Language Selection

English French German Italian Portuguese Spanish

LinuxWorld: Changes in open-source licensing

Open-source licenses are changing, causing ripples in the Linux community. However, analysts here at the LinuxWorld Summit conference predict that greater change is due for open-source development and its business models.

Before his Wednesday session on licensing issues, Steven Henry, an IP (intellectual property) attorney with the Boston-based IP specialist law firm Wolf Greenfield & Sachs PC, spoke with Ziff Davis Internet News. He said that open-source software licensing is like ice-cream: many different flavors and types.

While "one-size licensing doesn`t fit all," he pointed to market forces that are pushing open-source licenses and their development models to change and consolidate.

Enterprise Linux users say their switch to the open-source operating system brought big cost savings and reliable security. Click here to read more.

Henry observed that the GNU GPL (General Public License) is now being rewritten by Eben Moglen, the legal counsel for the FSF (Free Software Foundation) and others. No date has been set for this Version 3 of the license.

Rewriting the GPL, however, will not be a quick process, and the process may be complicated. According to Moglen, the minimum time for such a process is a year and the closure date is undetermined.

In particular, Henry said that dealing with patent issues will be critical for the new GPL. Unfortunately, patent and the "proprietary rights [that go with them] are the elephant in the room," he said. "Proprietary right issues must be dealt with if open source is to survive." For example, he said Sun Microsystems Inc.`s CDDL (Common Development and Distribution License) is open only to the point where developers start trying to take advantage of it being open-source. "The CDDL is clearly completely incompatible with GPL," Henry said.

This was an understandable business decision, Henry continued. "Companies aren`t going to throw away their patent rights. They want to gain something."

Meanwhile, the Open Source Initiative recently acknowledged that there are simply too many open-source licenses. And a number of developers confirmed to Ziff Davis Internet News that it`s simply beyond them to keep track of the various requirements placed on them when using software that`s covered by two or more open-source licenses.

While some companies, Henry said, make an effort for the legal department to oversee the use of any outside code, he`s not sure how well that policy is being followed in practice.

Some developers in businesses, however, said they weren`t especially worried about being sued for their use of open-source code.

Josh Levine, the chief technology and operations officer for E-Trade Financial Corp., said that while there had been some risk of lawsuits (because of The SCO Group Inc.`s threats) around Linux for a while, "it`s no longer high on the legal department`s radar."

At the Retail Linux Solutions conference in Chicago this week, Harry Roberts, CIO and senior vice president for Boscov`s Department Store LLC, told the handful of attendees that the legal issues that SCO had raised with regard to Linux "is now less of a concern than it was a year ago as SCO is unlikely to still be around," he said.

While there was speculation that there could be additional patent and copyright suites against Linux, "we see this as a minor risk," Roberts said.In addition, open-source software companies that check code for licensing violations such as Black Duck Software Inc. are helping to settle the minds of worried CIOs.

There is a far more significant "risk" to open-source developers, according to Henry. With the embrace of open-source by big business, cultural changes are coming along with the adoption. "Open-source is no longer a grass-roots movement. It has been co-opted," he said.

Because of this change, open-source software is no longer developed by communities using Eric Raymond`s bazaar model of development.
"The idea that a software community is there for all open-source projects is no longer true," said Henry. Instead, companies now employ developers to write open-source programs.

In these cases, "if a company that makes an open-source package abandons it, it`s abandoned."

In five years, Henry predicted that open-source revenue will overcome the free software religion. "Linux might be the first, biggest and perhaps only major bazaar-style open-source development project to get traction in the commercial sector," he said.

In the future, open-source and proprietary programs will be competing on an even playing field and there will be little difference between how they will be developed, he said.

As a result of the enterprise`s penetration of open source, the open-source licenses will change as well. Exactly how this change will play out isn`t clear, but Henry expects "economics to prevail over doctrine."

One shape this might take, according to Steve Garone, vice president and senior analyst for the research house Ideas International Ltd., is Sun`s CDDL. "Sun just might be on the right path," he said.

UPI

More in Tux Machines

Leftovers: Ubuntu

  • Budgie-Remix Makes Progress With Ubuntu 16.10 Base, Beta 2 Released
    Budgie-Remix, the unofficial Ubuntu spin making use of the Budgie Desktop, has released its 16.10 Beta 2 milestone following this week's Yakkety Yak Beta 2 release. Budgie-Remix is re-based to the latest Ubuntu 16.10 Yakkety package changes. In addition, a number of the Budgie-0Remix packages have been working their way into Debian proper and thus are available to Ubuntu 16.10 users via the official channels. Now available this way is the budgie-desktop package, Moka icon theme, Faba icon theme, and the Arc theme. The Ubuntu repository has also pulled in the Budgie artwork and wallpaper packages too.
  • Yakkety Yak Final Beta Released
  • Canonical Launches Commercial Support for Kubernetes
    Canonical, the lead commercial vendor behind the open-source Ubuntu Linux operating system, is getting into the Kubernetes market. Canonical now offers a freely available implementation of Kubernetes as well as commercial-support options. "I have no doubt that Kubernetes will be one of the major container co-ordination systems," Mark Shuttleworth, founder of Ubuntu, told ServerWatch.
  • [How To] Build an Ubuntu Controlled Sous-Vide Cooker
    I’ll be honest with you from the off: I had zero idea what sous-vide cooking was before I started writing this post. Wikipedia dutifully informs me that’s Sous-Vide is a style of cooking that involves a vacuum, bags, and steam.
  • Mintbox Mini Pro Linux Mini PC Launches For $395
    This week a new version of the popular Mintbox Mini Linux PC has been launched for $395 in the form of the Mintbox Mini Pro which is now equipped with 120 GB of SSD mSATA together with 64-bit AMD A10-Micro6700T system-on-a-chip with Radeon R6 graphics and features 8GB of DDR3L. The latest Mintbox Mini Pro is shipped preloaded with the awesome Linux Mint 18 operating system and includes a microSD card slot a serial port, and a micro SIM card reader. The new Mintbox Mini Pro is the same size as the original and measures 4.3 x 3.3 x 0.9 inches in size and weighs in at around 255g. The Linux mini PC incorporates a fanless design and features an all-metal case made of aluminium and zinc.

Leftovers: OSS and Sharing

  • Minijail: Running Untrusted Programs Safely by Jorge Lucangeli Obes, Google
  • Minijail: Google’s Tool To Safely Run Untrusted Programs
    Google’s Minijail sandboxing tool could be used by developers and sysadmins to run untrusted programs safely for debugging and security checks, according to Google Software Engineer Jorge Lucangeli Obes, who spoke last month at the Linux Security Summit. Obes is the platform security lead for Brillo, Google's Android-based operating system for Internet-connected devices. Minijail was designed for sandboxing on Chrome OS and Android, to handle “anything that the Linux kernels grew.” Obes shared that Google teams use it on the server side, for build farms, for fuzzing, and pretty much everywhere. Since “essentially one bug separates you and any random attacker,” Google wanted to create a reliable means to swiftly identify problems with privileges and exploits in app development and easily enable developers to “do the right thing.” The tool is designed to assist admins who struggle with deciding what permissions their software actually needs, and developers who are vexed with trying to second guess which environment the software is going to run in. In both cases, sandboxing and privilege dropping tends to be a hit or miss affair. Even when developers use the privilege dropping mechanisms provided by the Linux kernel, sometimes things go awry due to numerous pitfalls along that path. One common example Obes cited was trying to ride a switch user function that will drop-root and then forgetting to check the result of the situation relief, or setuid function, afterwards.
  • Intel and Cloudera Give Apache an Open Source Data/Security Tool
    For the past year, we've taken note of the many Big Data projects that the Apache Software Foundation has been elevating to Top-Level Status. The organization incubates more than 350 open source projects and initiatives, and has squarely turned its focus to Big Data and developer-focused tools in recent months. As Apache moves Big Data projects to Top-Level Status, they gain valuable community support. Recently, the foundation announced that Apache Kudu has graduated from the Apache Incubator to become a Top-Level Project (TLP). Kudu is an open source columnar storage engine built for the Apache Hadoop ecosystem designed to enable flexible, high-performance analytic pipelines. And, Apache Twill has graduated as well. Twill is an abstraction over Apache Hadoop YARN that reduces the complexity of developing distributed Hadoop applications, allowing developers to focus more on their application logic. In another Apache-related Big Data move, Cloudera and Intel have announced that they've contributed a new open-source project to the Apache Software Foundation targeted at using Big Data analytics and machine learning for cybersecurity.
  • Twitter Open Sources Stream Processing Engine Heron
    Twitter announced the open sourcing of Heron, a stream-processing engine that is a successor to Apache Storm. Heron is backwards compatible with Apache Storm, which eases its adoption amongst developers. Heron has replaced Apache Storm as the stream data processing engine inside Twitter due to its scalability, debug-ability, ability to work in a shared cluster infrastructure and better performance. A comprehensive list of features is listed in the documentation.
  • Tencent: Transforming Networks with SDN
    “SDN can really transform the way we do networks,” said Tom Bie, VP of Technology & Operation of Data Center, Networking and Server, Tencent, during his Wednesday keynote address at the Open Daylight Summit. The China telecom giant should know about the issues of massive scale networks: they have more than 200 million users for QQ instant messaging, 300 million users of their payment service, and more than 800 million users of their VChat service. Bie noted that Tencent also operates one of the largest gaming networks in the world, along with video services, audio services, online literature services, news portals, and a range other digital content services.
  • The Second Wave of Platforms, an Interview with Cloud Foundry’s Sam Ramji
    In today’s world of platforms, services are increasingly connected. In the past, PaaS offerings were pretty much isolated. It’s that new connected infrastructure that is driving the growth of Cloud Foundry, the open source, service-oriented platform technology. Sam Ramji is CEO of Cloud Foundry, which is holding its European event in Frankfurt this week. At the conference, we spoke with Ramji to discuss, among other topics:
  • How to Find Your First OpenStack Job
  • LibreOffice 5.2.2 Now Available to Download
  • EC approves Slovenia courts data exchange solution
    First CEF AS4-compliant b2b solution developed as open source by a public administration The European Commission has tested and approved Laurentius, an eDelivery court documents and case exchange solution compliant with the AS4 profile of the OASIS ebMS standard. In September, Laurentius passed all tests by the EC’s Connecting Europe Facility (CEF) for its so-called “e-SENS AS4 conformant solutions”.
  • SDL 2.0.5 Is Readying For Release: Relative Mouse Mode For Wayland/Mir, Audio Capture
    SDL 2.0 point releases have ranged from being a few months apart to as much as two years apart. Fortunately, SDL 2.0.5 is now being put together for release just nine months after SDL 2.0.4. With the Mercurial repository, Sam Lantinga bumped the version in preparation for the SDL 2.0.5 release. The SDL 2.0.5 release hasn't officially happened yet, but it should be here soon.
  • Open standards default at Slovenia supreme court
    The use of open ICT standards is an IT requirement at Slovenia’s Supreme Court, responsible for the IT support of the entire court system in the country. The Supreme Court’s IT department has a strong preference for the development of modular, reusable software solutions. This strategy provides agility and flexibility, says Bojan Muršec, director of IT. The focus on open standards frees up the IT department to concentrate on the business, Muršec says. The IT department takes the modular approach serious: the first reusable module ever developed by the court - a court documents dispatch and delivery system - is re-used by all IT systems across the courts. “Making everything reusable prevents creation of silos in the organisation”, the IT director says. A positive side effect of the IT strategy is that the court uses mostly open source software solutions. This in turn helps to keep IT costs down, says the IT director, who estimates that the court saves EUR 400 to 500 thousand per year on licence fees: “The cost of proprietary licences always goes up.”
  • Why there is no CSS4 - explaining CSS Levels
    We had CSS1, and CSS2. We even had CSS2.1 and we then moved onto CSS3 – or did we? This post is a quick explanation of how CSS is versioned today. CSS versions 1 and 2 were monolithic specifications. All of CSS was included in one massive document. Selectors, positioning, colour – it was all in there. The problem with monolithic specifications is that in order to finish the spec, every component part also has to be finished. As CSS has grown in complexity, and new features are added, it doesn’t make sense to draw a line at which all work is stopped on all parts of CSS in order to declare that CSS version finished. Therefore, after CSS2.1 all the things that had been part of the 2.1 specification were broken down into modules. As the new CSS modules included all that had gone before plus any new features, they all came into being at Level 3. Hence CSS3, and people like me who understood CSS as a single specification referred to the group of Level 3 modules as “CSS3”.

Security Leftovers

  • Linux.Mirai Trojan causing mayhem with DDoS attacks
    A Trojan named Linux.Mirai has been found to be carrying out DDoS attacks. The malicious program first appeared in May 2016, detected by Doctor Web after being added to its virus database under the name Linux.DDoS.87. The Trojan can work with with the SPARC, ARM, MIPS, SH-4, M68K architectures and Intel x86 computers.
  • Don't Hide DRM in a Security Update
    Over 10,000 of you have joined EFF in calling on HP to make amends for its self-destructing printers in the past few days. Looks like we got the company’s attention: today, HP posted a response on its blog. Apparently recognizing that its customers are more likely to see an update that limits interoperability as a bug than as a feature, HP says that it will issue an optional firmware update rolling back the changes that it had made. We’re very glad to see HP making this step. But a number of questions remain. First, we’d like to know what HP’s plans are for informing users about the optional firmware update. Right now, the vast majority of people who use the affected printers likely do not know why their printers lost functionality, nor do they know that it’s possible to restore it. All of those customers should be able to use their printers free of artificial restrictions, not just the relatively few who have been closely following this story.
  • 6 Ways Driverless Cars Are Going To Kill Lots Of People
    You've probably read a few articles about driverless cars over the past couple of years. The technology is coming along quickly, with fleets of test cars already on the roads in some states. It seems like soon we'll achieve the American dream of stuffing our faces and texting all we want while still managing to avoid public transportation. But the reality is quite different. We're diving into this technology a little too quickly and ignoring all the warning signs about how we are going to screw up on the way to Driverless Car Utopia.

Red Hat and Fedora

  • Red Hat Inc. (RHT) Downgraded by Zacks Investment Research to “Hold”
  • Earnings Estimate Report: Intel Corporation (NASDAQ:INTC) , Red Hat, Inc. (NYSE:RHT)
  • Switched to HTTPS
    Perhaps you already noticed it, I have switched all the sites for a secured browsing using HTTPS. So, new addresses are: https://blog.remirepo.net/ for this Blog (with an automatic and permanent redirection) https://forum.remirepo.net/ for the Forum (with an automatic and permanent redirection) https://rpms.remirepo.net/ for the Repository, but classical address stay available.
  • Fedora Hubs: Getting started
    Fedora Hubs provides a consistent contributor experience across all Fedora teams and will serve as an “intranet” page for the Fedora Project. There are many different projects in Fedora with different processes and workflows. Hubs will serve as a single place for contributors to learn about and contribute to them in a standardized format. Hubs will also be a social network for Fedora contributors. It is designed as one place to go to keep up with everything and everybody across the project in ways that aren’t currently possible.