Comment by schmuckonwheels
18 hours ago
This got buried on HN a few days ago which is a shame:
https://social.kernel.org/notice/B1aR6QFuzksLVSyBZQ
Linus rants that the SFC is wrong and argues that the GPLv2 which the kernel is licensed under does NOT force you to open your hardware. The spirit of the GPLv2 was about contributing software improvements back to the community.
Which brings us to the question: what is this guy going to do with (presumably) the kernel source? Force the Chinese to contribute back their improvements to the kernel? Of which there are likely none. Try and run custom software on his medical device which can likely kill him? More than likely.
The judge's comments on the Vizio case are such that should this guy get his hands on the code, he has no right to modify/reinstall it AND expect it will continue to operate as an insulin pump.
This is about as ridiculous as buying a ticket on an airplane and thinking you are entitled to the source code of the Linux in-seat entertainment system.
There are a lot of people hacking on insulin pumps and they are lightyears ahead of commerce. If you want a very interesting rabbit hole to dive into try 'artificial pancreas hacking' as google feed.
One interesting link:
https://www.drugtopics.com/view/hacking-diabetes-the-diy-bio...
I would trust the people that hack on these systems to be even more motivated than the manufacturers to make sure they don't fuck up, it's the equivalent of flying a plane you built yourself.
> it's the equivalent of flying a plane you built yourself
A great analogy because people die that way. I personally would never push code to another person’s insulin pump (or advertise code as being used for an insulin pump) because I couldn’t live with the guilt if my bug got someone else killed.
I know people die that way (GA). But someone is working for the companies that make insulin pumps and they are not as a rule equally motivated so I would expect them to do worse, not better.
And to the best of my knowledge none of the closed-loop people have died as a result of their work and they are very good at peer reviewing each others work to make sure it stays that way. And I'd trust my life to open source in such a setting long before I'd do it to closed source. At least I'd have a chance to see what the quality of the code is, which in the embedded space ranges from 'wow' all the way to 'no way they did that'.
2 replies →
Anytime anybody does something himself, there is a risk. People die because of welding parts cleaned with break-cleaner, people die driving, diving, sky-diving, doing bungee jumping...
Advertising that code, IMHO would be as showing of you doing extreme sports, for example. I do not think is any bad. A good disclaimer should be enough to take away any guilt.
I'm not aware of any deaths attributed to open source artificial pancreas systems. Meanwhile there have been multiple attributed to closed source glucose monitors.
And yet someone IS pushing code to these devices. Every single one.
So the question really becomes - Are these people working on their own pumps with open source more or less invested than the random programmers hired by a company that pretty clearly can't get details right around licensing, and is operating with a profit motive?
More reckless as well? Perhaps. But at least motivated by the correct incentives.
26 replies →
> I would trust the people that hack on these systems to be even more motivated than the manufacturers to make sure they don't fuck up
I would think it's the opposite. People that hack on this only risk their own life. Companies risk many people's lives and will get sued. Of course the person doing the hacking doesn't want to die but they're also willing to take the risk.
>People that hack on this only risk their own life
Yeah, only their own life, yknow, something not particularly valuable or motivating to conserve for them, as opposed to the companies financials!
The absolute worst-case scenario of messing this up as a company is that you get sued and they win, or you're forced to settle. You pay out some money, post a public apology, whatever. If things get really bad, the company goes under. But you're likely still far richer than the average person, and the blame is distributed enough that no one gets a criminal sentence - not that it was a realistic option to begin with.
The baseline worst-case scenario of messing this up on yourself is that you die.
> People that hack on this only risk their own life.
Provided they do not risk anyone elses, that is entirely their right.
Right, but getting sued is basically the least risky activity ever. Okay, a little dramatic but: you won't go to jail, and if you're rich and become less rich you're still better off than most people. In pure absolutionist terms, being a business owner is basically always less risky than being labor.
A lot of the other responses say something along the lines of "of course people have more incentive not to mess up, they care about their own lives more than corporations care about getting sued" and sure, that's true in general, but:
- people try to wingsuit through narrow obstacles and miss
- people try to build their own planes and helicopters and die
- people try to build submersible vehicles to go see the titanic and, uh, don't have a 100% success rate
- people try to build steam-powered rockets and die
"It's their life, they won't fuck it up" doesn't exactly cover a lot of behaviors.
I'd argue home-rolling your own medical device firmware is closer to daredevil/"hold my beer" behavior than normal.
4 replies →
> The spirit of the GPLv2 was about contributing software improvements back to the community.
It may be the case that when all is settled, the courts determine that the letter of the license means others' obligations are limited to what the judge in the Vizio case wrote. And Linus can speak authoritatively about his intent when he agreed to license kernel under GPL.
But I think that it's pretty clear—including and especially the very wordy Preamble—not to mention the motivating circumstances that led to the establishment of GNU and the FSF, the type of advocacy they engage in that led up to the drafting/publication of the license, and everything since, that the spirit of the GPL is very much in line with exactly the sort of activism the SFC has undertaken against vendors restricting the owners of their devices from using them how they want.
Why is it ridiculous? If the license says you have the right to obtain the source code to software that was distributed to you, then you have the right to obtain the source code. It doesn't matter what your intended use of it is.
Rather crucially, the license itself does not say that you have the right to the source code. It is only the separate written offer which gives you that right. If you did not receive such an offer, you don’t have any right to it. But then, the company has already, unquestionably, violated the GPL, and the company can be sued immediately. Specifically, you don’t have to first ask the company for the source code! The lack of a written offer is in itself a clear violation.
> But then, the company has already, unquestionably, violated the GPL, and the company can be sued immediately.
You were right up to this point. Medical devices requiring a prescription must be obtained via specialized suppliers, like a pharmacy for hardware. These appliances are not sold directly to end users because they can be dangerous if misused. This includes even CPAP machines.
In theory, that written offer only needs to go to the device suppliers. Who almost universally have no interest in source code. When the device is transferred or resold to you, it need not be accompanied by the offer of source.
If that was true, anyone reselling an Android phone could open themselves up to legal liability. Imagine your average eBayer forgetting to include an Open Source Software Notice along with some fingerprint-encrusted phone.
25 replies →
You already created an interesting top-level comment analyzing the difference between "offering" and "providing" which has a lot of discussion. I'm just saying it's not "ridiculous" to expect software licensing terms to be applied and enforced, whatever a judge decides those terms end up meaning.
It's a medical device that requires a prescription. You can't buy it off the shelf. They're not distributing software to you either. You must go through a medical equipment supplier who transfers the device to you after insurance has paid for some or all of it.
For the same reason you can't find an airplane entertainment system in the trash and call up the company and demand source code.
It doesn't matter what form it takes. Compiled binaries of GPL code are being distributed. The recipients of that binary are entitled to the source of the GPL portions in a usable form:
The GPL here doesn't extend beyond the kernel boundary. Userland is isolated unless they have GPL code linked in there as well. If they were careless about the linkage boundaries then that's on them.
6 replies →
> what is this guy going to do with (presumably) the kernel source? Force the Chinese to contribute back their improvements to the kernel?
As the original Reddit comment explains, Insulet is an American company.
Big disagree, if they distribute the code they’re on the hook for the gpl source, too!
That’s about as ridiculous as buying a plane and knowing you’re entitled to the gpl sources used.
> Linus rants
Linus is arguing against a strawman that Conservancy never actually argued. See https://sfconservancy.org/news/2025/dec/24/vizio-msa-irrelev... for details.
> Which brings us to the question: what is this guy going to do with (presumably) the kernel source?
https://openaps.org/
If you have a pacemaker implanted, do you believe you have the right to modify and update the software that operates it? Separately, do you think it's remotely a good idea?
> If you have a pacemaker implanted, do you believe you have the right to modify and update the software that operates it?
Yes, of course. It is abhorrent that people have devices implanted into their bodies and are in any way prevented from obtaining every last detail about how those devices operate.
> Separately, do you think it's remotely a good idea?
In rare circumstances, yes. See, by way of example, Karen Sandler's talk on her implanted pacemaker and its bugs, for specific details on why one might want to do so.
Not that person, but yes. You have entirely missed the ability to simply view and understand what's inside your own body.
Where your interpretation means someone else needs to follow your whim for their own problem, despite the legalese stating otherwise.
I think that is an absurd position and I am sorry to feel the need to have to be blunt about it.
Obviously yes to the first question. How could you possibly not have the right to operating your own heart. Naturally it would generally not be a good idea.
>> Try and run custom software on his medical device which can likely kill him? More than likely
I think this sentence is very sad. Not only this is a hard accusation, it is also the primary argument of the anti right to repair movement. An argument that I think is extremely bogus and ill intentioned, and I particularly (like Mr. Rossman) viscerally dislike.
Maybe the primary motivation is a) curiosity, and b) just for kicks to know if they honor the license.
> Linus rants
That happens every Tuesday, hardly newsworthy.
> Try and run custom software on his medical device which can likely kill him? More than likely.
It's not like the OEM software also won't kill you: https://sfconservancy.org/blog/2025/dec/23/seven-abbott-free...