Language Selection

English French German Italian Portuguese Spanish

Legal

Copyrights on APIs (Java) Update

Filed under
Development
Legal
  • No do-overs! Appeals court won’t hear $8.8bn Oracle v Google rehash

    Over eight years of feuding between Oracle and Google over the use of Java code in Android may be nearing its end following a Tuesday court ruling.

    The US Federal Circuit Court of Appeals has declined [PDF] to re-hear the case in which it found Google to be in violation of Oracle’s copyright on Android API code. The Chocolate Factory faces a demand from Oracle for $8.8bn in damages.

    Tuesday’s ruling means that the only remaining hope for Google to avoid a massive payout to Oracle is a hearing and decision from the US Supreme Court, something Google said it will pursue after today's verdict.

    "We are disappointed that the Federal Circuit overturned the jury finding that Java is open and free for everyone," Google told The Register.

  • Federal Circuit denies Oracle v Google en banc rehearing

    Google has already said it will appeal to the Supreme Court in the latest development in the dispute over unauthorised use of 37 packages of Oracle’s Java application programming interface

Open-source licensing war: Commons Clause

Filed under
OSS
Legal

Most people wouldn't know an open-source license from their driver's license. For those who work with open-source software, it's a different story. Open-source license fights can be vicious, cost serious coin, and determine the fate of multi-million dollar companies. So, when Redis Labs added a new license clause, Commons Clause, on top of Redis, an open-source, BSD licensed, in-memory data structure store, all hell broke loose.

Why? First, you need to understand that while you may never have heard of Redis, it's a big deal. It enables real-time applications such as advertising, gaming financial services, and IoT to work at speed. That's because it can deliver sub-millisecond response times to millions of requests per second.

But Redis Labs has been unsuccessful in monetizing Redis, or at least not as successful as they'd like. Their executives were discovering, like the far more well-known Docker, that having a great open-source technology did not mean you'd be making millions. Redis' solution was to embrace Commons Clause.

Read more

GPL Violations Cost Creality a US Distributor

Filed under
OSS
Legal

One of the core tenets of free and open source software licenses is that you’re being provided source code for a project with the hope that you’ll “pay it forward” if and when you utilize that code. In fact some licenses, such as the GNU Public License (GPL), require that you keep the source code for subsequent spin-offs or forks open. These are known as viral licenses, and the hope is that they will help spread the use of open source as derivative works can’t turn around and refuse to release their source code.

Read more

Deutsche Bahn Intercity software under EUPL

Filed under
OSS
Legal

This software, distributed under the EUPL, is the open European Train Control System (OpenETCS), the signalling and control component of the European Rail Traffic Management System (ERTMS). It is kind of positive train control, replacing the many incompatible safety systems previously used by European railways. It is becoming a standard that was also adopted outside Europe and is an option for worldwide application. It is managed by the European Union Agency for Railways (ERA) and it is a legal requirement that all new, upgraded or renewed tracks and rolling stock in the European railway system should adopt it, possibly keeping legacy systems for backward compatibility

Read more

The Commons Clause – Helpful New Tool or the End of the Open Source as We Know it?

Filed under
Legal

Almost nothing inspires a spirited discussion among the open source faithful as much as introducing a new open source license, or a major change in an existing license’s terms. In the case of version 3 of the GPL, the update process took years and involved dozens of lawyers in addition to community members. So, it’s no surprise that the pot is already boiling over something called the “Commons Clause.” How energetically? Well, one blog entry posted yesterday was titled The Commons Clause Will Destroy Open Source. The spark that turned up the heat was the announcement the same day by RedisLabs that it was adopting the license language.

The clause itself is short (you can find it here, together with an explanatory FAQ). It was drafted by Heather Meeker, an attorney with long open source involvement, in conjunction with “a group of developers behind many of the world’s most popular open source projects.”

It’s also simple in concept: basically, it gives a developer the right to make sure no one can make money out of her code – whether by selling, hosting, or supporting it – unless the Commons Clause code is a minor part of a larger software product. In one way, that’s in the spirit of a copyleft license (i.e., a prohibition on commercial interests taking advantage of a programmer’s willingness to make her code available for free), but it also violates the “Four Freedoms” of Free and Open Source software as well as the Open Source Definition by placing restrictions on reuse, among other issues.

Read more

Stop Supreme Court nominee Kavanaugh to protect free software!

Filed under
GNU
Legal

United States Supreme Court judges serve from the time they are appointed until they choose to retire -- it's a lifetime appointment. One judge recently stepped down, and Brett Kavanaugh was nominated to fill the empty seat. He comes with a firm stance against net neutrality.

Last year he wrote:

Supreme Court precedent establishes that Internet service providers have a First Amendment right to exercise editorial discretion over whether and how to carry Internet content.

Here, Kavanaugh argues that controlling the way you use the Internet is a First Amendment right that ISPs -- companies, not people -- hold. The First Amendment, which guarantees Americans the right to free speech, freedom of the press, and freedom to congregate, is one of the most dearly-held amendments of the United States Constitution. With this statement, he says that net neutrality protections -- policies that prevent companies from "editorializing" what you see on the Web -- is a violation of the Constitution. He believes net neutrality is unconstitutional. We know he's wrong.

Read more

Also: LibreJS 7.15 released

EA Kills "Open Source" Version Of SimCity 2000

Filed under
OSS
Legal
  • Electronic Arts shuts down the open source SimCity 2000 fan remake

    Electronic Arts has taken down the open source fan remake of SimCity 2000, OpenSC2K. According to the DMCA notice, OpenSC2K uses assets from SimCity 2000 and since these assets are under copyrights, they should not be used in free remakes or projects.

  • EA Takes Down ‘Open Source’ SimCity 2000 Remake

    Electronic Arts has asked GitHub to remove a fan-created remake of the classic SimCity 2000 release. While the original game is a quarter-century old, the publisher points out that the assets are not free to use, adding that a copy of the game can still be purchased legally.

  • EA Kills "Open Source" Version Of SimCity 2000

    Earlier this year, a game called OpenSC2K was released on GitHub, claiming to be a free, open source version of Maxis’ classic. Turns out it wasn’t as open source as it could have been, though, because EA have had the game removed from the platform.

    As TorrentFreak report, the art assets used in OpenSC2K were lifted straight from the 1993 original, so EA have filed a DMCA request against the project that led to its removal (remember that SimCity 2000 is still commercially available on Origin).

LibreOffice With Microsoft DRM and a Tax

Filed under
LibO
Microsoft
Legal

Licensing With GPL: Greater Certainty

Filed under
GNU
Red Hat
Legal
  • A Movement Builds as a Diverse Group of 14 Additional Leaders Seek Greater Predictability in Open Source Licensing

    Today’s announcement demonstrates the expanded breadth and depth of support for the GPL Cooperation Commitment. Companies adopting the commitment now span geographic regions, include eight Fortune 100 companies, and represent a wide range of industries from enterprise software and hardware to consumer electronics, chip manufacturing to cloud computing, and social networking to automotive. The companies making the commitment represent more than 39 percent of corporate contributions to the Linux kernel, including six of the top 10 corporate contributors.1

  • ARM: Arm joins industry leaders in commitment to fair enforcement of open source licenses

    Today, Red Hat announced that several leading technology companies, including Arm, are joining a diverse coalition of organizations that have come together to promote greater predictability in open source license enforcement. Alongside Amazon, Canonical, Linaro, Toyota, VMware and many others we have committed to ensure fair opportunity for our licensees to correct errors in compliance with their GPL and LGPL licensed software before taking action to terminate the licenses.

  • Debian "stretch" 9.5 Update Now Available, Red Hat Announces New Adopters of the GPL Cooperation Commitment, Linux Audio Conference 2018 Videos Now Available, Latte Dock v0.8 Released and More

    Red Hat announced that 14 additional companies have adopted the GPL Cooperation Commitment, which means that "more than 39 percent of corporate contributions to the Linux kernel, including six of the top 10 contributors" are now represented. According to the Red Hat press release, these commitments "reflect the belief that responsible compliance in open source licensing is important and that license enforcement in the open source ecosystem operates by different norms." Companies joining the growing movement include Amazon, Arm, Canonical, GitLab, Intel Corporation, Liferay, Linaro, MariaDB, NEC, Pivotal, Royal Philips, SAS, Toyota and VMware.

Codecs and Patents

Filed under
Moz/FF
OSS
Legal
  • An Invisible Tax on the Web: Video Codecs

    Here’s a surprising fact: It costs money to watch video online, even on free sites like YouTube. That’s because about 4 in 5 videos on the web today rely on a patented technology called the H.264 video codec.

    A codec is a piece of software that lets engineers shrink large media files and transmit them quickly over the internet. In browsers, codecs decode video files so we can play them on our phones, tablets, computers, and TVs. As web users, we take this performance for granted. But the truth is, companies pay millions of dollars in licensing fees to bring us free video.

    It took years for companies to put this complex, global set of legal and business agreements in place, so H.264 web video works everywhere. Now, as the industry shifts to using more efficient video codecs, those businesses are picking and choosing which next-generation technologies they will support. The fragmentation in the market is raising concerns about whether our favorite web past-time, watching videos, will continue to be accessible and affordable to all.

  • AV1, Opportunity or Threat for POWER and ARM Servers?

    While I haven’t seen an official announcement, Phoronix reported that the AV1 git repository was tagged 1.0, so the launch announcement is imminent. If you haven’t heard about it already, AOMedia Video 1 (AV1) is an open, royalty-free video coding format by the Alliance for Open Media.

  • VP9 & AV1 Have More Room To Improve For POWER & ARM Architectures

    Luc Trudeau, a video compression wizard and co-author of the AV1 royalty-free video format, has written a piece about the optimization state for video formats like VP9 and AV1 on POWER and ARM CPU architectures.

Syndicate content

More in Tux Machines

Kernel Articles at LWN (Paywall Just Expired)

  • Filesystem sandboxing with eBPF

    Bijlani is focused on a specific type of sandbox: a filesystem sandbox. The idea is to restrict access to sensitive data when running these untrusted programs. The rules would need to be dynamic as the restrictions might need to change based on the program being run. Some examples he gave were to restrict access to the ~/.ssh/id_rsa* files or to only allow access to files of a specific type (e.g. only *.pdf for a PDF reader). He went through some of the existing solutions to show why they did not solve his problem, comparing them on five attributes: allowing dynamic policies, usable by unprivileged users, providing fine-grained control, meeting the security needs for running untrusted code, and avoiding excessive performance overhead. Unix discretionary access control (DAC)—file permissions, essentially—is available to unprivileged users, but fails most of the other measures. Most importantly, it does not suffice to keep untrusted code from accessing files owned by the user running the code. SELinux mandatory access control (MAC) does check most of the boxes (as can be seen in the talk slides [PDF]), but is not available to unprivileged users. Namespaces (or chroot()) can be used to isolate filesystems and parts of filesystems, but cannot enforce security policies, he said. Using LD_PRELOAD to intercept calls to filesystem operations (e.g. open() or write()) is a way for unprivileged users to enforce dynamic policies, but it can be bypassed fairly easily. System calls can be invoked directly, rather than going through the library calls, or files can be mapped with mmap(), which will allow I/O to the files without making system calls. Similarly, ptrace() can be used, but it suffers from time-of-check-to-time-of-use (TOCTTOU) races, which would allow the security protections to be bypassed.

  • Generalizing address-space isolation

    Linux systems have traditionally run with a single address space that is shared by user and kernel space. That changed with the advent of the Meltdown vulnerability, which forced the merging of kernel page-table isolation (KPTI) at the end of 2017. But, Mike Rapoport said during his 2019 Open Source Summit Europe talk, that may not be the end of the story for address-space isolation. There is a good case to be made for increasing the separation of address spaces, but implementing that may require some fundamental changes in how kernel memory management works. Currently, Linux systems still use a single address space, at least when they are running in kernel mode. It is efficient and convenient to have everything visible, but there are security benefits to be had from splitting the address space apart. Memory that is not actually mapped is a lot harder for an attacker to get at. The first step in that direction was KPTI. It has performance costs, especially around transitions between user and kernel space, but there was no other option that would address the Meltdown problem. For many, that's all the address-space isolation they would like to see, but that hasn't stopped Rapoport from working to expand its use.

  • Identifying buggy patches with machine learning

    The stable kernel releases are meant to contain as many important fixes as possible; to that end, the stable maintainers have been making use of a machine-learning system to identify patches that should be considered for a stable update. This exercise has had some success but, at the 2019 Open Source Summit Europe, Sasha Levin asked whether this process could be improved further. Might it be possible for a machine-learning system to identify patches that create bugs and intercept them, so that the fixes never become necessary? Any kernel patch that fixes a bug, Levin began, should include a tag marking it for the stable updates. Relying on that tag turns out to miss a lot of important fixes, though. About 3-4% of the mainline patch stream was being marked, but the number of patches that should be put into the stable releases is closer to 20% of the total. Rather than try to get developers to mark more patches, he developed his machine-learning system to identify fixes in the mainline patch stream automatically and queue them for manual review. This system uses a number of heuristics, he said. If the changelog contains language like "fixes" or "causes a panic", it's likely to be an important fix. Shorter patches tend to be candidates.

  • Next steps for kernel workflow improvement

    The kernel project's email-based development process is well established and has some strong defenders, but it is also showing its age. At the 2019 Kernel Maintainers Summit, it became clear that the kernel's processes are much in need of updating, and that the maintainers are beginning to understand that. It is one thing, though, to establish goals for an improved process; it is another to actually implement that process and convince developers to use it. At the 2019 Open Source Summit Europe, a group of 20 or so maintainers and developers met in the corner of a noisy exhibition hall to try to work out what some of the first steps in that direction might be. The meeting was organized and led by Konstantin Ryabitsev, who is in charge of kernel.org (among other responsibilities) at the Linux Foundation (LF). Developing the kernel by emailing patches is suboptimal, he said, especially when it comes to dovetailing with continuous-integration (CI) processes, but it still works well for many kernel developers. Any new processes will have to coexist with the old, or they will not be adopted. There are, it seems, some resources at the LF that can be directed toward improving the kernel's development processes, especially if it is clear that this work is something that the community wants.

Server Leftovers

  • Knative at 1: New Changes, New Opportunities

    This summer marked the one-year anniversary of Knative, an open-source project that provides the fundamental building blocks for serverless workloads in Kubernetes. In its relatively short life (so far), Knative is already delivering on its promise to boost organizations’ ability to leverage serverless and FaaS (functions as a service). Knative isn’t the only serverless offering for Kubernetes, but it has become a de-facto standard because it arguably has a richer set of features and can be integrated more smoothly than the competition. And the Knative project continues to evolve to address businesses’ changing needs. In the last year alone, the platform has seen many improvements, giving organizations looking to expand their use of Kubernetes through serverless new choices, new considerations and new opportunities.

  • Redis Labs Leverages Kubernetes to Automate Database Recovery

    Redis Labs today announced it has enhanced the Operator software for deploying its database on Kubernetes clusters to include an automatic cluster recovery that enables customers to manage a stateful service as if it were stateless. Announced at Redis Day, the latest version of Kubernetes Operator for Redis Enterprise makes it possible to spin up a new instance of a Redis database in minutes. Howard Ting, chief marketing officer for Redis Labs, says as Kubernetes has continued to gain traction, it became apparent that IT organizations need tools to provision Redis Enterprise for Kubernetes clusters. That requirement led Redis Labs to embrace Operator software for Kubernetes developed by CoreOS, which has since been acquired by Red Hat. IT teams can either opt to recover databases manually using Kubernetes Operator or configure the tool to recover databases automatically anytime a database goes offline. In either case, he says, all datasets are loaded and balanced across the cluster without any need for manual workflows.

  • Dare to Transform IT with SUSE Global Services

Audiocasts/Shows: FLOSS Weekly and Linux Headlines

  • FLOSS Weekly 555: Emissions API

    Emissions API is easy to access satellite-based emission data for everyone. The project strives to create an application interface that lowers the barrier to use the data for visualization and/or analysis.

  • 2019-11-13 | Linux Headlines

    It’s time to update your kernel again as yet more Intel security issues come to light, good news for container management and self-hosted collaboration, and Brave is finally ready for production.

Bill Wear, Developer Advocate for MAAS: foo.c

I remember my first foo. It was September, 1974, on a PDP-11/40, in the second-floor lab at the local community college. It was an amazing experience for a fourteen-year-old, admitted at 12 to audit night classes because his dad was a part-time instructor and full-time polymath. I should warn you, I’m not the genius in the room. I maintained a B average in math and electrical engineering, but A+ averages in English, languages, programming, and organic chemistry (yeah, about that….). The genius was my Dad, the math wizard, the US Navy CIC Officer. More on him in a later blog — he’s relevant to what MAAS does in a big way. Okay, so I’m more of a language (and logic) guy. But isn’t code where math meets language and logic? Research Unix Fifth edition UNIX had just been licensed to educational institutions at no cost, and since this college was situated squarely in the middle of the military-industrial complex, scoring a Hulking Giant was easy. Finding good code to run it? That was another issue, until Bell Labs offered up a freebie. It was amazing! Getting the computer to do things on its own — via ASM and FORTRAN — was not new to me. What was new was the simplicity of the whole thing. Mathematically, UNIX and C were incredibly complex, incorporating all kinds of network theory and topology and numerical methods that (frankly) haven’t always been my favorite cup of tea. I’m not even sure if Computer Science was a thing yet. But the amazing part? Here was an OS which took all that complexity and translated it to simple logic: everything is a file; small is beautiful; do one thing well. Didn’t matter that it was cranky and buggy and sometimes dumped your perfectly-okay program in the bit bucket. It was a thrill to be able to do something without having to obsess over the math underneath. Read more Also: How to upgrade to Ubuntu 20.04 Daily Builds from Ubuntu 19.10