Language Selection

English French German Italian Portuguese Spanish

Legal

SPDX v2 simplifies open source license dependency tracking

Filed under
GNU
Linux
OSS
Legal

The Linux Foundation has updated its SPDX standard to v2.0, enhancing the ability to track complex open source license dependencies to ensure compliance.

The Linux Foundation (LF) released version 1.0 of the Software Package Data Exchange (SPDX) standard in 2011, promoting it as a common format for sharing data about software licenses and copyrights. Now the LF’s SPDX workgroup has released version 2.0 of the standard, with new features that let you relate SPDX documents to each other to provide a “three-dimensional” relationship view of license dependencies.

Read more

Why doesn't the FSF release GPG-signed copies of its licenses?

Filed under
GNU
Legal

While verified copies of our licenses can be useful, this is unfortunately a project that sounds straightforward at first, but all the corner cases found in the wild muck it up.

One relatively frequent request we receive is for the FSF to provide GPG-signed copies of our licenses. GPG is a tool that lets users cryptographically sign or encrypt documents and emails. A GPG-signed document lets anyone who receives it know that they have received the exact same document as the one that was signed. By providing signed documents, users will be able to easily ensure that they have received an unmodified copy of the license along with their software. It's also possible that some system of signing the documents could help projects tracking the use and adoption of various free software licenses. Providing these signed documents is a simple task: run a command and publish the documents. A trivial investment of resources, or at least that is how it appears at first.

Read more

The Weather Company relies on Drupal to manage content

Filed under
Legal

After helping to put the dot in .com by building and configuring enterprise class solutions with WorldCom as a Sun hardware and software engineer, Jason Smith went on to AAAS (The American Association for the Advancement of Science, and the publishers of the journal Science) to direct the technical needs of the education directorate.

Jason has built or architected solutions ranging from enterprise to small business class and has found in Drupal a flexible, scalable, rapid development framework for targeting all levels of projects. A long time beneficiary of the open source movement, Jason—now a senior software architect at The Weather Company—is an avid supporter of open source projects and believes strongly in giving back to the community that supported him.

Read more

Patent Pledges and Open Source Software Development

Filed under
OSS
Legal

For all its benefits, one aspect of open source software does cause headaches: understanding the legal terms that control its development and use. For starters, scores of licenses have been created that the Open Source Initiative recognizes as meeting the definition of an “open source license.” While the percentage of these licenses that are in wide use is small, there are significant and important differences between many of these popular licenses. Moreover, determining what rights are granted in some cases requires referring to what the community thinks they mean (rather than their actual text), and in others by the context in which the license is used.

Read more

The Curious History of Komongistan (Busting the term “intellectual property”)

Filed under
GNU
Legal

The purpose of this parable is to illustrate just how misguided the term “intellectual property” is. When I say that the term “intellectual property” is an incoherent overgeneralization, that it lumps together laws that have very little in common, and that its use is an obstacle to clear thinking about any of those laws, many can't believe I really mean what I say. So sure are they that these laws are related and similar, species of the same genus as it were, that they suppose I am making a big fuss about small differences. Here I aim to show how fundamental the differences are.

Fifty years ago everyone used to recognize the nations of Korea, Mongolia and Pakistan as separate and distinct. In truth, they have no more in common than any three randomly chosen parts of the world, since they have different geographies, different cultures, different languages, different religions, and separate histories. Today, however, their differentness is mostly buried under their joint label of “Komongistan”.

Few today recall the marketing campaign that coined that name: companies trading with South Korea, Mongolia and Pakistan called those three countries “Komongistan” as a simple-sounding description of their “field” of activity. (They didn't trouble themselves about the division of Korea or whether “Pakistan” should include what is now Bangladesh.) This label gave potential investors the feeling that they had a clearer picture of what these companies did, as well as tending to stick in their minds. When the public saw the ads, they took for granted that these countries formed a natural unit, that they had something important in common. First scholarly works, then popular literature, began to talk about Komongistan.

Read more

GitHub: Now Supporting Open Source License Compliance

Filed under
OSS
Legal

Ask any developer where to turn for access to the latest software code for open source projects, and you’ll likely be directed to GitHub—one of the largest providers of open source code online.

While GitHub has always been a great site for developers to come together, network and share code, up until a few years ago, the website had a problem. Though it was easy for developers to share code, finding the right software license to go along with it was much harder. The majority of downloads on GitHub, therefore, were taking place without the critical software license component.

Read more

Latest TPP leak shows systemic threat to software freedom

Filed under
GNU
Legal

Key congressional leaders have just agreed on a deal to fast track the fast-tracking of TPP. While the threat of TPP has persisted for years, now is the time to fight back!

Read more

European Commission finalises the draft EUPL v1.2

Filed under
OSS
Legal

After this presentation, a specific point was still under investigation: the possibility of an “opt out” clause regarding the updated list of compatible licences. This list is not only extended to the GPLv3 and AGPLv3, but also to other copyleft licences like the MPL or the LGPL that protect the covered files or the derivatives of the covered works against exclusive appropriation (prohibition of re-licensing the covered files or their derivatives under a proprietary licence) without any ambition to extend their coverage to the whole work or application in which the covered file is integrated or linked.

Read more

Allwinner: "We Are Taking Initiative Actions Internally"

Filed under
OSS
Legal

Allwinner has been taking a lot of heat lately for violating open-source licenses with their Linux binary blob components. They then got caught obfuscating their code to try to hide their usage of open-source code, shifted around their licenses, and has continued jerking around the open-source community.

Read more

Allwinner Continues Jerking Around The Open-Source Community

Filed under
Hardware
Legal

While Allwinner has been caught violating the (L)GPL and resulted in obfuscating their code and playing around with their advertised licenses, now this ARM vendor is taking things a step further.

Read more

Also: Allwinner Plays Around With Licenses On Its Media Codec

Syndicate content

More in Tux Machines

Leftovers: Ubuntu

  • Budgie-Remix Makes Progress With Ubuntu 16.10 Base, Beta 2 Released
    Budgie-Remix, the unofficial Ubuntu spin making use of the Budgie Desktop, has released its 16.10 Beta 2 milestone following this week's Yakkety Yak Beta 2 release. Budgie-Remix is re-based to the latest Ubuntu 16.10 Yakkety package changes. In addition, a number of the Budgie-0Remix packages have been working their way into Debian proper and thus are available to Ubuntu 16.10 users via the official channels. Now available this way is the budgie-desktop package, Moka icon theme, Faba icon theme, and the Arc theme. The Ubuntu repository has also pulled in the Budgie artwork and wallpaper packages too.
  • Yakkety Yak Final Beta Released
  • Canonical Launches Commercial Support for Kubernetes
    Canonical, the lead commercial vendor behind the open-source Ubuntu Linux operating system, is getting into the Kubernetes market. Canonical now offers a freely available implementation of Kubernetes as well as commercial-support options. "I have no doubt that Kubernetes will be one of the major container co-ordination systems," Mark Shuttleworth, founder of Ubuntu, told ServerWatch.
  • [How To] Build an Ubuntu Controlled Sous-Vide Cooker
    I’ll be honest with you from the off: I had zero idea what sous-vide cooking was before I started writing this post. Wikipedia dutifully informs me that’s Sous-Vide is a style of cooking that involves a vacuum, bags, and steam.
  • Mintbox Mini Pro Linux Mini PC Launches For $395
    This week a new version of the popular Mintbox Mini Linux PC has been launched for $395 in the form of the Mintbox Mini Pro which is now equipped with 120 GB of SSD mSATA together with 64-bit AMD A10-Micro6700T system-on-a-chip with Radeon R6 graphics and features 8GB of DDR3L. The latest Mintbox Mini Pro is shipped preloaded with the awesome Linux Mint 18 operating system and includes a microSD card slot a serial port, and a micro SIM card reader. The new Mintbox Mini Pro is the same size as the original and measures 4.3 x 3.3 x 0.9 inches in size and weighs in at around 255g. The Linux mini PC incorporates a fanless design and features an all-metal case made of aluminium and zinc.

Leftovers: OSS and Sharing

  • Minijail: Running Untrusted Programs Safely by Jorge Lucangeli Obes, Google
  • Minijail: Google’s Tool To Safely Run Untrusted Programs
    Google’s Minijail sandboxing tool could be used by developers and sysadmins to run untrusted programs safely for debugging and security checks, according to Google Software Engineer Jorge Lucangeli Obes, who spoke last month at the Linux Security Summit. Obes is the platform security lead for Brillo, Google's Android-based operating system for Internet-connected devices. Minijail was designed for sandboxing on Chrome OS and Android, to handle “anything that the Linux kernels grew.” Obes shared that Google teams use it on the server side, for build farms, for fuzzing, and pretty much everywhere. Since “essentially one bug separates you and any random attacker,” Google wanted to create a reliable means to swiftly identify problems with privileges and exploits in app development and easily enable developers to “do the right thing.” The tool is designed to assist admins who struggle with deciding what permissions their software actually needs, and developers who are vexed with trying to second guess which environment the software is going to run in. In both cases, sandboxing and privilege dropping tends to be a hit or miss affair. Even when developers use the privilege dropping mechanisms provided by the Linux kernel, sometimes things go awry due to numerous pitfalls along that path. One common example Obes cited was trying to ride a switch user function that will drop-root and then forgetting to check the result of the situation relief, or setuid function, afterwards.
  • Intel and Cloudera Give Apache an Open Source Data/Security Tool
    For the past year, we've taken note of the many Big Data projects that the Apache Software Foundation has been elevating to Top-Level Status. The organization incubates more than 350 open source projects and initiatives, and has squarely turned its focus to Big Data and developer-focused tools in recent months. As Apache moves Big Data projects to Top-Level Status, they gain valuable community support. Recently, the foundation announced that Apache Kudu has graduated from the Apache Incubator to become a Top-Level Project (TLP). Kudu is an open source columnar storage engine built for the Apache Hadoop ecosystem designed to enable flexible, high-performance analytic pipelines. And, Apache Twill has graduated as well. Twill is an abstraction over Apache Hadoop YARN that reduces the complexity of developing distributed Hadoop applications, allowing developers to focus more on their application logic. In another Apache-related Big Data move, Cloudera and Intel have announced that they've contributed a new open-source project to the Apache Software Foundation targeted at using Big Data analytics and machine learning for cybersecurity.
  • Twitter Open Sources Stream Processing Engine Heron
    Twitter announced the open sourcing of Heron, a stream-processing engine that is a successor to Apache Storm. Heron is backwards compatible with Apache Storm, which eases its adoption amongst developers. Heron has replaced Apache Storm as the stream data processing engine inside Twitter due to its scalability, debug-ability, ability to work in a shared cluster infrastructure and better performance. A comprehensive list of features is listed in the documentation.
  • Tencent: Transforming Networks with SDN
    “SDN can really transform the way we do networks,” said Tom Bie, VP of Technology & Operation of Data Center, Networking and Server, Tencent, during his Wednesday keynote address at the Open Daylight Summit. The China telecom giant should know about the issues of massive scale networks: they have more than 200 million users for QQ instant messaging, 300 million users of their payment service, and more than 800 million users of their VChat service. Bie noted that Tencent also operates one of the largest gaming networks in the world, along with video services, audio services, online literature services, news portals, and a range other digital content services.
  • The Second Wave of Platforms, an Interview with Cloud Foundry’s Sam Ramji
    In today’s world of platforms, services are increasingly connected. In the past, PaaS offerings were pretty much isolated. It’s that new connected infrastructure that is driving the growth of Cloud Foundry, the open source, service-oriented platform technology. Sam Ramji is CEO of Cloud Foundry, which is holding its European event in Frankfurt this week. At the conference, we spoke with Ramji to discuss, among other topics:
  • How to Find Your First OpenStack Job
  • LibreOffice 5.2.2 Now Available to Download
  • EC approves Slovenia courts data exchange solution
    First CEF AS4-compliant b2b solution developed as open source by a public administration The European Commission has tested and approved Laurentius, an eDelivery court documents and case exchange solution compliant with the AS4 profile of the OASIS ebMS standard. In September, Laurentius passed all tests by the EC’s Connecting Europe Facility (CEF) for its so-called “e-SENS AS4 conformant solutions”.
  • SDL 2.0.5 Is Readying For Release: Relative Mouse Mode For Wayland/Mir, Audio Capture
    SDL 2.0 point releases have ranged from being a few months apart to as much as two years apart. Fortunately, SDL 2.0.5 is now being put together for release just nine months after SDL 2.0.4. With the Mercurial repository, Sam Lantinga bumped the version in preparation for the SDL 2.0.5 release. The SDL 2.0.5 release hasn't officially happened yet, but it should be here soon.
  • Open standards default at Slovenia supreme court
    The use of open ICT standards is an IT requirement at Slovenia’s Supreme Court, responsible for the IT support of the entire court system in the country. The Supreme Court’s IT department has a strong preference for the development of modular, reusable software solutions. This strategy provides agility and flexibility, says Bojan Muršec, director of IT. The focus on open standards frees up the IT department to concentrate on the business, Muršec says. The IT department takes the modular approach serious: the first reusable module ever developed by the court - a court documents dispatch and delivery system - is re-used by all IT systems across the courts. “Making everything reusable prevents creation of silos in the organisation”, the IT director says. A positive side effect of the IT strategy is that the court uses mostly open source software solutions. This in turn helps to keep IT costs down, says the IT director, who estimates that the court saves EUR 400 to 500 thousand per year on licence fees: “The cost of proprietary licences always goes up.”
  • Why there is no CSS4 - explaining CSS Levels
    We had CSS1, and CSS2. We even had CSS2.1 and we then moved onto CSS3 – or did we? This post is a quick explanation of how CSS is versioned today. CSS versions 1 and 2 were monolithic specifications. All of CSS was included in one massive document. Selectors, positioning, colour – it was all in there. The problem with monolithic specifications is that in order to finish the spec, every component part also has to be finished. As CSS has grown in complexity, and new features are added, it doesn’t make sense to draw a line at which all work is stopped on all parts of CSS in order to declare that CSS version finished. Therefore, after CSS2.1 all the things that had been part of the 2.1 specification were broken down into modules. As the new CSS modules included all that had gone before plus any new features, they all came into being at Level 3. Hence CSS3, and people like me who understood CSS as a single specification referred to the group of Level 3 modules as “CSS3”.

Security Leftovers

  • Linux.Mirai Trojan causing mayhem with DDoS attacks
    A Trojan named Linux.Mirai has been found to be carrying out DDoS attacks. The malicious program first appeared in May 2016, detected by Doctor Web after being added to its virus database under the name Linux.DDoS.87. The Trojan can work with with the SPARC, ARM, MIPS, SH-4, M68K architectures and Intel x86 computers.
  • Don't Hide DRM in a Security Update
    Over 10,000 of you have joined EFF in calling on HP to make amends for its self-destructing printers in the past few days. Looks like we got the company’s attention: today, HP posted a response on its blog. Apparently recognizing that its customers are more likely to see an update that limits interoperability as a bug than as a feature, HP says that it will issue an optional firmware update rolling back the changes that it had made. We’re very glad to see HP making this step. But a number of questions remain. First, we’d like to know what HP’s plans are for informing users about the optional firmware update. Right now, the vast majority of people who use the affected printers likely do not know why their printers lost functionality, nor do they know that it’s possible to restore it. All of those customers should be able to use their printers free of artificial restrictions, not just the relatively few who have been closely following this story.
  • 6 Ways Driverless Cars Are Going To Kill Lots Of People
    You've probably read a few articles about driverless cars over the past couple of years. The technology is coming along quickly, with fleets of test cars already on the roads in some states. It seems like soon we'll achieve the American dream of stuffing our faces and texting all we want while still managing to avoid public transportation. But the reality is quite different. We're diving into this technology a little too quickly and ignoring all the warning signs about how we are going to screw up on the way to Driverless Car Utopia.

Red Hat and Fedora

  • Red Hat Inc. (RHT) Downgraded by Zacks Investment Research to “Hold”
  • Earnings Estimate Report: Intel Corporation (NASDAQ:INTC) , Red Hat, Inc. (NYSE:RHT)
  • Switched to HTTPS
    Perhaps you already noticed it, I have switched all the sites for a secured browsing using HTTPS. So, new addresses are: https://blog.remirepo.net/ for this Blog (with an automatic and permanent redirection) https://forum.remirepo.net/ for the Forum (with an automatic and permanent redirection) https://rpms.remirepo.net/ for the Repository, but classical address stay available.
  • Fedora Hubs: Getting started
    Fedora Hubs provides a consistent contributor experience across all Fedora teams and will serve as an “intranet” page for the Fedora Project. There are many different projects in Fedora with different processes and workflows. Hubs will serve as a single place for contributors to learn about and contribute to them in a standardized format. Hubs will also be a social network for Fedora contributors. It is designed as one place to go to keep up with everything and everybody across the project in ways that aren’t currently possible.