Language Selection

English French German Italian Portuguese Spanish

Legal

Linux Foundation on Compliance and Openwashing Examples

Filed under
OSS
Legal
  • A new ACT for open source compliance from The Linux Foundation

    What’s new in the world of open source? The Linux Foundation announced that they are launching a new tooling project for improving open source compliance. This new project’s goal is to ensure that when using open source projects, users understand what they are complying with.

    The Linux Foundation continues to be a leading beacon in the FOSS world, with worldwide events and over one million professionals enrolled in their free training courses. Just some of the successful projects that the Linux Foundation hosts include Rook, Node.js, Kubernetes, and Linkerd (which just got a fancy new UI makeover). You don’t have to look far to see names and noteworthy tools that you’re familiar with!

  • The Linux Foundation forms new Automated Compliance Tooling project

    “There are numerous open source compliance tooling projects but the majority are unfunded and have limited scope to build out robust usability or advanced features,” said Kate Stewart, senior director of strategic programs at The Linux Foundation. “We have also heard from many organizations that the tools that do exist do not meet their current needs. Forming a neutral body under The Linux Foundation to work on these issues will allow us to increase funding and support for the compliance tooling development community.”

    As part of the announcement, ACT is also welcoming two new projects that will be hosted at the Linux Foundation: OpenChain, a project that identifies key recommended processes for open-source management; and the Open Compliance Project, which will educate and help developers and companies better understand license requirements.

  • A Closer Look At Tesla's Open-Source Patent Pledge
  • Why Amazon's customer obsession should make it more open source friendly [Ed: What "customer obsession"? Amazon is a surveillance company whose biggest AWS customer is the CIA (with which it shares tons of data from all around the world).]

GPL Licensing: FSF Update Rules Commons Clause Non-Free, Red Hat on Compliance

Filed under
Legal
  • FSF Update Rules Commons Clause Non-Free

    The Free Software Foundation has added the Commons Clause to its list of non-free licenses among a number of recent updates to its licensing materials. Other changes clarify the GNU GPL position on translating code into another language and how to handle projects that combine code under multiple licenses.

  • More companies want fairness to open source license enforcement

    The 16 new companies in this announcement are a diverse set of technology firms whose participation makes evident the worldwide reach of the GPL Cooperation Commitment. They comprise globally-operating companies based on four continents and mark a significant expansion of the initiative into the Asia-Pacific region. They represent various industries and areas of commercial focus, including IT services, software development tools and platforms, social networking, fintech, semiconductors, e-commerce, multimedia software and more.

    The GPL Cooperation Commitment is a means for companies, individual developers and open source projects to provide opportunities for licensees to correct errors in compliance with software licensed under the GPLv2 family of licenses before taking action to terminate the licenses. Version 2 of the GNU General Public License (GPLv2), version 2 of the GNU Library General Public License (LGPLv2), and version 2.1 of the GNU Lesser General Public License (LGPLv2.1) do not contain express “cure” periods to fix noncompliance prior to license termination. Version 3 of the GNU GPL (GPLv3) addressed this by adding an opportunity to correct mistakes in compliance. Those who adopt the GPL Cooperation Commitment extend the cure provisions of GPLv3 to their existing and future GPLv2 and LGPLv2.x-licensed code.

The Latest Relicensing Stories

Filed under
OSS
Legal
  • RISC OS goes Open Source, supports royalty-free Raspberry Pi projects

    As the new owners of Castle Technology Ltd, RISC OS Developments Ltd are proud to announce that RISC OS, the original OS for ARM processors is now available as a fully Open Source operating system (OS), via the Apache 2.0 licence under the continued stewardship of RISC OS Open Ltd.

    A high performance, low footprint OS, incorporating the world-renowned "BBC BASIC" provides a modern desktop interface coupled with easy access to programming, hardware and connectivity. RISC OS was one of the first operating systems to support the massively successful Raspberry Pi, for which it remains an ideal companion. Now truly Open, RISC OS make an ideal choice for royalty-free ARM-based projects.

  • Finally! The Venerable RISC OS is Now Open Source

    It was recently announced that RISC OS was going to be released as open-source. RISC OS has been around for over 30 years. It was the first operating system to run on ARM technology and is still available on modern ARM-powered single-board computers, like the Raspberry Pi.

  • Making the GPL more scary

    For some years now, one has not had to look far to find articles proclaiming the demise of the GNU General Public License. That license, we are told, is too frightening for many businesses, which prefer to use software under the far weaker permissive class of license. But there is a business model that is based on the allegedly scary nature of the GPL, and there are those who would like to make it more lucrative; the only problem is that the GPL isn't quite scary enough yet.

    The business of selling exceptions to the GPL, where one pays the copyright holder for a proprietary license to the code, has been around for a long time; MySQL AB was built on this model, for example. Companies that buy such a license normally do so because they fear that their own code may fall under the requirements of the GPL; vendors tend to take an expansive view of what constitutes a derivative work to feed those fears and encourage sales. It is a model that has been shown to work, and it has generally passed muster even with organizations that are committed to the spread of free software.

MongoDB Becomes Less Affero GPL-Like

Filed under
Server
OSS
Legal
  • Fed up with cloud giants ripping off its database, MongoDB forks new open-source license

    After Redis Labs relicensed the modules it developed to complement its open-source database, from AGPL to Apache v2.0 with a Commons Clause, the free-software community expressed dismay.

    And, inevitably, some responded by forking the affected code.

    Today, the maker of another open source database, MongoDB, plans to introduce a license of its own to deal with the issue cited by Redis: cloud service providers that sell hosted versions of open-source programs – such as Redis and MongoDB database servers – without offering anything in return.

    "Once an open source project becomes interesting or popular, it becomes too easy for the cloud vendors to capture all the value and give nothing back to the community," said Dev Ittycheria, CEO of MongoDB, in a phone interview with The Register.

    Ittycheria pointed to cloud service providers such as Alibaba, Tencent, and Yandex. Those companies, he claims, are testing the boundaries of the AGPL by benefiting from the work of others while failing to share their code.

  • MongoDB switches up its open-source license

    MongoDB is a bit miffed that some cloud providers — especially in Asia — are taking its open-source code and offering a hosted commercial version of its database to their users without playing by the open-source rules. To combat this, MongoDB today announced it has issued a new software license, the Server Side Public License (SSPL), that will apply to all new releases of its MongoDB Community Server, as well as all patch fixes for prior versions.

    Previously, MongoDB used the GNU AGPLv3 license, but it has now submitted the SSPL for approval from the Open Source Initiative.

  • MongoDB license could push open source deeper into cloud: Is this what industry needs?

    Things just got serious in open source land. Despite the occasional Commons Clause or Fair Source licensing attempt to change the meaning of the words "open source" to include "the right for a private company to make money from its open source efforts," we've stuck to the Open Source Definition, and it has served us well. Open source communities have become the center of the innovation universe, giving us exceptional code like Linux, Kubernetes, Apache Kafka, and more.

  • It's MongoDB's turn to change its open source license

    The old maxim that the nice thing about standards is that there are so many to choose from could well apply to open source licensing. While now nearing a couple years old, the last WhiteSource Software survey of the top 10 open source licenses found close competition between the GPL, MIT, and Apache licenses. While the commercial-friendly Apache license has dominated the world of big data platforms and AI frameworks, MIT and GPL (which has "copyleft" provisions requiring developers to contribute back all modifications and enhancements) continues to be popular. GPL and variants such as the AGPL have been popular amongst vendors that seek to control their own open source projects, like MongoDB.

  • Matthew Garrett: Initial thoughts on MongoDB's new Server Side Public License

    MongoDB just announced that they were relicensing under their new Server Side Public License. This is basically the Affero GPL except with section 13 largely replaced with new text, as follows:

    "If you make the functionality of the Program or a modified version available to third parties as a service, you must make the Service Source Code available via network download to everyone at no charge, under the terms of this License. Making the functionality of the Program or modified version available to third parties as a service includes, without limitation, enabling third parties to interact with the functionality of the Program or modified version remotely through a computer network, offering a service the value of which entirely or primarily derives from the value of the Program or modified version, or offering a service that accomplishes for users the primary purpose of the Software or modified version.

    “Service Source Code” means the Corresponding Source for the Program or the modified version, and the Corresponding Source for all programs that you use to make the Program or modified version available as a service, including, without limitation, management software, user interfaces, application program interfaces, automation software, monitoring software, backup software, storage software and hosting software, all such that a user could run an instance of the service using the Service Source Code you make available."

    MongoDB admit that this license is not currently open source in the sense of being approved by the Open Source Initiative, but say:"We believe that the SSPL meets the standards for an open source license and are working to have it approved by the OSI."

    At the broadest level, AGPL requires you to distribute the source code to the AGPLed work[1] while the SSPL requires you to distribute the source code to everything involved in providing the service. Having a license place requirements around things that aren't derived works of the covered code is unusual but not entirely unheard of - the GPL requires you to provide build scripts even if they're not strictly derived works, and you could probably make an argument that the anti-Tivoisation provisions of GPL3 fall into this category.

New Paper From Mark Shuttleworth and Eben Moglen

Filed under
Ubuntu
Legal
  • Automotive Software Governance and Copyleft

    The Software Freedom Law Center is proud to make available a whitepaper by Mark Shuttleworth, CEO of Canonical, Ltd., and Eben Moglen, Founding Director of the Software Freedom Law Center and Professor of Law at Columbia Law School. The whitepaper shows how new capabilities in the free and open source software stack enable highly regulated and sensitive industrial concerns to take advantage of the full spectrum of modern copyleft software.

    Software embedded in physical devices now determines how almost everything – from coffee pots and rice cookers to oil tankers and passenger airplanes – works. Safety and security, efficiency and repairability, fitness for purpose and adaptability to new conditions of all the physical products that we make and use now depend on our methods for developing, debugging, maintaining, securing and servicing the software embedded in them.

  • SFLC: Automotive Software Governance and Copyleft

    The Software Freedom Law Center has announced the availability of a whitepaper [PDF] about automotive software and copyleft, written by Mark Shuttleworth and Eben Moglen. At its core, it's an advertisement for Ubuntu and Snap, but it does look at some of the issues involved.

Open Invention Network is a Proponent of Software Patents -- Just Like Microsoft -- and Microsoft Keeps Patents It Uses to Blackmail Linux Vendors

Filed under
Linux
Microsoft
Legal

OIN loves Microsoft; OIN loves software patents as well. So Microsoft’s membership in OIN is hardly a surprise and it’s not solving the main issue either, as Microsoft can indirectly sue and “Microsoft has not included any patents they might hold on exfat into the patent non-aggression pact,” according to Bradley M. Kuhn

Read more

​Redis Labs and Common Clause attacked where it hurts: With open-source code

Filed under
OSS
Legal

After Redis Labs added a new license clause, Commons Clause, on top of popular open-source, in-memory data structure store Redis, open-source developers were mad as hell. Now, instead of just ranting about it, some have counterattacked by starting a project, GoodFORM, to fork the code in question.

Read more

Vember Audio’s Surge Plug-in Liberated Under GNU GPLv3

Filed under
GNU
OSS
Legal
  • Surge Synth Set Free

    Vember Audio tells us that, as of 21th September 2018, Surge stopped being a commerical product and became an open-source project released under the GNU GPL v3 license. They say that, for the existing users, this will allow the community to make sure that it remains compatible as plug-in standards and Operating Systems evolve and, for everyone else, it is an exiting new free synth to use, hack, port, improve or do whatever you want with.

  • Vember Audio’s Surge synth plugin is now free and open-source

    Reviewing Vember Audio’s Surge synth over a decade ago, we said: “This is a big, beautiful-sounding instrument. It's not cheap, but few plugins of this quality are.” Well, the sound hasn’t changed, but the price has; in fact, Surge has just been made free and open-source.

    Thanks to its wavetable oscillators and FM-style algorithms, Surge is capable of creating some pretty sparkling sounds, but it also has analogue-style functions that make it suitable for producing vintage keyboard tones.

    Vember Audio says that it’s been set free so that it can continue to be developed by the community and remain compatible with current standards and operating systems.

The Software Freedom Conservancy on GPLv2 irrevocability

Filed under
GNU
Linux
Legal

For anybody who has been concerned by the talk from a few outsiders about revoking GPL licensing, this new section in the Software Freedom Conservancy's copyleft guide is worth a read.

Read more

My code of conduct

Filed under
Linux
Legal

There are many “code of conduct” documents. Often they differ a lot. I have my own and it is probably the shortest one:

Do not be an asshole. Respect the others.

Simple. I do not care which gender people have when I speak with them (ok, may stare at your boobs or butt once) nor their sexual preferences. Colour of the skin does not matter as most of my friends I first met online without knowing anything about them. Political stuff? As long as we can be friends and do not discuss it I am fine. Etc etc.

It works on conferences. And in projects where I am/was involved.

Someone may say that part of it was shaped by working for corporation (is Red Hat corpo?) due to all those no harassment regulations and trainings. I prefer to think that it is more of how I was raised by parents, family and society.

Read more

Syndicate content

More in Tux Machines

Games: Bomber Crew, Going Green and More

  • Get a free copy of Bomber Crew during the Humble Winter Sale

    How about a free game for the coming weekend? Humble Store has Bomber Crew going free during their new Winter Sale so you can pick up some other cheap games too. Bomber Crew is a really highly rated and enjoyable game too, so it's a pretty good pick to get free! As for the new Humble Winter Sale, it's a big one with lots of publishers big and small joining in. Plus there's of course masses of fantastic indie games that deserve plenty of attention. If you want to look over what the bigger lot have take a look at the sales for SEGA, 2K, Deep Silver, Humble Games, Codemasters, THQ Nordic, Kalypso Media and also Team17 have an existing sale still on.

  • Prison Architect: Going Green announced for release on January 28

    Paradox Interactive and Double Eleven have announced the next expansion and free update for Prison Architect with the Prison Architect: Going Green DLC launching on January 28. Seems like bit of a theme with Paradox published games. We had the Cities: Skylines - Green Cities DLC in 2017, the Surviving Mars: Green Planet DLC in 2019 and now prisons are going green too. You will be able to create a more environmentally friendly prison with farming and all sorts.

  • 【Xonotic】Let The Mayhem Commence Again

    I had a lot of fun in the last Xonotic stream we did so I thought I'd be fun to try that again, I tried to test out my server with other people on it and it seems like it's working this time but we'll truly see when the open source arena shooter mayhem begins

  • The State of Virtual Reality on Linux

    …Until after some life changes, an unexpected influx of money, and curious about all the news about Half-Life next installment (Alyx) and Valve’s own VR system, the Valve Index, and the claims that it is supported on Linux, I took the plunge and bought it. I got it on my house on April 30, 2020, an exact year after its debut. What happened to me next was extraordinary. I met new worlds, I felt new things, I traveled to many places in the hardest months of the Lock-downs. It is not easy to describe, since it is so linked to the senses, so real and at the same time so abstract. In this article, I’ll try to laboriously describe what I felt — without ever leaving Linux — and give numerous examples. For that, though, I have to start with boring stuff. Stay with me and you won’t regret. So. This article will try to convey how Virtual Reality on Linux became viable, what are its challenges and limitations, which applications and games run on it, what are the terms and technologies associated to it and what to expect from the future. And also give a light whether it’s worth investing on this technology today, instead of waiting for it to mature as most people must think.

  • Valve Is Planning Something Special For Linux Gaming In 2021

    Before we get to that carrot Valve is dangling in front of us for 2021, let’s begin with a sobering observation. Despite two straight years of incredible advancements in Linux gaming — specifically Proton, the compatibility layer that lets us easily run thousands of Windows games on Linux — there has been a negligible increase in Linux gaming adoption. As marketing-centric scribe James Mawson so poignantly states, it’s a “growth so feeble, it’s difficult to separate from statistical noise; Linux isn’t even a serious threat to the Mac in this space.” Wow. Sobering indeed. Clearly We Have Work To Do Proton 5 now ships with the Steam for Linux client, and it introduces improved performance, support for DX12 and much more. As Valve’s informative 2020 recap points out, an increase in developers testing their games against Proton (without needing to invest huge time and resources into developing native ports) resulted in some big AAA titles like Death Stranding, Cyberpunk 2077 and others being playable on Linux at or shortly after their native Windows releases. That’s wonderful for gamers already immersed in the Linux gaming ecosystem, but let’s be honest with ourselves and admit that there are still many reasons to dual-boot Windows. Maybe it’s the lure of popular games that rely on anti-cheat software or invasive DRM. Maybe it’s the subpar support for brand new hardware like the Radeon RX 6000 GPUs.

  • Axiom Verge gets a first ever free update six years later with the Randomizer Mode

    While work continues on the sequel, Axiom Verge has a first ever free content update following the release back in 2015 with a new Randomizer Mode. Never played Axiom Verge? You're missing out. A true love-letter to the classic metroidvanias! This brand new update is currently in Beta, requiring you on Steam to opt into it in the usual way. Right click the game, go to Properties and hit Betas on the left panel and find it there. As the name of the update might suggest, it makes things a bit more random but "in a very sophisticated way". This mode is smart enough so you won't get stuck because of needing a certain item to progress onwards. How did it come about so long after release? Thanks to the speedrunning community, along with a developer of a mod that gave players an unofficial version of this but it needed a copy of the game. They teamed up to add it into the base game with the modder refusing any compensation for it. How nice for all of us!

  • Stockholm to host the 2021 CS:GO Major, with the biggest ever prize pool

    Valve along with PGL have announced the return of Counter-Strike: Global Offensive's next Major Championship that will take place this year in Sweden. Not only has competitive esport CS:GO returned, it's coming back with a bang too. This will be the biggest single prize pool in CS:GO history with twenty four teams competing for 2 million dollars USD. Not only that, this will also be the first event that is broadcast live in 4K resolution. The main event will be during November 4-7, so they're leaving enough time to hopefully see COVID-19 get a little more under control as this will be an in-person event with a live audience.

Mozilla: Rust, Socorro, and 'Healthier' Internet (Openwashing)

  • Another Rust-y OS: Theseus joins Redox in pursuit of safer, more resilient systems

    Rust, a modern system programming language focused on performance, safety and concurrency, seems an ideal choice for creating a new operating system, and several such projects already exist. Now there is a new one, Theseus, described by creator Kevin Boos as "an Experiment in Operating System Structure and State Management." The key thinking behind Theseus is to avoid what Boos and three other contributors from Rice and Yale universities call "state spill".

  • This Week In Rust: This Week in Rust 373
  • Socorro Engineering: Half in Review 2020 h2 and 2020 retrospective

    2020h1 was rough. 2020h2 was also rough: more layoffs, 2 re-orgs, Covid-19. I (and Socorro and Tecken) got re-orged into the Data Org. Data Org manages the Telemetry ingestion pipeline as well as all the things related to it. There's a lot of overlap between Socorro and Telemetry and being in the Data Org might help reduce that overlap and ease maintenance. [...] 2020 sucked. At the end, I was feeling completely demoralized and deflated.

  • Reimagine Open: Building a Healthier Internet

    Does the “openness” that made the [Internet] so successful also inevitably lead to harms online? Is an open [Internet] inherently a haven for illegal speech, for eroding privacy and security, or for inequitable access? Is “open” still a useful concept as we chart a future path for the [Internet]?

    A new paper from Mozilla seeks to answer these questions. Reimagine Open: Building Better Internet Experiences explores the evolution of the open [Internet] and the challenges it faces today. The report catalogs findings from a year-long project of outreach led by Mozilla’s Chairwoman and CEO, Mitchell Baker. Its conclusion: We need not break faith with the values embedded in the open [Internet]. But we do need to return to the original conceptions of openness, now eroded online. And we do need to reimagine the open [Internet], to address today’s need for accountability and online health.

Kernel: Linux 5.11, TuxMake, Linux 5.12, and NVIDIA "Nouveau" Driver

  • 5.11 Merge window, part 2

    Linus Torvalds released the 5.11-rc1 prepatch and closed the 5.11 merge window on December 27. By that time, 12,498 non-merge changesets had been pulled into the mainline; nearly 2,500 of those wandered in after the first merge-window summary was written. Activity slowed down in the second week, as expected, but there were still a number of interesting features that found their way into the mainline.

  • Portable and reproducible kernel builds with TuxMake

    TuxMake is an open-source project from Linaro that began in May 2020 and is designed to make building Linux kernels easier. It provides a command-line interface and a Python library, along with a full set of curated portable build environments distributed as container images. With TuxMake, a developer can build any supported combination of target architecture, toolchain, kernel configuration, and make targets. Building a Linux kernel is not difficult. Follow the documentation, install the dependencies, and run a couple of make commands. However, if a developer wants to build for multiple architectures, with multiple toolchains, things get complicated quickly. Most developers and maintainers have a set of custom scripts that they have written and maintained to perform their required set of builds. TuxMake provides a common layer of abstraction to reduce the need for every developer to write their own build scripts. TuxMake publishes containers for various toolchain/architecture combinations. These containers eliminate the need for individual developers to source and install multiple toolchains and toolchain versions on their systems. It also makes builds reproducible and portable because now the environment in which a kernel is built is versioned and shareable across the internet and on mailing lists. TuxMake has two goals. First, remove the friction that may cause developers, especially new developers, to skip build testing for uncommon toolchain/architecture combinations. Second, to make it easier for builds and build problems to be described and reproduced.

  • Linux 5.12 To Allow Disabling Intel Graphics Security Mitigations - Phoronix

    The Linux 5.12 kernel will allow optional, run-time disabling of Intel graphics driver security mitigations, which so far is just in regards to last year's iGPU Leak vulnerability. This i915.mitigations= module parameter control is being added as part of finally fixing the Haswell GT1 graphics support that was fallout from this mitigaion. The drm-intel-gt-next pull request to DRM-Next for Linux 5.12 was sent in. Most notable is that fixing of the Haswell GT1 support that came from the clear residual security mitigations. Since that iGPU Leak mitigation for Gen7/Gen7.5 graphics was merged last year, Haswell GT1 graphics have resulted in hangs at boot. That's finally fixed up. Besides being in Linux 5.12, it should also get back-ported to recent stable kernel series as well.

  • Open-Source "Nouveau" Driver Now Supports NVIDIA Ampere - But Without 3D Acceleration - Phoronix

    Patches were sent out today that provide the open-source Linux kernel "Nouveau" driver with support for NVIDIA GeForce RTX 30 series "Ampere" graphics cards. But at the moment there is no 3D acceleration and the developers are blocked still by signed firmware requirements, so it's basically just a matter of having kernel mode-setting display support. Red Hat's Ben Skeggs sent out the pull request today that provides kernel mode-setting support for the RTX 30 "Ampere" graphics cards with the long-standing open-source NVIDIA "Nouveau" driver

Daniel Stenberg: Food on the table while giving away code

I founded the curl project early 1998 but had already then been working on the code since November 1996. The source code was always open, free and available to the world. The term “open source” actually wasn’t even coined until early 1998, just weeks before curl was born. In the beginning of course, the first few years or so, this project wasn’t seen or discovered by many and just grew slowly and silently in a dusty corner of the Internet. Already when I shipped the first versions I wanted the code to be open and freely available. For years I had seen the cool free software put out the in the world by others and I wanted to my work to help build this communal treasure trove. Read more Also: GStreamer 1.18.3 stable bug fix release