October 7, 2006

Z505 Software Finds over 13,409 persons and companies illegally using GNU software.

While browsing the internet, Z505 Software engineer and security analyst found a huge flaw in the internet that could cause millions of dollars of damage to GNU software and their users.

The GNU license states that one must offer the source code with the program they ship.

Dynamic pages on internet are composed of executable and script pages driven and powered by a large part of GNU based software. The GUI and software application on a server is delivered to the end user (the client) but no source code to the application is delivered (just the HTML source).

According to the GNU license, anyone using a GNU GPL license in their software application must ship the sources or a written notice on where to get sources. Since web applications are applications, all web applications and html pages that are powered by GNU scripts must ship the sources (or a written notice) each time someone requests the web page inside their web browser. Web developers are not doing this. No one has noticed.

If a company is using a script based on GNU General Public License and that script is rendering content - the end user is making use of an executable/script licensed under the GNU - and therefore the end user who uses that application in any way (including viewing an HTML page) must receive sources! Whenever one requests a web page into their web browser, you are utilizing a web software application stored on a server. You are downloading the GUI part of the server application and interacting with that server application directly. Since you are directly connecting to the application, you should receive sources to the application if the site is powered by a GNU script. Yet visitors are not given sources of web applications today.

At least 13,000 websites (if we spent more time counting, probably more like 400,000) are using GNU software scripts to display content (sends the application output to the user) but they are not offering source code. This is a direct violation of the GNU General Public License

A web browser is a GUI, just as notepad, Vim, Emacs, windows explorer, are also GUI's. Since the web browser and HTML are just the GUI component of server software, any script or executable being run to display content to the client which is released under GNU must ship sources.

It is obvious that GNU software users (and maybe even the founder of GNU) has overlooked this glitch in their whole "free software" philosophy.

An application is an application - whether you are using it inside your web browser, or downloading a piece of desktop software - an application is an application. A web application must ship sources to each web visitor if the web application is powered by a piece of script or program released under the GNU license.

The entire GNU license is impractical and is basically useless for practical use in the future. The future will be driven around internet applications and GNU GPL will have no place, unless it is drastically changed.

Side note:
However - it may go unnoticed or will be completely ignored that thousands of folks are violating many of sections of the GNU license. For example, Z505 Software found that Google was using Wikipedia content (which is released under the GNU documentation license) without making any reference to GNU at the bottom of their define:term search pages. Wikipedia "page:discuss" contributors said that it's different because google is a big directory and the GNU documentation license doesn't apply to Google. Z505 Software never read anywhere in the GNU documentation license that if you were "Google" you could magically bypass the GNU documentation license. If Z505 software makes a directory of a few pages on the internet, and has a "define" utility, does that automatically qualify Z505 Software to bypass and skip the GNU Documentation license? We can steal all the content we want from any GNU based documentation on the internet without making any reference to the GNU documentation license?

Please refrain from using GNU scripts or programs that serve any sort of content until these issues are resolved. If someone owns a script released under GNU, and you are using it on a website, they could sue you for thousands of dollars if you have been profiting off the site. Scripts that especially come to mind are modified store/checkout systems. A store/checkout system is a web application, and if that store/checkout system is released under a GNU GPL license, each customer that visits your web page (not just developers) must receive a copy of the sources to the store/checkout system.

In fact, even if you are using GNU software indirectly such as a web server released under the GNU, it is actually likely that you are violating the license. The server is serving your content to end users and is part of the web application process - so a mention of the GNU source code download link should be mentioned on each and every page served.

The GNU licenses must be either

If GNU decides that it's perfectly fine for one to serve content over a connection and not provide source code, then Z505 software will argue that a desktop application is simply serving content over a similar connection. Z505 Software will then proceed to sell copies and give away unlicensed freeware of Linux, Emacs, and other GNU based software. After all, the GUI desktop app like Emacs or Vim is just piping data to the screen.. just as html is piped from the server to my screen.

The only difference between desktop software and server software is that server software serves the content of the application through HTTP, where desktop software serves the content using GUI calls stored in a dynamic link library. The difference between serving content through HTTP API calls and OS GUI API calls is essentially nil from a license perspective. They are two of the same thing. The only difference is the protocol - which means nothing when it comes to a license. Whether the software uses HTTP, an OS GUI call, or even a punch card - the source code must still be shipped with the GNU web application since it is an application being rendered on the client (end user) side.

Thin clients like VNC based on GNU licenses that connect to a server/client must ship sources - but a web application that utilizes a server does not? The only difference between VNC and web apps is simply that one uses html as the end display output, and the other uses GUI calls and JPG. Whether the data is shared over a socket, gui call, dynamic link library, or through a magic hat doesn't matter. The point is that the server application is ultimately being used by an end user, and according to the GNU license.. I should be able to see the full sources of every GNU web application out there.. not just the display (HTML/CSS) portion of it.

Just showing me display html/css and severely censoring the server is restricting so called GNU freedom. GNU source is supposed to be completely uncensored, and server applications that interact with millions of people each day are all censored. All server apps are in fact obeying more BSD like license terms. The main problem with GNU freedom is that it assumes source code is the most important freedom for users. Web applications are proof that people do not always care about the source code freedom like GNU assumes. People just want the freedom to have their web application delivered and processed from the server. GNU server apps should in fact force the server source code to be sent to the user with each request - which is obnoxious, but this proves the point about GNU freedom versus actual freedom that the end user cares about.

This is a major flaw that has gone unnoticed worldwide.

This major violation of GNU GPL will change the way everyone thinks about "free software", "Web 2.0", and "Web Applications" in general.

See also Please Stop Using GNU Licenses