Language Selection

English French German Italian Portuguese Spanish

Legal

Latest Black Duck Attack on Free/Open Source Software

Filed under
OSS
Security
Legal
  • M&A deals imperilled by failure to manage open source software risk, says expert [Ed: As is so common these days, today it's Microsoft's proxy Black Duck attacking FOSS and trying to scare people]
  • Open Source: Know It Before You Embrace It [Ed: By Josh Software, not Black Duck FUD about security and licences]

    Open source has already taken the world by storm. Businesses from across industries are embracing it. Earlier open source was just a tiny revolutionary idea that was not given any hope, but it has now become not just mainstream but possibly the only stream. The world has realized its importance and benefits over other closed source languages and tools. More importantly, start-ups have started embracing open source whole heartedly to gain an edge over their competitors. But the question is, how are they utilizing it to their advantage and how is it benefiting them?

FOSS Licensing

Filed under
OSS
Legal
  • [Older] Licensing resource series: License Violations and Compliance
  • [Older] The Licensing and Compliance Lab interviews Micah Lee of GPG Sync

    This is the latest installment of our Licensing and Compliance Lab's series on free software developers who choose GNU licenses for their work. In this edition, we conducted an email-based interview with Micah Lee of GPG Sync.

    GPG Sync is a recently launched project for managing the sharing of GPG keys, particularly within an organization. Micah Lee made the project internally at First Look Media and has now shared it with the world.

  • Apache and the JSON license

    The JSON license is a slightly modified variant of the MIT license, but that variation has led it to be rejected as a free-software or open-source license by several organizations. The change is a simple—rather innocuous at some level—addition of one line: "The Software shall be used for Good, not Evil.". Up until recently, code using the JSON license was acceptable for Apache projects, but that line and the ambiguity it engenders was enough for Apache to put it on the list of disallowed licenses.

    At the end of October, Ted Dunning brought up the license on the Apache legal-discuss mailing list. He suggested that classifying the JSON license as acceptable (i.e. on the list of Category A licenses) was an "erroneous decision". That decision was made, he said, "apparently based on a determination that the no-evil clause was 'clearly a joke'". He pointed to a thread from 2008 where a "lazy consensus" formed that the "not evil" condition did not preclude Apache projects from using the license.

Open Source Software A Core Competency For Effective Tech M&A

Filed under
OSS
Legal

Imagine your company just acquired its competitor for $100 million. Now imagine the company’s most important asset – its proprietary software – is subject to third-party license conditions that require the proprietary software to be distributed free of charge or in source code form. Or, imagine these license conditions are discovered late in the diligence process, and the cost to replace the offending third-party software will costs tens of thousands of dollars and take months to remediate. Both scenarios exemplify the acute, distinct and often overlooked risks inherent to the commercial use of open source software. An effective tech M&A attorney must appreciate these risks and be prepared to take the steps necessary to mitigate or eliminate them.

Over the past decade, open source software has become a mainstay in the technology community. Since its beginnings, open source software has always been viewed as a way to save money and jumpstart development projects, but it is increasingly being looked to for its quality solutions and operational advantages. Today, only a fraction of technology companies do not use open source software in any way. For most of the rest, it is mission critical.

Read more

Microsoft & Linux & Patents & Tweets

Filed under
GNU
Linux
Microsoft
Legal

Fact-checking some tweets about Linux Foundation’s newest member and their harvesting of other members’ money.

Read more

Also: Microsoft Loves Linux Patent Tax

FOSS CMS News

Filed under
OSS
Legal
  • Newly Redesigned Boston.gov Just Went Open Source

    Boston is open sourcing its municipal website, three months after redesigning Boston.gov.

    Taking the source code public, a move overseen by the city’s Digital Team, will speed the rate at which the site evolves through the addition of new features developed by local software designers, academic institutions and organizations.

  • WordPress attacks Wix, and Wix strikes back
  • The WordPress-Wix Dispute
  • The Price Of GPL [Ed: hatred of the GPL]

    Wix’s CEO, Avishai Abrahami, responded with a round of non-sequiturs that carefully evade the point that his product is built from source code for which they have not paid. One of his engineers equally misses the point, focusing on the circumstances surrounding the violation, rather than taking responsibility for the theft.

    Some will take issue with the use of strong words like “stolen code,” and “theft,” with respect to a GPL violation. But that’s exactly what it is: software has been taken and deployed in Wix’s product, but the price for doing so has not been paid.

    [...]

    Many developers understand, and view the price of GPL as perfectly justified, while others (myself included) find it unacceptable. So what am I supposed to do? Not use any GPL source code at all in any of my proprietary products? Exactly. Because the price of GPL is too much for me, and I don’t steal source code.

FOSS Licensing

Filed under
GNU
OSS
Legal
  • Conservancy Promotes Transparency by Publishing Template Agreements for Linux Compliance Program

    Today at the Linux Plumbers Conference, Software Freedom Conservancy hosts its second feedback session on the GPL Compliance Program for Linux Developers. These sessions, which Conservancy is hosting at relevant events over the next year and summarizing for public review, will seek input and ideas from the Linux community about GPL enforcement, answer questions, and plan strategies to deal with GPL enforcement actions that do not follow Conservancy and FSF's Principles of Community-Oriented GPL Enforcement.

  • Eben Moglen on GPL Compliance and Building Communities: What Works

    Software Freedom Law Center, the pro-bono law firm led by Eben Moglen, Professor of law at Columbia Law School and the world's foremost authority on Free and Open Source Software law held its annual fall conference at Columbia Law School, New York on Oct. 28. The full-day program featured technical and legal presentations on Blockchain, FinTech, Automotive FOSS and GPL Compliance by industry and community stalwarts.

    The program culminated in remarks by Moglen that highlighted the roles of engagement and education in building effective, ever-lasting communities. While expressing his gratitude to his colleague, friend and comrade Richard M. Stallman, Moglen emphasized the positive message relayed by Greg Kroah-Hartman and Theodore Ts'o --earlier in the day-- for creating win-win solutions and spreading users' freedom.

  • Freedom In Moderation [Ed: Freedom insistence (in software) equated with “extremism”, worse a term than “purism”]

    I must define some terminology in case readers are unfamiliar. Free software is defined by the Free Software Foundation (FSF) as software that carries four fundamental freedoms: the freedom to run the program for any purpose, the to study and change it, to redistribute unmodified copies, and to redistribute modified copies. The “free” refers not to price but to freedom, and is sometimes called “libre”, from the same Latin root as “liberate”.

    The Free Software Foundation has been campaigning for “users’ freedom” since 1985. They advocate for the release of software under licenses they approve that give users those freedoms. Some of their notable successes include the GNU project, which develops various low-level and mid-level system tools, and their Defective By Design campaign to oppose digital rights management (DRM).

Distributing encryption software may break the law

Filed under
OSS
Security
Legal

Developers, distributors, and users of Free and Open Source Software (FOSS) often face a host of legal issues which they need to keep in mind. Although areas of law such as copyright, trademark, and patents are frequently discussed, these are not the only legal concerns for FOSS. One area that often escapes notice is export controls. It may come as a surprise that sharing software that performs or uses cryptographic functions on a public website could be a violation of U.S. export control law.

Export controls is a term for the various legal rules which together have the effect of placing restrictions, conditions, or even wholesale prohibitions on certain types of export as a means to promote national security interests and foreign policy objectives. Export control has a long history in the United States that goes back to the Revolutionary War with an embargo of trade with Great Britain by the First Continental Congress. The modern United States export control regime includes the Department of State's regulations covering export of munitions, the Treasury Department's enforcement of United States' foreign embargoes and sanctions regimes, and the Department of Commerce's regulations applying to exports of "dual-use" items, i.e. items which have civil applications as well as terrorism, military, or weapons of mass destruction-related applications.

Read more

GCC RISC-V Support Allegedly Held Up Due To University Lawyers

Filed under
Development
GNU
Legal

While there has been talk about RISC-V architecture support in the GCC compiler and for LLVM too going back months, a developer is reporting that the GCC RISC-V support is being delayed due to UC Berkeley lawyers.

Contributions to the GNU Compiler Collection (GCC) require a copyright assignment to the Free Software Foundation for this GPLv3-licensed compiler. It turns out the University of California Berkeley lawyers are taking issue with this, temporarily holding up the compiler back-end from merging.

Read more

FOSS Licensing

Filed under
Legal
  • Making money from copylefted code

    I wanted to put this out there while I still have it fresh in my mind. Here at the copyleft BoF with Bradlely Kuhn at LAS GNOME. One of the biggest take away from this is something that Bryan Lunduke said that people are able to make money off from copyleft if we don’t actually brand it as free and open source software. So it seems that if we don’t advertise something as free or open source or that there is software available, then there is a decent chance that you can make money.

  • Help Send Conservancy to Embedded Linux Conference Europe

    Last month, Conservancy made a public commitment to attend Linux-related events to get feedback from developers about our work generally, and Conservancy's GPL Compliance Program for Linux Developers specifically. As always, even before that, we were regularly submitting talks to nearly any event with Linux in its name. As a small charity, we always request travel funding from the organizers, who are often quite gracious. As I mentioned in my blog posts about LCA 2016 and GUADEC 2016, the organizers covered my travel funding there, and recently both Karen and I both received travel funding to speak at LCA 2017 and DebConf 2016, as well as many other events this year.

  • Copyleft, attribution, and data: other considerations

    When looking at solutions, it is important to understand that the practical concerns I blogged about aren’t just theoretical — they matter in practice too. For example, Peter Desmet has done a great job showing how overreaching licenses make bullfrog maps (and other data combinations) illegal. Alex Barth of OpenStreetMap has also discussed how ODbL creates problems for OSM users (though he got some Wikipedia-related facts wrong). And I’ve spoken to very well-intentioned organizations (including thoughtful, impactful non-profits) scared off from OSM for similar reasons.

OSI Approved Licenses, a Foundation for Federal Source Code Policy

Filed under
OSS
Legal

The Federal Source Code memorandum includes a subject line that clearly communicates the federal government's commitment, "Achieving Efficiency, Transparency, and Innovation through Reusable and Open Source Software," and we applaud the OMB for their compressive work: introducing the benefits of open source software, development and communities to a bureaucracy often challenged to move away from traditional modes of practice and policy; engaging with the larger technology sector in a inclusive and comprehensive review of current, and potential future-states for software development and use within the government, and; actually delivering a policy that can serve as a foundation to build on.

Read more

Syndicate content

More in Tux Machines

Artificial intelligence/Machine learning

  • Is your AI being handed to you by Google? Try Apache open source – Amazon's AWS did
    Surprisingly, the MXNet Machine Learning project was this month accepted by the Apache Software Foundation as an open-source project. What's surprising about the announcement isn't so much that the ASF is accepting this face in the crowd to its ranks – it's hard to turn around in the software world these days without tripping over ML tools – but rather that MXNet developers, most of whom are from Amazon, believe ASF is relevant.
  • Current Trends in Tools for Large-Scale Machine Learning
    During the past decade, enterprises have begun using machine learning (ML) to collect and analyze large amounts of data to obtain a competitive advantage. Now some are looking to go even deeper – using a subset of machine learning techniques called deep learning (DL), they are seeking to delve into the more esoteric properties hidden in the data. The goal is to create predictive applications for such areas as fraud detection, demand forecasting, click prediction, and other data-intensive analyses.
  • Your IDE won't change, but YOU will: HELLO! Machine learning
    Machine learning has become a buzzword. A branch of Artificial Intelligence, it adds marketing sparkle to everything from intrusion detection tools to business analytics. What is it, exactly, and how can you code it?
  • Artificial intelligence: Understanding how machines learn
    Learning the inner workings of artificial intelligence is an antidote to these worries. And this knowledge can facilitate both responsible and carefree engagement.
  • Your future boss? An employee-interrogating bot – it's an open-source gift from Dropbox
    Dropbox has released the code for the chatbot it uses to question employees about interactions with corporate systems, in the hope that it can help other organizations automate security processes and improve employee awareness of security concerns. "One of the hardest, most time-consuming parts of security monitoring is manually reaching out to employees to confirm their actions," said Alex Bertsch, formerly a Dropbox intern and now a teaching assistant at Brown University, in a blog post. "Despite already spending a significant amount of time on reach-outs, there were still alerts that we didn't have time to follow up on."

Red Hat News

Container-friendly Alpine Linux may get Java port

Alpine Linux, a security-focused lightweight distribution of the platform, may get its own Java port. Alpine is popular with the Docker container developers, so a Java port could pave the way to making Java containers very small. A proposal floated this week on an OpenJDK mailing list calls for porting the JDK (Java Development Kit), including the Java Runtime Environment, Java compiler and APIs, to both the distribution and the musl C standard library, which is supported by Alpine Linux. The key focus here is musl; Java has previously been ported to the standard glibc library, which you can install in Alpine, but the standard Alpine release switched two years ago to musl because it’s much faster and more compact Read more

OSS and Linux Foundation Work

  • Using Open Source Software to Speed Development and Gain Business Advantage
    Last week, we started by defining “Open Source” in common terms -- the first step for any organization that wants to realize, and optimize, the advantages of using open source software (OSS) in their products or services. In the next few articles, we will provide more details about each of the ways OSS adds up to a business advantage for organizations that use and contribute to open source. First, we’ll discuss why many organizations use OSS to speed up the delivery of software and hardware solutions.
  • Linux Foundation Creates New Platform for Network Automation
  • Tying together the many open source projects in networking
    There are a lot of pieces to the ongoing network transformation going up and down the stack. There's the shift away from proprietary hardware. There's the to need to manage complex network configurations. Add subscriber management and a wide range of other necessary functions. Add customer-facing services. All of those pieces need to fit together, integrate with each other, and interoperate. This was the topic of my conversation with Heather Kirksey, who heads up the Open Platform for Network Functions Virtualization (OPNFV) project when we caught up at the Open Source Leadership Summit in mid-February. OPNFV is a Linux Foundation Collaborative Project which focuses on the system integration effort needed to tie together the many other open source projects in this space, such as OpenDaylight. As Heather puts it: "Telecom operators are looking to rethink, reimagine, and transform their networks from things being built on proprietary boxes to dynamic cloud applications with a lot more being in software. [This lets them] provision services more quickly, allocate bandwidth more dynamically, and scale out and scale in more effectively."
  • Master the Open Cloud with Free, Community-Driven Guides
    One of the common criticisms of open source in general, especially when it comes to open cloud platforms such as OpenStack and ownCloud, is lack of truly top-notch documentation and training resources. The criticism is partly deserved, but there are some free documentation resources that benefit from lots of contributors. Community documentation and training contributors really can make a difference. In fact, in a recent interview, ClusterHQ’s Mohit Bhatnagar said: “Documentation is a classic example of where crowdsourcing wins. You just can’t beat the enthusiasm of hobbyist developers fixing a set of documentation resources because they are passionate about the topic.”
  • OpenStack Ocata Nova Cells Set to Improve Cloud Scalability
    Among the biggest things to land in the OpenStack Ocata cloud platform release this week is the Cells v2 code, which will help enable more scale and manageability in the core Nova compute project. Nova is one of the two original projects (along with Swift storage) that helped launch OpenStack in June 2010. The original Nova code, which was written by NASA, enables the management of virtualized server resources.