Language Selection

English French German Italian Portuguese Spanish

What's next after GPL and Apache?

Filed under

At the end of April, I wrote about the idea that usage of the GNU General Public License (GPL) is declining and concluded that although new, commercially initiated open source projects were indeed tending to adopt other licenses, the use of the GPL itself is still growing -- especially among projects in its core community of GNU platform development. This article explores why commercial projects pick particular open source licenses and what might happen in the future.

Dual licensing

First, a brief historical recap: During the "open source bubble" of the mid-2000s, driven to build Web-facing solutions on short timescales, many companies used a combination of Linux/Apache HTTPD/MySQL/Perl to prototype and iterate.

Rest here

More in Tux Machines

Security Leftovers

  • Tor browser co-creator: Experian breach shows encryption may not be security panacea
    The Experian/T-Mobile hack may be more worrisome than Experian’s carefully worded description of it suggests, some security experts said Friday. One is the co-creator of the Tor secure browser, David Goldschlag, (now SVP of strategy at Pulse Secure). Goldschlag previously was head of mobile at McAfee, and also once worked at the NSA. I asked Goldschlag a simple question: “After the Office of Personnel Management and Experian hacks, is there reason to fear that hackers now have the means to steal actual financial information (credit card numbers, etc.) from banks or insurers?”
  • AV-TEST tests Linux security solutions against Linux and Windows threats
    To do so, it is often sufficient to copy files from a Linux environment to Windows.” it further adds. The most obvious mode of attack involves luring victims to install software or updates via third-party package sources. The team conducted test by running 16 different Anti-virus solutions and splitting test session into three distinct phases, The detection of Windows malware The detection of Linux malware and The test for false positives. Out of 16 antivirus solutions 8 detected between 95-99% of the 12,000 Windows threat used in the test: The Anti-virus solutions that helped in detection include Bitdefender, ESET, Avast, F-Secure, eScan, G Data, Sophos and Kaspersky Lab (server version).
  • had classic security blunder in authentication engine
    The cross-site request forgery vulnerability means that any user visiting a malicious page can have their accounts hijacked without further interaction. The since-patched hole existed in Microsoft and could have been spun into a dangerous worm, Wineberg says.
  • Meet the White Team, Makers of the Linux.Wifatch Viligante Malware
    However, Softpedia News noted that the Linux.Wifatch source code has not been released in its entirety. That’s likely because the White Team is worried that traditional cybercriminals would exploit the malware for more nefarious purposes. It also explains why it was a clandestine operation in which router owners weren’t aware their systems had been infected, even if it was only to defend them against black-hat attackers. Whether or not anyone appreciates the White Team’s form of vigilante security tactics, they may believe the work should serve as a warning to those who don’t follow basic data protection procedures, Hacked said. For example, there are still untold numbers of home routers that use default passwords and leave admin access wide open to malware and other threats.
  • Practical SHA-1 Collision Months, Not Years, Away
  • Search engine can find the VPN that NUCLEAR PLANT boss DIDN'T KNOW was there - report
    The nuclear industry is ignorant of its cybersecurity shortcomings, claimed a report released today, and despite understanding the consequences of an interruption to power generation and the related issues, cyber efforts to prevent such incidents are lacking. The report adds that search engines can "readily identify critical infrastructure components with" VPNs, some of which are power plants. It also adds that facility operators are "sometimes unaware of" them. Nuclear plants don't understand their cyber vulnerability, stated the Chatham House report, which found industrial, cultural and technical challenges affecting facilities worldwide. It specifically pointed to a "lack of executive-level awareness".

Linux Discussion Continues, Fedora Welcomes Chromium

Folks are still discussing the resignation of Sarah Sharp and Matthew Garrett from Linux kernel development. Jack Wallen said Sharp (and Garrett) are cases of more developers being "turned away, simply because developers had no patience for personal respect." He said Linux rules with a "sharp and iron tongue" with "foul and abusive language." He agreed with Dr. Roy Schestowitz in that all this is a "PR nightmare" threatening the "flagship of the open-source movement." He placed part of the blame on what he calls the "Internet of hate" and said if Linux is to compete with Microsoft and Apple its developers need to "start treating the legions of programmers, who are working tirelessly to deliver, as well as they treat the code itself. Open source is about community. A community with a toxic foundation will eventually crumble." Read more

Leftovers: FSF/GNU

  • The party is over... but the fight for freedom is ready for another thirty years
    Last Saturday, we celebrated the Free Software Foundation's thirtieth birthday with a party to remember.
  • FSF's Nerdy 30
  • VimSpellcheckery
    While I was mass editing the transcripts I used to create the FSF30 wordclouds, I realized I was doing too much manual movery to get to the next misspelled word. In a moment of clarity, I was like "hey, I bet vim has a way to properly do this!" And of course it did!
  • Creative Commons BY-SA 4.0 declared one-way compatible with GNU GPL version 3
    Compatibility means that a person can now take a work they received under the terms of CC BY-SA 4.0 and then distribute adaptations of that work under the terms of GPLv3.
  • Guix-Tox talk at PyConFR, October 17th
    Guix-Tox is a young variant of the Tox "virtualenv" management tool for Python that uses guix environment as its back-end. In essence, while Tox restricts itself to building pure Python environments, Guix-Tox takes advantages of Guix to build complete environments, including dependencies that are outside Tox's control, thereby improving environment reproducibility. Cyril will demonstrate practical use cases with OpenStack.