Language Selection

English French German Italian Portuguese Spanish

Legal

Open-source civil war: Olive branch offered in trademark spat... with live grenade attached

Filed under
GNU
Legal

A few days before the Christmas holiday, the Software Freedom Law Center (SFLC) made a peace offering of sorts in an ostensible effort to resolve its trademark dispute with the Software Freedom Conservancy (SFC).

In September last year, SFLC sued the SFC claiming that the SFC trademark "Software Freedom Conservancy" is confusingly similar to the SFLC's "Software Freedom Law Center" trademark.

The SFLC was formed in 2005 to provide legal services for open-source projects. And in 2006, it helped set up the SFC, so it could provide infrastructure support – including legal services – for open-source developers.

That shared history and similarity of purpose has made the intellectual property dispute between two organizations rather confusing to folks in the open source community.

Read more

Multiple-guess quiz will make Brit fliers safer, hopes drone-maker DJI

Filed under
GNU
Security
Legal

Meanwhile, security researcher Jon Sawyer has published a root exploit for DJI drones called DUMLRacer. It would appear to allow the technically competent dronie to completely ignore DJI's height and location restrictions, which form a large part of its please-don't-regulate-us-out-of-existence offering to governments around the world.

In his tweet announcing the release, Sawyer said: "Dear DJI, next time I ask for some GPL source code, maybe don't tell me no."

At the heart of DJI's software is GNU General Public Licensed (open source) code. While the firm does publish some of its source code, as previously reported, the company is not exactly clear about what elements of its drones' firmware are based on GPL-licensed code. The GPL contains a provision stating that anyone can modify GPL-licensed code provided that the source of any publicly available modded version is also made public, as the GPL FAQ makes clear.

Read more

Grsecurity SLAPP Case Defeated

Filed under
GNU
Security
Legal
  • Kernel hardening group's suit against open source advocate thrown out

    A judge in San Francisco has granted a motion by noted open source advocate Bruce Perens to dismiss a defamation suit filed against him by Grsecurity, a group that supplies a patch for hardening the Linux kernel.

    Magistrate judge Laurel Beeler agreed to Perens' (right, below) motion on Thursday but denied his bid to invoke the anti-SLAPP (Strategic Lawsuit Against Public Participation) law in California.

    This law deals with legal complaints that are directed at stopping public discussion and free speech. California put in place an anti-SLAPP law in 1992.

  • Court Throws Out Libel Lawsuit Brought by Open Source Security

    The defendant Bruce Perens -- who is a respected programmer known for his founding of the Open Source Initiative -- criticized OSS's business model for distributing its security patches on the ground that it violated the open-source license and thus potentially subjected users to liability for copyright infringement or breach of contract. The plaintiffs [sued, basically for defamation -EV]....

Conservancy: How and Why We Should Settle

Filed under
Legal

Yesterday marks three years that I have been trying to negotiate a peaceful settlement with my ex-employees, Karen Sandler and Bradley Kuhn, of various complaints SFLC and I have about the way they treat us. After all this time when they would not even meet with us to discuss our issues, the involvement of the Trademark Trial and Appeals Board in one aspect of the matter has at least created a space for structured discussion. Intermediaries both organizations work with and trust have generously taken the opportunity to communicate our settlement proposals, and we have initiated discussion through counsel. As transparency is, indeed, a valued commitment in the free software world, we think it is now time to publish our offer:

We propose a general peace, releasing all claims that the parties have against one another, in return for an iron-clad agreement for mutual non-disparagement, binding all the organizations and individuals involved, with strong safeguards against breach. SFLC will offer, as part of such an overall agreement, a perpetual, royalty-free trademark license for the Software Freedom Conservancy to keep and use its present name, subject to agreed measures to prevent confusion, and continued observance of the non-disparagement agreement.

Read more

Also: Conservancy's Executive Director Delivers Keynote Address at Swatantra '17

Open-source community stresses worries on new Copyright Directive in open letter to EU

Filed under
OSS
Legal

This week, more than 80 organisations involved in open source software wrote an open letter to the Council of the EU and the European Commission expressing their concerns on the new Copyright Directive as it is currently proposed. According to the signatories, Article 13 in particular will cause irreparable damage to their fundamental rights and freedoms, their economy and competitiveness, their education and research, their innovation and competition, their creativity and their culture.

Article 13 obliges Internet service providers that store and provide public access to large amounts of works or other subject matter uploaded by their users to ensure the functioning of agreements concluded with rightholders. Where such agreements do not apply, service providers must prevent the availability of the rightholders' intellectual property on the service. To that purpose, service providers should cooperate with rightholders and implement measures such as the use of effective content recognition technologies.

Read more

GPL Predictability

Filed under
OSS
Legal
  • Tech leaders team up to improve predictability in open source licencing

    Red Hat, Inc., Facebook, Inc., Google, and IBM Corp. are joining forces to help alleviate open source licence issues, including compliance errors and mistakes.

    The GNU General Public Licence (GPL) and GNU General Public Licence (LGPL) are two of the most common open source software licences, covering almost all software, including parts of the Linux system. The third version of GPL (GPLv3) includes an express termination approach that gives users the opportunities to fix errors in licence compliance in a faster and more efficient manner than before.

    Now, the trio has committed to extending the express termination feature to the previous two versions of GPL to provide better predictability to users of open source software.

  • Four companies extend terms of open source licensing

    Google, Facebook, IBM and Red Hat have taken steps to increase the predictability of open-source licensing, extending additional rights to fix open source licence compliance errors and mistakes.

    The move follows a recent announcement by many kernel developers about licence enforcement.

    The Linux kernel, which is used widely by the four companies named, is released under the GNU General Public Licence version 2.0. A later version of this licence includes an approach that offers users an opportunity to comply with the licence.

  • Adopting a Community-Oriented Approach to Open Source License Compliance

    Today Google joins Red Hat, Facebook, and IBM alongside the Linux Kernel Community in increasing the predictability of open source license compliance and enforcement.

    We are taking an approach to compliance enforcement that is consistent with the Principles of Community-Oriented GPL Enforcement. We hope that this will encourage greater collaboration on open source projects, and foster discussion on how we can all continue to work closely together.

  • Facebook, Google, IBM and Red Hat team up on open-source license compliance

    “We are taking an approach to compliance enforcement that is consistent with the Principles of Community-Oriented GPL Enforcement. We hope that this will encourage greater collaboration on open source projects, and foster discussion on how we can all continue to work closely together,” Chris DiBona, director of open source for Google, wrote in a blog post.

  • Technology Industry Leaders Join Forces to Increase Predictability in Open Source Licensing

    Red Hat, Inc. (NYSE: RHT), Facebook, Inc. (NASDAQ: FB), Google (NASDAQ: GOOGL) and IBM (NYSE: IBM) today announced efforts to promote additional predictability in open source licensing, by committing to extend additional rights to cure open source license compliance errors and mistakes.

  • Copyleft Licensing: Applying GPLv3 Termination to GPLv2-licensed Works

    Today a coalition of major companies—led by Red Hat and including Google, IBM and Facebook—who create, modify and distribute FOSS under copyleft licenses have committed to the use of GPLv3’s approach to license termination for all their works published under the terms of GPLv2 and LGPLv2.1. Following last month’s statement to similar effect by the developers of the Linux kernel, the world’s most widely-used GPLv2 program, today’s announcement establishes a broad consensus in favor of the “notice and cure period” approach to first-time infringement issues that Richard Stallman and I adopted in GPLv3 more than a decade ago. This adoption of GPLv3’s approach for GPLv2 programs is an enormously important step in securing the long-term viability of copyleft licensing. All computer users who wish to see their rights respected by the technology they use are better off.

    GPLv2, which was written by Richard Stallman and Jerry Cohen, is a masterpiece of legal innovation and durability. First released in mid-1991, GPLv2 transformed thinking around the world about the viability of copyright commons, and gave birth to a range of “share alike” licensing institutions, not only for software but for all forms of digital culture. It is still in unmodified use after more than a quarter-century, attaining a degree of institutional stability more often associated with statutes and constitutions than with transactional documents like copyright licenses.

Technology Industry Leaders Join Forces to Increase Predictability in Open Source Licensing

Filed under
OSS
Legal

Red Hat, Facebook, Google and IBM have announced efforts to promote additional predictability in open source licensing, by committing to extend additional rights to cure open source license compliance errors and mistakes.

The GNU General Public License (GPL) and GNU Lesser General Public License (LGPL) are among the most widely-used open source software licenses, covering, among other software, critical parts of the Linux ecosystem. When GPL version 3 (GPLv3) was released, it introduced an express termination approach that offered users opportunities to cure errors in license compliance. This termination policy in GPLv3 provided a more reasonable approach to errors and mistakes, which are often inadvertent. This approach allows for enforcement of license compliance that is consistent with community norms,

To provide greater predictability to users of open source software, Red Hat, Facebook, Google and IBM today each committed to extending the GPLv3 approach for license compliance errors to the software code that each licenses under GPLv2 and LGPLv2.1 and v2.

Read more

Also: Tech leaders join forces to increase predictability in Open Source licensing

Eben Moglen is no longer a friend of the free software community

Filed under
Legal

Eben Moglen has done an amazing amount of work for the free software community, serving on the board of the Free Software Foundation and acting as its general counsel for many years, leading the drafting of GPLv3 and giving many forceful speeches on the importance of free software. However, his recent behaviour demonstrates that he is no longer willing to work with other members of the community, and we should reciprocate that.

In early 2016, the FSF board became aware that Eben was briefing clients on an interpretation of the GPL that was incompatible with that held by the FSF. He later released this position publicly with little coordination with the FSF, which was used by Canonical to justify their shipping ZFS in a GPL-violating way. He had provided similar advice to Debian, who were confused about the apparent conflict between the FSF's position and Eben's.

Read more

OpenChain and copyleft

Filed under
GNU
Legal
  • How OpenChain can transform the supply chain

    OpenChain is all about increasing open source compliance in the supply chain. This issue, which many people initially dismiss as a legal concern or a low priority, is actually tied to making sure that open source is as useful and frictionless as possible. In a nutshell, because open source is about the use of third-party code, compliance is the nexus where equality of access, safety of use, and reduction of risk can be found. OpenChain accomplishes this by building trust between organizations.

    Many companies today understand open source and act as major supporters of open source development; however, addressing open source license compliance in a systematic, industry-wide manner has proven to be a somewhat elusive challenge. The global IT market has not seen a significant reduction in the number of open source compliance issues in areas such as consumer electronics over the past decade.

    [...]

    The OpenChain Project, hosted by The Linux Foundation, is intended to make open source license compliance more predictable, understandable, and efficient for the software supply chain. Formally launched in October 2016, the OpenChain Project started three years earlier with discussions that continued at an increasing pace until a formal project was born. The basic idea was simple: Identify recommended processes for effective open source management. The goal was equally clear: Reduce bottlenecks and risk when using third-party code to make open source license compliance simple and consistent across the supply chain. The key was to pull things together in a manner that balanced comprehensiveness, broad applicability, and real-world usability.

  • Software Freedom Strategy with Community Projects

    All of those led me to understand how software freedom is under attack, in particular how copyleft in under attack. And, as I talked during FISL, though many might say that "Open Source has won", end users software freedom has not. Lots of companies have co-opted "free software" but give no software freedom to their users. They seem friends with free software, and they are. Because they want software to be free. But freedom should not be a value for software itself, it needs to be a value for people, not only companies or people who are labeled software developers, but all people.

    That's why I want to stop talking about free software, and talk more about software freedom. Because I believe the latter is more clear about what we are talking about. I don't mind that we use whatever label, as long as we stablish its meaning during conversations, and set the tone to distinguish them. The thing is: free software does not software freedom make. Not by itself. As Bradley Kuhn puts it: it's not magic pixie dust.

    Those who have known me for years might remember me as a person who studied free software licenses and how I valued copyleft, the GPL specifically, and how I concerned myself with topics like license compatibility and other licensing matters.

    Others might remember me as a person who valued a lot about upstreaming code. Not carrying changes to software openly developed that you had not made an effort to put upstream.

    I can't say I was wrong on both accounts. I still believe in those things. I still believe in the importance of copyleft and the GPL. I still value sharing your code in the commons by going upstream. But I was certaily wrong in valuing them too much. Or not giving as much or even more value to distribution efforts of getting software freedom to the users.

Copyleft and Licensing

Filed under
OSS
Legal
  • FSFE makes copyrights computer readable

    The Free Software Foundation Europe (FSFE) is proud to release its next version of our REUSE practices designed to make computers understand software copyrights and licenses.

    The REUSE practices help software developers make simple additions to license headers which make it easier for a computer to determine what license applies to the various parts of a programs source code. By following the REUSE practices, software developers can ensure their intent to license software under a particular license is understood and more readily adhered to.

    Together with the updated practices, which mostly clarify and make explicit some points, the FSFE is also releasing a set of developer tools and examples which show the REUSE practices in action. Three example repositories, together with an example walkthrough of the process used to make the cURL project REUSE compliant, are complemented with a simple tool to validate whether a program is REUSE compliant.

  • Apple Will No Longer Be Developing CUPS Under The GPL

    One decade after Apple bought out CUPS as the de facto printing system for Unix-like operating systems, they are changing the code license.

    The CUPS Common UNIX Printing System up to now had been developed under the GPLv2 license while now Apple will be switching it to the Apache 2.0 software license.

  • Software Freedom Law Center and Conservancy

    There’s been quite a bit of interest recently about the petition by Software Freedom Law Center to cancel the Software Freedom Conservancy’s trademark. A number of people have asked my views on it, so I thought I’d write up a quick blog on my experience with SFLC and Conservancy both during my time as Debian Project Leader, and since.

    It’s clear to me that for some time, there’s been quite a bit of animosity between SFLC and Conservancy, which for me started to become apparent around the time of the large debate over ZFS on Linux. I talked about this in my DebConf 16 talk, which fortunately was recorded (ZFS bit from 8:05 to 17:30).

Syndicate content

More in Tux Machines

Fedora: Updated F27 Live ISOs, Synergy 2.0, Bodhi 3.2.0, Announcing Flapjack

  • F27-20180112 Updated Live Isos Released
    The Fedora Respins SIG is pleased to announce the latest release of Updated 27 Live ISOs, carrying the 4.14.13-300 kernel.
  • synergy-2.0.0 is in Fedora updates-testing
    I have packed the latest stable version, 2.0.0, for Fedora 27, 26 and EPEL 7. No EPEL 6 update this time as it requires CXX14, which EL6 does not provide.
  • Bodhi 3.2.0 released
  • Announcing Flapjack
    Here’s a post about a tool that I’ve developed at work. You might find it useful if you contribute to any desktop platform libraries that are packaged as a Flatpak runtime, such as GNOME or KDE. Flatpak is a system for delivering desktop applications that was pioneered by the GNOME community. At Endless, we have jumped aboard the Flatpak train. Our product Endless OS is a Linux distribution, but not a traditional one in the sense of being a collection of packages that you install with a package manager; it’s an immmutable OS image, with atomic updates delivered through OSTree. Applications are sandboxed-only and Flatpak-only.
  • Flapjack Helps Developers Work On Components Inside Flatpak

Security Leftovers

  • Security updates for Wednesday
  • Latvia's e-health system hit by cyberattack from abroad
    Latvia said its new e-health system was on Tuesday hit by a large-scale cyberattack that saw thousands of requests for medical prescriptions pour in per second from more than 20 countries in Africa, the Caribbean and the European Union. No data was compromised, according to health officials, who immediately took down the site, which was launched earlier this month to streamline the writing of prescriptions in the Baltic state. "It is clear that it was a planned attack, a widespread attack—we might say a specialised one—as it emanated from computers located in various different countries, both inside the European Union and outside Europe," state secretary Aivars Lapins told reporters. "We received thousands of requests in a very short space of time. That's not the normal way the system works," he said, adding that an investigation is under way.
  • Linux Lite Developer Creates Automated Spectre/Meltdown Checker for Linux OSes
    The developer of the Ubuntu-based Linux Lite distribution has created a script that makes it easier for Linux users to check if their systems are vulnerable to the Meltdown and Spectre security flaws. As we reported last week, developer Stéphane Lesimple created an excellent script that would check if your Linux distribution's kernel is patched against the Meltdown and Spectre security vulnerabilities that have been publicly disclosed earlier this month and put billions of devices at risk of attacks.
  • Purism Releases Meltdown and Spectre Patches for Its Librem Linux Laptops
    Purism, the computer technology company behind the privacy-focused, Linux-based Librem laptops and the upcoming smartphone, released patches for the Meltdown and Spectre security vulnerabilities. The company was one of the first Linux OEMs and OS vendor to announce that it's working on addressing both the Meltdown and Spectre security exploits on his Linux laptops. Meltdown and Spectre have been unearthed in early January and they are two severe hardware bugs that put billions of devices at risk of attacks.
  • Facebook Awards Security Researchers $880,000 in 2017 Bug Bounties
    Facebook is hardly a small organization, with large teams of engineers and security professionals on staff. Yet even Facebook has found that it can profit from expertise outside of the company, which is why the social networking giant has continued to benefit from its bug bounty program. In 2017, Facebook paid out $880,000 to security researchers as part of its bug bounty program. The average reward payout in 2017 was $1,900, up from $1,675 in 2016.
  • Multicloud Deployments Create Security Challenges, F5 Report Finds

Arch Linux vs. Antergos vs. Clear Linux vs. Ubuntu Benchmarks

Last week when sharing the results of tweaking Ubuntu 17.10 to try to make it run as fast as Clear Linux, it didn't take long for Phoronix readers to share their opinions on Arch Linux and the request for some optimized Arch Linux benchmarks against Clear Linux. Here are some results of that testing so far in carrying out a clean Arch Linux build with some basic optimizations compared to using Antergos Minimal out-of-the-box, Ubuntu Server, and Clear Linux. Tests this time around were done on the Intel Core i9 7980XE system with ASUS PRIME X299-A motherboard, 4 x 4GB DDR4-3200 Corsair memory, GeForce GTX 750, and Corsair Force MP500 120GB NVMe solid-state drive. The system with 18 cores / 36 threads does make for quick and easy compiling of many Linux packages. Read more

Mozilla Leftovers

  • Making WebAssembly even faster: Firefox’s new streaming and tiering compiler
    People call WebAssembly a game changer because it makes it possible to run code on the web faster. Some of these speedups are already present, and some are yet to come. One of these speedups is streaming compilation, where the browser compiles the code while the code is still being downloaded. Up until now, this was just a potential future speedup. But with the release of Firefox 58 next week, it becomes a reality. Firefox 58 also includes a new 2-tiered compiler. The new baseline compiler compiles code 10–15 times faster than the optimizing compiler.
  • Firefox Telemetry Use Counters: Over-estimating usage, now fixed
    Firefox Telemetry records the usage of certain web features via a mechanism called Use Counters. Essentially, for every document that Firefox loads, we record a “false” if the document didn’t use a counted feature, and a “true” if the document did use that counted feature.
  • Firefox 58 new contributors
  • Giving and receiving help at Mozilla
    This is going to sound corny, but helping people really is one of my favorite things at Mozilla, even with projects I have mostly moved on from. As someone who primarily works on internal tools, I love hearing about bugs in the software I maintain or questions on how to use it best. Given this, you might think that getting in touch with me via irc or slack is the fastest and best way to get your issue addressed. We certainly have a culture of using these instant-messaging applications at Mozilla for everything and anything. Unfortunately, I have found that being “always on” to respond to everything hasn’t been positive for either my productivity or mental health. My personal situation aside, getting pinged on irc while I’m out of the office often results in stuff getting lost — the person who asked me the question is often gone by the time I return and am able to answer.
  • Friend of Add-ons: Trishul Goe
    Our newest Friend of Add-ons is Trishul Goel! Trishul first became involved with Mozilla five years when he was introduced to the Firefox OS smartphone. As a JavaScript developer with an interest in Mozilla’s mission, he looked for opportunities to get involved and began contributing to SUMO, L10n, and the Firefox OS Marketplace, where he contributed code and developed and reviewed apps. After Firefox OS was discontinued as a commercial product, Trishul became interested in contributing to Mozilla’s add-ons projects. After landing his first code contributions to addons.mozilla.org (AMO), he set about learning how to develop extensions for Firefox using WebExtensions APIs. Soon, he began sharing his knowledge by leading and mentoring workshops for extension developers as part of Mozilla’s “Build Your Own Extension” Activate campaign.