Language Selection

English French German Italian Portuguese Spanish

Openwashing: Altair, Microsoft and SmartBear

Filed under
OSS

Mac Asay at it again

Microsoft FUD Against FOSS Again

Black Duck again

More new FUD

  • Evaluating Open Source Software to Build a Connected Autonomous Vehicle [Ed: Muckraking as usual, lawyers from Mayer Brown LLP (Marjorie H. Loeb, Richard M. Assmus, Linda L. Rhodes and Paul A. Chandler) make FOSS sound scary, dangerous legally. It wasn't so long ago that Black Duck, Microsoft's anti-copyleft front, told the media that if automobiles adopted FOSS, vehicles would start crashing. CBS/ZDNet posted that crap for them.]

    The varying OSS licenses may conflict with each other, which can frustrate an automaker’s license compliance. To comprehensively assess the risk that any combination of OSS blocks may infringe or violate the license terms, one must first identify and trace the use of OSS throughout, which may involve analyzing thousands of files or lines of code contributed from numerous sources. To maintain compliance, significant due diligence is required both at the outset and each time code is changed or altered. To complicate matters further, the use of automated software development tools, which pull pieces of OSS from the Internet, may make it difficult to identify applicable license requirements before those pieces become an integral part of the code base. While scanning software and solutions may help identify embedded OSS, significant analysis is still required to evaluate the provenance of the OSS and whether its intended use raises license compliance or related concerns.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Android Leftovers

Programming: Flask, Agile, Rust and Python

  • How to build an API for a machine learning model in 5 minutes using Flask
    As a data scientist consultant, I want to make impact with my machine learning models. However, this is easier said than done. When starting a new project, it starts with playing around with the data in a Jupyter notebook. Once you’ve got a full understanding of what data you’re dealing with and have aligned with the client on what steps to take, one of the outcomes can be to create a predictive model. You get excited and go back to your notebook to make the best model possible. The model and the results are presented and everyone is happy. The client wants to run the model in their infrastructure to test if they can really create the expected impact. Also, when people can use the model, you get the input necessary to improve it step by step. But how can we quickly do this, given that the client has some complicated infrastructure that you might not be familiar with?
  • What is Small Scale Scrum?
    Agile is fast becoming a mainstream way industries act, behave, and work as they look to improve efficiency, minimize costs, and empower staff. Most software developers naturally think, act, and work this way, and alignment towards agile software methodologies has gathered pace in recent years. VersionOne’s 2018 State of Agile report shows that scrum and its variants remain the most popular implementation of agile. This is in part due to changes made to the Scrum Guide’s wording in recent years that make it more amenable to non-software industries.
  • This Week in Rust 269
  • Async IO in Python: A Complete Walkthrough
    Async IO is a concurrent programming design that has received dedicated support in Python, evolving rapidly from Python 3.4 through 3.7, and probably beyond. You may be thinking with dread, “Concurrency, parallelism, threading, multiprocessing. That’s a lot to grasp already. Where does async IO fit in?” This tutorial is built to help you answer that question, giving you a firmer grasp of Python’s approach to async IO.

Security: Updates, Reproducible Builds and More

  • Security updates for Wednesday
  • Reproducible Builds: Weekly report #194
    Here’s what happened in the Reproducible Builds effort between Sunday January 6 and Saturday January 12 2019...
  • ES File Explorer Has A Hidden Web Server; Data Of 500 Million Users At Risk
  • The Evil-Twin Framework: A tool for testing WiFi security
    The increasing number of devices that connect over-the-air to the internet over-the-air and the wide availability of WiFi access points provide many opportunities for attackers to exploit users. By tricking users to connect to rogue access points, hackers gain full control over the users' network connection, which allows them to sniff and alter traffic, redirect users to malicious sites, and launch other attacks over the network.. To protect users and teach them to avoid risky online behaviors, security auditors and researchers must evaluate users' security practices and understand the reasons they connect to WiFi access points without being confident they are safe. There are a significant number of tools that can conduct WiFi audits, but no single tool can test the many different attack scenarios and none of the tools integrate well with one another. The Evil-Twin Framework (ETF) aims to fix these problems in the WiFi auditing process by enabling auditors to examine multiple scenarios and integrate multiple tools. This article describes the framework and its functionalities, then provides some examples to show how it can be used.
  • KDE Plasma5 – Jan ’19 release for Slackware
    Here is your monthly refresh for the best Desktop Environment you will find for Linux. I just uploaded “KDE-5_19.01” to the ‘ktown‘ repository. As always, these packages are meant to be installed on a Slackware-current which has had its KDE4 removed first. These packages will not work on Slackware 14.2. It looks like Slackware is not going to be blessed with Plasma5 any time soon, so I will no longer put an artificial limitation on the dependencies I think are required for a solid Plasma5 desktop experience. If Pat ever decides that Plasma5 has a place in the Slackware distro, he will have to make a judgement call on what KDE functionality can stay and what needs to go.

MongoDB "open-source" Server Side Public License rejected

MongoDB is open-source document NoSQL database with a problem. While very popular, cloud companies, such as Amazon Web Services (AWS), IBM Cloud, Scalegrid, and ObjectRocket has profited from it by offering it as a service while MongoDB Inc. hasn't been able to monetize it to the same degree. MongoDB's answer? Relicense the program under its new Server Side Public License (SSPL). Open-source powerhouse Red Hat's reaction? Drop MongoDB from Red Hat Enterprise Linux (RHEL) 8. Red Hat's Technical and Community Outreach Program Manager Tom Callaway explained, in a note stating MongoDB is being removed from Fedora Linux, that "It is the belief of Fedora that the SSPL is intentionally crafted to be aggressively discriminatory towards a specific class of users." Debian Linux had already dropped MongoDB from its distribution. Read more