Language Selection

English French German Italian Portuguese Spanish

Legal

Open Source Community Critical Of Chessbase, Fat Fritz 2

Filed under
Legal

The development teams behind the two most successful and influential open-source chess programs, Stockfish and Leela Chess Zero, have issued statements denouncing the commercial program Fat Fritz 2 and the company Chessbase that is selling the program for 99,90 euros.

The statements (Stockfish blog, lichess announcement) assert that the engine in Fat Fritz 2 is Stockfish with minimal changes, that Fat Fritz 2 has violated the GNU General Public License under which Stockfish is released, and that Chessbase's marketing has made false claims about Fat Fritz 2's playing strength.

Read more

Carmen Bianca Bakker: Destination status quo

Filed under
GNU
Legal

I recently happened upon an article that argued against the four freedoms as defined by the Free Software Foundation. I don’t actually want to link to the article—its tone is rather rude and unsavoury, and I do not want to end up in a kerfuffle—but I’ll include an obfuscated link at the end of the article for the sake of integrity.

The article—in spite of how much I disagree with its conclusions—inspired me to reflect on idealism and the inadequacy of things. Those are the things I want to write about in this article.

So instead of refuting all the points with arguments and counter-arguments, my article is going to work a little differently. I’m going to concede a lot of points and truths to the author. I’m also going to assume that they are ultimately wrong, even though I won’t make any arguments to the contrary. That’s simply not what I want to do in this article, and smarter people than I have already made a great case for the four freedoms. Rather, I want to follow the author’s arguments to where they lead, or to where they do not.

The four freedoms

The four freedoms of free software are four condition that a program must meet before it can be considered free. They are—roughly—the freedoms to (1.) use, (2.) study, (3.) share, and (4.) improve the program. The assertion is that if any of these conditions is not met, the user is meaningfully and helplessly restricted in how they can exercise their personal liberties.

The aforementioned article views this a little differently, however. Specifically, I found its retorts on the first and second freedoms interesting.

Read more

What You Need to Know About Open-Source and Proprietary Licenses

Filed under
Legal

When it comes to using, developing, and promoting software, the numerous licenses that accompany them can be confusing for even expert users. Open-source and proprietary licenses often butt heads. One promotes a closed and guarded method of licensing, whereas the latter lets people use software more freely.

In this post, we compare both open and proprietary licenses. We also discuss whether they work well together or the relationship is estranged.

[...]

In short, open and proprietary licenses will always rub each other the wrong way. However, there can be a system where companies still retain brand rights while letting users study and tweak the code. The benefits to the codebase and user security are of immense benefit to everyone.

Read more

Free Software Licensing and Controversy

Filed under
Legal
  • What is Open Source?

    The term ‘open source’ started in software development, but it is applicable to anything. If a thing is open source, first and foremost it means you have access to its source code — what makes that thing tick.

    If a thing is open source, it means that the source code of that thing is available for insight and editing, and may even be copied, repurposed and shared with others under certain conditions.

  • Josh Bressers: It’s the community, stupid

    I’ve been thinking about what open source is a lot lately. I mean A LOT, probably more than is healthy. There have been a ton of open source happenings in the world and the discussions around open source licenses have been numerous. There are even a lot of discussions around the very idea of open source itself. What we once thought was simple and clear is not simple or clear it would seem.

    Full disclosure. I work at Elastic and if you pay attention to open source you probably hear that Elasticsearch has a new license. I’m not going to discuss open source licenses today, I will soon, but today I want to talk about community because it keeps popping into my brain and clouding other ideas.

    The term “community” means different things to different people. I’ve heard some people talk about community as some sort of amorphous blob that will give them free work. Some think it’s a bunch of jobless degenerates who need haircuts. Some think it’s where their friends are. Some think it’s where their enemies are. Some people believe community is a mythical beast, something so fantastical that can’t possibly exist, like unicorns, dragons, or Canadians. When we don’t know what something is, it enters the world of myth and it becomes both everything and nothing at the same time. I think many of us have forgotten what community is.

  • Is Elastic Stretching Truth In AWS Spat Over Elasticsearch License? | Data Center Knowledge

    The Elasticsearch and Kibana license change may have less to do with alleged abuse by AWS than Elastic's public statements would have you believe.

Not So Open Any More: Elasticsearch Relicensing and Implications for Open Source Search

Filed under
OSS
Legal

Elastic, the company founded by the creators of the Elasticsearch search server, recently announced a change to the license of its core product. Previously under the permissive Apache 2 license, future versions of the software will be dual-licensed allowing users to choose between Elastic’s own license or the Server Side Public License (SSPL) created by MongoDB.

What does this change mean for users of the software? At this point I should note that although I am very familiar with open source search engines, I am not a lawyer — so please do take your own legal advice!

Read more

I took FSFE to court. This is my story

Filed under
Legal

Soon after the first lockdown in Berlin this year I filed a public case in the Berlin Tribunal of Labour Court against the president of Free Software Foundation Europe (FSFE), Matthias Kirschner, for workplace bullying.
Why? A female colleague and me had dared to discuss wage transparency and gender pay gap in the office. Apparently it is common in Germany that this gap exceeds 20%, but we both felt secure that the free software movement is progressive, and cares about being inclusive and equal opportunities oriented.
Unfortunately we miscalculated – our boss Matthias was beyond furious.
After that office meeting, he told my colleague “there will be consequences”. Our efforts coincided with the resignation of Richard Stallman from the US-based sister organisation of FSFE due to careless revictimisation of female victims of sexual abuse- another gender discrimination issue in our community that would cause the situation in our office to deteriorate quickly.
In its reluctant press release on this pivotal change in leadership in the largest free software organisation in the world, the FSFE had opted to honour Stallman for his undeniably long service and overlook the social issues underlying the change – something with which I expressed dissatisfaction, and not without support from colleagues.
It led to immediate retribution.
I was ordered to rewrite the text and was warned that I had “three hours to do it. Whether we will publish it or not, is going to be my [Matthias', my rem.] decision, not yours”. Free software is in most of our digital infrastructure, and I care a lot about inclusivity in this community to ensure that our most basic tools can be developed by everyone's perspectives for everyone's needs, so I rewrote our announcement. But not only was it never published – it was not even honoured with his feedback.

Read more

The road to software freedom is paved with licensing

Filed under
GNU
Legal

For many people, the path towards software freedom begins with a single program. They may not even know what free software is; they may just need a tool or a program to do a particular job. But in their search for that tool, the Free Software Directory, which is one of the key resources run by the Licensing and Compliance Lab, can often be a starting point for a much larger journey.

The Directory catalogues over 16,000 free software packages. Users can find free software packages for almost any activity, from playing games and reading books, to software libraries and developer tools. Every entry in the Directory is meticulously vetted by volunteers and FSF staff to ensure that users have the freedom to run, modify, copy, and share their modified versions of the work. Millions of users have visited the Directory looking for a particular piece of software, and upon finding it, have been introduced to the wider world of software freedom.

While the Directory already acts as a great starting point for many on their free software journey, there's so much more we can still do. We want to make it easier for people, once introduced to free software, to likewise help introduce others. We need resources and financial support for staff in order to organize and mentor volunteers to help us keep those thousands of entries up to date, and to write code to automate various kinds of imports and entry updates to help keep everything current, and so we can add thousands more.

The Directory is one of the best tools that we have for showing what is possible with free software, but we need your help to reach millions more.

Read more

'Open' 'Invention' 'Network' Turns 15

Filed under
Legal
  • Open Invention Network Celebrates Its 15th Year Protecting Core Linux and Open Source from Patent Aggression [Ed: This is nonsense. OIN is not protecting us, it is protecting software patents from our scrutiny]

    Open Invention Network (OIN) is celebrating its 15th year protecting the Open Source Software (OSS) community from patent risk. OIN’s efforts have enabled businesses and organizations to confidently invest their resources to develop, integrate and use OSS, safeguarding them from patent risk in core Linux and adjacent OSS technologies.

  • Open Invention Network Linux patent protection group turns 15

    Now, 15 years later, the Open Invention Network (OIN), the largest patent non-aggression consortium ever, is still protecting Linux and open-source software from patent attacks and patent trolls. Indeed, its scope has grown ever larger. Recently, it expanded its intellectual property protection from core Linux programs and adjacent open-source code by expanding its Linux System Definition. In particular, that means patents relating to the Android Open Source Project (AOSP) 10 and the Extended File Allocation Table exFAT file system are now protected.

POCO X3 kernel sources are still not available, despite a promise of launch-day release

Filed under
GNU
Linux
Legal

The POCO X3 NFC was launched back on September 7, 2020, bringing around a very high-value package at an affordable price tag. POCO repeated the same act with the POCO X3 in India, launched on September 22, 2020, but with slight differences from the globally launched variant: a bigger battery and no NFC. Two months on, the device remains one of the best purchases overall in the mid-range, for both the Global and the Indian variants. But what disappoints us is the fact that the kernel source for the device(s) has still not been released, despite a promise to release it on launch day.

[...]

Since it has been more than 2 months now since the phone has been released, there is very little excuse left on POCO’s end for not having released the source code. The phone is in the hands of consumers, and a fair few updates have also been delivered. Releasing kernel sources promptly should be something that every OEM does anyway. But POCO explicitly promised a very quick kernel release. And not releasing it so far trudges upon these claims of developer-friendliness and the trust of customers (and legal contracts, too).

The POCO X3/NFC remains an excellent value device in the age of rising flagship prices. While the phone is no flagship, nor does it pretend to be, it’s very easy to recommend to average users in the regions where it is officially sold. You get a lot of phone for the money. We hope POCO releases kernel sources as soon as possible, to keep up its promise to its fans. And while they’re at it, we hope they release kernel sources for the POCO M2 (device codename: shiva) and POCO C3 (device codename: angelicain) as well.

Read more

NASA ROSES-20 Amendment 64: Release of Final text of E.8 Supplemental Open Source Software Awards

Filed under
OSS
Sci/Tech
Legal

Supplemental open source software awards are used to encourage the conversion of legacy software into modern code to be released under a generally accepted, open source license (e.g., Apache-2, BSD-2-clause, GPL). The supplement would add a software component to their previously selected "parent" research and analysis award.

ROSES-2020 Amendment 64 Releases Final text for E.8 Supplemental Open Source Software Awards. Notices of Intent are not requested. Proposals will be accepted on a rolling basis with a final due date of April 14, 2021.

Read more

Syndicate content

More in Tux Machines

Canonical Chooses Google’s Flutter UI SDK to Build Future Ubuntu Apps

For those not in the known, Flutter is an open-source UI SDK (software development kit) created by Google to helps those who want to build quick and modern applications for a wide-range of operating systems, including Android, Linux, Mac, iOS, Windows, Google Fuchsia, that work across desktop, mobile, and the Web. A year ago, Canonical teamed up with Google to make the Flutter SDK available on Linux as Snap, the universal software deployment and package management system for Ubuntu `and other GNU/Linux distributions, allowing those interested in building beautiful apps on the Linux desktop. Read more

Python: Security and NumPy 1.20 Release

  • Python Package Index nukes 3,653 malicious libraries uploaded soon after security shortcoming highlighted

    The Python Package Index, also known as PyPI, has removed 3,653 malicious packages uploaded days after a security weakness in the use of private and public registries was highlighted. Python developers use PyPI to add software libraries written by other developers in their own projects. Other programming languages implement similar package management systems, all of which demand some level of trust. Developers are often advised to review any code they import from an external library though that advice isn't always followed. Package management systems like npm, PyPI, and RubyGems have all had to remove subverted packages in recent years. Malware authors have found that if they can get their code included in popular libraries or applications, they get free distribution and trust they haven't earned. Last month, security researcher Alex Birsan demonstrated how easy it is to take advantage of these systems through a form of typosquatting that exploited the interplay between public and private package registries.

  • A pair of Python vulnerabilities [LWN.net]

    Two separate vulnerabilities led to the fast-tracked release of Python 3.9.2 and 3.8.8 on February 19, though source-only releases of 3.7.10 and 3.6.13 came a few days earlier. The vulnerabilities may be problematic for some Python users and workloads; one could potentially lead to remote code execution. The other is, arguably, not exactly a flaw in the Python standard library—it simply also follows an older standard—but it can lead to web cache poisoning attacks. [...] [Update: As pointed out in an email from Moritz Muehlenhoff, Python 2.7 actually is affected by this bug. He notes that python2 on Debian 10 ("Buster") is affected and has been updated. Also, Fedora has a fix in progress for its python2.7 package.]

  • NumPy 1.20 has been released

    NumPy is a Python library that adds an array data type to the language, along with providing operators appropriate to working on arrays and matrices. By wrapping fast Fortran and C numerical routines, NumPy allows Python programmers to write performant code in what is normally a relatively slow language. NumPy 1.20.0 was announced on January 30, in what its developers describe as the largest release in the history of the project. That makes for a good opportunity to show a little bit about what NumPy is, how to use it, and to describe what's new in the release. [...] NumPy adds a new data type to Python: the multidimensional ndarray. This a container, like a Python list, but with some crucial differences. A NumPy array is usually homogeneous; while the elements of a list can be of various types, an ndarray will, typically, only contain a single, simple type, such as integers, strings, or floats. However, these arrays can instead contain arbitrary Python objects (i.e. descendants of object). This means that the elements will, for simple data types, all occupy the same amount of space in memory. The elements of an ndarray are laid out contiguously in memory, whereas there is no such guarantee for a list. In this way, they are similar to Fortran arrays. These properties of NumPy arrays are essential for efficiency because the location of each element can be directly calculated. Beyond just adding efficient arrays, NumPy also overloads arithmetic operators to act element-wise on the arrays. This allows the Python programmer to express computations concisely, operating on arrays as units, in many cases avoiding the need to use loops. This does not turn Python into a full-blown array language such as APL, but adds to it a syntax similar to that incorporated into Fortran 90 for array operations.

4 Best Free and Open Source Graphical MPD Clients

MPD is a powerful server-side application for playing music. In a home environment, you can connect an MPD server to a Hi-Fi system, and control the server using a notebook or smartphone. You can, of course, play audio files on remote clients. MPD can be started system-wide or on a per-user basis. MPD runs in the background playing music from its playlist. Client programs communicate with MPD to manipulate playback, the playlist, and the database. The client–server model provides advantages over all-inclusive music players. Clients can communicate with the server remotely over an intranet or over the Internet. The server can be a headless computer located anywhere on a network. There’s graphical clients, console clients and web-based clients. To provide an insight into the quality of software that is available, we have compiled a list of 4 best graphical MPD clients. Hopefully, there will be something of interest here for anyone who wants to listen to their music collection via MPD. Here’s our recommendations. They are all free and open source goodness. Read more

LWN on Kernel: 5.12 Merge, Lockless Algorithms, and opy_file_range()

  • 5.12 Merge window, part 1 [LWN.net]

    The beginning of the 5.12 merge window was delayed as the result of severe weather in the US Pacific Northwest. Once Linus Torvalds got going, though, he wasted little time; as of this writing, just over 8,600 non-merge changesets have been pulled into the mainline repository for the 5.12 release — over a period of about two days. As one might imagine, that work contains a long list of significant changes.

  • An introduction to lockless algorithms [LWN.net]

    Low-level knowledge of the memory model is universally recognized as advanced material that can scare even the most seasoned kernel hackers; our editor wrote (in the July article) that "it takes a special kind of mind to really understand the memory model". It's been said that the Linux kernel memory model (and in particular Documentation/memory-barriers.txt) can be used to frighten small children, and the same is probably true of just the words "acquire" and "release". At the same time, mechanisms like RCU and seqlocks are in such widespread use in the kernel that almost every developer will sooner or later encounter fundamentally lockless programming interfaces. For this reason, it is a good idea to equip yourself with at least a basic understanding of lockless primitives. Throughout this series I will describe what acquire and release semantics are really about, and present five relatively simple patterns that alone can cover most uses of the primitives.

  • How useful should copy_file_range() be? [LWN.net]

    Its job is to copy len bytes of data from the file represented by fd_in to fd_out, observing the requested offsets at both ends. The flags argument must be zero. This call first appeared in the 4.5 release. Over time it turned out to have a number of unpleasant bugs, leading to a long series of fixes and some significant grumbling along the way. In 2019 Amir Goldstein fixed more issues and, in the process, removed a significant limitation: until then, copy_file_range() refused to copy between files that were not located on the same filesystem. After this patch was merged (for 5.3), it could copy between any two files, falling back on splice() for the cross-filesystem case. It appeared that copy_file_range() was finally settling into a solid and useful system call. Indeed, it seemed useful enough that the Go developers decided to use it for the io.Copy() function in their standard library. Then they ran into a problem: copy_file_range() will, when given a kernel-generated file as input, copy zero bytes of data and claim success. These files, which include files in /proc, tracefs, and a large range of other virtual filesystems, generally indicate a length of zero when queried with a system call like stat(). copy_file_range(), seeing that zero length, concludes that there is no data to copy and the job is already done; it then returns success. But there is actually data to be read from this kind of file, it just doesn't show in the advertised length of the file; the real length often cannot be known before the file is actually read. Before 5.3, the prohibition on cross-filesystem copies would have caused most such attempts to return an error code; afterward, they fail but appear to work. The kernel is happy, but some users can be surprisingly stubborn about actually wanting to copy the data they asked to be copied; they were rather less happy.