May 1, 2013Open Source Compliance inEmbedded SystemsEli GreenbaumYigal Arnon & Co.elig@arnon.co.ilMay 1, 2013
May 1, 2013Embedded Devices• Network devices (Router, DSL Modem)• Mobile Phones• Televisions• STBs, Digital Media Players•...
May 1, 2013The BusyBox Cases2007: Erik Anderson and Rob Landley vs.Monsoon Media, Inc.(Hava products, time and place shift...
May 1, 2013Busybox• “Swiss Army Knife” of embedded Linux• Lightweight set of standard utilities• Optimized for smaller com...
May 1, 2013General Public License (GPL)• Most popular open source license• Depends on copyright• Licensee can use, modify ...
May 1, 2013General Public License (GPL)• Licensee must provide source code upon anydistribution, including- distribution o...
May 1, 2013Monsoon Media Claims• Brought by BusyBox developers• BusyBox is licensed under version 2 of the GPL• BusyBox wa...
May 1, 20132007: High Gain Antennas, LLC(wireless router)Xterasys Corp(networking products)Verizon Communications(Actionte...
May 1, 20132009: Best Buy (Blu-ray DVD player)Samsung (HDTV)Westinghouse (HDTV)JVC (HDTV and network camera)Western Digita...
May 1, 2013#1: Supply Chain• SoC manufacturer• ODM building circuit board• SDK for SoC/board• Application programs• OEM se...
May 1, 2013#2: Build Scripts• Source code includes:“ scripts used to control compilation andinstallation of the executable...
May 1, 2013#3: Installation Information• Express requirement in GPLv3• DRM to prevent users from running modifiedversions ...
May 1, 2013ComplianceTechnical• USE open source software• License compliance is a management andengineering problem• Licen...
May 1, 2013Legal Compliance• Warranties• Indemnification- Verizon was indemnified by Actiontec.- Actiontec assumed obligat...
May 1, 2013Open Source Compliance inEmbedded SystemsEli GreenbaumYigal Arnon & Co.elig@arnon.co.ilMay 1, 2013
Upcoming SlideShare
Loading in …5
×

TRACK B: Open source compliance in embedded systems/ Eli Greenbaum

1,174 views
1,102 views

Published on

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,174
On SlideShare
0
From Embeds
0
Number of Embeds
861
Actions
Shares
0
Downloads
3
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

TRACK B: Open source compliance in embedded systems/ Eli Greenbaum

  1. 1. May 1, 2013Open Source Compliance inEmbedded SystemsEli GreenbaumYigal Arnon & Co.elig@arnon.co.ilMay 1, 2013
  2. 2. May 1, 2013Embedded Devices• Network devices (Router, DSL Modem)• Mobile Phones• Televisions• STBs, Digital Media Players• Automobiles• Aircraft
  3. 3. May 1, 2013The BusyBox Cases2007: Erik Anderson and Rob Landley vs.Monsoon Media, Inc.(Hava products, time and place shifting)
  4. 4. May 1, 2013Busybox• “Swiss Army Knife” of embedded Linux• Lightweight set of standard utilities• Optimized for smaller computing platforms• Licensed under GPLv2
  5. 5. May 1, 2013General Public License (GPL)• Most popular open source license• Depends on copyright• Licensee can use, modify and distribute so long as:- source code is also provided- the GPL always applies• Philosophy is to preserve the freedom of the user tomodify the software and run modified versions.
  6. 6. May 1, 2013General Public License (GPL)• Licensee must provide source code upon anydistribution, including- distribution of a physical device withsoftware embedded in flash- download of firmware update- even if software was not modified• Derivative works
  7. 7. May 1, 2013Monsoon Media Claims• Brought by BusyBox developers• BusyBox is licensed under version 2 of the GPL• BusyBox was included in firmware of Monsoon Media’s device• Device was distributed without the BusyBox source code or awritten offer to receive source code.• Copyright holders seek damages, litigation costs, injunctionagainst further use of the BusyBox software
  8. 8. May 1, 20132007: High Gain Antennas, LLC(wireless router)Xterasys Corp(networking products)Verizon Communications(Actiontec Wireless Routers)2008: Bell Microproducts(Network attached storage device)Super Micro Computer(IPMI card)
  9. 9. May 1, 20132009: Best Buy (Blu-ray DVD player)Samsung (HDTV)Westinghouse (HDTV)JVC (HDTV and network camera)Western Digital (Media player)Robert Bosch (Security system DVR)Phoebe Micro (Wireless routers)Humax (HDTV DVR)Comtrend (ADSL modems)Dobbs-Stanford (Digital media player)Versa Technology (Outdoor WAP)Zyxel (ADSL router)Astak (Security camera system)GCI (Digital music controller)
  10. 10. May 1, 2013#1: Supply Chain• SoC manufacturer• ODM building circuit board• SDK for SoC/board• Application programs• OEM selling product to end users• Distributors/Retailers
  11. 11. May 1, 2013#2: Build Scripts• Source code includes:“ scripts used to control compilation andinstallation of the executable” (GPLv2); or“all the source code needed to generate,install, and … run the object code and tomodify the work, including scripts tocontrol those activities” (GPLv3)
  12. 12. May 1, 2013#3: Installation Information• Express requirement in GPLv3• DRM to prevent users from running modifiedversions of the software• Cryptographic checksof the bootloader or kernel
  13. 13. May 1, 2013ComplianceTechnical• USE open source software• License compliance is a management andengineering problem• License compliance is relatively easy if doneduring development• Have a compliance policy!
  14. 14. May 1, 2013Legal Compliance• Warranties• Indemnification- Verizon was indemnified by Actiontec.- Actiontec assumed obligations of thesettlement• Due Diligence for both suppliers and OEMs
  15. 15. May 1, 2013Open Source Compliance inEmbedded SystemsEli GreenbaumYigal Arnon & Co.elig@arnon.co.ilMay 1, 2013

×