Language Selection

English French German Italian Portuguese Spanish

Legal

The Commons Clause doesn't help the commons

Filed under
OSS
Legal

The Commons Clause was announced recently, along with several projects moving portions of their codebase under it. It's an additional restriction intended to be applied to existing open source licenses with the effect of preventing the work from being sold[1], where the definition of being sold includes being used as a component of an online pay-for service. As described in the FAQ, this changes the effective license of the work from an open source license to a source-available license. However, the site doesn't go into a great deal of detail as to why you'd want to do that.

Fortunately one of the VCs behind this move wrote an opinion article that goes into more detail. The central argument is that Amazon make use of a great deal of open source software and integrate it into commercial products that are incredibly lucrative, but give little back to the community in return. By adopting the commons clause, Amazon will be forced to negotiate with the projects before being able to use covered versions of the software. This will, apparently, prevent behaviour that is "not conducive to sustainable open-source communities".

But this is where things get somewhat confusing.

Read more

Microsoft-Connected Black Duck and Salil Deshpande With Their Attacks on Copyleft

Filed under
OSS
Legal
  • The Big Legal Issue Blockchain Developers Rarely Discuss [Ed: The latest FUD from Black Duck]
  • Commons Clause stops open-source abuse [Ed: Salil Deshpande trying to rationalise his attack on Free as in freedom software]

    There are two key reasons to not use AGPL in this scenario, an open-source license that says that you must release to the public any modifications you make when you run AGPL-licensed code as a service.

    First, AGPL makes it inconvenient but does not prevent cloud infrastructure providers from engaging in the abusive behavior described above. It simply says that they must release any modifications they make while engaging in such behavior. Second, AGPL contains language about software patents that is unnecessary and disliked by a number of enterprises.

    Many of our portfolio companies with AGPL projects have received requests from large enterprises to move to a more permissive license, since the use of AGPL is against their company’s policy.

FSF/FSFE/GNU: The Commons Clause Against Copyleft, GCC/Loongson and Sustainable Computing (FSFE)

Filed under
GNU
Legal
  • A Fresh Concern About Open-Source Software

    The issue came to a head last week due to two separate licensing decisions in the space. First, the database project Redis, which is known for its ability to store data in memory, announced it would use a new kind of license called “The Commons Clause,” which looks like open source (in that the source is available to use and modify) but doesn’t fully fit the standard because it allows the project to require that some commercial clients pay for use.

    The problem for Redis Labs, the maker of the software, was that many cloud providers, such as Amazon, use its software but don’t contribute to its upkeep.

    “Cloud providers contribute very little (if anything) to those open source projects. Instead, they use their monopolistic nature to derive hundreds of millions dollars in revenues from them,” the company wrote on its licenses page. “Already, this behavior has damaged open-source communities and put some of the companies that support them out of business.”

  • Loongson 3A1000/3A2000/3A3000 Processor Support For GCC

    A compiler engineer working for Loongson Technology Co is looking to land a number of improvements to these newer MIPS64 processors into the mainline GCC code-base.

    Paul Hua of Loongson Tech sent out a number of patches to improve the GNU Compiler Collection's support for these Chinese MIPS64 CPUs. In particular, the six patches officially add support for the 3A1000, 3A2000, and 3A3000 series processors. Also, there is support for the older Loongson 2K1000 processor series.

  • Sustainable Computing

    Recent discussions about the purpose and functioning of the FSFE have led me to consider the broader picture of what I would expect Free Software and its developers and advocates to seek to achieve in wider society. It was noted, as one might expect, that as a central component of its work the FSFE seeks to uphold the legal conditions for the use of Free Software by making sure that laws and regulations do not discriminate against Free Software licensing.

    This indeed keeps the activities of Free Software developers and advocates viable in the face of selfish and anticompetitive resistance to the notions of collaboration and sharing we hold dear. Advocacy for these notions is also important to let people know what is possible with technology and to be familiar with our rich technological heritage. But it turns out that these things, although rather necessary, are not sufficient for Free Software to thrive.

Dutch government to remove legal barriers to sharing code as open source

Filed under
OSS
Legal

The Dutch government plans to remove legal roadblocks to allow public services to publish the source code of their ICT solutions. A pending proposal from the government to the parliament will change the country’s rules of conduct that minimise interference with the private sector. Next year, the government will begin encouraging public services to publish their source code publicly.

In recent months, the government has been working on a proposal to change itsrules of conduct. The proposal has not yet been submitted to the Dutch parliament, but the changes are anticipated in NL DIGIbeter, a brochure detailing the country’s digital agenda that was published in August. This week, a spokesperson for the Interior Ministry referred to the brochure when asked about pending changes to the rules of conduct.

Read more

Limiting Free Licences and New FUD From Veracode/CA

Filed under
OSS
Security
Legal
  • ​Javascript Tool Maker Relents After Mixing Immigration Politics with Open Source Licensing

    In very short order, Lerna, a company that offers some Javascript tooling, has learned the hard way not to mess with the integrity of an open source license. In other words, don’t decide you’re going to take an existing OSI-certified open source license, modify it to suit your agenda, license your code under the newly derived license, and still continue to refer to your offering as "open source.”

    First, this analysis piece is really just a follow up to my previous post about why it’s time to reject the latest attack on open source software (OSS). The main point of that post was to point out that all of us who have experienced the benefits of open source (ok, that’s nearly all human beings) should play a role in defending it. Otherwise, it will whither and so too will the benefits most of us have come to enjoy, blind to the fact that open source is playing such an important role in our lives.

  • Does Redis' Commons Clause threaten open-source software?
  • Get a Jump on Reducing Your Open Source Software Security Risks [Ed: Anti-FOSS firm Veracode/CA pays IDG for spam which stigmatises FOSS as lacking security]

It's Time To Reject The Latest Attack On Open Source Software

Filed under
OSS
Legal

Open source software is under attack. Again. And so it's beholden on all of us to take a stand before the current scourge marginalizes the wonderous benefits of open source (which accrue to every human) and the organization which looks after both the sanctity of the open source movement and the integrity of the licenses behind it: the Open Source Initiative.

Whether you know it or not, all humans are the beneficiaries of open source software in almost everything we do in our digital lives. Most of everything we use -- the smartphones, the cable modem routers, our desktops and laptops, the Web sites and services we access, the APIs at work under the hood of it all -- is built using open source software (in all or in part). It can be easily argued that all of our user experiences would be a lot suckier and slower were it not for the open source model and how it drives innovation (much of it charitable) which trickles into every digital moment without exception. Some experiences that add value to our lives might not exist at all were it not for open source.

Read more

Also: Open Source Devs Reverse Decision to Block ICE Contractors From Using Software

Licensing/Legal: Public Money, Public Code and Linux Foundation Stuff

Filed under
OSS
Legal
  • Software created using taxpayers’ money should be Free Software

    It might seem obvious that software created using tax money should be available for everyone to use and improve. Free Software Foundation Europe recentlystarted a campaign to help get more people to understand this, and I just signed the petition on Public Money, Public Code to help them. I hope you too will do the same.

  • Major Open Source Project Revokes Access to Companies That Work with ICE [iophk: "former open source now ... however, it is their code and they can change the license"]

     

    On Tuesday, the developers behind a widely used open source code-management software called Lerna modified the terms and conditions of its use to prohibit any organization that collaborates with ICE from using the software. Among the companies and organizations that were specifically banned were Palantir, Microsoft, Amazon, Northeastern University, Motorola, Dell, UPS, and Johns Hopkins University.  

  • Solving License Compliance at the Source: Adding SPDX License IDs

    Accurately identifying the license for open source software is important for license compliance. However, determining the license can sometimes be difficult due to a lack of information or ambiguous information. Even when there is some licensing information present, a lack of consistent ways of expressing the license can make automating the task of license detection very difficult, thus requiring significant amounts of manual human effort. There are some commercial tools applying machine learning to this problem to reduce the false positives, and train the license scanners, but a better solution is to fix the problem at the upstream source.

    In 2013, the U-boot project decided to use the SPDX license identifiers in each source file instead of the GPL v2.0 or later header boilerplate that had been used up to that point. The initial commit message had an eloquent explanation of reasons behind this transition.

  • Arm and Facebook join Yocto Project

    Arm and Facebook have joined Intel and TI as Platinum members of the Yocto Project for embedded Linux development. Meanwhile, the Linux Foundation announced 47 new Silver members.

    The Linux Foundation’s seven-year old Yocto Project was originally an Intel project, and the chipmaker has continued to nurture it over the years. Yet, the Yocto Project’s collection of open source templates, tools, and methods for creating custom embedded Linux-based systems was quickly embraced by the Arm world as well as x86. Now, the technology’s presence in Arm Linux has been reinforced at the membership level with Arm and Facebook joining Intel and Texas Instruments as Platinum members. In other news, the Linux Foundation announced 51 new Silver and Associate members (see farther below).

  • Google Hands Off Kubernetes to the Cloud Native Computing Foundation, Kinetica Joins Automotive Grade Linux, NordVPN Releases NordVPN Linux App, Storj Labs Announces The Open Source Partner Program and Update on Librem 5 Phone

    Google is handing over control of the Kubernetes project to the Cloud Native Computing Foundation. According to the TechCrunch post, Google is providing the foundation $9 million in Google Cloud credits to help cover the costs of building, testing and distributing the software.

Redis modules and the Commons Clause

Filed under
OSS
Legal

The "Commons Clause", which is a condition that can be added to an open-source license, has been around for a few months, but its adoption by Redis Labs has some parts of the community in something of an uproar. At its core, using the clause is meant to ensure that those who are "selling" Redis modules (or simply selling access to them in the cloud) are prohibited from doing so—at least without a separate, presumably costly, license from Redis Labs. The clause effectively tries to implement a "no commercial use" restriction, though it is a bit more complicated than that. No commercial use licenses are not new—the "open core" business model is a more recent cousin, for example—but they have generally run aground on a simple question: "what is commercial use?"

Redis is a popular in-memory database cache that is often used by web applications. Various pieces of it are licensed differently; the "Redis core" is under the BSD license, some modules are under either Apache v2.0 or MIT, and a handful of modules that Redis Labs created are under Apache v2.0, now with Commons Clause attached. Cloud services (e.g. Amazon AWS, Microsoft Azure, Google Compute Engine, and other smaller players) provide Redis and its modules to their customers and, naturally, charge for doing so. The "charge" part is what the adoption of the clause is trying to stamp out—at least without paying Redis Labs.

Read more

Copyrights on APIs (Java) Update

Filed under
Development
Legal
  • No do-overs! Appeals court won’t hear $8.8bn Oracle v Google rehash

    Over eight years of feuding between Oracle and Google over the use of Java code in Android may be nearing its end following a Tuesday court ruling.

    The US Federal Circuit Court of Appeals has declined [PDF] to re-hear the case in which it found Google to be in violation of Oracle’s copyright on Android API code. The Chocolate Factory faces a demand from Oracle for $8.8bn in damages.

    Tuesday’s ruling means that the only remaining hope for Google to avoid a massive payout to Oracle is a hearing and decision from the US Supreme Court, something Google said it will pursue after today's verdict.

    "We are disappointed that the Federal Circuit overturned the jury finding that Java is open and free for everyone," Google told The Register.

  • Federal Circuit denies Oracle v Google en banc rehearing

    Google has already said it will appeal to the Supreme Court in the latest development in the dispute over unauthorised use of 37 packages of Oracle’s Java application programming interface

Open-source licensing war: Commons Clause

Filed under
OSS
Legal

Most people wouldn't know an open-source license from their driver's license. For those who work with open-source software, it's a different story. Open-source license fights can be vicious, cost serious coin, and determine the fate of multi-million dollar companies. So, when Redis Labs added a new license clause, Commons Clause, on top of Redis, an open-source, BSD licensed, in-memory data structure store, all hell broke loose.

Why? First, you need to understand that while you may never have heard of Redis, it's a big deal. It enables real-time applications such as advertising, gaming financial services, and IoT to work at speed. That's because it can deliver sub-millisecond response times to millions of requests per second.

But Redis Labs has been unsuccessful in monetizing Redis, or at least not as successful as they'd like. Their executives were discovering, like the far more well-known Docker, that having a great open-source technology did not mean you'd be making millions. Redis' solution was to embrace Commons Clause.

Read more

Syndicate content

More in Tux Machines

OSS Leftovers

  • cairo release 1.16.0 now available
    After four years of development since 1.14.0, version 1.16.0 of the cairo 2D graphics library has been released.
  • Cairo 1.16 Released With OpenGL ES 3.0 Support, Colored Emojis
    It's been four years since the debut of the Cairo 1.14 stable series and today that has been succeeded by Cairo 1.16. Cairo, as a reminder, is the vector graphics library for 2D drawing and supports back-ends ranging from OpenGL to PDF, PostScript, DirectFB, and SVG outputs. Cairo is used by the likes of the GTK+ tool-kit, Mozilla's Gecko engine, Gnuplot, Poppler, and many other open-source projects.
  • Open source MDM offers flexibility, with challenges
    Open source platforms may require more effort from IT than commercial products do, but they can also address an organization's specific requirements -- if the company is willing to invest in the necessary resources. The open source mobile device management (MDM) market is very limited, but there are a few options. If organizations determine that an open source platform is worth the effort, then they can weigh a few different options for open source MDM tools.
  • Three-Year Moziversary
    Another year at Mozilla. They certainly don’t slow down the more you have of them. For once a year of stability, organization-wise. The two biggest team changes were the addition of Jan-Erik back on March 1, and the loss of our traditional team name “Browser Measurement II” for a more punchy and descriptive “Firefox Telemetry Team.”
  • Citus Data donates 1% equity to non-profit PostgreSQL orgs
    There’s open source and there’s open source. There’s genuine free and open source software (FOSS) and then there’s largely locked down proprietary non-dynamic library open source that is generally supplied as a commercially supported version of an open source kernel base that doesn’t see whole lot of real world code commits — and, no, there’s no acronym for that. Then, there’s other ways of evidencing real open openness such as non-technical contributions (could be language translation/localisation etc.) and then there’s plain old contributions. Scale-out Postgres database technologies ​​​​Citus Data is donating 1 percent of its equity to non-profit PostgreSQL organisations in the US and Europe.
  • Pagely NorthStack Makes WordPress Serverless
    WordPress is getting the serverless treatment, thanks to a new effort from managed WordPress hosting provider Pagely. The new NorthStack platform disaggregates the usual stack that WordPress requires into a series of services that largely run on serverless infrastructure at Amazon Web Services (AWS). The NorthStack effort is an attempt to lower the fixed costs and infrastructure needed to deploy and run WordPress. "WordPress itself is based on 12-year-old code. It does not want to be in a serverless environment," Joshua Strebel, CEO of Pagely, told eWEEK. "WordPress wants to live on one AWS EC2 node up next to its database with everything all contained in it."
  • Why Open Source Healthcare is Vital for Innovation
    Dana Lewis’ story is far from being a rarity. The diabetes industry is one of the worst offenders for overcharging or price gouging medication and equipment for patients. This is leading many individuals to take the same path as Dana Lewis. Open source platforms like OpenAPS, GitHub pages, and social media offer DIYers step-by-step instructions on how to build their own artificial pancreas tools. Kate Farnsworth built a DIY monitor device that keeps blood sugar levels of her diabetic daughter in constant check This tool, that has dramatically improved the life of a 15-year-old Sydney, cost her mom just $250.
  • The EU has approved Microsoft’s $7.5 billion GitHub acquisition
     

    Microsoft’s upcoming $7.5 billion acquisition of GitHub has cleared another major hurdle: the EU has approved the deal after determining that there are no antitrust concerns in Microsoft buying the popular open-source software repository, via the Financial Times.  

  • EU watchdog waves through Microsoft's GitHub takeover
     

    The EC noted that, in making its decision, it probed whether Microsoft would leverage the popularity of GitHut to boost sales of its own DevOps tools and cloud services, and looked into whether Microsoft would have the ability and incentive to further integrate its own DevOps tools and cloud services with GitHub while limiting integration with third parties' DevOps tools and cloud services.

  • Microsoft’s $7.5BN GitHub buy gets green-lit by EU regulators
     

    The Commission decided Microsoft would have no incentive to undermine the GitHub’s openness — saying any attempt to do so would reduce its value for developers, who the Commission judged as willing and able to switch to other platforms.

  • EU clears Microsoft acquisition of GitHub
  • Doing your civic duty one line of code at a time
    When it comes to doing our civic duty in today's technologically driven world, there is a perception that we don't care like older generations did. History teaches us that in the early 20th century's New Deal, Americans stepped up to the nation's challenges on a wide range of government-financed public works projects. Airport construction. Infrastructure improvements. Building dams, bridges, hospitals. This was more than just individuals "pulling themselves up by their bootstraps" but, by design, performing incredible civic duties. Quite an amazing feat when you think about it.

Security: U.S. CMS Breach and New Security Woes for Popular 'IoT' Protocols

  • U.S. CMS says 75,000 individuals' files accessed in data breach
  • CMS Responding to Suspicious Activity in Agent and Broker Exchanges Portal

    At this time, we believe that approximately 75,000 individuals’ files were accessed. While this is a small fraction of consumer records present on the FFE, any breach of our system is unacceptable.

  • New Security Woes for Popular IoT Protocols
    Researchers at Black Hat Europe will detail denial-of-service and other flaws in MQTT, CoAP machine-to-machine communications protocols that imperil industrial and other IoT networks online. Security researcher Federico Maggi had been collecting data – some of it sensitive in nature – from hundreds of thousands of Message Queuing Telemetry Transport (MQTT) servers he found sitting wide open on the public Internet via Shodan. "I would probe them and listen for 10 seconds or so, and just collect data from them," he says. He found data on sensors and other devices sitting in manufacturing and automotive networks, for instance, as well as typical consumer Internet of Things (IoT) gadgets. The majority of data, Maggi says, came from consumer devices and sensors or was data he couldn’t identify. "There was a good amount of data from factories, and I was able to find data coming from pretty expensive industrial machines, including a robot," he says.

BSD: FreeBSD 12.0 Beta and Upgrading OpenBSD with Ansible

Graphics: XRGEARS and Arcan's Latest

  • XRGEARS: Infamous "Gears" Now On VR Headsets With OpenHMD, Vulkan
    Well, the virtual reality (VR) demo scene is now complete with having glxgears-inspired gears and Utah teapot rendering on VR head mounted displays with the new XRGEARS. Kidding aside about the gears and teapot, XRGEARS is a nifty new open-source project with real value by Collabora developer Lubosz Sarnecki. XRGEARS is a standalone VR demo application built using the OpenHMD initiative for tracking and Vulkan for rendering. XRGEARS supports both Wayland and X11 environments or even running off KMS itself. This code also makes use of VK_EXT_direct_mode_display with DRM leasing.
  • Arcan versus Xorg – Approaching Feature Parity
    This is the first article out of three in a series where I will go through what I consider to be the relevant Xorg feature set, and compare it, point by point, to how the corresponding solution or category works in Arcan. This article will solely focus on the Display Server set of features and how they relate to Xorg features, The second article will cover the features that are currently missing (e.g. network transparency) when they have been accounted for. The third article will cover the features that are already present in Arcan (and there are quite a few of those) but does not exist in Xorg.
  • Arcan Display Server Is Nearing Feature Parity With The X.Org Server
    The Arcan display server, which started off years ago sounding like a novelty with being a display server built off a game engine in part and other interesting features, is nearing feature parity with the X.Org Server. While most hobbyist display server projects have failed, Arcan has continued advancing and with an interesting feature set. Recently they have even been working on a virtual reality desktop and an interesting desktop in general. Arcan is getting close to being able to offering the same functionality as a traditional X.Org Server. If you are interested in a lengthy technical read about the differences between Arcan and X.Org, the Arcan developers themselves did some comparing and contrasting when it comes to the display support, windowing, input, font management, synchronization, and other areas.