HN

Need help?
<- Back
My insulin pump controller uses the Linux kernel. It also violates the GPL

My insulin pump controller uses the Linux kernel. It also violates the GPL

davisr

Comments (68)

  • teddyh
    > I then decided to contact Insulet to get the kernel source code for it, being GPLv2 licensed, they're obligated to provide it.This is technically not true. It is an oversimplification of the common case, but what actually normally should happen is that:1. The GPL requires the company to send the user a written offer of source code.2. The user uses this offer to request the source code from the company.3. If the user does not receive the source code, the user can sue the company for not honoring its promises, i.e. the offer of source code. This is not a GPL violation; it is a straight contract violation; the contract in this case being the explicit offer of source code, and not the GPL.Note that all this is completely off the rails if the user does not receive a written offer of source code in the first place. In this case, the user has no right to source code, since the user did not receive an offer for source code.However, the copyright holders can immediately sue the company for violating the GPL, since the company did not send a written offer of source code to the user. It does not matter if the company does or does not send the source code to the user; the fact that the company did not send a written offer to the user in the first place is by itself a GPL violation.(IANAL)
  • Aurornis
    Be sure to read the top comment where someone who claims to have worked for the company provides some inside information.In my experience, this is quite common when the development of hardware is viewed as a cost center and is outsourced to various providers and teams. Those providers and teams churn a lot and nobody who worked on that is likely still involved with the company via contracts or direct employment.Front line support people aren’t equipped to respond to these requests. If you’re lucky they’ll get bounced around internally while project managers play hot potato with the e-mail until it gets forgotten. You might get lucky if you go the corporate legal route, but more likely is that the lawyers will do the math on the likelihood of you causing them actual legal trouble for anything and decide it’s best to ignore it.When I worked at a company that had a history of GPL drama one of the first things I did was enforce a rule that every release had a GPL tarball that was archived and backed up. We educated support people on where to forward requests. I handled them myself. 7 out 10 times, the person on the other end was angry because they assumed the GPL entitled them to all of our source code and they were disappointed when they only found GPL code in the tarball. It really opened my eyes to some of the craziness you get exposed to with these requests (though clearly not the polite and informed request in this Reddit thread) which is probably another reason why support staff are uneasy about engaging with these requests.
  • anigbrowl
    As always, the solution is to contact their legal department, preferably via a lawyer. Engineers and support staff are not going to risk their jobs making legal decisions about giving away company property.The FSF could help a lot here by publishing demand letter templates outlining the statutory and precedential basis for license enforcement and recovery of damages.
  • pvtmert
    If they built the kernel directly from tree, just pointing out the correct https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/lin... should be enough...
  • jimrandomh
    If the only GPLed component used is the Linux kernel, you probably aren't entitled to any noteworthy source code. It's well established that using the kernel doesn't create a GPL requirement userspace software running on the same device, and the most likely arrangement here is a completely-uncustomized kernel paired with an open-source userspace program that does all the interesting bits.
  • abigail95
    I get mad triggered by software license violation discussions.Please for the love of all that the FSF thinks is holy - just file a damn lawsuit if you are telling me they are violating the law. State your claim and have a court sort it out.It costs hundreds of dollars. For a medical device? Seems like a good deal.
  • jacquesm
    Let me guess. Omnipod. They've had some pretty bad recalls too. Never in a lifetime would I trust my well-being to their p.o.s. hardware / software combo. Apologies that person in this thread that worked there, but I hope you are working for a better company now.
  • lacoolj
    So can someone tell me - a non-insulin-dependent individual - why would an insulin pump need to be (controlled by?) a phone (in this case, the Nuu phone referenced)?Surely there is a way to cheaply obtain bluetooth and a controller without saying "we'll just use this already existing hardware - that happens to be a whole-ass phone - because it's $5 from China"?Kinda feels like that just screams data-stealing, regardless of where it was made.
  • Group_B
    Oh well. The whole thing has already been reverse engineered. Look up Loop or Trio or OpenAPS. Diabetic companies like Insulet have been very lax when it’s come to the hacking of their devices. This isn’t really that big a deal. What we need right now is help REing the Omnipod 5
  • mijoharas
    Out of interest is there a process to petition the FSF to take up something like this?How do they triage and decide what to pursue?
  • HackerThemAll
    Is linking to the "old" reddit a sign of being superior to those who use the current version of reddit? I've spotted that numerous times over past few weeks here.
  • raverbashing
    Good luck trying to enforce the GPL against a Chinese company