Just curious if anybody has used/seen firescope. I was evaluating different monitoring solutions and came across one that is very similar to zabbix. The front end looks slightly different but seems to be a new front end to Zabbix. Down to the ports that the application communicates between server and agents. I did a search on the forums here and didn't find anything related to Firescope. What are your thoughts? Could a company use Zabbix and commercialize it in US?

It looks a lot like it is based on Zabbix, or at least VERY much inspired by it. See for instance their "Latest data" page:

http://www.firescope.com/images/screencaps/BE/Exchange-Configuration-Item.png


The filename is "latest.php".
The title of the page is exactly the same as Zabbix's.
They use the exact same date format.
The item keys are the same as Zabbix's.


I think that is enough things to conclude that they do have knowledge of Zabbix in one way or another...

Thanks for reporting this. Indeed, the screen shot looks very much like modified ZABBIX front-end, even item keys have exactly the same naming. There are other similarities as well.

We will investigate this. Please expect more details soon.

They even use ports 10050 and 10051. I have the evaluation copy, you have to register to download. The way they package it is interesting, its a self contained Linux environment running a web server. The server itself runs as a vmware appliance that is closed and only allows a command line interface with a custom menu. This interface shows you the IP to connect to with a browser. So there is no install, you just boot a vmware file then point a browser to it.

Okay, I've downloaded the VMware trial version, and had a look around it. These are some of the more interesting things I've found:

They use Monit in order to keep the server and agent running.
The MySQL server is set to log queries not using indexes and slow queries - Which doesn't make much sense to me.
The database Firebird is also installed, I can't figure out if it's used or not though.
The root password to the MySQL database is "<removed>" :)
Config files for the services look exactly like the ones found in Zabbix.
nmap is used as part of the discovery system.
The Fedora Directory Server is also included in the image.
They also use fping like Zabbix does.
They have encrypted a lot of the source code to the webpage.
The (web_dir)/include/page_header.php file isn't encrypted, and contains a GPL license header, were they have made a search & replace on "Zabbix" and exchanged it to "Firescope". This makes the first line say: "Copyright (C) 2000-2005 SIA Firescope".
They still use all of the $ZBX_... variables.
Some java programs are included also, to handle different types of extra features, such as reports.
So I think it's safe to say that they have based their software on Zabbix...

Oh, and last but not least!
They have included the snmptrap.sh script, found in the Zabbix package, and it contains a GPL header which hasn't been modified. So it still says:
# Zabbix
# Copyright (C) 2000,2001,2002,2003 Alexei Vladishev

Cheeky barstewards! Although they seem to have done a nice job with the interface.

Is that the Zabbix project should be able to get any modifications they've made unless they haven't modified any of the source and only added modules and totally separate functionality.

Is that the Zabbix project should be able to get any modifications they've made unless they haven't modified any of the source and only added modules and totally separate functionality.
Yes, that's my interpretation of the GPL, under which Zabbix was released. Additionally, by reading some of the other posts in this thread, they've violated the GPL, by editing (and quite possibly removing) the original copyright statements.

For shame. :(

Chip

Thanks for reporting this. Indeed, the screen shot looks very much like modified ZABBIX front-end, even item keys have exactly the same naming. There are other similarities as well.

We will investigate this. Please expect more details soon.

Alexi,

Before anyone goes to drastic measures, I think it might be good to state want kind of community support you'd like on this.

I'm sure this could quickly land on slashdot or something similar if you don't tell people that the zabbix team would rather handle it themselves formally first.

It's especially interesting because firescope is advertised on slashdot and sourceforge.net.

Andrew

Alexi,

Before anyone goes to drastic measures, I think it might be good to state want kind of community support you'd like on this.

I'm sure this could quickly land on slashdot or something similar if you don't tell people that the zabbix team would rather handle it themselves formally first.

It's especially interesting because firescope is advertised on slashdot and sourceforge.net.

Andrew,

I do appreciate support of ZABBIX community very much. Thanks to all of you!

We already contacted Firescope and expecting their official response soon.

Please refrain from doing anything serious until we get a clear picture what's going on. I am not happy about this situation, yet I hope that it will be resolved without use of the heavy artillery. :)

Just a short update: negotiations with FireScope are moving on and first results are expected shortly. We are planning to post an official announcement after that – stay tuned!

Till then – please, refrain from any actions, contacting press or other. We appreciate your support very much and I am extremely pleased to know that our community is so tightly-knitted and enthusiastic about ZABBIX; however, such actions complicate the negotiations and make a possible solution to this situation difficult to reach.

Thank you guys, and expect news from us soon! :)

Any news about this Alexei? :)

Unfortunately, we were unable to reach any agreements with FireScope, and I asked them today either to release all FireScope products, which violate ZABBIX license, under GPLv2 or to stop distribution of the products immediately.

We spent all this time negotiating and investigating the situation because FireScope has been our customer and was one of sponsors of distributed monitoring (1.4.x) and sponsor of IPv6 (1.6) functionality, otherwise we would act much sooner - and yet it changed nothing. :(

We ask FireScope to respect the licence of ZABBIX, Open Source Distributed Monitoring Solution created with a great help and assistance of ZABBIX community, our customers and our partners.

Is it time to bring in the big guns like the EFF and FSF? :)

Hell, the bad press they'd get on something like Slashdot alone for copyright theft (a felony) would probably be a rude enough awakening.

The CEO is no stranger to shenanigans and I'm not surprised you haven't made headway with this issue (no offense to you).

(ie. http://www.sec.gov/litigation/litreleases/2006/lr19850.htm && http://www.sec.gov/litigation/complaints/2006/comp19850.pdf)

With the recent ruling on artistic and opensource licenses you do have a case for litigation as well as a strong probability for the FSF / EFF to take up your case and provide assistance.

http://www.cafc.uscourts.gov/opinions/08-1001.pdf

The ruling even says you can sue for monetary damages even if you provide the license for free.

Something at least to keep in mind. Just remember, the longer you allow Firescope to violate your property, the harder in court it will be to prove you tried to mitigate damages and protect it.

Disclaimer: I am not a lawyer and this is not legal advice =]

Andrew

You are right Andrew, the faster you take care of intellectual property infringement the better your chances.

It is sad the FireScope people did not do things the correct way and give credit to Zabbix like Centreon, OpsView and others give to Nagios. This is the least they should do and as Users and Beneficiaries of Zabbix they should contribute to the project monetarily or code wise.

They seem to have done an exceptional work with the GUI and I have to admit I like it a lot (very Ajax powered), so I know they probably can contribute something code wise and give credit to whom credit is deserved.

Anyway, thanks Alexei and all members of the community that makes Zabbix such a great software.

Disclaimer: I am not a lawyer and this is not legal advice =]

And excellent advice it is (in my non-legal opinion). My opinion, is that since negotations with Firescope had failed, I would pursue this with a vengence, customer or not. The time, and especially the effort you put into Zabbix, is worth a lot, not only to you, but the people that support you. A violation of your property rights, is an extremely serious infraction, which I would highly reccomend pursuing.

Chip

I hate to deal with this, we are so busy with 1.6 these days! :mad:

We did some research today and now I and my colleagues are even more confident that the Firescope product is based on ZABBIX code very much, in contrary to what I heard from them.

It is absolutely clear that our code was intentionally used, yet no credits to ZABBIX were given, to say the least.

Since we still have no reaction, I ask for assistance of ZABBIX community in escalation this case to influential Open Source organizations in order to protect our intellectual property.

I also ask for a legal advice. We are in Europe, it would be nice to see an individual or an organization in the USA to act on behalf of ZABBIX there.

We are doing certain actions as well, I am not sure if I can put more details here. :)

Stay tuned...

Understood Alexei.

As far as the legal arena you have two things going for you.

1.) copyright law is international.

2.) Even if it weren't, anyone who's contributed to zabbix and has code in zabbix has the ability to pursue this legally since their contributed code is in violation as well. Meaning if there are any US contributers, they can pursue this is the US district courts with firescope.

Let's see if we can get some help. I'll contact the organizations I know of. :)

The story has been submitted to slashdot. Please login and vote it up in the Firehose. http://slashdot.org/firehose.pl

title: "Company Sells Open-Source Software As Its Own"




edit: I don't know if they think they can get away with this because you're in Latvia, a small company, or some other reason entirely. This is not right.

I have posted this on digg, please digg it in order to increase the publicity:
http://digg.com/software/Open_Source_software_sold_with_violated_GPL_licens e

Is there anyway to get the 28 day trial in something like archive.org for prosperity?

The story has been submitted to slashdot. Please login and vote it up in the Firehose. http://slashdot.org/firehose.pl

title: "Company Sells Open-Source Software As Its Own"




edit: I don't know if they think they can get away with this because you're in Latvia, a small company, or some other reason entirely. This is not right.

I don't see this anywhere on the firehose :( Anyone else see it? Can you provide a direct link?

I don't see this anywhere on the firehose :( Anyone else see it? Can you provide a direct link?


Just add "open" in the filter.

http://slashdot.org/firehose.pl?op=view&id=829759
http://slashdot.org/firehose.pl?op=view&id=826973


If anyone has some moderator points mod up!

I wrote earlier that FireScope company was our valuable customer.

The company was one of several sponsors of distributed monitoring for 1.4 and the only sponsor of IPv6 development. You probably understand why we are so interested in a peaceful resolution of the GPLv2 issue.

Finally we have some positive news!

Please treat this as an official message from both companies:

It was agreed that ZABBIX and FireScope will work together to resolve any concerns around GPLv2. FireScope expects to have all issues resolved in the next 60 days. The company has been a good partner with ZABBIX and both are working to strengthen the relationship.

I am very happy about this!

I am very happy about this!

Congrats! I am glad things worked out!

http://slashdot.org/firehose.pl?op=view&id=829759
http://slashdot.org/firehose.pl?op=view&id=826973


If anyone has some moderator points mod up!

Am I the only one who noticed that the posts to this threads and the Digg thread (http://digg.com/software/Open_Source_software_sold_with_violated_GPL_licens e) appear to be from Mark Lynd (http://digg.com/users/TotalJustice) the President of Firescope (http://www.firescope.com/About/marklynd.asp)?

Both the above mentioned slashdot and digg accounts were setup for the sole purpose of responding to posts defending Firescope as they were recently created and have no other history.

Nice spotted, it certainly looks like that's the case. That probably explains his opinions on this matter ;)

I just saw this banner add for them on Slashdot. Made me laugh. :-)

Link is to the image, not the clickthrough.

http://pagead2.googlesyndication.com/pagead/imgad?id=CL78yIbV97LB6AEQ2AUYTzIINq-YaiegWb4

I wrote earlier that FireScope company was our valuable customer.

The company was one of several sponsors of distributed monitoring for 1.4 and the only sponsor of IPv6 development. You probably understand why we are so interested in a peaceful resolution of the GPLv2 issue.

Finally we have some positive news!

Please treat this as an official message from both companies:

It was agreed that ZABBIX and FireScope will work together to resolve any concerns around GPLv2. FireScope expects to have all issues resolved in the next 60 days. The company has been a good partner with ZABBIX and both are working to strengthen the relationship.

I am very happy about this!
How is this going to benefit everyone who have spent countless hours/days/weeks adding patches, contributing bug reports and otherwise supporting the product ?

A lot of these people don't get paid for this, so when a company goes and "steals" the source, rewrites parts of it, rebrands and sells it for a reasonable amount of money, then that's taking the p*ss.

While it's technically a straight cut case, in reality it's far more complex and I realise not much is likely to make it back to the community without taking it to court, what sort of agreement who you made with Firescope?

Thanks.

- Lasse

How is this going to benefit everyone who have spent countless hours/days/weeks adding patches, contributing bug reports and otherwise supporting the product ?

A lot of these people don't get paid for this, so when a company goes and "steals" the source, rewrites parts of it, rebrands and sells it for a reasonable amount of money, then that's taking the p*ss.

While it's technically a straight cut case, in reality it's far more complex and I realise not much is likely to make it back to the community without taking it to court, what sort of agreement who you made with Firescope?

Thanks.

- Lasse

Considering we're about 10 days out from the initial 60 day period, can you tell us Alexei, what progress has been made?

I'd really be curious to hear your response to Lasse's question too.

Any new news here? The GPL2 license is extraordinarily clear about these matters. If there is even 1 line of Zabbix code in this product, firescope is required to make that code available. I put in a request for it (it can't be found on their web site), but have gotten no response thus far.

So... I got a call from Firescope this morning. The gal that called me said the the GPL licensed code is available. You just need to send a $50 money order to "Attn: Open Source Code Request" at the company's address, and they will send it to you (on CD I guess?). I asked what the $50 money order was for, and she replied "It's for the GPL code". When I brought to her attention that you can't actually "charge" for the code, she was silent for about 10-15 seconds. I then suggested "Is for shipping and handling or something?" to which she replied "...yes". I didn't push it any further, because I don't honestly know what they're allowed to charge for shipping or handling (or if there is even a reference) under GPL2. That said... I am very curious what would come on that CD....

So... I got a call from Firescope this morning. The gal that called me said the the GPL licensed code is available. You just need to send a $50 money order to "Attn: Open Source Code Request" at the company's address, and they will send it to you (on CD I guess?). I asked what the $50 money order was for, and she replied "It's for the GPL code". When I brought to her attention that you can't actually "charge" for the code, she was silent for about 10-15 seconds. I then suggested "Is for shipping and handling or something?" to which she replied "...yes". I didn't push it any further, because I don't honestly know what they're allowed to charge for shipping or handling (or if there is even a reference) under GPL2. That said... I am very curious what would come on that CD....


http://opensource.org/licenses/gpl-2.0.php
GPLv2
Last sentence of Term #1.

You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee.

So I'm pretty sure they're fine in asking for $50 for the code and not required to make it available electronically.

You are correct. I'm still interested in "what" code they are making available.

So what happened finally? Must they released under GNU license or now?

Does that mean we can use Firescope free?

So what happened finally? Must they released under GNU license or now?

Does that mean we can use Firescope free?
Could you please read the three comments before yours?

Could you please read the three comments before yours?

Well just because someone pushed them it doesnt mean they have too. On their website its doesnt said anything at all about GNU license or the free code. Even Citrix releases the source and I think you must do it in the same page where the commercial downloads are.

So if I send them 50$ I get their sources? What about the modifications they made, do they still have to shared it? I now if they used Zabbix in just some code they must but why would anyone then buy their software besides the support. How about updates, must they also release them?

I would pay the 50$ just to test it, since there is no trial download available it seems.

Why not backport the good features of Firescope into Zabbix? Quite possibly Firescope have included new features which would be beneficial to the Zabbix project. So why not grab the source code and check it out?

Why not backport the good features of Firescope into Zabbix? Quite possibly Firescope have included new features which would be beneficial to the Zabbix project. So why not grab the source code and check it out?

There should be done something (learn/copy/adopt/legal action), if nothing from the FireScope-perils is to be found in the new release may 2009. Spawn anyone?

A brief update just to keep things clear:

1. Firescope company violated Zabbix GPLv2 license and our copyright
2. Nothing suggests that they "fixed" this
3. I would appreciate assistance from any organization (Zabbix users, our allies) which would help to bring this case to court. Please contact me.
4. No any partnership is possible between us and Firescope

We develop Open Source software. It is a great disappointment to see that some companies and individuals steal result of our work and use it for their own benefit...

it might be worth asking advice from http://gpl-violations.org/ and http://www.fsfeurope.org/

edit: a quick google revealed http://209.85.129.132/search?q=cache:E7C08LUau4cJ:www.firescope.com/Resources/Documentation/BE/Admin_Guide/html/licensing.htm+firescope+zabbix&hl=en&client=opera&strip=1

which contains at the end;
GNU General Public License Software

The following GNU General Public License Software is included in this version of the FireScope software:
GNU GPL Software GPL Version
MySQL 2.0
NMap 2.0
Zabbix 2.0

notice the misrepesentation of software versions... might be useful to show willful infringement

Alexei,

Thanks for the update. As richlv points out, it is best to get some advice from people with experience in these matters. I suggest "someone" contacts the gpl-violations.org, as they are directly in touch with the fsfeurope.org, to develop some plan/tactics on how to move on.

I call upon every zabbix-er to collect and deliver as much as info/evidence as possible, to backup any action.

Has anyone downloaded the demo? Please PM me, I'd rather not share my information with them :)

given the situation, there are few things community could do.

1. promote submission at http://slashdot.org/firehose.pl?op=view&id=3903599 ;
2. politely contact editors of any praising articles of firescope, inform them about the situation;
3. politely contact known firescope customers, inform them about the copyright infringement;
4. continue gathering information.

other possibilities ?

I call upon every zabbix-er to collect and deliver as much as info/evidence as possible, to backup any action.

You can try to take a look at the fifth post (http://www.zabbix.com/forum/showpost.php?p=35724&postcount=5) in this thread I wrote. It contains some of the odd things I stumbled across when poking around in their demo version.

Here is part of the EULA from FireScope (ref="http://www.firescope.com/Downloads/EULA.asp?File=1") (emphasis mine)

4. OPEN SOURCE TERMS. You acknowledge that each Open Source Program is distributed under the Open Source Program license applicable to such Open Source Program, and only such license, and this EULA in no ways supplements or detracts from any term or conditions of such open source license agreement (the "Open Source License"). Notwithstanding anything to the contrary in this EULA, you agree and acknowledge that the rights attached to any Open Source Programs provided hereunder are separate from and do not depend on the Open Source Programs being part of, or used in connection with, the Software. If any Open Source Programs are GNU General Public License software, such Open Source Programs will be identified in the Documentation and will be accompanied by any required code, terms and conditions for copying, distribution and modification and/or written offer to give the corresponding code.

Note, the following does not constitute legal advice and is not a legal opinion

Keep your cake and eat it too, anyone? The programs provided are "separate from and do not depend on" ZABBIX. That is required to fulfill GPLv2 2b:
You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License.

However, by bundling their software with the GNU software, and charging a separate license fee, they are clearly violating the latter half of paragraph 2.

Finally, the cost of providing the source code to anyone must be done "at cost". Even if it takes an hour to rip a CD, the person doing the ripping would need to be paid in excess of $40/hr to come up to a charge of $50.

And just a rejoinder, from GPLv2 paragraph 5:
5. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any work based on the Program), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Program or works based on it.

I now leave it to others to verify that they have, in fact, built software which depends on ZABBIX.

However, by bundling their software with the GNU software, and charging a separate license fee, they are clearly violating the latter half of paragraph 2.

Exactly! :)

It's been a long time since I looked at the GPL. Recently I was referred to the FAQ. According to this answer (http://www.gnu.org/licenses/old-licenses/gpl-2.0-faq.html#DoesTheGPLAllowDownloadFee), since Firescope distributes the Zabbix binaries via the Internet, they must also distribute the sources of Zabbix (plus any changes and derivatives).

Alexei, did you add a special license for the libraries that are built as part of the process in creating Zabbix binaries? That is, did you remove restrictions or use the LGPL on the source code that is used to create the run-time libraries for Zabbix?

I'll also quote this from the GPL:
By contrast, pipes, sockets and command-line arguments are communication mechanisms normally used between two separate programs. So when they are used for communication, the modules normally are separate programs. But if the semantics of the communication are intimate enough, exchanging complex internal data structures, that too could be a basis to consider the two parts as combined into a larger program.

So if Firescope is merely communicating with MySQL and the Zabbix server via the socket interface, it might or might not constitute a single program -- it depends on how a judge sees it and whether your lawyer is smarter than theirs. :/
It might well depend on this answer. (http://www.gnu.org/licenses/old-licenses/gpl-2.0-faq.html#GPLInProprietarySystem)

Any updates on this?

I'd love to see more action taken on this. Companies can't be allowed to abuse opensource codebases.

I realize this is an old thread, but it kills me to see commercial closed source companies steal so much of Alexei's hard work that he has done over the years. I've been saying for quite some time that Zabbix is better than 99% of the commercial systems available out there.

Alexei, I would strongly recommend that you contact the Free Software Foundation. They have a legal department that will provide you with free legal advice, and will vigorously prosecute GPL violations for you. Most companies usually settle, and the settlement is beneficial because the source code becomes available to all of us.

Alexei,

I highly recommend that you contact the Software Freedom Law Center, http://www.softwarefreedom.org/

They will provide you with free legal representation for this issue. I already contacted http://www.gpl-violations.org and they were unable to assist.

So? How did this end up?

I will prepare and publish more details soon. Sorry, currently we all are busy with post-Zabbix 1.8 activities. :)

I will prepare and publish more details soon. Sorry, currently we all are busy with post-Zabbix 1.8 activities. :)

Hi Alexei, we are interested to know what the current status is with the FireScope saga? :confused: Is the matter resolved? Thank you for a quick update.

This topic has been quiet for some time now - does this mean that FireScope wins...? Unfortunate :mad:

well, i guess they were relying on the fact that a small, technical company far away might be less likely to sue them...