Language Selection

English French German Italian Portuguese Spanish

Legal

Antitrust Laws and Open Collaboration

Filed under
OSS
Legal

If you participate in standards development organizations, open source foundations, trade associations, or the like (Organizations), you already know that you’re required to comply with antitrust laws. The risks of noncompliance are not theoretical – violations can result in severe criminal and civil penalties, both for your organization and the individuals involved. The U.S. Department of Justice (DOJ) has in fact opened investigations into several standards organizations in recent years.

Maybe you’ve had a training session at your company, or at least are aware that there’s an antitrust policy you’re supposed to read and comply with. But what if you’re a working group chair, or even an executive director, and therefore responsible for actually making sure nothing happens that’s not supposed to? Beyond paying attention, posting or reviewing an antitrust statement at meetings, and perhaps calling your attorney when member discussions drift into grey zones, what do you actually do to keep antitrust risk in check?

Well, the good news is that regulators recognize that standards and other collaboration deliverables are good for consumers. The challenge is knowing where the boundaries of appropriate conduct can be found, whether you’re hosting, leading or just participating in activity involving competitors. Once you know the rules, you can forge ahead, expecting to navigate those risks, and knowing the benefits of collaboration can be powerful and procompetitive.

We don’t often get glimpses into the specific criteria regulators use to evaluate potential antitrust violations, particularly as applicable to collaborative organizations. But when we do, it can help consortia and other collaborative foundations focus their efforts and take concrete steps to ensure compliance.

In July 2019, the DOJ Antitrust Division (Division) provided a new glimpse, in its Evaluation of Corporate Compliance Programs in Criminal Antitrust Investigations (Guidance). Although the Guidance is specifically intended to assist Division prosecutors evaluating corporate compliance programs when charging and sentencing, it provides valuable insights for building or improving an Organization’s antitrust compliance program (Program).

At a high level, the Guidance suggests that an effective Program will be one that is well designed, is applied earnestly and in good faith by management, and includes adequate procedures to maximize effectiveness through efficiency, leadership, training, education, information and due diligence. This is important because organizations that detect violations and self-report to the Division’s Corporate Leniency program may receive credit (e.g. lower charges or penalties) for having an effective antitrust compliance program in place.

Read more

Startup Mycroft AI declares it will fight 'patent troll' tooth and nail after its Linux voice-assistant attracts lawsuit

Filed under
Linux
Legal

An AI startup is battling a patent-infringement lawsuit filed against it for building an open-source Linux-based voice-controlled assistant.

Mycroft AI first learned trouble was brewing when it was contacted by a lawyer at Tumey LLP, a Texas law firm focused on intellectual property, in December. In an email to the startup’s CEO Joshua Montgomery, the legal eagle claimed Mycroft AI's technology infringed two US patents – 9,794,348 and 10,491,679 – belonging to Tumey's client, Voice Tech Corp.

Voice Tech's patents described a system for handling “voice commands from a mobile device to remotely access and control a computer." Mycroft AI develops voice-assistant software that runs on Linux systems, including Raspberry Pis and its own standalone Mark I and II gadgets, and responds to spoken requests, such as setting alarms and reminders, searching the web, and so on. You can add more features by installing add-ons called skills.

Read more

Microsoft flirts with new anti-trust challenge with new Start Menu-based Edge ads

Filed under
Microsoft
Moz/FF
Legal

Microsoft originally implemented the “Suggested” section on the Windows 10 Start Menu as a way to advertise its official apps; but in the latest listing, Microsoft has gone beyond self-promotion.

Microsoft’s recent extensive advertising is becoming hard to ignore, which has prompted many users to disable the ads. Those who haven’t done so may have noticed the most recent one takes a dig at a competitor browser.

The listing displays “Still using Firefox? Microsoft Edge is here”, to all users of the former- even with the latter already installed. The ad provides a link to download the chromium-based browser.

Read more

Also: Windows 7: a major bug prevents turning off or restarting the PC

Maker of Linux patch batch grsecurity can't duck $260,000 legal bills, says Cali appeals court in anti-SLAPP case

Filed under
Legal

Open Source Security – the maker of the grsecurity patches that harden Linux kernels against attack – must cough up $260,000 to foot the legal bills of software industry grandee Bruce Perens.

So ruled California's Ninth Circuit Court of Appeals today, affirming a lower court's ruling against Open Source Security (OSS).

In June 2017, Perens published a blog post in which he said that he believed grsecurity exposed users to potential liability under version 2 of the GNU General Public License because the grsecurity code states that customers will not get further updates if they exercise their right to redistribute the software, as allowed by the GPLv2.

Read more

Licensing and FUD About Free Software

Filed under
OSS
Legal
  • Open Source License Compliance: Raising the Bar [Ed: Spreading FUD about "risk" of Free software licenses... in order to sell one's own proprietary software 'solution']

    Question is, can you have true security without being a company that focuses on license compliance? I think not.

    Some companies count on using open source software with no regard for the licenses associated with the code they use. Open source licenses give others permission to modify, use, and distribute software, but under specific conditions and terms. And, every component may very well have a different license. With the volume of open source being used, you can see how quickly this can get out of hand and lead to IP, reputation, and subsequent litigation down the road.

    Another statement I use quite a bit, “It’s a must, not a maybe.” Development teams need to respect the legalities associated with source code licensing by passing along a copyright statement or a copy of license text, or by providing the entire source code for the company’s product. Licenses range from fairly permissive (allowing the licensee to use code without responsibilities) to highly restrictive (extremely limiting, even requiring you to make your proprietary project subject to the same licensing terms of the OSS used).

  • Open source licence series - Altus: open source is big business, get used to it

    The idea that open source developers are college students, creating some really cool software that big organisations then exploit and don’t give anything back may have been valid 20 years ago, but not today, it’s not how things work.

    Open source is now big, with major players driving innovation, like the OpenBank Project, the Banking API platform and OpenLogic.

    For a working example, AT&T is (obviously) a household name and very large quoted business. The organisation provides the majority of engineering, design and architectural resource for the ONAP open source project.

  • Open source licence series - Rancher Labs: Why vendor 'strip-mining' is an opportunity, not a threat
  • Open source licence series – Delphix: Rent vs buy, which fits your licencing cost model?
  • Open source licence series – Puppet: consumption without collaboration equals consternation
  • Open source licence series – Tidelift: Ethical source-available licenses challenge open source
  • Open-Source Software in Federal Procurements: The Good, the Bad, and the Ugly, Part 2 – The Bad

    In the first post of this series, we discussed “the good” of open-source software and why federal buyers should find it attractive. However, when it comes to the federal government accepting open-source code with open arms, the reality is certainly more mixed. Faced with changing and technical regulations, government contractors need to know the major drawbacks of using open-source code in government contracts. In this second entry to our open-source series, we explore “the bad” impacts of open-source use in government contracting.

  • EDRM Announces Newest Affinity Partner Merlin Legal Open Source Foundation and New Processing Specifications Project

    Setting the global standards for e-discovery, the Electronic Discovery Reference Model (EDRM) is pleased to announce its newest affinity partner, the Merlin Legal Open Source Foundation, a nonprofit organization with a mission to improve access to justice and make legal and regulatory compliance more efficient through the use of open source software and secure cloud computing. The Merlin Foundation was established in 2019 by John Tredennick, its executive director and a longtime industry expert and former CEO and founder of Catalyst Repository Systems, a leading search and technology-assisted review e-discovery platform.

It is time to end the DMCA anti-circumvention exemptions process and put a stop to DRM

Filed under
GNU
Legal

Although it is accurate, there's one aspect of the process that is missing from that description: the length. While the process kicks off every three years, the work that goes into fighting exemptions, whether previously granted or newly requested, has a much shorter interval. As you can see from the timeline of events from the 2018 round of the exemptions process, the process stretches on for months and months. For each exemption we have to prepare research, documents, and our comments through wave after wave of submission periods. For the 2018 exemptions round, the first announcements from the United States Copyright Office were in July of 2017, on a process that concluded in October of 2018. Fifteen months, every three years. If you do the math, that means we're fighting about 40% of the time just to ensure that exemptions we already won continue, and that new exemptions will be granted. If the timeline from the last round holds up, then we're only a few short months away from starting this whole circus back up again.

Describing it as a circus seems an appropriate label for the purpose of this whole process. It's not meant to be an effective mechanism for protecting the rights of users: it's a method for eating up the time and resources of those who are fighting for justice. If we don't step up, users could lose the ability to control their own computing and software. It's like pushing a rock up a mile-long hill only to have it pushed back down again when we've barely had a chance to catch our breath.

Read more

Fear, Uncertainty, Doubt Against Copyleft

Filed under
Legal
  • Why Open Source Licenses With A Commons Clause May Become Less Common

    The Commons Clause also is ambiguous in its prohibition against selling "hosting or consulting/support services related to the Software" for any product or service whose value derives entirely or substantially from the software's functionality. A plain reading of this provision suggests that a cloud service provider cannot host the licensed software for free and charge a fee for customer support or consulting relating to the software's functionality (e.g., how to use the software). The Commons Clause documentation refers to a discussion board suggesting that consulting may be permitted, but the language of the clause and the contents of that online discussion appear to suggest otherwise.

  • Manage Your OSS Security Using a Free Scanning Tool [Ed: "Enterprise License Optimization Blog" is Flexera marketing rubbish; it likes to talk all about "Open Source" (FUD), but its own stuff is 100% proprietary]
  • Sonatype: improving software with open source technology
  • Open source licence series - R3: The world needs audit licenses [Ed: Typical old nonsense of proprietary software firms, looking to portray a licensing question as pertaining only to FOSS]

    The so-called ‘open core’ model is hard to get right.

    [As we know, the open-core model primarily involves offering a “core” or feature-limited version of a software product as free and open-source software, while offering “commercial” versions or add-ons as proprietary software.]

Bruce Perens quits Open Source Initiative amid row over new data-sharing crypto license: 'We've gone the wrong way with licensing'

Filed under
OSS
Legal

Last year, lawyer Van Lindberg drafted a software license called the Cryptographic Autonomy License (CAL) on behalf of distributed development platform Holo – and submitted it to the Open Source Initiative (OSI) for approval as an Open Source Definition-compliant (OSD) license.

The debate over whether or not to approve the license, now in its fourth draft, has proven contentious enough to prompt OSI co-founder Bruce Perens to resign from the organization, for a second time, based on concern that OSI members have already made up their minds.

"Well, it seems to me that the organization is rather enthusiastically headed toward accepting a license that isn't freedom respecting," Perens wrote in a missive to the OSI's license review mailing list on Thursday. "Fine, do it without me, please."

Perens, for what it's worth, drafted the original OSD.

Another open-source-community leader familiar with the debate – who spoke with The Register on condition of anonymity – claimed Lindberg lobbied OSI directors privately to green-light the license, contrary to an approval process that's supposed to be carried out in public.

"I don't think that's an appropriate characterization," said Lindberg, of law firm Dykema, in a phone interview with The Register. "I think there are number of people who from the beginning made up their minds about the CAL. You'll see a lot of people jumping onto any pretext they can find in order to oppose it."

Read more

Allison Randal Joins Conservancy Board

Filed under
Legal

We're very excited to welcome Allison Randal to Conservancy's Board of Directors. When it comes to free and open source software, there are few people who have had so much experience in so many different ways. Over the last 30 years, she has taken on projects that became instrumental in welcoming more people to the software freedom cause. She's made numerous critical technical contributions in addition to her impressive leadership contributions. She's also worked hard to get folks from very different organizations to collaborate on languages, licensing and events. We're very lucky that Randal has chosen to bring her uniquely broad and historical perspective to her work as a Conservancy Director.

Randal is a board member at the Perl Foundation, a board member at the OpenStack Foundation, and co-founder of the FLOSS Foundations group for free software community leaders. At various points in the past she has served as president of the Open Source Initiative, president of the Perl Foundation, board member of the Python Software Foundation, chairman of the Parrot Foundation, chief architect of the Parrot virtual machine, Open Source Evangelist at O’Reilly Media, conference chair of OSCON, Technical Architect of Ubuntu, Open Source Advisor at Canonical, Distinguished Technologist and Open Source Strategist at HP, and Distinguished Engineer at SUSE. She collaborates in the Debian project, and is currently taking a mid-career research sabbatical at the University of Cambridge. While on sabbatical, she has been teaching computer science.

Read more

A Brief History of Open Source Software, Part 2: OSS Licenses and Legalities

Filed under
GNU
Legal

It would not be an exaggeration to say that the magic of open source software (OSS) is based as much on legal innovation as it is on collaboration. Indeed, the essential innovation that launched free and open source software was not Richard Stallmans GNU Project, but his announcement of a revolutionary new licensing philosophy, and the actual license agreements needed to put that philosophy into effect. Only later did global collaboration among developers explode, riding the wave of Stallman's licenses, Linus Torvald's pioneering work in creating the distributed development process, and rapidly increasing telecommunications bandwidth.

In this installment, we'll explore how Stallman's philosophy spread and forked, and where it has taken us to today.

The legal theories, agreements, and documentation that relate to OSS, and its precursor, Free and Open Source Software (for convenience, in this installment I'll refer to both types collectively as FOSS), are far too complex to explore more than superficially in an article of this type. But for current purposes, it is less important to acquire a deep knowledge of FOSS legal terms than it is to gain insight into why the legalities of FOSS are so important.

Read more

Syndicate content

More in Tux Machines

Who cares about Emacs?

GNU Emacs isn't the oldest interactive text editor for Unix—it's predated (at least) by the Vi editor—nor is it the only Emacs in existence. However, it's surely the most popular Emacs and one of the best editors available on POSIX. Or it was until fresh new editors, like Atom, VSCode, and Brackets, came to the fresh new open source landscape of today. There are so many options for robust text editors now, many of which have iterated upon Emacs' ideas and traditions, that you may well wonder whether GNU Emacs is still relevant. Read more

Devices: PicoCore, u‑blox and ESP32

  • PicoCore MX8MN is a Tiny NXP i.MX 8M Nano Computer-on-Module

    The PicoCore MX8MN Nano carries the NXP i.MX 8M Nano F&S Elektronik Systeme has announced the development of the smallest i.MX 8M based CoM yet: the PicoCore MX8MN Nano.

  • u-Blox Launches JODY-W3 WiFi 6 & Bluetooth 5.1 Module for Automotive Applications

    u‑blox has just launched JODY-W3 wireless module which the company claims to be the first automotive-grade WiFi 6 module. Apart from supporting 802.11ax WiFi with 2×2 MIMO, the module also comes with dual-mode Bluetooth 5.1 connectivity. WiFi 6 will be used for applications demanding higher bitrates such as ultra‑HD video infotainment streaming and screen mirroring, wireless back‑up cameras and cloud connectivity as well as vehicle systems maintenance and diagnostics. Bluetooth 5.1 will be used for keyless entry systems and other applications leveraging direction-finding and the longer range offered by the latest version of Bluetooth.

  • Barracuda App Server for ESP32 Let You Easily Develop Lua Apps via Your Web Browser

    We covered Real Time Logic’s open-source lightweight Minnow Server for microcontrollers last year, and now the company has released another project: Barracuda App Server for ESP32. This project is more complex and requires an ESP32 board with PSRAM to run such as boards based on ESP32-WROVER module with 4 to 8MB PSRAM. The Barracuda App server (BAS) comes with a Lua VM, and in complement with the LSP App Manager that facilitates active development on the ESP32 by providing a web interface. The Barracuda App Server runs on top of FreeRTOS real-time operating system part of Espressif free ESP-IDF development environment.

3-D Printing and Open Hardware: MakerBot, AAScan and RISC-V

  • MakerBot Targets Schools With Rebranded Printers

    MakerBot was poised to be one of the greatest success stories of the open source hardware movement. Founded on the shared knowledge of the RepRap community, they created the first practical desktop 3D printer aimed at consumers over a decade ago. But today, after being bought out by Stratasys and abandoning their open source roots, the company is all but completely absent in the market they helped to create. Cheaper and better printers, some of which built on that same RepRap lineage, have completely taken over in the consumer space; forcing MakerBot to refocus their efforts on professional and educational customers.

  • 3D-Printed 3D Scanner made to work with your phone

    An Arduino-based 3D scanner was created by an industrious 3D printing enthusiast and released open source this week for all to enjoy. This open source project was made to take out the most time-consuming component of the 3D scan process, giving said process instead to an Android phone combined with 3D-printed parts, a cheap motor, and an Arduino. This is not the first time such a system has been attempted, but it does appear to be the most complete and ready-to-roll system to date.

  • AAScan open source Arduino 3D scanner utilizes the power of your smartphone

    Using the power of Arduino and utilising the camera and powerful performance of a smartphone QLRO has created a fantastic 3D scanner aptly named the AAScan. Check out the video below to learn more about the Android 3D scanner which is open source and fully automated.

  • Video: RISC-V momentum around the world, from edge to HPC

    In this keynote talk from the 2020 HiPEAC conference, RISC-V Foundation Chief Executive Calista Redmond explains how the RISC-V open-source instruction set architecture is gathering momentum around the world, finding applications across the compute continuum from edge to high-performance computing.

  • Weekend Discussion: How Concerned Are You If Your CPU Is Completely Open?

    For some interesting Sunday debates in the forums, how important to you is having a completely open CPU design? Additionally, is POWER dead? This comes following interesting remarks by an industry leader this weekend. Stemming from discussions on Twitter about Raptor's new OpenBMC firmware with a web GUI in tow, one of the discussions ended up shifting to that of open CPU designs and the belief that secretive CPU startup NUVIA could be having an open-source firmware stack.

Security and FUD: SpaceX, NMap, Polyverse, MongoDB, NGINX and Kubernetes

  • All Those Low-Cost Satellites in Orbit Could Be Weaponized by Hackers, Warns Expert

    Last month, SpaceX became the operator of the world's largest active satellite constellation. As of the end of January, the company had 242 satellites orbiting the planet with plans to launch 42,000 over the next decade. This is part of its ambitious project to provide internet access across the globe. The race to put satellites in space is on, with Amazon, UK-based OneWeb and other companies chomping at the bit to place thousands of satellites in orbit in the coming months.

  • NMap - A Basic Security Audit of Exposed Ports and Services

    For a plethora of reasons, auditing the security of our servers and networks is of paramount importance. Whether we are talking about a development server, a workstation, or a major enterprise application, security should be baked into every step of the deployment. While we can easily check our firewall settings from “the inside” of our systems. It is also a good idea to run a security audit from "the outside”. Using a network enumeration tool such as the famous and highly vetted Network Mapper (NMap).

  • Cybersecurity startup Polyverse raises $8M to protect Linux open-source code from hackers [Ed: Right around the corner from Bill Gates, another company like Black Duck and it'll "protect" Linux... just buy its proprietary software]

    Polyverse has been validated by the U.S. Department of Defense for mitigating zero-day attacks, intrusions that occur just as a vulnerability becomes public, such as the infamous WannaCry ransomware and hacks of companies like Equifax. The company says its technology is “running on millions of servers.”

  • MongoDB: developer distraction dents DevSecOps dreams

    MongoDB’s director of developer relations has just opened a piece of internal research that suggests as few as 29% of Europe’s developers take full responsibility for security. Now, 29% is a somewhat arbitrary figure, cleary i.e. it could be 22.45% or it could be 39.93%… the fact that the firm has pointed to an exact sum in this way is merely intended to show that it has undertaken a degree of calculation and statistical analysis

  • NGINX Unit Adds Support for Reverse Proxying and Address-Based Routing

    NGINX announced the release of versions 1.13 and 1.14 of NGINX Unit, its open-source web and application server. These releases include support for reverse proxying and address-based routing based on the connected client's IP address and the target address of the request. NGINX Unit is able to run web applications in multiple language versions simultaneously. Languages supported include Go, Perl, PHP, Python, Node.JS, Java, and Ruby. The server does not rely on a static configuration file, instead allowing for configuration via a REST API using JSON. Configuration is stored in memory allowing for changes to happen without a restart.

  • Kubernetes Security Plagued by Human Error, Misconfigs

    Following a year of numerous security bugs within the Kubernetes ecosystem and the first security audit of Kubernetes conducted by the Cloud Native Computing Foundation (CNCF), which hosts the open source platform, continued wide-spread adoption has seen security become somewhat of an afterthought. However, if security concerns continue inhibiting business innovation, does that fall on businesses for neglecting security practices or the market for not providing them with the tools to confidently secure their deployments? “People just get security wrong sometimes,” McLean said. “Companies need a combination of increased learning, cross-pollination, new tooling, and updated processes to identify and remediate these security ‘mistakes’ during build and deploy vs. waiting for exposure during runtime.”