Kuro5hin.org: technology and culture, from the trenches
create account | help/FAQ | contact | links | search | IRC | site news
[ Everything | Diaries | Technology | Science | Culture | Politics | Media | News | Internet | Op-Ed | Fiction | Meta | MLP ]
We need your support: buy an ad | premium membership

[P]
Appliance Servers and the GPL

By enterfornone in Technology
Tue Oct 17, 2000 at 09:58:47 AM EST
Tags: Software (all tags)
Software

I had a chance to look at the ACER Altos SA50 today. It's basically a cut down Celeron box that with a Linux operating system installed on a flash ROM. The web page describes it as "...a network-enabled device designed to provide a single dedicated service, such as e-mail, file/print sharing, internet access or as a predefined suite of services". It comes complete with everything you would expect from a standard Linux server install, Apache, Samba, Sendmail etc. along with a simple web based administration front end.

One thing it doesn't come with however, is source code.


Mind you, no one is saying you can't get the source, just that you don't get it in the standard package. I'm sure if you point out the GPL they will be happy to supply the source of the Linux kernel and other GPL software that is included. They are, of course, under no obligation to supply they source of any of their own code, so long as is not derived from anything GPL.

However, as an ACER rep pointed out "the source code won't do you much good, since you don't get the root password".

In fact while it is possible to FTP into the machine and see the entire filesystem, and even log into the console by installing the flash card into a machine with a keyboard (you cannot telnet to the machine), you cannot modify anything other than what the web based interface allows. Among things that cannot be changed are the services that are started at bootup and the firewall rules.

Another thing you cannot do is install software. While I was told the machine in question was running the latest firmware, viewing the /proc/version file via FTP showed the kernel version as 2.2.11 - much older than the current stable kernel. You cannot upgrade the kernel yourself, you have to wait until ACER release a firmware upgrade to fix this and other potential security problems.

Given that one of the major uses of such a server is as an Internet gateway this is a major problem. Apart from the fact that you cannot yourself fix potential security problems, you don't even have the power to inspect your system to see if problems exist.

Linux is well know for it's stability and security - I'm sure this is one reason why ACER would have chosen Linux as their operating system. However without the ability to inspect and modify your system, the power to ensure your system's security is taken away. The GPL gives you the freedom to modify the software on your system, and as long as ACER deny you the right to do this they are breaking, if not the GPL licence, certainly the spirit of Free Software.

It should be pointed out that this does not apply just to ACER. Linux is quickly becoming the operating system of choice for appliance servers and embedded systems. Many Linux advocates see this as a good thing. But I hope that this popularity does not come with the cost of our freedom.

Sponsors

Voxel dot net
o Managed Hosting
o VoxCAST Content Delivery
o Raw Infrastructure

Login

Related Links
o ACER Altos SA50
o Also by enterfornone


Display: Sort:
Appliance Servers and the GPL | 27 comments (26 topical, 1 editorial, 0 hidden)
But how easy is it to get into it? (2.83 / 6) (#1)
by squigly on Tue Oct 17, 2000 at 07:10:09 AM EST

Can you take out the ROM and use a ROM writer to overwrite the password file?

--
People who sig other people have nothing intelligent to say for themselves - anonimouse
Sure it's flash, but (3.00 / 3) (#7)
by h2odragon on Tue Oct 17, 2000 at 12:11:46 PM EST

.. "ROM writer" don't sound right, somehow.

[ Parent ]
So what is it? (2.50 / 2) (#8)
by squigly on Tue Oct 17, 2000 at 12:32:18 PM EST

Is a flash ROM an EEPROM or something? Really they should come up with a name along the lines of permenent RAM. "Random Access" doesn't have to mean that it gets erased when powered down. "Read Only" suggests that it should not be possible to program it, making PROM an oxymoron. Is there a better set of terms for PROM, EPROM and EEPROM?

--
People who sig other people have nothing intelligent to say for themselves - anonimouse
[ Parent ]
Ehhh. (none / 0) (#27)
by Parity on Thu Oct 19, 2000 at 05:59:49 PM EST

Well, there is 'NVRAM' (non-volatile RAM) which is RAM that doesn't erase when power is removed.

This is, however, a different beast from EEPROM, which is erasable only in blocks, and can only be 'programmed' a limited number of times. (Usually about 10,000, but depending on brand and precise tech could be as little as a few hundred times and as many as 50,000 times.) Which is way nobody has rebelled against calling it a flavor of ROM. While it's not technically 'Read-Only' it's 'Write Rarely, Read Mostly', and somehow the acronyms WRRM and WORM aren't popular. ;o (Actually, I just made up WRRM, but WORM is Write-Once-Read-Many. Maybe we should change that to Write-Occasionally-Read-Many and apply it to flash instead of removable media...)

Well... you asked!

Parity Odd


[ Parent ]
GPL and licence agreement... (3.80 / 10) (#2)
by Chakotay on Tue Oct 17, 2000 at 07:42:58 AM EST

Lets take a look into the future.

Acer, under pressure of the Open Source world, releases the source code, and releases tools to flash the firmware of their slim server, so you can insert your own kernel, install new packages, do everything your heart desires. But at the same time, they ammend the licence agreement accompanying the hardware, that Acer only supports official Acer firmware versions, which is only a logical step to take. And we're back to square zero, because most managers, seeing that big "NO SUPPORT IF ..." sign, interpreting it along the lines of "WARRANTY VOID IF ...", will deny their techs the right to tamper with the machines.

--
Linux like wigwam. No windows, no gates, Apache inside.

But... (3.00 / 7) (#3)
by Farq Q. Fenderson on Tue Oct 17, 2000 at 08:02:13 AM EST

At least the option would be there. At my company, we wouldn't hesitate. We've been running for 5 years on Linux, so I think we have the confidence to setup our own machines.
You don't get support from ACER for normal Linux boxen anyhow.

farq will not be coming back
[ Parent ]
RE: But... (none / 0) (#16)
by UrLord on Tue Oct 17, 2000 at 04:42:59 PM EST

If your shop has been running on linux for 5 years wouldnt you be comfortable setting up your own boxes to perform these tasks, possibly at a lower price than this slim box? This is probably marketed towards those people who dont use linux much(if at all). I wouldnt hesitate to ssh into a linux box and start modifyign it (with the help of man and how-to's) but someone who is more of a newbie than myself might prefer the webbased administration. Like the original point of my post should have said, this seems to be geared towards those not familiar with linux but need a cheap/easy/stable/fast solution. Just a guess and Im kinda out of it...

We can't change society in a day, we have to change ourselves first from the inside out.
[ Parent ]

Crack it (3.66 / 6) (#5)
by billnapier on Tue Oct 17, 2000 at 09:28:10 AM EST

Just because they don't give you the root password to the box, doesn't mean that you can't get into it. I give it a couple months before somebody discovers an exploit to (pardon the term) root the box. But of course I'm sure that this will void any warantee you have.

But on a bigger note, why should they allow you root access? Should all companies who use linux in an "embedded" device allow the customer root access? The answer is usually no, the customer is stupid and you are just asking for trouble by not protecting them from themselves.

but it's your box... (1.50 / 2) (#17)
by enterfornone on Tue Oct 17, 2000 at 06:40:55 PM EST

Given the age of the kernel I'd be surprised if there wasn't already a local exploit. But the point is, it's your box. You shouldn't have to crack your own box.

It's not as if someone is going to accidently get to root and mess things up. The should tell you that you should avoid using root and that it will void any warrenty or support contract, but they should still give it to you.

--
efn 26/m/syd
Will sponsor new accounts for porn.
[ Parent ]
Eh. (none / 0) (#21)
by Miniluv on Wed Oct 18, 2000 at 12:19:02 AM EST

They don't technically have to tell you anything about the box, as long as they don't misrepresent what it is, does, etc. I myself wouldn't buy one if they are installing linux and firewalling but not giving me the password, especially on such an old kernel. I'd love someone to put this on the net and let me portscan the bad boy. Since I'm sure they didn't supply a list of what's being started there's gotta be little unexpected things running that have remote root 'sploits. Hell, you can try various attacks against apache to allow you to write the the file system. Basically, the point is this. Save money and invest time by buying this, tearing it apart and building it in the image you want. Or save time and invest money to buy what you want in the first place. But don't whine about those being your only two options.
"Its like someone opened my mouth and stuck a fistful of herbs in it." - Tamio Kageyama, Iron Chef 'Battle Eggplant'
[ Parent ]
Do not remove this sticker (2.00 / 1) (#22)
by squigly on Wed Oct 18, 2000 at 07:59:26 AM EST

They're essentially saying "There are no user servicable parts inside". Hardly uncommon with manufactured goods. The Linux Kernel is just another component. There's nothing to stop you from making something that does the same though. Thats what I see as the benefit of Open Source.

--
People who sig other people have nothing intelligent to say for themselves - anonimouse
[ Parent ]
GE (none / 0) (#24)
by billnapier on Wed Oct 18, 2000 at 11:20:28 AM EST

Does GE give you superuser access to your fridge, or dishwasher (even though they each may have a processor running software in it)? What's the difference here?(except that my fridge and dishwasher don't run Linux)

[ Parent ]
A Venture Capitalist says "Linux"... (2.28 / 7) (#6)
by Biff Cool on Tue Oct 17, 2000 at 11:50:22 AM EST

This strikes me as just one more feature to show in a side-bar.  They've made a box and installed Linux on it then took away probably the best feature of the OS, it's total configurability.  What is it now?  It's a box with a web interface, and for what it's worth DOS 4.0, but Acer still gets to put "Powered by LINUX" on the brochures.

They can get bent for all I'm concerned...

Not that they cared about my business anyways...


My ass. It's code, with pictures of fish attached. Get over it. --trhurler


It depends on your point of view (5.00 / 2) (#14)
by Emacs on Tue Oct 17, 2000 at 03:50:45 PM EST

Actually they gain lots of benefits by using Linux.

First is the cost. They pay nothing for it so they can shave a few bucks from the cost of their product, this is important with an "appliance" because it needs to be priced aggresively or it's not attractive to your average schmoe.

Second they are not tied to the whims of a another software company for the operating system. If the next kernel that was released had some crazy changes that they didn't want to deal with they could stick with what they have and modifiy it to meet their needs. Sure that's a big pain in the arse for them, but compare that to using a MS product where you have no choice.

While having a system that's configurable might be the most important thing for you, it might not be for everyone else. I'm guessing that the fact that Linux is very solid and runs on cheap hardware with limited resources was it's best feature here, they don't need to load this up with a uber fast chip and lots of ram and they can still get decent performance from it. That's a big plus for something like this.

All in all I would say that this is a perfect match for Linux.

[ Parent ]
So what? (2.85 / 7) (#9)
by mulvaney on Tue Oct 17, 2000 at 12:40:33 PM EST

They aren't distributing the code, they are just running it. I don't see any GPL violation here. Did they change the code in any way?

It sounds more like you are complaining because this machine doesn't do all the things you want. So don't buy it. I don't see how this interferes with your ability to download and install linux on your own in any way.

Mike

But they are distributing the code (1.66 / 3) (#11)
by Ruidh on Tue Oct 17, 2000 at 01:55:33 PM EST

They are distributing a product containing GPLed code. That is distributing the code.
"Laissez-faire is a French term commonly interpreted by Conservatives to mean 'lazy fairy,' which is the belief that if governments are lazy enough, the Good Fairy will come down from heaven and do all their work for them."
[ Parent ]
I just don't see it (5.00 / 1) (#13)
by mulvaney on Tue Oct 17, 2000 at 03:14:04 PM EST

When you download RedHat, you don't get the source. You have to go through another step to get it. I don't see how this is violation, unless they made actual changes to the source and didn't release that.

Mike

[ Parent ]
Re: I just don't see it (none / 0) (#15)
by Ruidh on Tue Oct 17, 2000 at 04:28:00 PM EST

Right. They need to make the source code available in order to comply with the GPL. The prior poster was making the argument that they didn't have to because he said they weren't distributing it by using it in a product.
"Laissez-faire is a French term commonly interpreted by Conservatives to mean 'lazy fairy,' which is the belief that if governments are lazy enough, the Good Fairy will come down from heaven and do all their work for them."
[ Parent ]
true but.. (5.00 / 1) (#18)
by enterfornone on Tue Oct 17, 2000 at 06:47:32 PM EST

They don't have to distribute source unless someone who buys the product asks for it. So unless someone who owns one complains they aren't doing anything wrong in that regard.

But even if they give you the source, they are still preventing you modifying the system.

--
efn 26/m/syd
Will sponsor new accounts for porn.
[ Parent ]
modifying system? (none / 0) (#26)
by mulvaney on Thu Oct 19, 2000 at 05:55:06 PM EST

Hmm, the "preventing you modifying the system" argument seems to be a red herring. I can't modify my Tivo; that doesn't mean they are in violation of the GPL. This appliance we are talking about is in no way hurting the GPL, nor is it hurting the software that it relies on (Apache, Samba, etc.).

The whole point of open source is that we *want* people to use our code. If they aren't changing it, then so what?

Mike

[ Parent ]
Source Code (3.16 / 6) (#10)
by Michael Leuchtenburg on Tue Oct 17, 2000 at 01:00:51 PM EST

Well... are they complying with the letter of the GPL? Specifically with the source code distribution requirement terms. If so, why are you bitching? Yes, the product sucks. Point?

[ #k5: dyfrgi ]
[ TINK5C ]
who knows? (1.00 / 1) (#19)
by enterfornone on Tue Oct 17, 2000 at 06:50:24 PM EST

Until someone buys the product and asks for the source they don't have to give it to anyone. The point is, are they complying with the modification requirements of the GPL.

--
efn 26/m/syd
Will sponsor new accounts for porn.
[ Parent ]
Appliance, not a computer! (4.00 / 2) (#12)
by 11oh8 on Tue Oct 17, 2000 at 02:26:48 PM EST

This is being sold as an appliance, not a full fledged computer... Network appliances are bought because they are cheaper but also because they are NOT customizable.. this means that a company or home user can set these up with minimum effort.... ofcourse 9 times out of 10, lack of configurability means that product isn't as robust as it could be, but that's the compromise taken here.. if your needs can accomodate these compromises, then buy the product and install/use it with miniumu effort.... if you need more robustness, then get a real server and take the effort to set it up yourself.... Giving you root on this machine would defeat most of it;s purpose (ease of use)

$.03,
11oh8

This is a clear GPL-Violation (3.00 / 2) (#20)
by Majamba on Tue Oct 17, 2000 at 07:02:06 PM EST

To say this is only a appliance server and if I want to I can get the Linux Source anyway isn't the point. First of all the GPL requires to make a user aware that the software is distributed under the GPL. It also requires that you make the source code available of the program you are running. That means you are supposed to be able to get the code the program was compiled from.

Just pointing to other Sources is a clear GPL-Violation.

The other thing is that I'm quite sure that Acer has modified the kernel. They need a kernel that does support their IDE-controller, Network Card and the Flash-Rom. Maybe they didn't write new device drivers, but they put together all the driver & modules you need to run Linux on that thing (plus the other software they are using.

Once again: According to the GPL you are supposed to be able to get exactly the source code they used.

Not telling the root password is really stupid and I would really like to know how you are supposed to upgrade this box. Well, just an other sign that we need GPLed hardware.



Maybe not (3.00 / 1) (#23)
by billnapier on Wed Oct 18, 2000 at 11:17:06 AM EST

The other thing is that I'm quite sure that Acer has modified the kernel. They need a kernel that does support their IDE-controller, Network Card and the Flash-Rom. Maybe they didn't write new device drivers, but they put together all the driver & modules you need to run Linux on that thing (plus the other software they are using.
So you are saying that the Linux Kernel Configuration for a specific machine is covered under the GPL? If all they had to do was a "make config" and select the right options, do they really have to publish what options they chose?

If I use a GPL'd program that has a "./configure" script to configure it before running make, do I have to publish that information too?

[ Parent ]

Maybe so (none / 0) (#25)
by Ruidh on Thu Oct 19, 2000 at 02:46:38 PM EST

Yes. If you are distributing a procdut that contains GPLed code, you must distribute code in a form suitable to recompile the software. If certain configurations are required, that must be disclosed.
"Laissez-faire is a French term commonly interpreted by Conservatives to mean 'lazy fairy,' which is the belief that if governments are lazy enough, the Good Fairy will come down from heaven and do all their work for them."
[ Parent ]
Appliance Servers and the GPL | 27 comments (26 topical, 1 editorial, 0 hidden)
Display: Sort:

kuro5hin.org

[XML]
All trademarks and copyrights on this page are owned by their respective companies. The Rest 2000 - Present Kuro5hin.org Inc.
See our legalese page for copyright policies. Please also read our Privacy Policy.
Kuro5hin.org is powered by Free Software, including Apache, Perl, and Linux, The Scoop Engine that runs this site is freely available, under the terms of the GPL.
Need some help? Email help@kuro5hin.org.
My heart's the long stairs.

Powered by Scoop create account | help/FAQ | mission | links | search | IRC | YOU choose the stories!