Language Selection

English French German Italian Portuguese Spanish

Legal

Limiting Free Licences and New FUD From Veracode/CA

Filed under
OSS
Security
Legal
  • ​Javascript Tool Maker Relents After Mixing Immigration Politics with Open Source Licensing

    In very short order, Lerna, a company that offers some Javascript tooling, has learned the hard way not to mess with the integrity of an open source license. In other words, don’t decide you’re going to take an existing OSI-certified open source license, modify it to suit your agenda, license your code under the newly derived license, and still continue to refer to your offering as "open source.”

    First, this analysis piece is really just a follow up to my previous post about why it’s time to reject the latest attack on open source software (OSS). The main point of that post was to point out that all of us who have experienced the benefits of open source (ok, that’s nearly all human beings) should play a role in defending it. Otherwise, it will whither and so too will the benefits most of us have come to enjoy, blind to the fact that open source is playing such an important role in our lives.

  • Does Redis' Commons Clause threaten open-source software?
  • Get a Jump on Reducing Your Open Source Software Security Risks [Ed: Anti-FOSS firm Veracode/CA pays IDG for spam which stigmatises FOSS as lacking security]

It's Time To Reject The Latest Attack On Open Source Software

Filed under
OSS
Legal

Open source software is under attack. Again. And so it's beholden on all of us to take a stand before the current scourge marginalizes the wonderous benefits of open source (which accrue to every human) and the organization which looks after both the sanctity of the open source movement and the integrity of the licenses behind it: the Open Source Initiative.

Whether you know it or not, all humans are the beneficiaries of open source software in almost everything we do in our digital lives. Most of everything we use -- the smartphones, the cable modem routers, our desktops and laptops, the Web sites and services we access, the APIs at work under the hood of it all -- is built using open source software (in all or in part). It can be easily argued that all of our user experiences would be a lot suckier and slower were it not for the open source model and how it drives innovation (much of it charitable) which trickles into every digital moment without exception. Some experiences that add value to our lives might not exist at all were it not for open source.

Read more

Also: Open Source Devs Reverse Decision to Block ICE Contractors From Using Software

Licensing/Legal: Public Money, Public Code and Linux Foundation Stuff

Filed under
OSS
Legal
  • Software created using taxpayers’ money should be Free Software

    It might seem obvious that software created using tax money should be available for everyone to use and improve. Free Software Foundation Europe recentlystarted a campaign to help get more people to understand this, and I just signed the petition on Public Money, Public Code to help them. I hope you too will do the same.

  • Major Open Source Project Revokes Access to Companies That Work with ICE [iophk: "former open source now ... however, it is their code and they can change the license"]

     

    On Tuesday, the developers behind a widely used open source code-management software called Lerna modified the terms and conditions of its use to prohibit any organization that collaborates with ICE from using the software. Among the companies and organizations that were specifically banned were Palantir, Microsoft, Amazon, Northeastern University, Motorola, Dell, UPS, and Johns Hopkins University.  

  • Solving License Compliance at the Source: Adding SPDX License IDs

    Accurately identifying the license for open source software is important for license compliance. However, determining the license can sometimes be difficult due to a lack of information or ambiguous information. Even when there is some licensing information present, a lack of consistent ways of expressing the license can make automating the task of license detection very difficult, thus requiring significant amounts of manual human effort. There are some commercial tools applying machine learning to this problem to reduce the false positives, and train the license scanners, but a better solution is to fix the problem at the upstream source.

    In 2013, the U-boot project decided to use the SPDX license identifiers in each source file instead of the GPL v2.0 or later header boilerplate that had been used up to that point. The initial commit message had an eloquent explanation of reasons behind this transition.

  • Arm and Facebook join Yocto Project

    Arm and Facebook have joined Intel and TI as Platinum members of the Yocto Project for embedded Linux development. Meanwhile, the Linux Foundation announced 47 new Silver members.

    The Linux Foundation’s seven-year old Yocto Project was originally an Intel project, and the chipmaker has continued to nurture it over the years. Yet, the Yocto Project’s collection of open source templates, tools, and methods for creating custom embedded Linux-based systems was quickly embraced by the Arm world as well as x86. Now, the technology’s presence in Arm Linux has been reinforced at the membership level with Arm and Facebook joining Intel and Texas Instruments as Platinum members. In other news, the Linux Foundation announced 51 new Silver and Associate members (see farther below).

  • Google Hands Off Kubernetes to the Cloud Native Computing Foundation, Kinetica Joins Automotive Grade Linux, NordVPN Releases NordVPN Linux App, Storj Labs Announces The Open Source Partner Program and Update on Librem 5 Phone

    Google is handing over control of the Kubernetes project to the Cloud Native Computing Foundation. According to the TechCrunch post, Google is providing the foundation $9 million in Google Cloud credits to help cover the costs of building, testing and distributing the software.

Redis modules and the Commons Clause

Filed under
OSS
Legal

The "Commons Clause", which is a condition that can be added to an open-source license, has been around for a few months, but its adoption by Redis Labs has some parts of the community in something of an uproar. At its core, using the clause is meant to ensure that those who are "selling" Redis modules (or simply selling access to them in the cloud) are prohibited from doing so—at least without a separate, presumably costly, license from Redis Labs. The clause effectively tries to implement a "no commercial use" restriction, though it is a bit more complicated than that. No commercial use licenses are not new—the "open core" business model is a more recent cousin, for example—but they have generally run aground on a simple question: "what is commercial use?"

Redis is a popular in-memory database cache that is often used by web applications. Various pieces of it are licensed differently; the "Redis core" is under the BSD license, some modules are under either Apache v2.0 or MIT, and a handful of modules that Redis Labs created are under Apache v2.0, now with Commons Clause attached. Cloud services (e.g. Amazon AWS, Microsoft Azure, Google Compute Engine, and other smaller players) provide Redis and its modules to their customers and, naturally, charge for doing so. The "charge" part is what the adoption of the clause is trying to stamp out—at least without paying Redis Labs.

Read more

Copyrights on APIs (Java) Update

Filed under
Development
Legal
  • No do-overs! Appeals court won’t hear $8.8bn Oracle v Google rehash

    Over eight years of feuding between Oracle and Google over the use of Java code in Android may be nearing its end following a Tuesday court ruling.

    The US Federal Circuit Court of Appeals has declined [PDF] to re-hear the case in which it found Google to be in violation of Oracle’s copyright on Android API code. The Chocolate Factory faces a demand from Oracle for $8.8bn in damages.

    Tuesday’s ruling means that the only remaining hope for Google to avoid a massive payout to Oracle is a hearing and decision from the US Supreme Court, something Google said it will pursue after today's verdict.

    "We are disappointed that the Federal Circuit overturned the jury finding that Java is open and free for everyone," Google told The Register.

  • Federal Circuit denies Oracle v Google en banc rehearing

    Google has already said it will appeal to the Supreme Court in the latest development in the dispute over unauthorised use of 37 packages of Oracle’s Java application programming interface

Open-source licensing war: Commons Clause

Filed under
OSS
Legal

Most people wouldn't know an open-source license from their driver's license. For those who work with open-source software, it's a different story. Open-source license fights can be vicious, cost serious coin, and determine the fate of multi-million dollar companies. So, when Redis Labs added a new license clause, Commons Clause, on top of Redis, an open-source, BSD licensed, in-memory data structure store, all hell broke loose.

Why? First, you need to understand that while you may never have heard of Redis, it's a big deal. It enables real-time applications such as advertising, gaming financial services, and IoT to work at speed. That's because it can deliver sub-millisecond response times to millions of requests per second.

But Redis Labs has been unsuccessful in monetizing Redis, or at least not as successful as they'd like. Their executives were discovering, like the far more well-known Docker, that having a great open-source technology did not mean you'd be making millions. Redis' solution was to embrace Commons Clause.

Read more

GPL Violations Cost Creality a US Distributor

Filed under
OSS
Legal

One of the core tenets of free and open source software licenses is that you’re being provided source code for a project with the hope that you’ll “pay it forward” if and when you utilize that code. In fact some licenses, such as the GNU Public License (GPL), require that you keep the source code for subsequent spin-offs or forks open. These are known as viral licenses, and the hope is that they will help spread the use of open source as derivative works can’t turn around and refuse to release their source code.

Read more

Deutsche Bahn Intercity software under EUPL

Filed under
OSS
Legal

This software, distributed under the EUPL, is the open European Train Control System (OpenETCS), the signalling and control component of the European Rail Traffic Management System (ERTMS). It is kind of positive train control, replacing the many incompatible safety systems previously used by European railways. It is becoming a standard that was also adopted outside Europe and is an option for worldwide application. It is managed by the European Union Agency for Railways (ERA) and it is a legal requirement that all new, upgraded or renewed tracks and rolling stock in the European railway system should adopt it, possibly keeping legacy systems for backward compatibility

Read more

The Commons Clause – Helpful New Tool or the End of the Open Source as We Know it?

Filed under
Legal

Almost nothing inspires a spirited discussion among the open source faithful as much as introducing a new open source license, or a major change in an existing license’s terms. In the case of version 3 of the GPL, the update process took years and involved dozens of lawyers in addition to community members. So, it’s no surprise that the pot is already boiling over something called the “Commons Clause.” How energetically? Well, one blog entry posted yesterday was titled The Commons Clause Will Destroy Open Source. The spark that turned up the heat was the announcement the same day by RedisLabs that it was adopting the license language.

The clause itself is short (you can find it here, together with an explanatory FAQ). It was drafted by Heather Meeker, an attorney with long open source involvement, in conjunction with “a group of developers behind many of the world’s most popular open source projects.”

It’s also simple in concept: basically, it gives a developer the right to make sure no one can make money out of her code – whether by selling, hosting, or supporting it – unless the Commons Clause code is a minor part of a larger software product. In one way, that’s in the spirit of a copyleft license (i.e., a prohibition on commercial interests taking advantage of a programmer’s willingness to make her code available for free), but it also violates the “Four Freedoms” of Free and Open Source software as well as the Open Source Definition by placing restrictions on reuse, among other issues.

Read more

Stop Supreme Court nominee Kavanaugh to protect free software!

Filed under
GNU
Legal

United States Supreme Court judges serve from the time they are appointed until they choose to retire -- it's a lifetime appointment. One judge recently stepped down, and Brett Kavanaugh was nominated to fill the empty seat. He comes with a firm stance against net neutrality.

Last year he wrote:

Supreme Court precedent establishes that Internet service providers have a First Amendment right to exercise editorial discretion over whether and how to carry Internet content.

Here, Kavanaugh argues that controlling the way you use the Internet is a First Amendment right that ISPs -- companies, not people -- hold. The First Amendment, which guarantees Americans the right to free speech, freedom of the press, and freedom to congregate, is one of the most dearly-held amendments of the United States Constitution. With this statement, he says that net neutrality protections -- policies that prevent companies from "editorializing" what you see on the Web -- is a violation of the Constitution. He believes net neutrality is unconstitutional. We know he's wrong.

Read more

Also: LibreJS 7.15 released

Syndicate content

More in Tux Machines

Server: HTTP Clients, IIS DDoS and 'DevOps' Hype From Red Hat

  • What are good command line HTTP clients?
    The whole is greater than the sum of its parts is a very famous quote from Aristotle, a Greek philosopher and scientist. This quote is particularly pertinent to Linux. In my view, one of Linux’s biggest strengths is its synergy. The usefulness of Linux doesn’t derive only from the huge raft of open source (command line) utilities. Instead, it’s the synergy generated by using them together, sometimes in conjunction with larger applications. The Unix philosophy spawned a “software tools” movement which focused on developing concise, basic, clear, modular and extensible code that can be used for other projects. This philosophy remains an important element for many Linux projects. Good open source developers writing utilities seek to make sure the utility does its job as well as possible, and work well with other utilities. The goal is that users have a handful of tools, each of which seeks to excel at one thing. Some utilities work well independently. This article looks at 4 open source command line HTTP clients. These clients let you download files over the internet from the command line. But they can also be used for many more interesting purposes such as testing, debugging and interacting with HTTP servers and web applications. Working with HTTP from the command-line is a worthwhile skill for HTTP architects and API designers. If you need to play around with an API, HTTPie and curl will be invaluable.
  • Microsoft publishes security alert on IIS bug that causes 100% CPU usage spikes
    The Microsoft Security Response Center published yesterday a security advisory about a denial of service (DOS) issue impacting IIS (Internet Information Services), Microsoft's web server technology.
  • 5 things to master to be a DevOps engineer
    There's an increasing global demand for DevOps professionals, IT pros who are skilled in software development and operations. In fact, the Linux Foundation's Open Source Jobs Report ranked DevOps as the most in-demand skill, and DevOps career opportunities are thriving worldwide. The main focus of DevOps is bridging the gap between development and operations teams by reducing painful handoffs and increasing collaboration. This is not accomplished by making developers work on operations tasks nor by making system administrators work on development tasks. Instead, both of these roles are replaced by a single role, DevOps, that works on tasks within a cooperative team. As Dave Zwieback wrote in DevOps Hiring, "organizations that have embraced DevOps need people who would naturally resist organization silos."

Purism's Privacy and Security-Focused Librem 5 Linux Phone to Arrive in Q3 2019

Initially planned to ship in early 2019, the revolutionary Librem 5 mobile phone was delayed for April 2019, but now it suffered just one more delay due to the CPU choices the development team had to make to deliver a stable and reliable device that won't heat up or discharge too quickly. Purism had to choose between the i.MX8M Quad or the i.MX8M Mini processors for their Librem 5 Linux-powered smartphone, but after many trials and errors they decided to go with the i.MX8M Quad CPU as manufacturer NXP recently released a new software stack solving all previous power consumption and heating issues. Read more

Qt Creator 4.9 Beta released

We are happy to announce the release of Qt Creator 4.9 Beta! There are many improvements and fixes included in Qt Creator 4.9. I’ll just mention some highlights in this blog post. Please refer to our change log for a more thorough overview. Read more

Hack Week - Browsersync integration for Online

Recently my LibreOffice work is mostly focused on the Online. It's nice to see how it is growing with new features and has better UI. But when I was working on improving toolbars (eg. folding menubar or reorganization of items) I noticed one annoying thing from the developer perspective. After every small change, I had to restart the server to provide updated content for the browser. It takes few seconds for switching windows, killing old server then running new one which requires some tests to be passed. Last week during the Hack Week funded by Collabora Productivity I was able to work on my own projects. It was a good opportunity for me to try to improve the process mentioned above. I've heard previously about browsersync so I decided to try it out. It is a tool which can automatically reload used .css and .js files in all browser sessions after change detection. To make it work browsersync can start proxy server watching files on the original server and sending events to the browser clients if needed. Read more