EasyRDP copyright violations

Document created by Ivo Palli (email)

Updates:

14/10 - Some of the responses from the open source community asked me why I decided to publish my findings to the owners so soon, instead of giving Easy Networks more time to comply to my requests.

1) The fact is that Easy Networks is fully aware that they were stealing software, so that any time given to them is really just a curtesy in my opinion.
2) I'm usually a very courteous person, but this was hot on the tail of that CD protection company wanting to sue the student for publishing that pushing the SHIFT while putting in the CD would completely nullify their protection. After some thinking I decided to speed up publishing this info, to put any thoughts of litigation out of their minds. After all it's they who are wrong here, not me, but I still don't want to spend money on a frivolous lawsuit :)

At this moment I still have received no word from Easy Networks.

19/10 - Thomas Fraefel was so kind to tell me that the bootloader is most likely Syslinux 2.03, another GPL product. I'll be sure to email the maintainer of that program too.

Seems unnecessary to say, but still no word from Easy Networks.

28/10 - I have been blessed with a response from EasyNetworks, which you can read here. (I edited out personal info) You can also read my reply.

Another mail today from John Newbigin, author of the Win32 port of rawwrite. He found that the EasyRDP installer is in fact using his program, also a GPL product.

Blimey it's busy today. Another mail from Easy Networks and another reply to them.

27/11 - I have been receiving emails from people about a status update. Well so far I haven't heard from them but it seems their website has been down for some time now. Even a whois on 'easynetworks.com.au' using an international whois database comes up empty. The only whois I found working was an Australian one.

Let me state again though, that I only wanted EasyNetworks to play by the rules. I do not think they should close up shop but I cannot condone GPL piracy. It seems clear when people sell illegal copies of Windows XP or Adobe Photoshop, but using GPL software as they did is exactly the same.

In any case, it seems this whole thing is quietly dying down. As a GPL programmer myself it is good to see that the open source community is vigilant enough to stop infractions like this. A lot of people told me that they called EasyNetworks themselves.

Open source software is special since programs usually have a lot of authors. This makes it hard sometimes for a clear definable legal entity like a company to step up and demand a cease and desist. That's why it's so important for the open source community as a whole to protest such happenings. I am glad to see that this indeed the case. It makes me comfortable enough to release more GPL software myself and I'm sure other programmers feel the same.

So in closing I would like to thank everybody for their efforts. Even if you just took the time to read about all of this. If I hear anything new I will update this page, but it seems unlikely that that will happen. So an early Merry Chistmas and a Happy Newyear to you all.

I ran into a product called EasyRDP that heavily violates the GPL. It's a remote desktop program that can be used as a thin-client OS on a floppy. The problem is that they use Linux and a whole bunch of other GPL programs and sell it under their own name, without offering the sources of the original and derived programs on their floppy. Their license prohibits you from doing things the GPL license explicitly allows.

You can download their demo, which is a ZIP file.

easyRDPv3.zip (1.701.660 bytes, md5: a5abe59871878bf240c2d8a6e671fdba)

Unpack it and you get these files:

  08-Aug-03 15:33      501,248 easyRDPwriter.exe
  09-Oct-03 11:56    1,474,560 easyRDP_v3_0.img
  08-Aug-03 15:33       21,190 diskio.dll
           3 File(s) 1,996,998 bytes

Which is a program to write the image to a floppy. But first a click-wrap license is presented. which seems very restrictive, and hardly adheres to the many GPL licenses that this product contains. We accept, write to a floppy and end up with the following disk:

  Volume in drive A has no label.
  Volume Serial Number is 3EAB-376A Directory of A:\

  10-Sep-03 20:55          100 EASYIMG.CFG
  18-May-03 19:33        7,404 EASYIMG.SYS
  10-Sep-03 20:45      810,536 EASYRDP1
  10-Sep-03 20:45      566,174 EASYRDP2
  17-May-03 10:51       30,441 EASYRDP9
  27-Apr-03 20:23           16 EASYRDP8 
           6 File(s) 1,414,671 bytes

A simple look into the files with a text/hex editor made me suspicious and while browsing the file EASYRDP1, I ran into this string "2.4.20 (fred.the.frog@Lilly.Pad.Lane) #43 Sun May 25 07:18:51 NZST 2003" which strongly looks like a Linux kernel version string. And indeed:

    EASYRDP1 - 2.4.20 kernel
    EASYRDP2 - initrd (gzipped minix fs)

Meaning the click-wrap license is illegal. So let's dig into the initrd.

    cp EASYRDP2 initrd.minix.gz
    gunzip initrd.minix.gz
    mount initrd.minix /mnt -o loop
    ls -alsR /mnt

View a listing of the filesystem here.

From what I can see, the most likely to be their own programs are the following userspace programs:

    /bin/appy
    /bin/easyrdp
    /bin/easyscreen
    /bin/gui
    /bin/notice

However when simply viewing the strings inside the easyrdp program (cat /bin/easyrdp | strings | less), one comes along a lot of the following examples:

  easyrdp:                                  u:d:s:S:c:p:n:k:g:a:fbemCKT:Dh?
  rdesktop: while ((c = getopt(argc, argv, "u:d:s:c:p:n:k:g:fbemCKT:Dh?")) != -1)

  easyrdp:         could not determine local hostname, use -n
  rdesktop: error("could not determine local hostname, use -n\n");

Since this is a program based on the code of rdesktop which is GPL licensed, under term 3a of the GPL license I have a right to the source code of any derivative works. The 'easygraph' libraries on the initrd contain striking resemblances to the svgalib. Examples:

  lib file:       easygraph: mach32: mach32_bitblt can't emulate Cirrus.
  svgalib:  puts("\asvgalib: mach32: mach32_bitblt can't emulate Cirrus.");

  lib file:       Ok, then do it yourself.
  svgalib:  puts("Ok, then do it yourself.");

There is a traceroute in there that is probably also not theirs.

I send a message to them via their online contact form on October 9th 2003:

I have determined that you are in breach of the GPL license with your easyRDP
product. I would like to ask you to amend your click-wrap license which is
currently illegal, and I hereby request all the source code of any GPL based
software in your product as per term 3a in the GPL license.
(http://www.gnu.org/copyleft/gpl.html)

If you do not respond in a timely fashion, I will be forced to inform the
copyright holders of the programs you infringe on.

to which they have not replied. I hereby give notice to the community that this company is severly breaching GPL licenses, by not only withholding source code of the included program and derived works, but also not honoring the GPL license by using a very restrictive click-wrap license on their product.

I found the following open source programs in their product: Linux kernel, BusyBox, rdesktop, uClibC, svgalib, udhcp. The bootloader has been reported to be a ripoff of SysLinux.

The company information:

  Easy Networks Pty Ltd

  Sales:     +61. 1300 555 910  07:30 - 19:30 AEST Monday - Friday
  Technical: +61. 1300 555 920  24 Hours, 7 Days
  Fax:       +61. 1300 555 970

  Queensland Head Office
  4/17 Childs Street
  CLAYFIELD, QLD, 4011
  Australia

  New South Wales Office
  Unit 11 / 10 Victoria Avenue
  CASTLE HILL, NSW, 2154
  Australia

Useful other links:

Linux:	http://www.kernel.org/
BusyBox:	http://www.busybox.net/
rdesktop:	http://www.rdesktop.org/
uClibc:	http://www.uclibc.org/
svgalib:	http://www.svgalib.org/
udhcp:	http://udhcp.busybox.net/
SysLinux:	http://syslinux.zytor.com/
rawwrite Win32:	http://uranus.it.swin.edu.au/~jn/linux/rawwrite.htm
GPL license:	http://www.gnu.org/copyleft/gpl.html