Re: Open Source versus Free Software
"But yeah, the religious battle between MIT/BSD and GPL and a few of the other licenses are kinda pointless. "
There are a lot of DVRs out there which are using Linux OSes, and GPL-derived sources for the actual DVR functionality, which are full of holes due to shitty security prcatices by the people who put it together and whose manufacturers and distributors _refuse_ to comply with GPL requirements.
Yes, they're made in China, Yes they're the primary pool of Mirai infections and YES those who sell them in the EU/USA are exposing themselves to litigation by an unfriendly author of iptables/busybox/fatfs tools.
The primary culprit is Huawai's Hisilicon chipmaking subsidiary as primary distributors of the SDK for their SoC chipsets, aided and abetted by Hangzhou Xioangmai Technology(*) - who created the SDK and have the chuntzpah to accuse 3rd parties of stealing their intellectual property.
(*) Anything listed as XMeye and related code is XiaongMai. Their code is used in Hikvision, Dahua and most other chinese DVRs. The primary binary containing the DVR functionality and vulnerable xc-httpd webserver is stripped but still riddled with GPL symbols.
Perhaps forcing these things to be open might enhance security by allowing the things to be fixed.
This is a good example of the failure of opensource: The market for these devices runs into hundreds of millions of dollars (if not billions), they're full of stupid security holes and yet no GPL enforcement action has been taken.
The standard response I get from chinese entities when bringing up free software is that "GPL is public domain" and they can do what they want with it. We've seen this notion disabused in courts on this side of the bamboo firewall. It needs to happen on the other side (Registering a copyright is required to enforce in China. That costs about $50. Until that happens, chinese entities are pretty much correct about what they're doing. Why isn't the FSF empowering its chinese version?)