CNET también está disponible en español.

Ir a español

Don't show this again


New method for detecting GPL violations; proprietary vendors urged to come clean

A new method for detecting IP violations is being proposed, and I'm confident it will turn up plenty of offenders in the proprietary camp. I'm rubbing my hands with glee at the prospect.


Why would anyone steal free software? Hint: it's not about the price, it's about the freedom. Some downstream users want their software with no obligations attached. In other words, they want someone else's cake, and they want to eat it, too.

Selfish, greedy, naughty people.

But now there's apparently a way to detect and prove GPL violations, as reported on Slashdot. The technique is called birthmarking, and while the academic paper [PDF] calls for birthmarking Java, the same technique is generalizable to other languages.

Here's how it works:

We propose a new birthmark for Java that improves upon the sketch by Tamada et al. (2004) and leverages object-orientation. In particular, we abandon the idea of observing the global trace of system calls. Instead, our API Birthmark observes short sequences of method cal ls received by individual objects from the Java Platform Standard API, which is part of the Java Runtime Environment. By aggregating sets of short call sequences the otherwise overwhelming volume of trace data becomes manageable. In addition, such object-level call sequences are less affected by thread scheduling than global traces.

In other words, as Slashdot notes:

The API Benchmark observes the interaction between an application and (dynamic) libraries that are part of the runtime system. This captures the observable behavior of the program and cannot be easily foiled using code obfuscation techniques, as shown in the paper. Once such a birthmark is captured, it can be searched for in other programs. By capturing the birthmarks from popular open-source frameworks, GPL-violating applications could be identified.

I think it would be fascinating to find out where GPL (or other open source-licensed) code resides. I'm willing to bet that many of our proprietary friends are using open-source software rampantly in their proprietary products. I'm even willing to bet that there's a heck of a lot of GPL-licensed code in these proprietary products, without proper contributions of derivative works back to the parent project.