It garnered laughs. But I made the point that we multimedia hackers just press on, doing our thing while ignoring legal threats. The policy has historically worked out famously for us– to date, I seem to be the only person on the receiving end of a sort-of legal threat from the outside world.

Who would have thought that the most credible legal threat to an open source multimedia project would emanate from a fork of that very project? Because that’s exactly what has transpired:

Click for full threat

So it came to pass that Michael Niedermayer — the leader of the FFmpeg project — received a bona fide legal nastygram from Mans Rullgard, a representative of the FFmpeg-forked Libav project. The subject of dispute is a scorched-earth matter involving the somewhat iconic FFmpeg zigzag logo:

Original 2D logo		enhanced 3D logo

To think of all those years we spent worrying about legal threats from organizations outside the community. I’m reminded of that time-honored horror trope/urban legend staple: Get out! The legal threats are coming from inside the house!

I’m interested to see how this all plays out, particularly regarding jurisdiction, as we have a U.K. resident engaging an Italian lawyer outfit to deliver a legal threat to an Austrian citizen regarding an image hosted on a server in Hungary. I suspect I know why that law firm was chosen, but it’s still a curious jurisdictional setup.

People often used to ask me if we multimedia hackers would get sued to death for doing what we do. My response was always, “There’s only one way to know for sure,” by which I meant that we would just have to engage in said shady activities and determine empirically if lawsuits resulted. So I’m a strong advocate for experimentation to push the limits. Kudos to Michael and Mans for volunteering to push the legal limits.

However, I have recently been getting survey spam with a slightly different focus. One Marcus Dapp, a Ph.D. student somewhere in Swiss-land, is conducting an exclusive, invitation-only survey about how software patents impact free software projects. Apparently, he doesn’t read Slashdot or any of the thousands of other geek sites out there that consistently lament the topic.

Ironically, I received the survey invite due to my activity with the old TuxNES project (because it’s a Sourceforge project and it’s technically “active” — 89.76% activity last week? huh?), and not due to being on the forefront of the IP powder keg that is multimedia technology. For TuxNES and other 8-bit NES emulators, the patent situation is fairly cut and dried — the NES hardware patents expired years ago.

It’s a real hotel in San Francisco! Thanks to King Molan for the picture.

Seriously, I think EULAs are very important. Many EULAs contain clauses that forbid binary reverse engineering. Whenever I install a piece of closed, proprietary software, I skim the EULA specifically to locate the section that discusses RE and the forbidding thereof. My reasoning is that if the clause is missing, then the software’s creators may just have the source available for download somewhere which would make any RE task superfluous.

Remember, don’t RE if you don’t have to.

I visited the XentaxWiki recently and noticed there was a problem with a resource format called BXP from a game called 3D Sex Villa. The article’s content currently states:

Off display pending decision on legal status of information.

The article’s talk page contains some legal wrangling brought on my the creators of the format. Regardless, the original technical format information can be unearthed through the article’s history, viewable by anyone who understands basic Wiki.

Well, it was not necessarily a legal threat, like those notorious “nastygram” cease & desist letters. It was more like a veiled reference to a possible future legal threat. Someone identifying himself as the assistant general counsel for On2 said that the company took exception to the fact that I was posting decompilations of their Java decoder.

And just when I was starting to feel that no one cared about my work…

Naturally, this raises some pressing questions. First and foremost, why was I contacted by the assistant general counsel? Why doesn’t my case warrant the attention of the lead/primary/head general counsel? Maybe if I went after their latest generation codec, VP7, my actions would merit an escalation.

For the time being, I have decided to not post the Java decompilations on my Practical Reverse Engineering site. This entire site is partially an experiment to test where the limits are. Looks like we found one such limit.

I never had a compelling reason to research legal options surrounding these RE activities. Maybe it is time to start. But I am just so lazy… As always, this subject may be revisited. Feel free to email me regarding this situation.

You may NOT:
4.publish or provide any results of tests, including without limitation benchmark tests, run on the Software to any third party without On2′s prior written consent

In fairness to On2, this is not an uncommon clause in EULAs. However, it presents some very curious scenarios. Am I allowed to publish something like this?

I looked at a VP7 sample and it did not look as good as WMV9, H.264, or even On2′s own VP6.

Maybe I should write and ask permission. A colleague brought up another point: Since this “no benchmark tests” is such a common EULA clause, it should stand to reason that Microsoft’s Windows Media Encoder carries the same license. It is extremely unlikely that Microsoft would have granted written permission for this whitepaper exercise.

Update: Again, to be fair, the decoder license (On2′s Truecast Player) does not appear to mention anything about publishing benchmark tests. That is on the limited trial codec license.

Realize that this could taint us. I have no problem with ripping open a publically-available binary decoder to discover an algorithm inside (and if they happen to leave the debug symbols compiled in, oops, file that under “their problem” category).

If it makes you feel any better, there are some people who have already glanced at the code and discovered that it covers algorithms that we have already largely reverse engineered, a long time ago, via legitimate methods.

Microsoft should come up with bogus, red herring source code samples and periodically “leak” them, just to give the -ahem- “hacker underground” something to salivate over and feel special about.

…sigh… and I had really hoped to avoid creating a legal/ethical category for this blog…