Jump to content
Sign in to follow this  
Marco-x

Warn the World: OS News

Recommended Posts

That LGPL issue has serious legs. It appears that ASEM withdrew the Windows updater as a direct result of that blog post, and their continued silence regarding the analysis and their inability to issue a new (legal) version pretty much confirms the violation.

The reason that they pulled the Windows updater (apart, of course, from being caught red-handed stealing code) is simple: once it was determined that efix.dll was just libusb-win32, it would have been very easy to swap in an instrumented libusb-win32 and determine exactly how the EFi-X updater unlocks the dongle and even capture the firmware itself.

So they moved the server to a different IP and stopped updating the Windows utility, rendering it non-functional.

The funny thing is, though, that the MacOS version is an even more egregious violation. I performed the same analysis on the preference pane, and it's also using libusb. Not only is it using it, but libusb is statically linked into the executable.

You can get away with shipping a closed-source binary linked against a LGPL library if the library in question is a DLL (i.e., can be swapped out with an ABI-compatible workalike or somesuch) ... but you still have to come clean about the LGPL library itself.

You can't get away with statically-linking a LGPL-licensed library into a closed-source binary. You have to release the source for the binary, full stop.

20/20 hindsight, I should have analyzed the MacOS updater first and written that up. Live and learn.

Share this post


Link to post
Share on other sites

I would have created a Warn the World thread about commenting on this terrific article but the abundant comments are sadly useless to any prospective EFI-X customers and our sane comments would not likely be scrolled down to.

Share this post


Link to post
Share on other sites
I would have created a Warn the World thread about commenting on this terrific article but the abundant comments are sadly useless to any prospective EFI-X customers and our sane comments would not likely be scrolled down to.

Hmm... that has a familiar ring to it...

:P

Share this post


Link to post
Share on other sites

I hear the only people left in the world buying EFI-X are the Japanese.

Surely they have to be warned?

Share this post


Link to post
Share on other sites
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.