May 1, 2013Embedded Devices• Network devices (Router, DSL Modem)• Mobile Phones• Televisions• STBs, Digital Media Players• Automobiles• Aircraft
May 1, 2013The BusyBox Cases2007: Erik Anderson and Rob Landley vs.Monsoon Media, Inc.(Hava products, time and place shifting)
May 1, 2013Busybox• “Swiss Army Knife” of embedded Linux• Lightweight set of standard utilities• Optimized for smaller computing platforms• Licensed under GPLv2
May 1, 2013General Public License (GPL)• Most popular open source license• Depends on copyright• Licensee can use, modify and distribute so long as:- source code is also provided- the GPL always applies• Philosophy is to preserve the freedom of the user tomodify the software and run modified versions.
May 1, 2013General Public License (GPL)• Licensee must provide source code upon anydistribution, including- distribution of a physical device withsoftware embedded in flash- download of firmware update- even if software was not modified• Derivative works
May 1, 2013Monsoon Media Claims• Brought by BusyBox developers• BusyBox is licensed under version 2 of the GPL• BusyBox was included in firmware of Monsoon Media’s device• Device was distributed without the BusyBox source code or awritten offer to receive source code.• Copyright holders seek damages, litigation costs, injunctionagainst further use of the BusyBox software
May 1, 20132007: High Gain Antennas, LLC(wireless router)Xterasys Corp(networking products)Verizon Communications(Actiontec Wireless Routers)2008: Bell Microproducts(Network attached storage device)Super Micro Computer(IPMI card)
May 1, 20132009: Best Buy (Blu-ray DVD player)Samsung (HDTV)Westinghouse (HDTV)JVC (HDTV and network camera)Western Digital (Media player)Robert Bosch (Security system DVR)Phoebe Micro (Wireless routers)Humax (HDTV DVR)Comtrend (ADSL modems)Dobbs-Stanford (Digital media player)Versa Technology (Outdoor WAP)Zyxel (ADSL router)Astak (Security camera system)GCI (Digital music controller)
May 1, 2013#1: Supply Chain• SoC manufacturer• ODM building circuit board• SDK for SoC/board• Application programs• OEM selling product to end users• Distributors/Retailers
May 1, 2013#2: Build Scripts• Source code includes:“ scripts used to control compilation andinstallation of the executable” (GPLv2); or“all the source code needed to generate,install, and … run the object code and tomodify the work, including scripts tocontrol those activities” (GPLv3)
May 1, 2013#3: Installation Information• Express requirement in GPLv3• DRM to prevent users from running modifiedversions of the software• Cryptographic checksof the bootloader or kernel
May 1, 2013ComplianceTechnical• USE open source software• License compliance is a management andengineering problem• License compliance is relatively easy if doneduring development• Have a compliance policy!
May 1, 2013Legal Compliance• Warranties• Indemnification- Verizon was indemnified by Actiontec.- Actiontec assumed obligations of thesettlement• Due Diligence for both suppliers and OEMs