Language Selection

English French German Italian Portuguese Spanish

Legal

Facebook's React Patents License and OSI

Filed under
OSS
Legal
  • Why Not to Overreact to Facebook's React Patents License

    The reaction to this news is surprising, given the parallel patent licensing model is nothing new. Facebook released its “BSD+Patents” grant in 2013 (with a revision in 2015). But a similar model was used with some fanfare by Google with its WebM codec in 2010. This licensing model involves two parallel and simultaneous grants of rights: a BSD license to the copyright in the software, and a separate grant to practice patents that read on the software. Putting the two together means there are two independent and parallel grants of rights. In this respect, it is quite similar to the Apache 2.0 license which, like BSD, is a permissive license, and which also contains a defensive termination provision that exists alongside the copyright license grant.

    Much of the reaction to Apache Foundation’s announcement has just created confusion, such as this article misleadingly calling it “booby-trapped.” In fact, many open source licenses have defensive termination provisions — which are mostly considered a reasonable mechanism to discourage patent lawsuits, rather than a booby trap. They are also the rule rather than the exception; all major open source licenses with patent grants also have defensive termination provisions — each with slightly different terms. The difference between the Facebook grant, which Apache has rejected, and the Apache 2.0 license, which Apache requires for its projects, is more subtle than the controversy suggests.

    [...]

    Defensive termination provisions of the scope in the Facebook grant are very common in patent licensing, outside of the open source landscape. Most patent licenses terminate if the licensee bring patent claims against the licensor. The reason is that a licensor does not want to be unilaterally “disarmed” in a patent battle. Most patents are only used defensively — asserted when a competitor sues the patent owner. A sues B and then B sues A, resulting in mutually assured destruction. If B has released its software under an open source license without a broad defensive termination provision, B is potentially without recourse, and has paid a high price for its open source code release. A gets to simultaneously free ride on B’s software development and sue B for patent infringement.

    Finally, the Facebook grant itself is not new. The grant was released in 2013, and ReactJS’ popularity has been growing since then. As with many open source licenses, the industry’s willingness to absorb a new license depends on the tastiness of the code released under it. In the case of ReactJS, the code was great, and the patent license terms were new, but reasonable.

  • The Faces of Open Source: Till Jaeger

    Dr. Till Jaeger features in the fifth episode of Shane Martin Coughlan's, "The Faces of Open Source Law." The series was shot during breaks at the FSFE Legal Network 'Legal and Licensing Workshop' in Barcelona during April 2017, and is provided here to promote greater understanding of how the law and open source projects and communities are interacting and evolving.

Violating and Complying With GPL, Grsecurity Bullying, Facebook 'Faking' FOSS With Patent Trap

Filed under
OSS
Legal
  • Making a Wrong into a Right: After Violating GPL and Filing for Bankruptcy, Chinese OEM IUNI Releases Source Code

    There are times in life when making the wrong decisions can have major repercussions in all the spheres that surround you. These repercussions can be so severe that they can literally turn your life upside down and nothing you say or do can change the self-consuming spiral that they set you on. Smartphone company IUNI learned this the hard way, and as a result they’ve finally decided to comply with the GPL.

    This was the case for a relatively small Asian manufacturer called IUNI, which was a small subsidiary company of the much-larger Gionee. As was the case with many Eastern OEMs, IUNI was the proud manufacturer of entry to mid range devices, with phones closely resembling those from Xiaomi, which coincidentally also resembles other manufacturers as well (plagiarism is the ultimate form of flattery after all). The company, unfortunately had a rough start, which ultimately led to its impending doom and eventual demise about a year ago.

  • Grsecurity Vendor Sues Open Source Pioneer Bruce Perens in GPLv2 Disagreement

    One of open source’s guiding lights, Open Source Initiative co-founder Bruce Perens, is being sued by Open Source Security, the company behind the Grsecurity patch management software for the Linux kernel, over a disagreement about the GNU GPLv2 license.

    Open Source Security alleges that Perens made “abusive and false” claims in a blog post that resulted in “substantial harm to Grsecurity’s reputation, goodwill, and future business prospects,” according to a complaint filed at the U.S. District Court, Northern District of California, San Francisco Division.

    Perens’ own attorney Heather Meeker sees the defamation lawsuit as “an attack on the free exchange of ideas in the free software community on matters of public interest.” Open Source Security did not respond to a request for comment.

  • Don’t Over-REACT to the Facebook Patents License

    Recently, Apache re-classified code under Facebook’s “BSD+ Patents” license to “Category X,” effectively banning it from future contributions to Apache Foundation projects. The move has re-ignited controversy over the patent grant, but like many events in the open source community, the controversy is more partisan than practical. In fact, it’s unlikely the move will affect adoption of ReactJS, and the criticisms of the BSD+patent grant mostly don’t survive the scrutiny of reason.

    The Facebook patent grant, officially called the Additional Grant of Patent Rights Version 2, has been in effect for years. It applies to the wildly popular ReactJS code — a Javascript library for rendering user interfaces. The roster of major technology companies using the code is impressive, including such consumer-facing giants as Netflix — and of course, Facebook itself.

Licensing and Development: Patrick McHardy, React's Open Source [sic] Licence, Programming Success

Filed under
Development
Legal
  • Patrick McHardy and copyright profiteering

    Many in the open source community have expressed concern about the activities of Patrick McHardy in enforcing the GNU General Public License (GPL) against Linux distributors. Below are answers to common questions, based on public information related to his activities, and some of the legal principles that underlie open source compliance enforcement.

    Who is Patrick McHardy? McHardy is the former chair of the Netfilter core development team. Netfilter is a utility in the Linux kernel that performs various network functions, such as facilitating Network Address Translation (NAT)—the process of converting an Internet protocol address into another IP address. Controlling network traffic is important to maintain the security of a Linux system.

  • Facebook Refuses to Alter React's Open Source License

    The Apache Foundation recently announced that Facebook's BSD+Patents open source license has been disallowed for inclusion with Apache products. The resulting fallout has caused gnashed teeth and much soul searching for React developers and Facebook has so far refused to reconsider.

  • Users as Co Developers OR The Secret of Programming Success

    And so I inherited popclient. Just as importantly, I inherited popclient’s user base. Users are wonderful things to have, and not just because they demonstrate that you’re serving a need, that you’ve done something right. Properly cultivated, they can become co-developers.

    Another strength of the Unix tradition, one that Linux pushes to a happy extreme, is that a lot of users are hackers too. Because source code is available, they can be effective hackers. This can be tremendously useful for shortening debugging time. Given a bit of encouragement, your users will diagnose problems, suggest fixes, and help improve the code far more quickly than you could unaided.

  • Oracle to open source Java Enterprise Edition (JAVA EE)

    They say that you can never expect a favor from the corporate world without them getting some profit. Oracle seems to be shutting shop on Java Enterprise Edition (Java EE) and has now decided to open source it.  After earning millions from Java EE, now Oracle seems to have realized that it needs to move on.

Facebook won't change React.js license despite Apache developer pain

Filed under
Legal

Facebook's decided to stick with its preferred version of the BSD license despite the Apache Foundation sin-binning it for any future projects.

The Foundation barred use of Facebook's BSD-plus-Patents license in July, placing it in the “Category X” it reserves for “disallowed licenses”.

Facebook's BSD+Patents license earned that black mark because the Foundation felt it “includes a specification of a PATENTS file that passes along risk to downstream consumers of our software imbalanced in favor of the licensor, not the licensee, thereby violating our Apache legal policy of being a universal donor.”

Read more

Mixing Free/Open Source Licenses and Changes at Mir

Filed under
OSS
Legal
  • A Realistic Approach to Mixing Open Source Licenses

    At the upcoming Open Source Summit in Los Angeles, Lars Kurth, director of Open Source Solutions at Citrix and chair of the Advisory Board of the Xen Project at The Linux Foundation, will be delivering a wealth of practical advice in two conference talks.

    The first talk is “Mixed License FOSS Projects: Unintended Consequences, Worked Examples, Best Practices” and the second talk is “Live Patching, Virtual Machine Introspection and Vulnerability Management: A Primer and Practical Guide.”

    Here, Kurth explains more about what he will be covering in these presentations.

  • Mir Relicensed To GPLv2 Or GPLv3

    While we await the Mir 1.0 release with its new target of supporting Wayland clients directly, we noticed there was a re-licensing change this week for the Mir code-base.

    Previously the Mir code was licensed under the GPLv3 for the Mir server and LGPLv3 for the client code. The license has now been updated to reflect GPLv2 or GPLv3 for the Mir server code and LGPLv2 or LGPLv3 for the Mir client code.

Man jailed for role in spreading Linux malware

Filed under
Linux
Legal

A man who helped spread malware that exploited the OpenSSH software to steal login credentials has been jailed for 46 months and will be deported after serving his term.

Read more

Marcus Hutchins and Bruce Perens Sued

Filed under
Security
Legal
  • Slayer of WCry worm charged with creating unrelated banking malware

    Marcus Hutchins, the 23-year-old security professional who accidentally stopped the spread of the virulent WCry ransomware worm in May, has been named in a federal indictment that alleges he was part of a conspiracy that created and distributed a piece of unrelated malware that steals banking credentials from unsuspecting computer users.

    According to the eight-page indictment, the conspiracy involved Hutchins and two other individuals whose names still have not been made public. After Hutchins allegedly created the banking trojan dubbed "Kronos," a video circulated in July 2014 on a publicly available website that demonstrated how the malware worked. A month later, one of the unnamed co-conspirators put the malware up for sale at a price of $3,000. Hutchins and one of the co-conspirators allegedly updated Kronos around February 2015.

  • Linux kernel hardeners Grsecurity sue open source's Bruce Perens

    "As a customer, it’s my opinion that you would be subject to both contributory infringement and breach of contract by employing this product in conjunction with the Linux kernel under the no-redistribution policy currently employed by Grsecurity," Perens wrote on his blog.

    The following month, Perens was invited to court. Grsecurity sued the open-source doyen, his web host, and as-yet-unidentified defendants who may helped him draft that post, for defamation and business interference.

    [...]

    Linus Torvalds, who oversees the Linux kernel, has called Grsecurity's patches "garbage."

    Grsecurity used to allow others to redistribute its patches, but the biz ended that practice for stable releases two years ago and for test patches in April this year. It offers its GPLv2 licensed software through a subscription agreement. The agreement says that customers who redistribute the code – a right under the GPLv2 license – will no longer be customers and will lose the right to distribute subsequent versions of the software.

Simon Phipps on Public Domain and Facebook’s React Licence

Filed under
OSS
Legal
  • Public Domain Is Not Open Source

    Open Source and Public Domain are frequently confused. Here’s why it’s a mistake to treat the two terms as synonyms.

    Plenty of people assume that public domain software must be open source. While it may be free software within your specific context, it is incorrect to treat public domain software as open source or indeed as globally free software. That’s not a legal opinion (I’m not a lawyer so only entitled to layman’s opinions) but rather an observation that an open source user or developer cannot safely include public domain source code in a project.

  • 5 Reasons Facebook’s React License Was A Mistake

    In July 2017, the Apache Software Foundation effectively banned the license combination Facebook has been applying to all the projects it has been releasing as open source. They are using the 3-clause BSD license (BSD-3), a widely-used OSI-approved non-reciprocal license, combined with a broad, non-reciprocal patent grant but with equally broad termination rules to frustrate aggressors.

    The combination represents a new open source license, which I’ve termed the “Facebook BSD Plus Patent License” (FB+PL), and to my eyes it bears the hallmarks of an attempt to be compatible with both the GPL v2 and the Apache License v2 at the same time, in circumvention of the alleged imcompatibility of those licenses.

If you were on a desert island, which license would you take with you?

Filed under
OSS
Legal

If I were on a desert island, I probably would not need a license, but let's say I did. I'd stuff the MIT license in one pocket, put the GPLv3 in my backpack, and find a place to tuck the Apache license.

Read more

Apache discontinues use of Facebook code libraries

Filed under
OSS
Legal
  • Apache discontinues use of Facebook code libraries

    San Francisco, July 18 (IANS) US-based open-source community Apache Foundation has said it will not use Facebook’s ‘BSD-licensed’ code for any of its new software projects for legal reasons.

    The foundation banned the use of libraries, frameworks and tools covered by Facebook’s open-source ‘BSD-plus-Patents’ license in any new projects, The Register reported on Tuesday.

    “No new project, sub-project or codebase, which has not used Facebook’s ‘BSD-plus-Patents’ licensed jars are allowed to use them,” Chris Mattmann, Legal Affairs Director, Apache Foundation, was quoted as saying.

  • Apache says 'no' to Facebook code libraries

    The Apache Foundation has declared that none of its new software projects can include Facebook's booby-trapped BSD-licensed code.

    The foundation's legal affairs director, Chris Mattmann, said over the weekend that libraries, frameworks and tools covered by Facebook's open-source-ish BSD-plus-Patents license should not be absorbed into any new projects.

    "No new project, sub-project or codebase, which has not used Facebook BSD+Patents licensed jars (or similar), are allowed to use them," Mattmann wrote. "In other words, if you haven't been using them, you aren't allowed to start. It is Cat‑X."

  • Apache Bans Facebook’s License Combo
Syndicate content

More in Tux Machines

Fedora meets RHEL

  • Fedora meets RHEL
  • Fedora 27 Making It Easy To Deploy Free RHEL7 VMs
    For those wanting to use Red Hat Enterprise Linux 7 within a GNOME Boxes driven virtual machine, you can do so for free now with Fedora Workstation 27. Red Hat has made it possible to easily deploy RHEL7 from within the GNOME Boxes virtualization software even if you are not a paying Red Hat customer. All that's required is a free Red Hat developer account.

Servers: Containers, 'Cloud', Microservices, and Hyperledger

  • How to Choose a Linux Container Image
    A comparison of Linux container images talks about the best-practices in choosing an image. Architecture, security and performance are among the factors, while commercial users would also look for support options. A Linux container allows separate management of kernel space and user space components by utilizing cgroups and namespaces, which are resource and process isolation mechanisms. Solaris and BSD also have abstractions similar to Linux containers but the article's focus is on the latter only. The host running the container has the operating system kernel and a set of libraries and tools required to run containers. The container image, on the other hand, has the libraries, interpreters and application code required to run the application that is being distributed in the container. These depend on underlying system libraries. This is true for interpreted languages too as the interpreters themselves are written in low level languages.
  • The Four Pillars of Cloud-Native Operations
    As organizations shift their application strategies to embrace the cloud-native world, the purpose of the cloud transitions from saving money to delivering and managing applications. Platforms such as Cloud Foundry, Kubernetes, and Docker redefine the possibilities for application environments that utilize the cloud. It’s time for us as operations professionals to rethink how we approach our jobs in this new world. We should be asking, how do our organizations take advantage of cloud-native as a new mode of application delivery?
  • How to align your team around microservices
    Microservices have been a focus across the open source world for several years now. Although open source technologies such as Docker, Kubernetes, Prometheus, and Swarm make it easier than ever for organizations to adopt microservice architectures, getting your team on the same page about microservices remains a difficult challenge. For a profession that stresses the importance of naming things well, we've done ourselves a disservice with microservices. The problem is that that there is nothing inherently "micro" about microservices. Some can be small, but size is relative and there's no standard measurement unit across organizations. A "small" service at one company might be 1 million lines of code, but far fewer at another organization.
  • Hyperledger Stitches in Another Blockchain Project
    The Linux Foundation’s open source Hyperledger Project, which works on blockchain technologies, added a sixth sub project — this one dubbed Quilt. Hyperledger Quilt started around 18 months ago and is an implementation of the Interledger Protocol (ILP), which helps facilitate transactions across ledgers.
  • Chinese Search Giant Baidu Joins Hyperledger Blockchain Consortium
    Chinese search engine giant Baidu has become the latest member of the Linux Foundation-led Hyperledger blockchain consortium. In joining the group – which focuses on developing blockchain technologies for enterprises – Baidu will assist the project's efforts alongside other member companies including Accenture, IBM, JP Morgan, R3, Cisco and SAP, among others.

Games: Steam Sale, Skirmish Line, Maia, Observer

Canonical on Path to IPO as Ubuntu Unity Linux Desktop Gets Ditched

In October 2010, Mark Shuttleworth, founder of the Ubuntu open-source operating system and CEO of Canonical, announced his grand plan to build a converged Linux desktop that would work on mobile devices, desktops and even TVs. He called the effort "Unity" and poured significant financial resources into it. Seven years later, the Unity dream is dead. On Oct. 19, Ubuntu 17.10 was released as the first Ubuntu Linux version since 2010 that didn't use Unity as the default Linux desktop. In a video interview with eWEEK, Shuttleworth details the rationale behind his decision to cancel Unity and why he has now put his company on the path toward an initial public offering (IPO). Because Ubuntu has moved into the mainstream in a bunch of areas, including the cloud, he said some of the things his company had been doing were never going to be commercially sustainable. Read more Also: Ubuntu 17.10 delivers new desktop and cloud enhancements