People are misunderstanding this and claiming it's not problematic. Ben Torrell (an OBS developer) notes later in the thread that there is indeed GPL code compiled into TikTok's executables; since source is not available and they have not got another license, it is unlicensed and hence illegal.
It is absolutely problematic. Corporations will go to hell and back to make sure their IP rights are respected. The open source community should expect nothing less from them.
My experience in companies using FOSS licensed code is a bit dated, but back then their opinion was more close to "we can do as we want with their code, those are just a bunch of hippies".
I'm sure things have changed in almost two decades, but the sooner TikTok gets a letter from a law firm, the better.
The problem is almost entirely because the hippies don't have money for the law firm or lawsuit. Only by projects joining groups like GNU or The Linux Foundation or Apache do the hippies suddenly have lawyers on tap.
too twitter; didn't read: there's apparently OBS code evident in the decompiled app, and other GPL code as well, and OBS found out independently and are working to resolve it
That's pretty fast for a beta released yesterday. Are the devs actively monitoring and reverse engineering every binary released that related to streaming? Also, where can I get the live studio executable? None of the links I found works, is that public release?
I'm the one on the OBS team who originally found this. I saw a tweet yesterday from someone that's in the beta, and as with any desktop live streaming software (and especially with "Studio" in the name) I was curious if they were using any OBS Studio code or if it was developed all in-house. The download link is available in their JS, you can find the most recent installer link here: https://tron-sg.bytelemon.com/api/sdk/check_update?branch=ma... (note: you probably won't be able to actually use it without being in the beta group)
Without even installing it, opening the setup files showed some immediate red flags, notably the "GameDetour64.dll", "Inject64.exe" and "MediaSDKGetWinDXOffset64.exe" look awfully similar to the way the OBS Studio game capture hooks work with our "graphics-hook64.dll", "inject-helper64.exe" and "get-graphics-offsets64.exe". I don't jump straight in to disassembling everything I come across, but when it's this obvious it begs further investigation, and after some disassembly I was able to confirm that OBS code was present in their binaries.
Reminds me how I caught someone stealing my mod code. Same variable names, and whereas I used spaces for indentation when most used tabs, this guy also coincidently also used spaces in the same areas.
Wow this is amazing, thanks for digging in and doing this work. If this were Reddit, I would give you a gold award, but since this is HN, all I have to give is my 1 upvote.
> and OBS found out independently and are working to resolve it
What has OBS to resolve there? They could send a letter with an offer for a special license for one million dollars. If all open source contributors agree on thqt and have worked out how to share the fee.
I wonder if the GPLv3 violation pulls in TikTok's other software and infrastructure under it. That'd be one for the ages (like OpenWrt was [0]) if FSF manages to reign it in!
No it doesn't that's not how GPL (or any license) works.
What happens is that it's a breach of contract (licenses are contracts) which lead to an termination that contract (1) (license) which grants the usage rights (copyright) for the software.
Which leads a company to (roughly) following choices:
- start complying with the license in time "before" the license gets invalidated
- buy a proprietary license from the license holder
- stop using the software, and pay damages for previous usage/contract violation/copyright infringement(1)
This means you are not ever forced by law to release your software under GPL, but you might be forced by economics to do so, as you might not be able to afford not doing so (or it's just simply cheaper).
(1): The topic how/when the contract becomes invalid and for which terms you can sue is tricky, and depends on the country in question.
EDIT: Also even if GPL would work like that, there is no reason why e.g. their non-OBS boundled apps or infrastructure should be affected.
In option 1, when does the license get invalidated? Is it invalidated in the first place because the offending software broke the license? Or is it invalidated after notification from OBS? Or even later, after some amount of time after notification and non-correction?
If it's violated before notification, then option 1 is not possible, and option 2 is at the discretion of OBS, so option 3 is the only real legal outcome.
But if it's violated after notification, it seems like the optimal strategy for any company using GPL software is to not comply, until they are notified of violation, which apparently is not that common unless you're already a major product.
> There is no provision in the Copyright Act to require distribution of infringing work on altered terms. What copyright plaintiffs are entitled to, under the Act, are damages, injunctions to prevent infringing distribution, and--where appropriate--attorneys' fees. A defendant found to have wrongfully included GPL'd code in its own proprietary work can be mulcted in damages for the distribution that has already occurred, and prevented from distributing its product further. That's a sufficient disincentive to make wrongful use of GPL'd program code. And it is all that the Copyright Act permits.
I thought the latest lawsuit from Software Freedom Conservancy was interesting, they are suing as a third-party beneficiary of the GPL (not as a copyright holder, although they probably could do that too in this case) and seeking specific performance of the GPL violator (Vizio) and of course legal costs, but no damages. The specific performance they want is of course GPL compliance. As part of the case, they are basically saying that the GPL is a contract and the contract says that third-parties can get benefits and so they want those benefits. Frankly this is a brilliant case and if they win the precedent will allow anyone to sue over GPL violation. If any trolls try it, all they get is GPL compliance, so they have no incentive to try it.
> If any trolls try it, all they get is GPL compliance, so they have no incentive to try it.
Not necessarily. The Conservancy chose not to ask for monetary damages, but that doesn't mean their legal theory inherently precludes asking for them; a troll could still do so. Though (IANAL) it seems like it might be hard as a TV buyer to prove that you were damaged in any significant monetary amount.
What would be the basis for those damages? The GPL itself couldn't provide any but I guess if the troll itself got sued by someone else for GPL violations, they could pass on the legal costs from that suit. Maybe the emotional pain of discovering a GPL violation is worth some damages :)
One bases for damage is that if that project would have complied with GPL you would have saved a lot of money by being able to use that instead of rolling your own, in which case the damage would be development time (potentially very specific) + damage due to time delays (vague).
Depending on the situation a 3rd party beneficiary might have a easier time to lay out the damages and the amount of damages then the first party.
Through not sure how far that would work.
But I mean it is a contract, you are a 3rd party beneficiary and the contract is breached. So it might work.
Anyway that still isn't useful for trolls because they don't lose out on anything as they tend to not produce anything.
Oh, I thought it was a variant of "mulch". As in, since these laws were basically written for books and other paper products, have the entire print run shredded.
The problem with answering your questions is that it dependents on the country and my knowledge about this topic isn't deep enough give an answer I would find satisfying.
> But if it's violated after notification
It's violated from the get to go, but it might only get terminated after notification (and a potential grace period) which can have all kinds of stage effects, like a different court being responsible or laws with "less bite" then copyright laws being the relevant laws. There was an interesting case where this happened in France not to long ago (but I forgot the name, it also seem to had other complications).
you are talking about the SSPL license, its not "open source license" like people will want you to believe but it sure is free software license giving more rights to users about where they get software/utility out of software
It really depends on the usage - if serverside components are also using OBS libraries for something then they'd be violating a contract in their server code regardless of the license version.
The use of GPLv2 code is fine for plain internal use.
Only when you distribute the GPLv2-using binaries to third parties comes the license in play: you must provide also the source code to those third parties.
obs should be able to do a cease and assist, right? hopefully more, that’s illegal to steal someone’s code so they must give it back and pay possibly pay retribution’s depending on the judgement
Computer programs are as copyrightable as literary works, and generally are counted as such within the context of copyright (see https://wipolex.wipo.int/en/text/295166). Please point out where it is determined that one has to demonstrate the "creativity" of a literary work before it is protected by copyright laws.
Oh, please. 2+2=4 is not copyrightable. I’d further that any program in a CS101 textbook is equally uncopyrightable. Computer programs are only copyrightable to the degree that they contain creative expression. Purely functional expressions are not copyrightable, regardless of the creative effort to derive them.
"2+2=4" is a computer program as much as "Hello world" is a literary work: you need to use better strawmen.
> I’d further that any program in a CS101 textbook is equally uncopyrightable.
Are you suggesting that the computer program that is the subject of this thread has the same creativity level as "2+2=4" or that of "any program in a CS101 textbook"?
Also, notice that your opinion on whether something is creative enough or not is pretty much irrelevant as far as copyright law is concerned.
> Purely functional expressions are not copyrightable, regardless of the creative effort to derive them.
Ok, so now you only need to demonstrate that the thing we are talking about (and not some other arbitrary hypothetical example) is a "purely functional expression" and not a "creative expression". Good luck with that.
Ok, I’ll put it this way. If every homework submission for a particular CS101 assignment was essentially identical, it’s not creative, it’s functional. That’s what I mean by 2+2=4.
Oracle tried to hang Google with copied code for max(x,y), which returned the greater of two parameters. That’s what you get when every single byte of software is a “literary work” worthy of independent copyright protection. Bullshit.
The issue is when does an expression of creativity manifested in code become uniquely copyrightable?
I mean... I empathize with your feeling. I'm not telling you how I think things should be, but more about how things are, in practice. In practice, algorithms are not copyrighteable, but specific implementations of algorithms are copyrighteable (and, by default, are copyrighted as soon as they are set in some fixed medium).
The issue of whether something is creative enough to warrant authorship rights or any other type of IP rights can be, as you know, murky, and sometimes has to be decided in court. Taking your example, if Google literally copied the code verbatim (rather than re-writing it themselves), then... technically... I guess it is a copyright violation (though not something serious).
The thing is... when you have something trivial that can be efficiently implemented in a very limited (and trivial) set of ways (e.g. 2+2=4, the definition of max(x,y)), it's easy to argue that it is plausible that you didn't copy the code (i.e. that you just independently reimplemented it yourself and it accidentally ended up looking exactly like someone else's implementation). On the other hand, when you have a large codebase, it becomes much harder to argue that (unless you use some obscene levels of obfuscation... and, even then...).
Are you really trying to argue that TikTok didn't just blatantly take large pieces of code from this opensource project? I didn't look into it too hard, but it seems like OBS might have a case here, unless we're assuming that this codebase has the complexity level of "2+2=4" and that TikTok just accidentally it.
Oh, the original topic? I didn’t consider it at all. I was just discussing copyright and how it applies to code. The Oracle/Google dust up was a great example of such ambiguity, and it didn’t help in drawing lines in the future.
As to how it works now? I agree with you.
But listen to the argument you’re making: The otherwise uncopyrightable functional code expression becomes copyrightable if and only if it is copied by another. The exact same expression, still uncopyrightable, is only free to use if independently created and only by those that created the expression, who may then restrict or license the uncopyrightable expression as they wish.
I would argue that everything creative has a functional side and everything functional has a creative side. The question is: where do we draw the line? How creative should something be before it is copyrightable and how functional should it be before it's not?
Currently, precedent is on the side of code being copyrightable.
What if I lift a minor function? What if I study yours and base mine off of it? What if I type it all except for three lines I pasted from yours? The whole idea that a recipe can be owned is fascinating.
Actual recipes, btw, are not considered copyrightable.
People are misunderstanding this and claiming it's not problematic because the tweet in the HN link is idiocy.
They show one URL in one installer script with an obsproject.com domain and conclude, from the presence of that URL alone, that the entire project is a whole cloth copy of OBS.
One of the first tests for infringement is "substantial similarity"(see [1] for example). If you claim copyright infringement on the basis of any small number of characters your case will be tossed by the judge. There isn't a specific number of characters that need to be copied before it becomes "substantial" because the court gets to rule on that based on the context etc.
The realm of what does and doesn't constitute a license violation is complex and, in the end, up to the whims of the legal system. For this particular issue it appears that an actionable amount of the project is in use.
Yes, clearly, the TikTok employee writing that original bog-boring DirectX dependency installer script felt his best choice here was to use the OBS URL as a URL shortener.
Truly this is the strongest possible interpretation of this circumstantial evidence and does not make you look like an idiot (re idiocy) at all. You would rather write this comment than simply navigate to the OBS github and find the copy of this installer script in there.
Why would a company the size of tiktok want to depend on some open source project maintaining a URL? Would they be liable if it instead redirected to malware?
Is made up of smaller teams composed of individuals who may or may not take shortcuts and make good decisions on behalf of their company. If the choice is between "executive said 'hey use this open source in secret'" or "programmer took shortcut," my bet is on the latter.
Possibly. But most likely there was a bug "crashing when DirectX is not installed" and some developer hacked a silent install for DirectX in without thinking too much.
