Language Selection

English French German Italian Portuguese Spanish

Legal

Continuing Improvements to the OSS Supply Chain Ecosystem

Filed under
OSS
Legal

At the beginning of the 20th century, for the most part, production was local in nature, as it had been for several millennia. By the latter half of the century, with improvements in shipping and telecommunications, companies turned to lean production models (e.g., the Toyota Production System). Telecommunications meant that it was possible to specify components to a third party which was not local. Containerisation and transportation improvements meant that components could be transported cheaply and be delivered just-in-time by a supplier that was not local.

This allowed the production process to be modularised and contracted out, improving the efficiency of production. In today’s world, in which the Internet has driven communication costs down, companies no longer believe it is in their best interests to self-produce or locally source all components. Because of this, the world’s largest companies have built increasingly global and complicated supply chains. Benefiting from the computing and communications revolution that started in the 1990s and continues today, these companies are increasingly flexible in their choice of suppliers. The choices that they make about suppliers are not as rigid as they were when lean production was originally conceptualised.

Linux and other open source software (OSS) projects have driven the computing and communications revolution that has changed the world, including the nature of modern supply chains. Open source technologies are also increasingly being used in products themselves (e.g., Android on mobiles, Automotive Grade Linux in the auto sector, etc), as the world’s best-known brand names fully embrace OSS.

Read more

Some good coronavirus news: Monster Google-Oracle API copyright battle on hold as bio-nasty shuts Supremes

Filed under
Development
Google
OSS
Legal

The ten-year monster battle between Google and Oracle over the use of Java APIs will be delayed until further notice – after the US Supreme Court announced it was suspending oral arguments over coronavirus fears.

The two sides were due to present their argument to the court on Tuesday, March 24 and there has been a flood of filings in the case in the past month. But on Monday, the Supreme Court said that “in keeping with public health precautions recommended in response to COVID-19, the Supreme Court is postponing the oral arguments currently scheduled for the March session (March 23-25 and March 30-April 1).”

It’s not yet known when the case will be rescheduled - a meeting on Friday should provide more details. The court’s statement also noted that its closure is “not unprecedented,” but then gave two precedents there weren’t exactly comforting:

“The Court postponed scheduled arguments for October 1918 in response to the Spanish flu epidemic. The Court also shortened its argument calendars in August 1793 and August 1798 in response to yellow fever outbreaks.” How reassuring.

Read more

Also: Supreme Court Postpones Oral Arguments

What should fit in a FOSS license?

Filed under
OSS
Legal

What terms belong in a free and open source software license? There has been a lot of debate about this lately, especially as many of us are interested in expanding the role we see that we play in terms of user freedom issues. I am amongst those people that believe that FOSS is a movement thats importance is best understood not on its own, but on the effects that it (or the lack of it) has on society. A couple of years ago, a friend and I recorded an episode about viewing software freedom within the realm of human rights; I still believe that, and strongly.

I also believe there are other critical issues that FOSS has a role to play in: diversity issues (both within our own movement and empowering people in their everyday lives) are one, environmental issues (the intersection of our movement with the right-to-repair movement is a good example) are another. I also agree that the trend towards "cloud computing" companies which can more or less entrap users in their services is a major concern, as are privacy concerns.

Given all the above, what should we do? What kinds of terms belong in FOSS licenses, especially given all our goals above?

First, I would like to say that I think that many people in the FOSS world, for good reason, spend a lot of time thinking about licenses. This is good, and impressive; few other communities have as much legal literacy distributed even amongst their non-lawyer population as ours. And there's no doubt that FOSS licenses play a critical role... let's acknowledge from the outset that a conventionally proprietary license has a damning effect on the agency of users.

However, I also believe that user freedom can only be achieved via a multi-layered approach. We cannot provide privacy by merely adding privacy-requirements terms to a license, for instance; encryption is key to our success. I am also a supporter of code of conducts and believe they are important/effective (I know not everyone does; I don't care for this to be a CoC debate, thanks), but I believe that they've also been very effective and successful checked in as CODE-OF-CONDUCT.txt alongside the traditional COPYING.txt/LICENSE.txt. This is a good example of a multi-layered approach working, in my view.

So acknowledging that, which problems should we try to solve at which layers? Or, more importantly, which problems should we try to solve in FOSS licenses?

Here is my answer: the role of FOSS licenses is to undo the damage that copyright, patents, and related intellectual-restriction laws have done when applied to software. That is what should be in the scope of our licenses. There are other problems we need to solve too if we truly care about user freedom and human rights, but for those we will need to take a multi-layered approach.

To understand why this is, let's rewind time. What is the "original sin" that lead to the rise proprietary software, and thus the need to distinguish FOSS as a separate concept and entity? In my view, it's the decision to make software copyrightable... and then, adding similar "state-enforced intellectual restrictions" categories, such as patents or anti-jailbreaking or anti-reverse-engineering laws.

Read more

The CLA Denial-Of-Service attack

Filed under
OSS
Legal

Obviously, there's a flaw in that logic. A CLA is an agreement between a project and a (new) contributor. A project does not absolutely requires the contributor to sign the agreement to accept its contributions, in theory. It's the reverse: for the contributor to have their patch accepted, they need to accept the CLA. But the project could accept contributions without CLA without violating the law.

But it seems that projects sometimes end up doing a DOS on themselves by refusing perfectly fine contributions from drive-by contributors who don't have time to waste filling forms on all projects they stumble upon.

In the case of this typo, I could have submitted a patch, but because I didn't sign a CLA, again, the project couldn't have merged it without breaking their own rules, even if someone else submits the same patch, after agreeing to the CLA. So, in effect, I would have DOS'd the project by providing the patch, so I just opened an issue which strangely — and hopefully — isn't covered by the CLA.

Read more

Antitrust Laws and Open Collaboration

Filed under
OSS
Legal

If you participate in standards development organizations, open source foundations, trade associations, or the like (Organizations), you already know that you’re required to comply with antitrust laws. The risks of noncompliance are not theoretical – violations can result in severe criminal and civil penalties, both for your organization and the individuals involved. The U.S. Department of Justice (DOJ) has in fact opened investigations into several standards organizations in recent years.

Maybe you’ve had a training session at your company, or at least are aware that there’s an antitrust policy you’re supposed to read and comply with. But what if you’re a working group chair, or even an executive director, and therefore responsible for actually making sure nothing happens that’s not supposed to? Beyond paying attention, posting or reviewing an antitrust statement at meetings, and perhaps calling your attorney when member discussions drift into grey zones, what do you actually do to keep antitrust risk in check?

Well, the good news is that regulators recognize that standards and other collaboration deliverables are good for consumers. The challenge is knowing where the boundaries of appropriate conduct can be found, whether you’re hosting, leading or just participating in activity involving competitors. Once you know the rules, you can forge ahead, expecting to navigate those risks, and knowing the benefits of collaboration can be powerful and procompetitive.

We don’t often get glimpses into the specific criteria regulators use to evaluate potential antitrust violations, particularly as applicable to collaborative organizations. But when we do, it can help consortia and other collaborative foundations focus their efforts and take concrete steps to ensure compliance.

In July 2019, the DOJ Antitrust Division (Division) provided a new glimpse, in its Evaluation of Corporate Compliance Programs in Criminal Antitrust Investigations (Guidance). Although the Guidance is specifically intended to assist Division prosecutors evaluating corporate compliance programs when charging and sentencing, it provides valuable insights for building or improving an Organization’s antitrust compliance program (Program).

At a high level, the Guidance suggests that an effective Program will be one that is well designed, is applied earnestly and in good faith by management, and includes adequate procedures to maximize effectiveness through efficiency, leadership, training, education, information and due diligence. This is important because organizations that detect violations and self-report to the Division’s Corporate Leniency program may receive credit (e.g. lower charges or penalties) for having an effective antitrust compliance program in place.

Read more

Startup Mycroft AI declares it will fight 'patent troll' tooth and nail after its Linux voice-assistant attracts lawsuit

Filed under
Linux
Legal

An AI startup is battling a patent-infringement lawsuit filed against it for building an open-source Linux-based voice-controlled assistant.

Mycroft AI first learned trouble was brewing when it was contacted by a lawyer at Tumey LLP, a Texas law firm focused on intellectual property, in December. In an email to the startup’s CEO Joshua Montgomery, the legal eagle claimed Mycroft AI's technology infringed two US patents – 9,794,348 and 10,491,679 – belonging to Tumey's client, Voice Tech Corp.

Voice Tech's patents described a system for handling “voice commands from a mobile device to remotely access and control a computer." Mycroft AI develops voice-assistant software that runs on Linux systems, including Raspberry Pis and its own standalone Mark I and II gadgets, and responds to spoken requests, such as setting alarms and reminders, searching the web, and so on. You can add more features by installing add-ons called skills.

Read more

Microsoft flirts with new anti-trust challenge with new Start Menu-based Edge ads

Filed under
Microsoft
Moz/FF
Legal

Microsoft originally implemented the “Suggested” section on the Windows 10 Start Menu as a way to advertise its official apps; but in the latest listing, Microsoft has gone beyond self-promotion.

Microsoft’s recent extensive advertising is becoming hard to ignore, which has prompted many users to disable the ads. Those who haven’t done so may have noticed the most recent one takes a dig at a competitor browser.

The listing displays “Still using Firefox? Microsoft Edge is here”, to all users of the former- even with the latter already installed. The ad provides a link to download the chromium-based browser.

Read more

Also: Windows 7: a major bug prevents turning off or restarting the PC

Maker of Linux patch batch grsecurity can't duck $260,000 legal bills, says Cali appeals court in anti-SLAPP case

Filed under
Legal

Open Source Security – the maker of the grsecurity patches that harden Linux kernels against attack – must cough up $260,000 to foot the legal bills of software industry grandee Bruce Perens.

So ruled California's Ninth Circuit Court of Appeals today, affirming a lower court's ruling against Open Source Security (OSS).

In June 2017, Perens published a blog post in which he said that he believed grsecurity exposed users to potential liability under version 2 of the GNU General Public License because the grsecurity code states that customers will not get further updates if they exercise their right to redistribute the software, as allowed by the GPLv2.

Read more

Licensing and FUD About Free Software

Filed under
OSS
Legal
  • Open Source License Compliance: Raising the Bar [Ed: Spreading FUD about "risk" of Free software licenses... in order to sell one's own proprietary software 'solution']

    Question is, can you have true security without being a company that focuses on license compliance? I think not.

    Some companies count on using open source software with no regard for the licenses associated with the code they use. Open source licenses give others permission to modify, use, and distribute software, but under specific conditions and terms. And, every component may very well have a different license. With the volume of open source being used, you can see how quickly this can get out of hand and lead to IP, reputation, and subsequent litigation down the road.

    Another statement I use quite a bit, “It’s a must, not a maybe.” Development teams need to respect the legalities associated with source code licensing by passing along a copyright statement or a copy of license text, or by providing the entire source code for the company’s product. Licenses range from fairly permissive (allowing the licensee to use code without responsibilities) to highly restrictive (extremely limiting, even requiring you to make your proprietary project subject to the same licensing terms of the OSS used).

  • Open source licence series - Altus: open source is big business, get used to it

    The idea that open source developers are college students, creating some really cool software that big organisations then exploit and don’t give anything back may have been valid 20 years ago, but not today, it’s not how things work.

    Open source is now big, with major players driving innovation, like the OpenBank Project, the Banking API platform and OpenLogic.

    For a working example, AT&T is (obviously) a household name and very large quoted business. The organisation provides the majority of engineering, design and architectural resource for the ONAP open source project.

  • Open source licence series - Rancher Labs: Why vendor 'strip-mining' is an opportunity, not a threat
  • Open source licence series – Delphix: Rent vs buy, which fits your licencing cost model?
  • Open source licence series – Puppet: consumption without collaboration equals consternation
  • Open source licence series – Tidelift: Ethical source-available licenses challenge open source
  • Open-Source Software in Federal Procurements: The Good, the Bad, and the Ugly, Part 2 – The Bad

    In the first post of this series, we discussed “the good” of open-source software and why federal buyers should find it attractive. However, when it comes to the federal government accepting open-source code with open arms, the reality is certainly more mixed. Faced with changing and technical regulations, government contractors need to know the major drawbacks of using open-source code in government contracts. In this second entry to our open-source series, we explore “the bad” impacts of open-source use in government contracting.

  • EDRM Announces Newest Affinity Partner Merlin Legal Open Source Foundation and New Processing Specifications Project

    Setting the global standards for e-discovery, the Electronic Discovery Reference Model (EDRM) is pleased to announce its newest affinity partner, the Merlin Legal Open Source Foundation, a nonprofit organization with a mission to improve access to justice and make legal and regulatory compliance more efficient through the use of open source software and secure cloud computing. The Merlin Foundation was established in 2019 by John Tredennick, its executive director and a longtime industry expert and former CEO and founder of Catalyst Repository Systems, a leading search and technology-assisted review e-discovery platform.

It is time to end the DMCA anti-circumvention exemptions process and put a stop to DRM

Filed under
GNU
Legal

Although it is accurate, there's one aspect of the process that is missing from that description: the length. While the process kicks off every three years, the work that goes into fighting exemptions, whether previously granted or newly requested, has a much shorter interval. As you can see from the timeline of events from the 2018 round of the exemptions process, the process stretches on for months and months. For each exemption we have to prepare research, documents, and our comments through wave after wave of submission periods. For the 2018 exemptions round, the first announcements from the United States Copyright Office were in July of 2017, on a process that concluded in October of 2018. Fifteen months, every three years. If you do the math, that means we're fighting about 40% of the time just to ensure that exemptions we already won continue, and that new exemptions will be granted. If the timeline from the last round holds up, then we're only a few short months away from starting this whole circus back up again.

Describing it as a circus seems an appropriate label for the purpose of this whole process. It's not meant to be an effective mechanism for protecting the rights of users: it's a method for eating up the time and resources of those who are fighting for justice. If we don't step up, users could lose the ability to control their own computing and software. It's like pushing a rock up a mile-long hill only to have it pushed back down again when we've barely had a chance to catch our breath.

Read more

Syndicate content

More in Tux Machines

Android Leftovers

Devices/Embedded: MiTAC, Raspberry Pi and ESP32/Arduino

  • Fanless Linux embedded system makes a compact IoT gateway

    ICP Germany has recently introduced the MiTAC ME1-8MD series family of compact, fanless Linux embedded systems powered by NXP i.MX 8M processor and designed to be used as IoT gateways, data acquisition and processing systems, and mini servers. Three models have been launched with a choice of dual or quad-core processors, up to 4GB LPDDR4 RAM, and 32GB eMMC flash storage. The embedded computers also come with up to two Ethernet ports, support up to two displays, and include an internal Raspberry Pi compatible 40 pin GPIO header.

  • Official Raspberry Pi 4 case fan adds cooling to Raspberry Pi 4 case

    When the Raspberry Pi Foundation first introduced the Raspberry Pi 4, they claimed the board would work just fine under most cases without a heatsink, and the latter was only really needed under load. That may have been true when using the board in a temperate climate like in the United Kingdom, but then Raspberry Pi 4 met Thailand with some benchmarks results lower than on a Raspberry Pi 3. People using plastic enclosures had even more troubles. It’s only when I installed a heatsink on Raspberry Pi 4 that the board could really shine. The company also provided some firmware optimizations later on to further cool-down the board. But you can only do much with software, and many third-party cooling solutions such as fansinks or metal cases have been introduced for the popular SBC.

  • Pi-oT 2 IoT module adds 24V digital inputs, RS-485, and UPS to Raspberry Pi (Crowdfunding)

    Pi-oT was launched last year as a Raspberry Pi add-ons designed for commercial and industrial IoT automation. It features 5V I/Os, relays, and ADC inputs suitable for light-duty projects and prototyping. The company, called Edge Devices, has now launched an update with Pi-oT 2 adding optional support for 24V digital inputs, RS-485, and an uninterruptible power supply (UPS).

  • M5Paper ESP32 IoT development kit features a 4.7-inch e-Ink touchscreen display

    M5Stack has just launched its unique and latest core device with a touchscreen e-Ink display. M5Paper ESP32 IoT Development Kit is a fully programmable microcontroller-based platform that can be an ideal choice for your IoT applications. This low-power device could suit such purposes as an industrial controller or smart weather display.

today's howtos

  • Enable Timestamp For History Command In Fish Shell - OSTechNix

    Whenever a command is entered in the terminal, it will be saved at the end of the history file in Linux. You can easily retrieve these commands at any time using history command. The shell is also tracking the timestamp of all command entries, so that we can easily find when a specific command is executed. We already have shown you how to enable timestamp in Bash and Zsh shells. Today we will see how to enable timestamp for history command in Fish shell in Linux. In addition, we will also learn how to create a simple function to show the date and time stamps in history command output in fish shell.

  • Linux: How To Encrypt And Decrypt Files With A Password
  • How to convert pdf to image on Linux command line - nixCraft

    I have many PDF files, and I need to convert them to a png file format, add a border to those images, and convert back all those images to pdf format. How can I convert pdf to image format on Linux and vice versa using the CLI?

  • How To Install PHP 8 on Ubuntu 20.04 LTS - idroot

    In this tutorial, we will show you how to install PHP 8 on Ubuntu 20.04 LTS. For those of you who didn’t know, PHP (recursive acronym for PHP: Hypertext Preprocessor) is a popular server scripting language known for creating dynamic and interactive Web pages. PHP is a widely-used programming language on the Web. This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you through the step by step installation of PHP 8 on Ubuntu 20.04 (Focal Fossa). You can follow the same instructions for Ubuntu 18.04, 16.04, and any other Debian based distribution like Linux Mint.

  • How to Restrict WordPress Site Access - Anto Online

    A lot of the time, you need to restrict access to various users on your website. Whether you’re cordoning premium content, sensitive pages, or content targeted to specific individuals, there are various ways you can restrict user access easily and effectively on your WordPress website. The easiest method is using plugins that you can just download and link with your website. If you have coding skills, you can also edit various functions to achieve the same thing. We shall also take a look at how you can restrict site managers with various levels of access. Whatever kind of site restrictions you need to accomplish, stick with us and we will help you do it.

Linux Kernel: Greg Kroah-Hartman's Talk and Panics

  • Greg Kroah-Hartman: Lessons for Developers from 20 Years of Linux Kernel Work [Ed: "The Linux Foundation is a sponsor of The New Stack" for the latter to write puff pieces such as these, so it's basically marketing]
  • Greg Kroah-Hartman: 'Don't Make Users Mad'

    Kroah-Hartman explains that one of Linus Torvalds' most deeply-held convictions: don't break userspace. "Other operating systems have this rule as well — it's a very solid rule — because we always want you to upgrade. And we want you to upgrade without worrying about it. We don't want you to feel scared. If you see a new release, and we say, 'Hey, this fixes a bunch of problems,' we don't want you to feel worried about taking that. That's really really important — especially with security...." If you do make a change, make sure there truly is a compelling reason. "You have to provide enough reason and enough goodness to force somebody to take the time to learn to do something else. That's very rare." His example of this was systemd, which unified a variety of service configurations and initialization processes. "They did it right. They provided all the functionality, they solved a real problem that was there. They unified all these existing tools and problems in such a way that it was just so much better to use, and it provided enough impetus that everybody was willing to do the work to modify their own stuff and move to the new model. It worked. People still complain about it, but it worked. Everybody switched... It works well. It solves a real problem. "That was an example of how you can provide a compelling reason to move on — and make the change."

  • What to do in case of a Linux kernel panic

    Linux is used everywhere in the IT world. You've probably used Linux today, even if you didn't realize it. If you have learned anything about Linux, then you know it is indeed a kernel. The kernel is the primary unit of the Linux operating system (OS) and is responsible for communications between a computer's hardware and its processes. In this article, you will learn about one situation related to the Linux kernel: The kernel panic. The term itself can make you panic, but if you have the proper knowledge, then you can remain calm. Every system admin faces this issue at least once in their career, but reinstalling the system is not the first solution you should turn to. [...] Now, anytime you see a kernel panic error, you will definitely not panic because you know why this error occurred and how to resolve it. This article covers one of the common Linux boot problems: kernel panic. There are so many other potential boot problems that can occur in Linux, but resolving those issues will become much less of a panic when you gain some advanced knowledge of your system.