was not created by LEGO. Bricklink was purchased by LEGO relatively recently and had no say in its development. It is very likely a small team built it not even thinking about legalities.
> Bricklink was purchased by LEGO relatively recently and had no say in its development. It is very likely a small team built it not even thinking about legalities.
1. being small doesn't exempt one from following the law.
2. if that is the case, someone at Lego didn't do their homework during the acquisition.
You ascribe a level of malice that is unwarranted.
1. No. But laws are rarely written in a way that people without a lawyer can understand.
Do you fully understand every EULA you agree to? Do you keep up with changes to the licenses of everything you use on a daily basis and immediately update your processes based on any changes you don't like? Do you have the expectation that everyone can do such a thing? Is there the expectation that everyone have a lawyer ready to review everything they touch?
2. They probably didn't. But Bricklink has such a footing, they likely thought it would be worth whatever hassles came up.
Lots of people didn't like the idea of Bricklink being bought by LEGO. Partly because it increases LEGO's control over the building block industry. Partly because it seemed to have come out of nowhere.
> But laws are rarely written in a way that people without a lawyer can understand.
The GPL has been around for decades (v1 is 34 years old), and it was written by a programmer. Unlike EULAs, it's a standard text that rarely ever changes (last time was almost 16 years ago). There are copious amounts of resources online, explaining in plain English what you can and cannot do with it, including all the grey areas.
GPL and LGPL are cultural cornerstones of the opensource community, so I honestly struggle to justify the ignorance, let alone defend it. Obviously shit happens (as I showed in another comment), but "we are a small team" is not an acceptable defence for abusing a license.
> Their Eyesight renderer is a separate application that looks to be a fork of Blender with everything but Cycles pulled out.
If it’s a separate application complying with the GPL is trivial — either link to blender.org and/or publish their patches.
I highly doubt they have any secret sauce in there but just needed a way to call cycles without having to write a bunch of code…which is kind of ironic because cycles used to be able to be called from the command line (might still be, dunno) so doing it this way was probably more work in the end with the added bonus of bad press.
Though, admittedly, cycles had some XML file format that was a train wreck. I tried to come up with an XSD schema for it at one point but, umm… train wreck.
People should just ask these things because it isn’t secret knowledge where you need some $megabuck$ consultant to avoid problems.
It's worth noting that there have been some high-profile cases of legal action being taken against GPL violators, such as the BusyBox lawsuit in 2007, which resulted in a settlement requiring the defendant to comply with the GPL and pay damages. However, many GPL violations are resolved through non-legal means, such as negotiating a license agreement or reaching a settlement outside of court.
But likely this will just cause minor reputational damage among HN-types and have no real consequences.
I was maintaining a uClinux router distro back in 2003, one of the router in our list ended up in court for the first legal case for GPL violation in Germany:
"17 apr 2004 - GPL testing in court by the Netfilter/Iptables team, due to refuse to give source code of the Sitecom WL-122 (isl3893 based!). In the same time, some source code has appeared on the webserver of Sitecom."
> But likely this will just cause minor reputational damage among HN-types and have no real consequences.
I think so too. Onyx has been in violation of the GPL for a few years now and nothing is happening. Their products are often recommended on HN so the reputational damage even here is likely to be minimal.
That's just another reminder that HN is a big place with different crowds who don't necessarily intersect or interact on the same topics. I've been a regular reader of and poster on HN for over 10 years and have never heard of this company.
>many GPL violations are resolved through non-legal means, such as negotiating a license agreement or reaching a settlement outside of court.
And IMHO this is killing the license. Companies are doing the calculations and determining that by the time they get caught they can just negotiate at best and at worst just ignore it and drag things out until it realistically no longer matters. Without teeth no one will follow their obligations.
Some people say GPL is dying because nobody use it due to its terms.
Some people say GPL is dying because everyone use it but nobody follows its terms.
The truth is in somewhat in the middle. There is more GPL adoption out there than people think, but respecting terms is a nontrivial effort. Some infringements are done in good faith and resolved equitably once noted, but detection as a whole is undoubtedly difficult, and we only see the negative headlines when it happens. That doesn't mean the license is dying; in fact, it's doing the opposite: helping people out there building software in the open, and taking to task businesses that don't play fair. We just have to accept that success rate will just never be 100% compliance, because legal constructs never reach that.
I mean, it's much less trivial than other licenses. Let's look at the scenarios here:
- John Dev takes a bit of MIT/BSD licensed code. He drops an acknowledgment in the About screen (which nobody will ever read), and that's it. (yes, many still fail to do it...)
- Jane Dev takes a bit of (L)GPL licensed code. She has to add the license file to the installer, so the installer people start asking questions: "is this an eula? Should we display it on install?" Jane clarifies that we just need to ship it, but now Legal is in the loop. Legal goes "it says here that we have to provide stuff on request, does that mean all our private code?" Jane explains how she carefully used it in such a way to avoid that scenario; half of the explanation goes above the head of every lawyer in the room, so some of them trust her and some don't. Let's assume it gets greenlit, now we have to talk to the website folks to put a link somewhere - but Legal are still on the case: "ah, but we don't want to make it too easy, let's just have an email." Who's going to monitor that mailbox? Can you do it, Jane? Legal goes "no, Jane is technically not responsible for distributing, let's loop back in the release managers". Release managers don't want to hear it, they already have enough shit to shovel. By now half the people have gone on holiday one or more times, there are more urgent fires to put out, and the thread is forgotten. Product ships. Jane moves on to found her own startup. The product will likely be infringing for years, which may or may not ever be detected.
I love the GPL and I wish everyone used it and respected it, but it's not easy to live with it.
It's "less trivial" compared to the MIT license, sure. But compare the GPL to any proprietary license, such as the ones Lego probably slaps on their own software, and suddenly the GPL is fairly simple, relatively…
Some proprietary licenses are complicated, like oracle and vmware. But most of them you just pay and you're set. Even with those two it's still sort of like that. But even then they will just threat to audit and you could pay them off there as well.
No, they're not? "pay and you're set" to do what is the question, then.
IANAL. Let's take VSCode as an example. At the very least, the license:
1. permits data collection on your machine.
2. restricts the user: no reverse engineering, no disassembly, no decompile. No alteration of any "notices" from MS (or others). No distribution (…ish, there are some exceptions? it's complicated?).
3. a $5 limit on damages, which is … interesting.
And to be fair to MS, I think this is one of the shorter and clearer proprietary licenses that I've found. But it is hardly "pay and you're set". (Hell, "pay" — the price is free^W your data, here.)
But a further part of the complication is the mere distinction of proprietary-ness of the license. The GPL is the GPL, and once I've read it, and made a decision on the terms of it, a piece of software can signal its license with "GPLv2" or such, and I can essentially get a cache-hit on my legal interpretation of the license. Every proprietary license is a cache-miss, and is thus immensely more time consuming to process.
My experience is that 95+% of businesses will follow GPL obligations, even without teeth. The <5% bad actors are a problem, but that doesn't negate that it mostly works.
My experience is, for businesses who pay attention to open-source licenses, they will avoid GPL libraries like the plague (GPL applications are usually fine, though there's sometimes some skepticism).
But not all businesses pay close attention to open-source licenses.
I have to assume that scale has something to do with it. Huge companies usually take that pretty seriously. Tiny companies... eh, they might not even be aware.
Concur on this about avoidance. From my own experience at a startup years ago, the corporate counsel was pretty much hostile to any GPL libraries being used in the companies product, and was especially hostile to the AGPL, categorically refusing to support use of anything using the latter.
> Companies are doing the calculations and determining that by the time they get caught they can just negotiate at best and at worst just ignore it and drag things out until it realistically no longer matters.
You're giving companies way too much credit. Unless a company has been sued for something, they often have no insight into or awareness of it. Most companies do not have strict policies around using GPL or OSS. The legal, audit and compliance teams are only aware of things when it's brought to their attention.
Our company is very good about accessibility and ease of use in our products, but only because someone used the ADA to sue the shit out of us a decade ago.
I would wager that most GPL violations are made by folks who are consciously aware of what they're doing, and the companies they work for are completely unaware that such decisions are even being made. There's no actuary running the numbers and saying "yeah go ahead and violate it, litigation is cheaper than compliance", that's tinfoil hat level thinking IMO.
Conservancy have said in numerous talks that we are well past the age of unintentional violations and well into the deliberate violations era, where companies just stall and stall and stall.
That's a legal tactic regardless of initial intent or guilt. If you thinking waiting someone out is cheaper than losing or settling, then you stall. It puts a financial burden on them.
I'm not saying it's right, and it's also not an indicator of guilt, malice, or forethought.
And? Being shown evidence you committed a crime or breached an agreement doesn't prove malice or forethought.
Additionally people seem to think of legal contracts and licenses as being set in stone or non negotiable. In the legal world they are simple the starting point for any negotiation.
"Our primary goal in GPL enforcement is to bring about GPL compliance. Copyleft's overarching policy goal is to make respect of users' freedoms the norm. The GNU GPL's text is designed towards this end. Copyleft enforcement done in this spirit focuses on stopping incorrect distribution, encouraging corrected distribution, and addressing damage done to the community and users by the past violation. Addressing past damage often includes steps to notify those who have already received the software how they can also obtain its source code, and to explain the scope of their related rights. No other ancillary goals should supersede full compliance with the GPL and respect for users' freedoms to copy, share, modify and redistribute the software."
This is just the way the legal business works normally. 95% of civil cases settle before trial because lawyers know the law, don't need to go to court to know what is going to happen, and handle it more efficiently between themselves.
The fact that people are able to remediate disputes without resorting to escalation indicates a high level of maturity of the legal system and legal profession. Third party remediation is a result of a failure of both parties to work out a solution amongst themselves. A legal system where both parties know and agree on the law is a success, not a failure.
By analogy if people manage their own illnesses without engaging health service should be a testament to the level of maturity of health services in USA.
The FSF says they only care about the GNU project license violations.
https://sfconservancy.org/ has an actual record of fighting against license violations.
GNU generally requires that contributors assign their copyright to the FSF, which is what allows the FSF to litigate; they can't do this for software that they don't hold copyright to. The Software Freedom Conservancy, on the other hand, holds partial copyright to each of their many member projects' software and chooses to actively enforce the GNU GPL on that code quite frequently.
The SFC's ongoing case against Vizio in California[1] appears to show that violators of the GNU GPL can be sued by users, not just copyright holders. If this case sets precedent elsewhere in the USA and even in other countries, then organisations like the FSF and SFC will have far more options in what violations they choose to litigate. However, this also opens up the risk of 'GPL trolls' who might not be motivated by the same principles[2].
Conservancy v Vizio being the current on-going one, this time they are suing for compliance as a third-party beneficiary of the GPL, rather than copyright holder:
> However, many GPL violations are resolved through non-legal means, such as negotiating a license agreement or reaching a settlement outside of court.
A legally binding agreement (especially one to settle active litigation) is a very odd thing to describe as “non-legal means”.
> However, many GPL violations are resolved through non-legal means, such as negotiating a license agreement or reaching a settlement outside of court.
IIRC they redistribute the source to their users, so the GPL is respected. The GPL doesn't force you to make your modifications public or available to the original authors (that would be non-free), only that your users should have access to the modifications, also under GPL.
They surely do something like Red Hat that says in a contract you lose access to the GRSecurity patch¹ as a user if you publicly redistribute the source.
> They surely do something like Red Hat that says in a contract you lose access to the GRSecurity patch as a user if you publicly redistribute the source.
GPL 2.0
> 6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License.
You may not impose any further restrictions on the recipients' exercise of the rights granted herein.
Red Hat prohibits you from redistributing their binary packages, and that's well within the rights of the GPL as it attached to the source with the only requirement on binaries being that the GPL'd source code be made available upon request. Before the CentOS rebase, they went a step further and you could just download SRPMs right off their FTP server without even being a paying customer.
In the case of GRSecurity, in their FAQ [https://grsecurity.net/faq] they even acknowledge that their customers have a right to share the patches.
Q: Does grsecurity have a free version for evaluation only?
A: Grsecurity fully complies with the license of the Linux kernel, the GPLv2. Since grsecurity is delivered as a source code patch, it is not possible under the terms of the GPL to offer a free version under an actual restriction that it be used only for evaluation purposes. Any customer receiving a grsecurity patch receives all the GPL-granted rights and responsibilities, including the right to redistribute patches in their possession or even to sell them to others.
They may allow their customers to redistribute the patches and then decide to stop providing further updates to customers that use these rights. I can see this faq being still literally right. They just don't mention this fact.
But this last Q&A states between the lines that no, they wouldn't provide a free version for evaluation only because if they did, you could freely redistribute the patch since they can't impose you to keep it secret because of this very paragraph of the GPL you quote, and they don't want this because that would break their business model.
That's not proof they actually tell their customers they will stop providing them further updates if they redistribute the patch, but this only reinforces my belief they do. This is exactly how they manage to keep there code non-public.
The GPL doesn't and can't force the GRSecurity project to provide updates to their customers under any circumstances.
This faq does not lie and is technically correct, it just "forgets" to mention that customers are tied to such a contract.
Not a customer and their access agreement isn't public, but terminating a contract in retribution for redistributing their patch would be a violation of the GPL's "no further restrictions" clause and thus they would be in breach. If they're pulling a stunt like that somebody with big enough pockets only needs to file a lawsuit.
I don't think that's true. "If you redistribute we stop collaboration" is not a restriction on the source code the customer has access to.
I think this clause doesn't mean what you mean. This clause means that the GRSecurity project can't license their modifications under a more restrictive license than the GPL. Which the GRSecurity project respects, customers do have access to the modifications under the GPL license.
Until FLOSS stewards start suing for the maximum damages permitted by law ($135k/violation) and make these company-ending events, FLOSS will be seen as a grab-n-go for anyone to pilfer, abuse, and sell as their own.
I completely understand why FLOSS people wouldn't want to go after individuals misunderstanding a license. And that's also not at all what I'm talking about. LEGO et al have been around for decades, piles of lawyers, heavy handed trademark letters from their lawyers.... but end up doing fuckall with FLOSS folks.
Think if the tables were turned - and you accurately modeled every LEGO brick and allowed sending to 3d printers to make custom bricks. Just how FAST would they shut that down?
Think if the tables were turned - and you accurately modeled every LEGO brick and allowed sending to 3d printers to make custom bricks. Just how FAST would they shut that down?
LEGO brick patents have already expired years ago and there exists plenty of alternate producers of LEGO compatible bricks. but yes, LEGO is trying every trick in the book to stop alternate brands from selling their products.
i disagree however that suing for maximum damage is helpful to GPL software. it only instills fear in companies wanting to use it because it increases the risk.
i believe a good will approach to help companies with compliance is better, only suing when companies refuse to comply.
> i disagree however that suing for maximum damage is helpful to GPL software. it only instills fear in companies wanting to use it because it increases the risk.
And for some reason, a company with questionable EULAs, illegal in many jurisdiction's terms, and hundreds of pages of dense legalese doesn't seem to scare any of these companies away.
And many FLOSS licenses are written in plain language to easily understand what you can and cant do. These companies aren't doing an accident - its intentional, ongoing, and continual malfeasance BECAUSE there is no real punishment. At best, they'll have to "comply". (And you know, FLOSS is always bemoaning no money.... well, here's a way to fund it)
> i believe a good will approach to help companies with compliance is better, only suing when companies refuse to comply.
You can disagree with me all you want. All I ask is "how does it look when the tables are turned"?
The business software alliance and Software & Information Industry Association are utterly dictatorial about intentional copyright violations, and also very harsh about accidental violations.
You can do further research on case studies of places that were called out for pirated software, and how many millions of dollars they had to pay in fines and "fixing proper licenses".
Until FLOSS starts doing tit-for-tat (the best game theory decision in these kinds of things), we're going to keep seeeing companies treating FLOSS as their own personal loot-crate with little to no punishment for intentionally doing wrong.
Until FLOSS starts doing tit-for-tat (the best game theory decision in these kinds of things), we're going to keep seeeing companies treating FLOSS as their own personal loot-crate with little to no punishment for intentionally doing wrong.
for every company that is doing that there are two others the use FOSS with good intentions, and some of those will make mistakes in their compliance which they will fix when politely approached.
if we start pursuing every violation with an immediate lawsuit then those well intended companies will stop using FOSS because they don't want to risk getting sued.
i will have to stop using FOSS in my products. because my small company can't afford a lawsuit just because i accidentally forgot to give notice or include a link to the source somewhere.
so if we do that FOSS will loose market share.
we can and should pursue malicious users aggressively, but only after we have confirmed that they are not going to comply willingly.
> for every company that is doing that there are two others the use FOSS with good intentions, and some of those will make mistakes in their compliance which they will fix when politely approached.
I doubt the statistics here. I surely hope most companies are not this sloppy with their contracts, that they "forget" to follow their requirements.
> if we start pursuing every violation with an immediate lawsuit then those well intended companies will stop using FOSS because they don't want to risk getting sued.
> i will have to stop using FOSS in my products. because my small company can't afford a lawsuit just because i accidentally forgot to give notice or include a link to the source somewhere.
And what will you use instead? How will you follow the requirements of those licences? That's what I never understand in these arguments. The alternatives have typically much stricter requirements and are enforced by large corporations.
> so if we do that FOSS will loose market share.
Why should I care about the market share of FOSS if a significant portion of that share doesn't distribute their code?
> we can and should pursue malicious users aggressively, but only after we have confirmed that they are not going to comply willingly.
i said "some of those will make mistakes", which means, most won't. there is no contradiction.
And what will you use instead?
BSD stuff i suppose, or write my own, or pay for a commercial license which is usually a lot easier to follow than the GPL, because it doesn't require me to give anything to my users. i just pay and then i can use the code however i want as long as i don't resell the source.
Why should I care about the market share of FOSS
that's up to you.
i care because FOSS, and the GPL in particular give me and other FOSS users more freedom in how they use the software. in want this freedom to spread. making it risky for businesses to use FOSS is not the way to do that.
Didn't Bricklink make the Studio software prior to Lego's 2019 acquisition? That doesn't completely justify Lego, but I think it is another bit of relevant nuance to the situation.
It would have been Lego's responsibility during due diligence to do a software inventory of Bricklink and determine if there were liabilities around software licenses.
It is a very common thing to do. Startups cut corners and don't get attention cause they don't have a lot of money. But get bought out by a multi-billion dollar company and it gets noticed.
I honestly have no idea. But the title suggests malice on the side of Lego, while it links to a forum discussion with an off the cuff remark that a library is GPL. Nothing about trying to get an unwilling company to comply or similar as I was expecting.
Folks here seem to be contacting the bricklink team already for clarification, it will be interesting to see how this plays out.
Feels to me like open sourcing would be a win for them, provided they don't link to any other code containing proprietary licenses.
maybe you should find out, before spreading misinformation:
> require that programs distributed as pre-compiled binaries be accompanied by a copy of the source code, a written offer to distribute the source code via the same mechanism as the pre-compiled binary, or the written offer to obtain the source code that the user got when they received the pre-compiled binary under the GPL.
did you read what I quoted? It says the binary must be distributed with source code, or with an offer to distribute the source code. Lego did none of that.
I was responding to the comment on https://news.ycombinator.com/item?id=35182511, which says that "GPL doesn't say you must provide source code once you get caught, it says you must publish it the moment you release a derivative work."
And, no. You don't have to publish the source code. You have to offer to distribute it. Which is different. (I am not a lawyer).
> It doesn't look like Lego has even been contacted and asked to remedy the situation.
Lego is giant international corporation with a small army of lawyers and dedicated compliance officers. They don't get the benefit of the doubt here nor if someone infringed on their IP would they 'delicately handle it' to preserve the reputation of the offender.
I didn't say they should get the benefit of the doubt. It's pretty clear cut, there's little doubt to be had.
But we have no idea how they'll remedy the situation, because the situation has, in all likelyhood, not been pointed out to them at this point in time.
And it's highly unlikely that their "small army of lawyers and dedicated compliance officers" would knowingly allow this. Therefore I doubt the situation is the result of actively malicious behavior.
wrtyler:
I’ve been writing a lot of new custom colors for Stud.io 52. As such, I use the Blender Cycles Manual a lot for reference. However, the online manuals available for Cycles only go back to version 2.79. I think Eyesight is based on some version of 2.78 because even using the older versions of the manual there are still parameters listed that are not available in Eyesight.
So…I’d like to know on which version of Cycles Eyesight is based, and if there is a Cycles manual available for that particular version.
RESPONSE :
LazyDodo:
Got bored, did some digging in their binary, they built using some of our our svn libraries (I know it’s our libs since the paths embedded for some of the source files are local to my computer :slight_smile: ) which makes it easy to track down
they ship openimageio 1.7.15 which means the code is likely from somewhere in between 2017-06-04 and 2018-08-27 which is indeed around the 2.79 time frame.
It would have been nice if they kept the code opensource, so it could get all the improvements blender makes easily, but they seemingly chose not to go that way. which is somewhat strange since they clearly lifted the GPL licensed bf_blenlib [1] so the closed source nature of eyesight is odd to say the least.
[1] the executable contains strings like Error! Could not get the Windows Directory - Defaulting to Blender installation Dir! , Error! Could not get the Windows Directory - Defaulting to first valid drive! Path might be invalid! and BLI_dynstr_append text too long or format error. that can only could have come from bf_blenlib
I try generally not to be the vindictive type… but Lego being SUCH HAWKS and sticklers when it comes to brand protection, I can’t help but root for them getting skewered for this. I doubt much will really come of it, though.
The link seems to be down, but from what I can gather this is linking to a forum post from 2021 where a user (possibly working on bricklink?) was asking for help.
Presumably there was a more recent post since then, but I can't find it. If anyone has a copy of the more recent posts it would help the conversation.
edit: it seems that the blender team noticed that bricklink is using some GPLed code from the blender project (notably, bf_blenlib)
That is an interesting point. How many GPL licensed projects don't follow this themselves?
It might be different for the originator to not include the license and just state it on their website, but any fork or redistributor would need to provide a copy of the license to be in compliance.
IMHO the best way to ensure compliance is to include full source and the license file with every download.
IMHO2 this might be why Apple doesn't want GPL in their app store. One could claim Apple is redistributing it and not in full compliance depending how the developer handles these things.
Could you expand on that comment. Do they include attribution to the authors (as they have in blenders license) and all notices that refer to the license?
In general, in order to be in compliance they also need to:
You must cause any work that you distribute or publish, that in
whole or in part contains or is derived from the Program or any
part thereof, to be licensed as a whole at no charge to all third
parties under the terms of this License.
And either accompany source code along with executable, or a written offer for source code.
Including a copy of the GPL is a nice first step. Do they follow the remaining conditions?
>Could you expand on that comment. Do they include attribution to the authors (as they have in blenders license) and all notices that refer to the license?
I don't know.
I'm not entirely sure which libraries licenses are alleged to have been infringed upon. The string "blen" doesn't appear in the Licenses.docx file. There are another ~10 license text files in that folder for libraries that might be Blender-flavored.
>...source code along with executable, or a written offer for source code... Do they follow the remaining conditions?
Again, I can't say, I'm not sure how to search for it without getting false positives and I'm not committed enough to read through that much licensing text.
I agree with my sibling commenter on his assertion that including the license (that mandates furnishing source code on request) is itself an offer to furnish source code on request, but I understand where you're coming from if you don't.
Interesting side note, in the Licenses.docx file there's also a copy of the GNU Affero GPL3 license. I've no idea what they've included that uses that license, but I think the possibility that they've included AGPL3 licensed code could be much messier.
Just downloaded their provided installers for both mac and win, then emailed their customer support ('customersupport@bricklink.com') to enquire about it's license, open source status, and if there's somewhere to download the source code.
Received the automated "we got your message, we'll get to you when we can" style message.
Good Afternoon Justin,
Thanks for reaching out to BrickLink, I would be happy to take a look into
this for you!
I, myself, do not have the knowledge base to answer this. This has been
reported to my team and I will reach back out once I am presented with an
answer for you.
Thank you for your patience.
Sincerely,
Toby
BrickLink Customer Support
> I can't check the software at the moment but if they provide the license file(s) and offer a way to get the source then there's nothing wrong, really.
Notably, it would either need to be a written offer according to GPL2[0],
> b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or,
…and GPL3[1],
> b) Convey the object code in, or embodied in, a physical product (including a physical distribution medium), accompanied by a written offer, valid for at least three years and valid for as long as you offer spare parts or customer support for that product model, to give anyone who possesses the object code either (1) a copy of the Corresponding Source for all the software in the product that is covered by this License, on a durable physical medium customarily used for software interchange, for a price no more than your reasonable cost of physically performing this conveying of source, or (2) access to copy the Corresponding Source from a network server at no charge.
…or, if the distribution medium is not physical, the source code would have to be provided in the same way as the original object code / binary:
> d) Convey the object code by offering access from a designated place (gratis or for a charge), and offer equivalent access to the Corresponding Source in the same way through the same place at no further charge. You need not require recipients to copy the Corresponding Source along with the object code. If the place to copy the object code is a network server, the Corresponding Source may be on a different server (operated by you or a third party) that supports equivalent copying facilities, provided you maintain clear directions next to the object code saying where to find the Corresponding Source. Regardless of what server hosts the Corresponding Source, you remain obligated to ensure that it is available for as long as needed to satisfy these requirements.
1. You may copy and distribute verbatim copies of the Program's
source code as you receive it, in any medium, provided that you
conspicuously and appropriately publish on each copy an appropriate
copyright notice and disclaimer of warranty; keep intact all the
notices that refer to this License and to the absence of any warranty;
and give any other recipients of the Program a copy of this License
along with the Program.
[...]
3. You may copy and distribute the Program (or a work based on it,
under Section 2) in object code or executable form under the terms of
Sections 1 and 2 above provided that you also do one of the following:
a) Accompany it with the complete corresponding machine-readable
source code, which must be distributed under the terms of Sections
1 and 2 above on a medium customarily used for software interchange; or,
b) Accompany it with a written offer, valid for at least three
years, to give any third party, for a charge no more than your
cost of physically performing source distribution, a complete
machine-readable copy of the corresponding source code, to be
distributed under the terms of Sections 1 and 2 above on a medium
customarily used for software interchange; or,
c) Accompany it with the information you received as to the offer
to distribute corresponding source code. (This alternative is
allowed only for noncommercial distribution and only if you
received the program in object code or executable form with such
an offer, in accord with Subsection b above.)
If the GPL license notices are not kept intact, if a copy of the GPL is not provided with the software, and if the source code - or an offer of the source code - is not provided with the software, then they are not currently compliant with the terms of the GPL.
On the BrickLink Studio-Site they mention the License for ffmpeg and have a download-link for it. So I assume they are generally cool with these things.
The MindStorms bricks were based on Linux, but they couldn't care to even provide a text-mode uploader for new firmware that worked on Linux. Happy to take from, but not to give back to, the community. Their support didn't even understand the bug reports in the firmware when spoon-fed. No engineering left; just plain money-grab at this point.
The problem is other developers. There are some jerks out here who don't think software licensing is important, and who would have guessed? It's the same people not contributing anything back to the industry.
HALF my team at my last full-time job didn't think software licensing was important. They thought services like GitHub Copilot were no big deal.
My guess is they violate license requirements on a daily basis.
Another Danish company, Phase One (camera maker) uses Linux for their digital backs and did end up playing nice when I asked for their source, for one anecdotal evidence point. They were unaware of GPL and its requirements initially though…
It's like Lego, but much better. Lego is shit these days; most kids use them as 3D jigsaw puzzles with instructions. The creativity is gone. The blocks are designed to build a Star Wars this or a Marvel that, and not generic like when we were kids.
On the other hand, a $20 Engino set lets you build almost anything, including complex mechanical linkages of the type Lego always wanted from Technics but never quite figured out how to do right. I spent around $100, so I can build really big and complex things and never run out of pieces. That's like 5 Lego sets.
Only downside of Engino is lack of decent programming environment, but an HN parent should be able to integrate a Micro:bit easily enough, which then eats Lego for breakfast.
Engino looks interesting for older kids. But I think that Lego compatible stuff would be way more fun with younger kids.
I have been involved in the Lego MOC and Alt Build community recently via rebrickable.com and I disagree that the creativity is gone.
Also, tools like webrick.com make it possible to build stuff without paying the Lego markup. I really think that the Lego system is something the whole world owns at this point due to patents being expired and it should be that way.
I'm not sure where the breakpoint for "younger" and "older" is, but I've done Engino with kids as young as 2nd grade, but they do need help pulling pieces apart sometimes. By 4th or 5th grade, it's ideal.
One of the things elementary school kids like about it is that it's possible to build big things.
Younger than Engino, and I like normal blocks (wooden or foam) and Magnatiles.
I wasn't familiar with webrick. That's something to perhaps explore at some point.
I strictly use MIT / BSD style license for contributing because I believe GPL is stopping innovation by stopping refactoring libraries out of programs to be used by other programs, but doesn't really stop companies who don't want to give back source code: they just put things behind a service / different program.
