Language Selection

English French German Italian Portuguese Spanish

Legal

Licensing: Amazon AWS, CAST and Free and Open source Software (FOSS) Licences

Filed under
OSS
Legal
  • Amazon Ups Its Game On Open Source, Elastic Shares Down By 5%

    After the year of ups and downs with its relationship with Elastic, AWS has launched its independent library of open source-code known as Open Distro.

  • With its Elasticsearch distribution, Amazon Web Services sends more shockwaves through open-source software

    Nobody really knows what lies ahead for the future of open-source software as cloud computing becomes the dominant force in enterprise tech, but the times are definitely changing.

    Just about anything that Amazon Web Services does has massive ripple effects throughout this world, and last week’s decision to release its own open-source version of Elasticsearch, a popular engine for searching and analyzing internal company data maintained by newly public company Elastic, was no exception. AWS open-source czar Adrian Cockcroft was careful to describe the Open Distro for Elasticsearch as a distribution, rather than a fork, but the move underscores a fundamental conflict between companies based around open-source projects and the growing popularity of cloud service providers.

  • Debunking the open source sustainability myth [Ed: Mac Asay siding with the exploitation and the closing of code (former employer)]

    Open source vendors are draping themselves in the flag of "sustainability" to try to garner support against AWS—it's not working. Here's why open source sustainability is fake news.

  • Open source a silent killer? CAST talks about their new alliance with Software Heritage [Ed: That typical pretense that proprietary software does not have security issues (it has back doors too) and proprietary licensing is somehow "safe" and "predictable" (the opposite is true). FUD by omission.]

    Combine IP lawsuits with the aforementioned security concerns and organisations could really have a problem on their hands, which is why the market for software composition analysis (SCA) tools is picking up a bit of steam. SCA tools aim to provide a ‘diagnostic' view of the all the OSS components that exist within a business and determine whether or not there is a vulnerability or particular licencing requirement to consider. CAST is one of these vendors, and they've just announced a new alliance with source code archival not-for-profit Software Heritage, with the aim of taking SCA one step further.

    Essentially CAST is working with Software Heritage, who oversee the world's largest open archive of software source code, to develop a ‘provenance index' which allows users to trawl through Software Heritage's archive using CAST's Highlight SCA software to identify the original occurrence of any given source file, and all of its subsequent occurrences. CAST says this will allow users to assess any third-party source code within Software Heritage's library of five billion plus known source code files, weeding out and vulnerabilities and licencing risks they present.

  • Types of open source software and Licenses

    Free and Open source software (FOSS) is a very popular term in the world of software because their license distribution terms.

    There are many open source software in the market. Many people may think that the most obvious feature of open source software is free, but it is not the case. They widely recognize because the availability of source code of the open source software available for anyone to modify.

    It means any developer or community can change the software to improve, adds features, fixing of bugs, distribution under own branding and more. However, the open source system also has copyright, which is also protected by law.

    While using/distribution of open source projects for some commercial or personal use, the users should not only indicate the products are from open source software and the name of the source code writer but also submit the modified products to open source software community, otherwise the modified products can be regarded as an infringement. The indifference of copyright awareness is the biggest obstacle to the development of open source.

Licensing Dirty Tricks and Openwashing

Filed under
Microsoft
Legal
  • What do WLinux and Benedict Cumberbatch have in common? They're both fond of Pengwin [Ed: Benedict Cumberbatch stabs Wikileaks for GCHQ. WLlinux stabs Linux for Microsoft.]
  • The Cloud and Open Source Powder Keg

    The idea that the adoption of open source by developers within enterprises at scale had transformed the nature of procurement was consistent with RedMonk’s own views, of course. To some degree, it has been a core belief all along, and has been surfaced explicitly over the years with pieces such as this one from 2011 entitled “Bottom Up Adoption: The End of Procurement as We’ve Known It.” What was interesting about the proposed model wasn’t what it told us about the present, however, but rather what it failed to tell us about the future.

    Conspicuously unmentioned at this event was the cloud. The cited competition for both investor and commercial OSS supplier was proprietary software; no special attention or even explicit mention was made of Amazon or other hyperscale cloud providers. A question on the subject was brushed off, politely.

    Which was interesting, because RedMonk had by that point been judging commercial open source leadership teams based on their answer to the simple question of “who is your competition?” If the answer was a proprietary incumbent, this suggested that the company was looking backwards at the market. If the answer was instead the cloud, it was safe to assume they were more forward-looking.

  • Norway Joins List of Countries Canceling Elsevier Contracts

     

    Norway has become latest country to cancel its contracts with Elsevier following a dispute over access to research papers. In a statement published yesterday (March 12), the Norwegian Directorate for ICT and Joint Services in Higher Education and Research (UNIT), which represents a consortium of research institutions in the country, rejected Elsevier’s offer to lower some of its costs for Norwegian institutions because it didn’t go far enough to promote free access to published research.

  • GNU licensed KLog Logbook software v.0.9.7 released

    Jaime, EA4TV, released KLog v.0.9.7, a multiplatform free hamradio logging program which is able to run in Linux, Windows and macOS.

    The latest release allows the user to add, remove or edit satel- lites to the KLog DB allowing import or export of satellites data.
    KLog supports ADIF as a default file format.

    Additional features of KLog include QSO management, QSL management, a DX-Cluster client, DXCC management, ClubLog integration, WSJT-X, and DX-Marathon support. Several languages are supported including Catalan, Croatian, Danish, English, Finish, Italian, Japanese and Spanish.

GNU, Licensing and Programming, GCC Included

Filed under
Development
GNU
Legal
  • David Rheinsberg: Goodbye Gnu-EFI!

    The recommended way to link UEFI applications on linux was until now through GNU-EFI, a toolchain provided by the GNU Project that bridges from the ELF world into COFF/PE32+. But why don’t we compile directly to native UEFI? A short dive into the past of GNU Toolchains, its remnants, and a surprisingly simple way out.

    The Linux World (and many UNIX Derivatives for that matter) is modeled around ELF. With statically linked languages becoming more prevalent, the impact of the ABI diminishes, but it still defines properties far beyond just how to call functions. The ABI your system uses also effects how compiler and linker interact, how binaries export information (especially symbols), and what features application developers can make use of. We have become used to ELF, and require its properties in places we didn’t expect.

  • GNUnet 0.11.0 released

    We are pleased to announce the release of GNUnet 0.11.0.

    This is a major release after about five years of development. In terms of usability, users should be aware that there are still a large number of known open issues in particular with respect to ease of use, but also some critical privacy issues especially for mobile users. Also, the nascent network is tiny (about 200 peers) and thus unlikely to provide good anonymity or extensive amounts of interesting information. As a result, the 0.11.0 release is still only suitable for early adopters with some reasonable pain tolerance.

  • Open source database company MongoDB is giving up on an important battle in its fight against the major cloud computing providers

    After a months-long fight to get a stamp of approval from the Open Source Initiative, MongoDB is withdrawing from the process of having its controversial new software license approved to be called open source.

  • Considering Fresh C Extensions

    Matthew Wilcox recently realized there might be a value in depending on C extensions provided by the Plan 9 variant of the C programming language. All it would require is using the -fplan9-extensions command-line argument when compiling the kernel. As Matthew pointed out, Plan 9 extensions have been supported in GCC as of version 4.6, which is the minimum version supported by the kernel. So theoretically, there would be no conflict.

    Nick Desaulniers felt that any addition of -f compiler flags to any project always would need careful consideration. Depending on what the extensions are needed for, they could be either helpful or downright dangerous.

    In the current case, Matthew wanted to use the Plan 9 extensions to shave precious bytes off of a cyclic memory allocation that needed to store a reference to the "next" value. Using the extensions, Matthew said, he could embed the "next" value without breaking various existing function calls.

    Nick also suggested making any such extension dependencies optional, so that other compilers would continue to be able to compile the kernel.

  • Return the probability of drawing a blue marble

    It seems like I have not decide yet which project am I going to create next so why not just work on another python solution on CodeWars in this chapter. I think I will work on a few more python questions in the next few chapters before starting a brand new python project.

  • GCC 9 will come with improved diagnostics, simpler C++ errors and much more

    The team added a left-hand margin that shows line numbers. GCC9 now has a new look for the diagnostics. The diagnostics can label regions of the source code in order to show relevant information. The diagnostics come with left-hand and right-hand sides of the “+” operator, so GCC highlights them inline. The team has added a JSON output format such that GCC 9 now has a machine-readable output format for diagnostics.

GPL Compliance: VMWare’s GPL Woes Continue, Xiaomi Releases Linux Code

Filed under
Linux
Legal
  • VMWare’s GPL woes continue

    For the last decade, VMware has been accused of illegally using Linux code in its VMware ESX bare-metal virtual machine hypervisor.

    While a German court has dismissed the case, the struggle may not be over.

    VMware was accused of illegally using Linux code in its flagship VMware ESX bare-metal virtual machine (VM) hypervisor.

    In 2011, the Software Freedom Conservancy, a non-profit organisation that promotes open-source software, discovered that VMware had failed to properly license any Linux or BusyBox, a popular embedded Linux toolkit, source code.

  • Xiaomi Mi 9 SE and Mi 8 SE Android Pie kernel source code now available

    If you’re looking to install third-party modifications, or play with TWRP custom recovery, and use AOSP ROM on these devices, then your wait is over as Xiaomi has released Kernel Source code based on Android Pie for both Mi 9 SE and Mi 8 SE. The kernel source would allow developers to create custom ROMs, recoveries and other MODs. Under GPL license, it’s mandatory for companies to publish kernel source of every change they make to Android Linux’s Kernel.

Licensing: Amazon's Exploitation and GPL Compliance Perils

Filed under
OSS
Legal
  • MariaDB CEO on the open source enterprise – we can bridge the gap between bare metal and microservices

    MariaDB CEO Michael Howard prides himself on his database geek chops, but he’s not too shabby at grabbing headlines either.

    He certainly pulled off that off at this year’s MariaDB OpenWorks keynote, as in: MariaDB CEO accuses large cloud vendors of strip-mining open source, by Steven J. Vaughan-Nichols.

    Behind the open source fisticuffs is an argument worth having. I won’t get into all of it here, as Vaughan-Nichols already got that job done. But: a MariaDB benchmark on AWS during the keynote stirred the pot.

    Howard told me something I didn’t expect. He said Amazon’s fear of MariaDB’s traction is in play here. Yep, it’s art-of-war time folks. I wanted to know: what type of MariaDB traction are we referring to? No, Howard isn’t talking about classic open source metrics like number of downloads.

  • Cloud vendors 'strip mining' open source: MariaDB's CEO

    While open source made what appeared to be an indelible mark on Wall Street in 2018 with deals involving acquisitions and listings valued at around $107 billion, it has not all been plain sailing.

    According to Michael Howard, CEO of MariaDB - the organisation behind the popular open source relational database management system - the community driven project still faces significant challenges from a variety of quarters, including large cloud vendors, who, he said, were 'strip mining' open source technology.

    Delivering the keynote address at the third annual MariaDB OpenWorks user and developer conference in New York last week (26 February), he did not name the culprits - "you know who they are" - but maintained that they "really abuse the licence and the privilege (of open source), not giving back to the community (and) forcing some (open source) companies to have awkward and weak responses."

  • Amazon Releases Corretto 8 GA: A Downstream Distribution of OpenJDK

    Corretto was introduced as a preview release last November at Devoxx Belgium by Arun Gupta, principal open source technologist at Amazon Web Services, and Yishai Galatzer, senior engineering manager at Amazon Web Services. Also at Devoxx was a surprise appearance by James Gosling, father of Java and distinguished engineer at Amazon Web Services, who delivered a special keynote address introducing Corretto. The timeline, shown below, for the GA releases of Corretto 8 and Corretto 11 was presented at Devoxx Belgium.

  • SAP builds its own Java distribution [Ed: IDG keeps posting this in more domains it has. SAP and other proprietary software companies now rebrand Java for themselves, sort of.]
  • Azul Systems Announces Extended Java Support Offerings and New Capabilities for Open Source Zulu Enterprise
  • VMware Touts Dismissal of Linux GPL Lawsuit

    Karen Sandler, attorney and the Conservancy's executive director, told ZDNet that "We strongly believe that litigation is necessary against willful GPL violators, particularly in cases like VMware where this is strong community consensus that their behavior is wrong. Litigation moves slowly. We will continue to discuss this with Christoph and his lawyers and hope to say more about it in the coming weeks -- after the courts provide their rationale for their decision to the parties (which has not yet occurred)."

    Meanwhile, VMware stated that it "continues to be a strong supporter of open source software development," adding that it's been "actively" working on removing vmklinux from vSphere in an upcoming release as part of a multi-year project -- "for reasons unrelated to the litigation."

  • VMware Essential PKS: Use upstream Kubernetes to build a flexible, cost-effective cloud-native platform [Ed: Openwashing below; it's a GPL violator whose parent company works for the NSA (so assume more uncovered back doors)]

    VMware contributes to multiple SIGs and open-source projects that strengthen key technologies and fill up the gaps in the Kubernetes ecosystem.

  • Kernel source code available for Nokia 1 Plus

    HMD Global published the kernel source code for the newly announced Nokia 1 Plus. Under the GPL, LGPL or any other type of license for the open source code HMD is using, the company is obligated to provide the changes they made to the public. For that purpose, Nokia Mobile has a dedicated site Nokia.com/phones/opensource, where all the source codes should be posted.

Licensing: Redis Breaking Up With FOSS, Perfectly Imperfect Marriage in Blockchain and Open Source, Copyright Trolls Leverage GPL Compliance

Filed under
OSS
Legal

MongoDB and Amazon Licence Battles

Filed under
OSS
Legal
  • Red Hat drops MongoDB out of Satellite

    Red Hat is prising MongoDB out of its Satellite infrastructure management platform in favour of PostgreSQL.

    The open source vendor made the announcement in a blog post yesterday saying it would “standardize on a PostgreSQL backend” and that it wanted to ensure users “were not caught by surprise as this is a change to the underlying databases of Satellite”.

    “No specific timing or release is being communicated at this time. At this point we’re simply hoping to raise awareness of the change that is coming to help users of Satellite prepare for the removal of MongoDB,” it added.

  • Google Cloud's new CEO used his first public talk to throw shade at Amazon over its feud with open source startups

    Amazon has a habit of taking free software created by other companies and selling it on its cloud. But Google Cloud isn't like that, new CEO Thomas Kurian says.

    At his inaugural appearance as the new CEO of Google Cloud on Tuesday, Kurian spoke about how Google Cloud allows customers to use a variety of open source tools to build applications on its cloud.

    Many of these tools are developed by other startups and made available as open source, meaning that they are free for anyone to use, download, modify — and even sell, something that Amazon Web Services frequently does.

Free Software Foundation Europe Calls for Open Source 5G License

Filed under
OSS
Legal

The Free Software Foundation Europe has said the recent controversy surrounding Huawei shows governments and consumers don’t trust tech giants. However, FSFE believes one potential fix would be for companies to publish code through the Free and Open Source Software license.

Huawei has been a long-time target of regulators around the world. The company is believed to be using its technology to backdoor spy for the Chinese government. There is an ongoing debate around Huawei’s 5G networks and concerns over privacy.

Canada could block Huawei 5G and the Chinese government has responded. It seems China suspects Huawei will be blocked, and the country’s ambassador said Ottawa will face repercussions if a bad is imposed.

Read more

FOSS Licensing/Legal Disputes

Filed under
OSS
Legal

Linux Kernel: Btrfs/Zstd and Licensing Questions

Filed under
Linux
Legal
  • Configurable Zstd Compression Level Support Is Revived For Btrfs

    Since the Linux 4.14 kernel Btrfs has supported Zstd for transparent file-system compression while a revived patch-set would allow that Zstd compression level to become configurable by the end-user.

    Facebook, which is behind Zstandard and also the employer for several key Btrfs developers, started off on the Zstd compression level support for Btrfs previously. This would allow users to use a higher compression level to achieve greater compression but at the cost of increased memory usage and obviously more resource intensive or opt for lower compression.

  • VMware GPL case is back in court—will we finally get some clarity on the meaning of "derivative work"?

    One of the most active Linux kernel developers, Christoph Hellwig, backed by the Software Freedom Conservancy, (unsurprisingly perhaps) has struck again against a virtualisation giant—VMware. for breaching the GNU General Public Licence (GPL). More than two years after the Hamburg District Court’s dismissal, an appeal has been filed in the German Court of Appeal. This case has attracted a worldwide attention because the claims raised call for court’s interpretation of the scope of the GPL applicability and, in particular, the reach of its copyleft effect.

    [...]

    The notion of a derivative work in a GPL context has been a big unknown for nearly two decades. Such uncertainty and potential risk of having to open-source proprietary code has led many commercial entities and open source projects to refrain from including a GPL’ed software in their codebase. 

    Hellwig v VMware might become a gamechanger, if it provides for the first time much-anticipated judicial clarity as to what implications software architecture has for licence interpretation and how copyright law fits in. That said, given the wide diversity of the structure of software is built and how it is distributed any decision in this case will not likely be the last word.

  • Google v. Oracle – Supreme Court Petition

    After reading the Federal Circuit decision, I wrote that the case is “likely heading to the Supreme Court.”  Although I believe that the case has a very good shot – one difficulty is that it involves a decision by the Federal Circuit applying Ninth Circuit law — it effectively holds no weight and can be simply rejected by the next Ninth Circuit panel addressing the same issues.

Syndicate content

More in Tux Machines

Android Leftovers

Kernel Articles at LWN (Paywall Just Expired)

  • Filesystem sandboxing with eBPF

    Bijlani is focused on a specific type of sandbox: a filesystem sandbox. The idea is to restrict access to sensitive data when running these untrusted programs. The rules would need to be dynamic as the restrictions might need to change based on the program being run. Some examples he gave were to restrict access to the ~/.ssh/id_rsa* files or to only allow access to files of a specific type (e.g. only *.pdf for a PDF reader). He went through some of the existing solutions to show why they did not solve his problem, comparing them on five attributes: allowing dynamic policies, usable by unprivileged users, providing fine-grained control, meeting the security needs for running untrusted code, and avoiding excessive performance overhead. Unix discretionary access control (DAC)—file permissions, essentially—is available to unprivileged users, but fails most of the other measures. Most importantly, it does not suffice to keep untrusted code from accessing files owned by the user running the code. SELinux mandatory access control (MAC) does check most of the boxes (as can be seen in the talk slides [PDF]), but is not available to unprivileged users. Namespaces (or chroot()) can be used to isolate filesystems and parts of filesystems, but cannot enforce security policies, he said. Using LD_PRELOAD to intercept calls to filesystem operations (e.g. open() or write()) is a way for unprivileged users to enforce dynamic policies, but it can be bypassed fairly easily. System calls can be invoked directly, rather than going through the library calls, or files can be mapped with mmap(), which will allow I/O to the files without making system calls. Similarly, ptrace() can be used, but it suffers from time-of-check-to-time-of-use (TOCTTOU) races, which would allow the security protections to be bypassed.

  • Generalizing address-space isolation

    Linux systems have traditionally run with a single address space that is shared by user and kernel space. That changed with the advent of the Meltdown vulnerability, which forced the merging of kernel page-table isolation (KPTI) at the end of 2017. But, Mike Rapoport said during his 2019 Open Source Summit Europe talk, that may not be the end of the story for address-space isolation. There is a good case to be made for increasing the separation of address spaces, but implementing that may require some fundamental changes in how kernel memory management works. Currently, Linux systems still use a single address space, at least when they are running in kernel mode. It is efficient and convenient to have everything visible, but there are security benefits to be had from splitting the address space apart. Memory that is not actually mapped is a lot harder for an attacker to get at. The first step in that direction was KPTI. It has performance costs, especially around transitions between user and kernel space, but there was no other option that would address the Meltdown problem. For many, that's all the address-space isolation they would like to see, but that hasn't stopped Rapoport from working to expand its use.

  • Identifying buggy patches with machine learning

    The stable kernel releases are meant to contain as many important fixes as possible; to that end, the stable maintainers have been making use of a machine-learning system to identify patches that should be considered for a stable update. This exercise has had some success but, at the 2019 Open Source Summit Europe, Sasha Levin asked whether this process could be improved further. Might it be possible for a machine-learning system to identify patches that create bugs and intercept them, so that the fixes never become necessary? Any kernel patch that fixes a bug, Levin began, should include a tag marking it for the stable updates. Relying on that tag turns out to miss a lot of important fixes, though. About 3-4% of the mainline patch stream was being marked, but the number of patches that should be put into the stable releases is closer to 20% of the total. Rather than try to get developers to mark more patches, he developed his machine-learning system to identify fixes in the mainline patch stream automatically and queue them for manual review. This system uses a number of heuristics, he said. If the changelog contains language like "fixes" or "causes a panic", it's likely to be an important fix. Shorter patches tend to be candidates.

  • Next steps for kernel workflow improvement

    The kernel project's email-based development process is well established and has some strong defenders, but it is also showing its age. At the 2019 Kernel Maintainers Summit, it became clear that the kernel's processes are much in need of updating, and that the maintainers are beginning to understand that. It is one thing, though, to establish goals for an improved process; it is another to actually implement that process and convince developers to use it. At the 2019 Open Source Summit Europe, a group of 20 or so maintainers and developers met in the corner of a noisy exhibition hall to try to work out what some of the first steps in that direction might be. The meeting was organized and led by Konstantin Ryabitsev, who is in charge of kernel.org (among other responsibilities) at the Linux Foundation (LF). Developing the kernel by emailing patches is suboptimal, he said, especially when it comes to dovetailing with continuous-integration (CI) processes, but it still works well for many kernel developers. Any new processes will have to coexist with the old, or they will not be adopted. There are, it seems, some resources at the LF that can be directed toward improving the kernel's development processes, especially if it is clear that this work is something that the community wants.

Server Leftovers

  • Knative at 1: New Changes, New Opportunities

    This summer marked the one-year anniversary of Knative, an open-source project that provides the fundamental building blocks for serverless workloads in Kubernetes. In its relatively short life (so far), Knative is already delivering on its promise to boost organizations’ ability to leverage serverless and FaaS (functions as a service). Knative isn’t the only serverless offering for Kubernetes, but it has become a de-facto standard because it arguably has a richer set of features and can be integrated more smoothly than the competition. And the Knative project continues to evolve to address businesses’ changing needs. In the last year alone, the platform has seen many improvements, giving organizations looking to expand their use of Kubernetes through serverless new choices, new considerations and new opportunities.

  • Redis Labs Leverages Kubernetes to Automate Database Recovery

    Redis Labs today announced it has enhanced the Operator software for deploying its database on Kubernetes clusters to include an automatic cluster recovery that enables customers to manage a stateful service as if it were stateless. Announced at Redis Day, the latest version of Kubernetes Operator for Redis Enterprise makes it possible to spin up a new instance of a Redis database in minutes. Howard Ting, chief marketing officer for Redis Labs, says as Kubernetes has continued to gain traction, it became apparent that IT organizations need tools to provision Redis Enterprise for Kubernetes clusters. That requirement led Redis Labs to embrace Operator software for Kubernetes developed by CoreOS, which has since been acquired by Red Hat. IT teams can either opt to recover databases manually using Kubernetes Operator or configure the tool to recover databases automatically anytime a database goes offline. In either case, he says, all datasets are loaded and balanced across the cluster without any need for manual workflows.

  • Dare to Transform IT with SUSE Global Services

Audiocasts/Shows: FLOSS Weekly and Linux Headlines

  • FLOSS Weekly 555: Emissions API

    Emissions API is easy to access satellite-based emission data for everyone. The project strives to create an application interface that lowers the barrier to use the data for visualization and/or analysis.

  • 2019-11-13 | Linux Headlines

    It’s time to update your kernel again as yet more Intel security issues come to light, good news for container management and self-hosted collaboration, and Brave is finally ready for production.