Language Selection

English French German Italian Portuguese Spanish

Legal

‘It's Frankly Great for Us’: MongoDB CEO Welcomes Amazon Rivalry

Filed under
OSS
Legal

Amazon’s move follows competition from Microsoft and further validates MongoDB’s approach to the database market, which is centered on documents rather than tables, according to Ittycheria. Furthermore, he sees Amazon’s service as antiquated with about a third of the features that MongoDB has.

Read more

MongoDB and Server Side Public License (SSPL) Controversy in the News This Past Week

Filed under
Red Hat
OSS
Legal
  • Red Hat Drops MongoDB Over License

    MongoDB's attempts to make some money from its NoSQL database have hit another snag as Red Hat has now dropped it from its Enterprise Linux distribution.

    This is the latest in a sequence of moves and countermoves that started when MongoDB changed its license terms to use a Server Side Public License (SSPL) that explicitly says that if a company wanted to reuse and rebadge its database, explicitly to offer MongoDB as a service, then that company either needs to buy a commercial license or to open source the service.

  • Why more may be the wrong measure of open source contributions
  • Battle Of The Document Databases

    Cloud providers can be like sharks in that they have to keep moving forward – in their case, growing the number of services they can offer enterprises – or be overtaken by competitors.

    That need to continually grow the service portfolio isn’t going to go away any time soon. Cloud adoption is accelerating, moving past the early adopter stage and into what Paul Teich, principal analyst with Liftr Cloud Insights and a contributor here at The Next Platform, calls the “early majority” phase, and enterprises are moving forward with strategies that involve leveraging more than one public cloud provider.

    At the same time, the pile of data being generated by organizations is growing rapidly – and the cloud is becoming the place to collect, store, process, and analyze much of that data – but only a portion of enterprise workloads – about 20 percent – are being run in the cloud. That means that four out of five are still run in on-premises environments, so there is still a lot of applications that need to make their way from behind the firewall and into the cloud.

  • What Does Open Source Mean in the Era of Cloud APIs?

    One of the most interesting and unsurprising characteristics of conversations with organizations that have adopted one of the emerging hybrid or “non-compete” style of licenses is that they are universally insistent on being differentiated from one another. Which is understandable on the one hand, given that there are major structural differences between the Commons Clause and the SSPL, to pick two recent examples. Whether it’s reasonable to expect a market which by and large has little appetite for the nuances of different licensing approaches to care is, of course, a separate question.

    What is perhaps more interesting, however, is a central, foundational assumption that every member of this category of licenses shares. On the surface, examples like the Business Source License, the Cockroach Community License, the Commons Clause, the Confluent Community License, the Fair Source License, the TimeScale license or the SSPL would seem to have little in common. Some have ambitions to be considered open source, some do not but invoke open source-like terminology, and some are unambiguously and unapologetically proprietary. Some merely require contributions back copyleft-style, some prohibit usage within prescribed business models (read: cloud) and others restrict business usage without distinction. And so on; while typically rolled up and discussed as a category, they are no more unified in their intent and purpose than open source licenses broadly.

Server Side Public License (SSPL), Red Hat and Fedora

Filed under
Red Hat
OSS
Legal
  • Red Hat/Fedora decide MongoDB’s SSLP doesn’t fit

    MongoDB’s January blues deepened this week as the team behind the Red Hat-backed Fedora Linux distribution confirmed it had added the open source database’s Server Side Public License to its “bad”list.

    The move came as it emerged Red Hat – Fedora’s sponsor – had nixed MongoDB support in RHEL 8.0.

  • AWS Raised Its Hand Lest Of Open Source Platform

    Even though AWS stands by MongoDB as the best the customers find it difficult to build and vastly accessible applications on the open-source platform can range from multiple terabytes to hundreds of thousands of reads and writes per second. Thus, the company built its own document database with an Apache 2.0 open source MongoDB 3.6 API compatibility. The open-sources politics are quite difficult to grasp. AWS has been blamed for taking the top open-source projects and re-branding plus re-using it without providing the communities. The catch here is that MongoDB was the company behind putting a halt to the re-licensing of the open-source tools under a novel license that clearly stated the companies willing to do this will have to purchase a commercial license.

  • Red Hat gets heebie-jeebies over MongoDB's T&Cs squeeze: NoSQL database dropped from RHEL 8B over license

    MongoDB justified its decision last October to shift the free version of its NoSQL database software, MongoDB Community Server, from the open-source GNU Affero General Public License to the not-quite-so-open Server Side Public License (SSPL) by arguing that cloud providers sell open-source software as a service without giving back.

    The following month, and not widely noticed until this week, Red Hat said it would no longer include MongoDB in version 8 of Red Hat Enterprise Linux. The removal notice came in the release notes for Red Hat Enterprise Linux Beta 8.0.

    Under section 4.7, the release notes say, "Note that the NoSQL MongoDB database server is not included in RHEL 8.0 Beta because it uses the Server Side Public License (SSPL)."

  • Server Side Public License struggles to gain open-source support

    MongoDB first announced the release of the new software license in October as a way to protect itself and other open-source projects like it from being taken advantage of by larger companies for monetary gain.

    At the time, MongoDB co-founder and CTO Eliot Horowitz explained: “This should be a time of incredible opportunity for open source. The revenue generated by a service can be a great source of funding for open-source projects, far greater than what has historically been available. The reality, however, is that once an open-source project becomes interesting, it is too easy for large cloud vendors to capture most of the value while contributing little or nothing back to the community.”

    Other open-source businesses have developed their own licenses or adopted others in recent months, citing the same issues. However, the problem with these new licenses is that if they are not approved by the Open Source Initiative (OSI), an organization created to promote and protect the open-source ecosystem, the software behind the license is technically not considered open source, and it will have a hard time getting acceptance from members in the community.

  • Open source has a problem with monetization, not AWS
  • Why you should take notice of the open source in enterprise suckers conundrum

    In the MongoDB case, AWS is widely regarded as responding to a licensing change MongoDB made in October 2018 that has caused something of a stir among the open source cognoscenti.

  • Fedora Community Blog: FPgM report: 2019-03

    Here’s your report of what has happened in Fedora Program Management this week.

    I’ve set up weekly office hours in #fedora-meeting-1. Drop by if you have any questions or comments about the schedule, Changes, elections, or anything else.

ZFS On Linux Landing Workaround For Linux 5.0 Kernel Support

Filed under
Linux
Legal

Last week I reported on ZFS On Linux breaking with Linux 5.0 due to some kernel symbols sought by this out-of-tree file-system driver no longer being exported and the upstream developers not willing to adjust for the ZoL code. That's still the case but the ZFS On Linux developers have a patch so at least the file-system driver will be able to build on Linux 5.0.

This ZOL + Linux 5.0 issue stems from a set of functions used by this ZFS Linux port for vectorized file-system checksums no longer being exported. The kernel developers don't want to re-export the functionality since as Greg Kroah-Hartman put it, "my tolerance for ZFS is pretty non-existant."

Since that Phoronix article last week, Greg KH followed up on the mailing list with, "Sorry, no, we do not keep symbols exported for no in-kernel users." Longtime Linux kernel developer Christoph Hellwig also suggested users switch instead to FreeBSD if caring about ZFS.

Read more

Some More Attacks on the GPL and Latest Compliance Story

Filed under
GNU
Legal
  • GPL Cooperation Commitment: Promise of Collaborative Interpretation [Ed: IP Kat perpetuates the Microsoft-connected (and funded) lie that GPL "popularity has dropped dramatically during the past decade," citing Jono Bacon and Microsoft-funded 'analysts', proxies like Black Duck. To this date, in light of the GitHub takeover, Microsoft managers are badmouthing the GPL and many anti-GPL 'studies' are based on this Microsoft site alone.]

    GNU General Public Licence version 2 (GPLv2) was written in the early nineties to ensure compliant distribution of copyleft-licensed software. Even though its popularity has dropped dramatically during the past decade, it nevertheless continues to be one of the most widely used and important open source licences.

    Notedly, GPLv2 was drafted by non-legal free (as in “free speech,” not as in “free beer”) software enthusiasts and yet it has necessitated legal interpretation and application in accordance with IP and contract law principles. For nearly two decades, compliance and enforceability of the licence by its users has had to deal with ambiguity and uncertainty with respect to its terms.

  • HMD releases source code for Nokia 8 Sirocco

    HMD has released the source code for Nokia 8 Sirocco and it is now available for download on the official Nokia website.

Fedora Decides To Not Allow SSPLv1 Licensed Software Into Its Repositories

Filed under
Red Hat
Server
OSS
Legal

Back in October, MongoDB announced the Server Side Public License v1 (SSPLv1) as their new license moving forward for this document-oriented database server over their existing AGPL code. SSPL was met with much controversy upon its unveiling and Fedora's legal team has now ruled it an invalid free software license for packaged software in its repositories.

The intent of MongoDB developing the Server Side Public License was to ensure that public cloud vendors and other companies using their software as a service are giving back to the community / the upstream project. SSPL v1 was based on the GPLv3 but lays clear that a company publicly offering the SSPL-licensed software as a service must in turn open-source their software that it uses to offer said service. That stipulation applies only to organizations making use of MongoDB for public software services.

Read more

Licensing: GPL Compliance and the Server Side Public License (SSPL)

Filed under
OSS
Legal
  • arter97’s custom kernel and vendor images greatly improve the Xiaomi Mi Pad 4’s performance

    Xiaomi (and a lot of Chinese OEMs) have had a difficult time complying with the rules of the GNU GPL when it comes to releasing the kernel source code for their Android products. The company said they would start doing this 3 months after the release of a new product, but that wasn’t the case with the Xiaomi Mi Pad 4. The device launched in June of last year and, as of October, they had yet to comply with the GPL. Thankfully, they finally released it (a month after we reported on their tardiness) and it has helped developers work their magic on the device.

  • Amazon Web Services’ DocumentDB Takes Aims At MongoDB Workloads

    DocumentDB uses version 3.6 of the MongoDB application programming interface (API) to interact with MongoDB clients.

    That version, dating back to 2017, is covered by the open source Apache licence, a move intended to circumvent MongoDB’s new licensing structure, based on the specially created Server Side Public License (SSPL).

Licensing/Legal: Android-Related Code and Amazon 'Forcing' Companies to Reduce Licence Freedom

Filed under
OSS
Legal
  • Kernel source for Nokia 5.1 and 6.1 Plus, 7.1, Redmi Note 6 Pro, and LG G7 released
  • Kernel source for the Xiaomi Redmi Note 6 Pro, Nokia 6.1 Plus/5.1 Plus/7.1, and LG G7’s Android Pie release are live
  • Nokia 5.1 Plus too] HMD releases kernel source code for the Nokia 7.1 and Nokia 6.1 Plus

    The Nokia 7.1 and 6.1 Plus are mid-range Android One devices that were recently updated to Android 9.0 Pie. Following the update, HMD Global has published their kernel source code on its website.

    [...]

    If HMD Global allows the rest of its Android phones to be bootloader unlocked too, it might just make them a more attractive option for the enthusiast crowd, who want to be able to run their favorite custom ROMs on their smartphones. And though the manufacturer is currently doing a good job of keeping its devices updated, if that support's ever to slow down, it sure would be nice to have the ability to root and unlock — just in case.

  • Amazon fires open-source shot with DocumentDB launch

    In a move that will surely upset the open-source community, AWS has launched a new database offering compatible with the MongoDB API called DocumentDB.

    The cloud giant describes its new product as a “fast, scalable, and highly available document database that is designed to be compatible with your existing MongoDB applications and tools.” However, it is essentially a replacement for MongoDB that uses its API but none of its code.

    According to AWS, its customers have found it difficult to build fast and highly available applications that are able to scale to multiple terabytes with hundreds of thousands of reads and writes per second. So instead, the company built its own document database that is compatible with Apace 2.0 open source MongoDB 3.6 API.

  • The week in tech: NHS long-term plan, Amazon vs. open source, plus more

    However, Amazon claimed that customers find it challenging to “build performant, highly available applications on MongoDB that can quickly scale to multiple Terabytes (TBs) and hundreds of thousands of reads and writes-per-second because of the complexity that comes with setting up and managing MongoDB clusters.”

    This is controversial, as Amazons’ announcement comes just months after MangoDB presented a new licence aimed at stopping tech giants taking advantage of their database.

CLA proliferation and the Island of Dr. Moreau

Filed under
OSS
Legal

The community response to license proliferation over the last many years has been positive, and I am pleased to see that the majority of open source projects are choosing to select from a certain set of options (e.g., GPL, LGPL, AGPL, BSD, MIT, Apache 2) that are all well-understood by engineers and lawyers. As such, there is no time wasted interpreting their terms and a low-friction ecosystem is fully enabled.

Once a project adopts an open source license, it usually adopts the standard "inbound=outbound" model; a phrase coined by Richard Fontana. Fontana describes the inbound=outbound model as contributions that are understood to be licensed under the applicable outbound project license, making it easy for contributors to participate in projects without intimidation and red tape. This is a very simple model that dovetails well with a smart license choice detailed above.

Unfortunately, many open source projects have chosen not to adopt inbound=outbound and, instead, require some form of a contributor license agreement (CLA). CLAs vary in scope and purpose. A good description of CLAs and Developer Certificates of Origin (DCOs; discussed below) may be found in Ben Cotton's article "CLA vs. DCO: What's the difference?"

Read more

Linux Foundation's AGL, ACT (Copyleft Compliance) and Upcoming Copyleft Conf (Conservancy)

Filed under
Linux
OSS
Legal
  • Toyota Motors and its Linux Journey

    I spoke with Brian R Lyons of TMNA Toyota Motor Corp North America about the implementation of Linux in Toyota and Lexus infotainment systems. I came to find out there is an Automotive Grade Linux (AGL) being used by several autmobile manufacturers.

    I put together a short article comprising of my discussion with Brian about Toyota and its tryst with Linux. I hope that Linux enthusiasts will like this quick little chat.

    All Toyota vehicles and Lexus vehicles are going to use Automotive Grade Linux (AGL) majorly for the infotainment system. This is instrumental in Toyota Motor Corp because as per Mr. Lyons “As a technology leader, Toyota realized that adopting open source development methodology is the best way to keep up with the rapid pace of new technologies”.

  • Simplifying and Harmonizing Open Source for More Efficient Compliance

    Using open source code comes with a responsibility to comply with the terms of that code’s license, which can sometimes be challenging for users and organizations to manage. The goal of ACT is to consolidate investment in and increase interoperability and usability of, open source compliance tooling, which helps organizations manage compliance obligations.

    Software widely includes an assortment of open source code with multiple licenses and a mix of proprietary code. Sorting and managing all these can be a major hassle, but the alternative is potential legal action and damaged relations with the open source community.

    The projects in ACT are poised to boost existing Linux Foundation compliance projects like OpenChain, which identifies recommended processes and make open source license compliance simpler and consistent, and the Open Compliance Program, which educates and helps developers and companies understand their license requirements. ACT provides tooling to help support efficient workflows.

  • Copyleft Conf: Registration is Open

    Conservancy is very excited to share the schedule for the first ever Copyleft Conf with you! Copyleft Conf is a one day event, taking place in downtown Brussels at Digityser. Registration begins at 9:30am and we'll be finishing by 6pm. We'll have talks, a panel and participatory discussions near the end of the day.

    Participants from throughout the copyleft world — developers, strategists, enforcement organizations, scholars and critics — will be welcomed for an in-depth, high bandwidth, and expert-level discussion about the day-to-day details of using copyleft licensing, obstacles facing copyleft and the future of copyleft as a strategy to advance and defend software freedom for users and developers around the world.

Syndicate content

More in Tux Machines

Android Leftovers

Security Leftovers

  • How the Linux kernel balances the risks of public bug disclosure

    Last month a serious Linux Wi-Fi flaw (CVE-2019-17666) was uncovered that could have enabled an attacker to take over a Linux device using its Wi-Fi interface. At the time it was disclosed Naked Security decided to wait until a patch was available before writing about it. Well, it’s been patched, but the journey from discovery to patch provides some insights into how the Linux open-source project (the world’s largest collaborative software development effort) manages bug fixes and the risks of disclosure.

  • New NextCry Ransomware Encrypts Data on NextCloud Linux Servers
  • Using Nmap For Port Scanning + Other Tools to Use

    Nmap is a well-known utility that is bundled with many Linux distributions and that is also available for Windows and several other platforms. Essentially a scanning and mapping tool, there’s a lot that Nmap can do for you. Today, we’re having a look as using Nmap for port scanning which, incidentally, is the tool’s primary usage. Port scanning is an essential task of network management as it ensures that no backdoors are left unaddressed. It is one of the most basic forms of securing the network. Before we get into the how-to part of this post, we’ll sidetrack a little and first introduce Nmap and its GUI cousin Zenmap. We’ll then explain what ports are and how you need to be careful not to leave unused ports open on your devices. Then, we’ll get to the essence of this post and show you how to use Nmap for port scanning. And since there are quite a few other tools that can be viable alternatives to Nmap for port scanning—some of them much better or easier to use tools—we’ll finally review some of the very best Nmap alternatives for port scanning.

Red Hat: Oracle Linux 8 Update 1 (RHEL 8.1), SDNs and NFV

  • Announcing Oracle Linux 8 Update 1

    Oracle is pleased to announce the general availability of Oracle Linux 8 Update 1. Individual RPM packages are available on the Unbreakable Linux Network (ULN) and the Oracle Linux yum server. ISO installation images will soon be available for download from the Oracle Software Delivery Cloud and Docker images will soon be available via Oracle Container Registry and Docker Hub. Oracle Linux 8 Update 1 ships with Red Hat Compatible Kernel (RHCK) (kernel-4.18.0-147.el8) kernel packages for x86_64 Platform (Intel & AMD), that include bug fixes, security fixes, and enhancements; the 64-bit Arm (aarch64) platform is also available for installation as a developer preview release.

  • Oracle Linux 8 Update 1 Announced With Udica, Optane DCPM Support

    Fresh off the release of Red Hat Enterprise Linux 8.1 at the beginning of November, Oracle is now shipping Oracle Linux 8 Update 1 as their spin of RHEL 8.1 with various changes on top -- including their "Unbreakable Enterprise Kernel" option.

  • Telco revolution or evolution: Depends on your perspective, but your network is changing

    As the market embraces edge computing and 5G networks, telecommunications service providers are increasingly looking for ways to migrate their monolithic services to microservices and containers. These providers are moving from legacy hardware appliances to virtualized network functions to containerized network functions on cloud infrastructure. Red Hat’s partnership with a rich ecosystem of software-defined networking (SDN) vendors, independent software vendors (ISVs), network equipment providers (NEPs), as well as its deep involvement in the open source projects powering these initiatives, give customers the choices and long-life support they need to build the services infrastructure that supports their business needs both today and tomorrow – as well as the journey in between.

  • The rise of the network edge and what it means for telecommunications

    5G. Software-defined networking (SDN) and network functions virtualization (NFV). IoT. Edge computing. Much has been said about these technologies and the impact they will have on the telecommunications services of tomorrow. But it’s when they’re talked about together—as part of the broader digital transformation of service provider networks and business models—that things really get interesting. It’s a story that may impact every corner of the telecommunications ecosystem, from mobile network operators (MNOs), traditional service providers, and cable network operators to cellular tower companies, data center operators, managed services providers, and vendors. SDN and NFV hold the promise of replacing enormous networks of proprietary, single-purpose appliances with racks of off-the-shelf compute and storage platforms that are running software from a variety of vendors for a variety of services. Progress on this front has been slowed by several issues, leaving operators looking for their next opportunity. It has emerged in the form of 5G, and whether they are early adopters or taking a wait-and-see approach, every telco company is looking for its 5G play.

Fedora: Qubes, rpminspect, rpminspect, and ProcDump

  • PoC to auto attach USB devices in Qubes

    Here is PoC based on qubesadmin API which can auto attach USB devices to any VM as required. By default Qubes auto attaches any device to the sys-usb VM, that helps with bad/malware full USB devices. But, in special cases, we may want to select special devices to be auto attached to certain VMs. In this PoC example, we are attaching any USB storage device, but, we can add some checks to mark only selected devices (by adding more checks), or we can mark few vms where no device can be attached.

  • David Cantrell: rpminspect-0.9 released

    Very large packages (VLPs) are something I am working on with rpminspect. For example, the kernel package. A full build of the kernel source package generates a lot of files. I am working on improving rpminspect's speed and fixing issues found with individual inspections. These are only showing up when I do test runs comparing VLPs. The downside here is that it takes a little longer than with any other typical package.

  • Fedora pastebin and fpaste updates

    A pastebin lets you save text on a website for a length of time. This helps you exchange data easily with other users. For example, you can post error messages for help with a bug or other issue. The CentOS Pastebin is a community-maintained service that keeps pastes around for up to 24 hours. It also offers syntax highlighting for a large number of programming and markup languages.

  • ProcDump for Linux in Fedora

    ProcDump is a nifty debugging utility which is able to dump the core of a running application once a user-specified CPU or memory usage threshold is triggered. For instance, the invocation procdump -C 90 -p $MYPID instructs ProcDump to monitor the process with ID $MYPID, waiting for a 90 % CPU usage spike. Once it hits, it creates the coredump and exits. This allows you to later inspect the backtrace and memory state in the moment of the spike without having to attach a debugger to the process, helping you determine which parts of your code might be causing performance issues.