Language Selection

English French German Italian Portuguese Spanish

Legal

BMW Australia and GPL

Filed under
GNU
OSS
Legal

The VMware Hearing and the Long Road Ahead

Filed under
GNU
Legal

On last Thursday, Christoph Hellwig and his legal counsel attended a hearing in Hellwig's VMware case that Conservancy currently funds. Harald Welte, world famous for his GPL enforcement work in the early 2000s, also attended as an observer and wrote an excellent summary. I'd like to highlight a few parts of his summary, in the context of Conservancy's past litigation experience regarding the GPL.

First of all, in great contrast to the cases here in the USA, the Court acknowledged fully the level of public interest and importance of the case. Judges who have presided over Conservancy's GPL enforcement cases USA federal court take all matters before them quite seriously. However, in our hearings, the federal judges preferred to ignore entirely the public policy implications regarding copyleft; they focused only on the copyright infringement and claims related to it. Usually, appeals courts in the USA are the first to broadly consider larger policy questions. There are definitely some advantages to the first Court showing interest in the public policy concerns.

Read more

SCO vs. IBM looks like it's over for good

Filed under
Linux
Legal

The long-running SCO vs. IBM case looks like it might just be over.

A new filing (PDF) scooped up by the good folks at Groklaw sees both SCO and IBM agree to sign off on two recent decisions in which SCO's arguments advancing its claims to own parts of Unix were slapped down by the US District Court.

As The Register reads the PDF we've linked to above, and our informal legal counsel concurs, the new document describes IBM and SCO both signing off on the recent court orders. Those orders left SCO without a legal argument to stand on.

The new filing also points out that SCO remains bankrupt and has “has de minimis financial resources beyond the value of the claims on which the Court has granted summary judgment for IBM.”

Or in plain English, SCO is broke and the only asset it possess of any value is its claims against IBM, and now it doesn't even have those because it just lost a court case about them. That leaves SCO in no position to carry on.

“Accordingly,” the new filing continues, “the disposition of SCO’s appeal is the practical course most likely to conserve both judicial and private resources.” That's the legal sense of “disposition”, by the way, so what the document's saying is that SCO giving up its appeal is most likely to stop the courts spending any more time or energy on this matter. Courts don't like wasting resources. So this is both parties explaining that wrapping things up now is a desirable thing.

Read more

Is SFLC Shooting Open Source in the Foot?

Filed under
OSS
Legal

The academic article by SFLC about ZFS is troubling and may unintentionally shoot free software licensing in the foot.

When I was at Sun (as part of the team that released the Java Programming Language by starting the OpenJDK project) I often heard community concerns about the CDDL license. At the time the big complaint was about the "Choice of Venue" clause.

I got involved because Sun had developed many essential Java libraries and distributed them under CDDL. The community requested a more permissive license and I was able to convince internal project leaders (and Sun's lawyers) to make a licensing change for a handful of these projects. And there was much rejoicing.

Based on my experience in helping Java to become open source I came to appreciate the legal hacks on copyright which make open source possible. It's the free software license which uses copyright to enable sharing (vs. the default of disabling sharing).

Read more

The Linux Kernel, CDDL and Related Issues

Filed under
Linux
Legal

The license terms on the Linux kernel are those of GPLv2. This is the unanimous consensus of the extensive community of copyright holders. No other terms, or modifications of those terms, are represented in any document as the consensus position of the relevant parties.

Read more

Also: SFC: GPL Violations Related to Combining ZFS and Linux

Winning the copyleft fight

Linux GPL Enforcement

Filed under
Linux
Legal
  • I’m Part of SFConservancy’s GPL Compliance Project for Linux

    I believe GPL enforcement in general, and specifically around the Linux kernel, is a good thing. Because of this, I am one of the Linux copyright holders who has signed an agreement for the Software Freedom Conservancy to enforce the GPL on my behalf. I’m also a financial supporter of Conservancy.

  • Report from the VMware GPL court hearing

    Today, I took some time off to attend the court hearing in the GPL violation/infringement case that Christoph Hellwig has brought against VMware.

    I am not in any way legally involved in the lawsuit. However, as a fellow (former) Linux kernel developer myself, and a long-term Free Software community member who strongly believes in the copyleft model, I of course am very interested in this case - and of course in an outcome in favor of the plaintiff. Nevertheless, the below report tries to provide an un-biased account of what happened at the hearing today, and does not contain my own opinions on the matter. I can always write another blog post about that Smile

    I blogged about this case before briefly, and there is a lot of information publicly discussed about the case, including the information published by the Software Freedom Conservancy (see the link above, the announcement and the associated FAQ.

  • I bought some awful light bulbs so you don't have to

    Anyway. Next step was to start playing with the protocol, which meant finding the device on my network. I checked anything that had picked up a DHCP lease recently and nmapped them. The OS detection reported Linux, which wasn't hugely surprising - there was no GPL notice or source code included with the box, but I'm way past the point of shock at that. It also reported that there was a telnet daemon running. I connected and got a login prompt. And then I typed admin as the username and admin as the password and got a root prompt. So, there's that. The copy of Busybox included even came with tftp, so it was easy to get copies of tcpdump and strace on there to see what was up.

  • SFC: GPL Violations Related to Combining ZFS and Linux

The U.S. Copyright Office requiring proprietary software in DMCA anti-circumvention study

Filed under
OSS
Legal

In Digital Millennium Copyright Act (DMCA) anti-circumvention study, the U.S. Copyright Office extends comment period and asserts that proprietary software is required for comment submission.

Read more

Canonical accused of violating GPL with ZFS-in-Ubuntu 16.04 plan

Filed under
Ubuntu
Legal

The Software Freedom Conservancy (SFC) thinks Canonical, the curator of Ubuntu, has breached the Gnu Public Licence (GPL).

As the Conservancy explains, Canonical recently announced that Ubuntu 16.04 will “make OpenZFS available on every Ubuntu system. Canonical reckons that adding OpenZFS represents “one of the most exciting new features Linux has seen in a very long time.”

Read more

GPL Violations Related to Combining ZFS and Linux

Filed under
Legal

This post discusses an atypical GPL violation. Unlike most GPL violations Conservancy faces, in this case, a third-party entity holds a magic wand that can instantly resolve the situation. Oracle is the primary copyright holder of ZFS, and, despite nearly eight years (going back to the days of Sun's control of the code) of the anti-license-proliferation community's urging, Oracle continues to license their code under their own, GPL-incompatible license. While this violation has many facets, and Oracle did not themselves violate GPL in this specific case, they hold the keys to this particular kingdom and they forbid the Linux community to enter. While there are complexities that we must address, in this context, Oracle could make everyone's life easier by waving their magic relicensing wand. Nevertheless, until they do, since GPL-incompatible licenses are the root of all GPL violations, combinations of GPL'd code with Oracle's GPL-incompatible code yield GPL violations, such as the ongoing violation by Canonical, Ltd.

Read more

Kuhn's Paradox

Filed under
OSS
Legal

I believe this paradox is primarily driven by the cooption of software freedom by companies that ostensibly support Open Source, but have the (now extremely popular) open source almost everything philosophy.

For certain areas of software endeavor, companies dedicate enormous resources toward the authorship of new Free Software for particular narrow tasks. Often, these core systems provide underpinnings and fuel the growth of proprietary systems built on top of them. An obvious example here is OpenStack: a fully Free Software platform, but most deployments of OpenStack add proprietary features not available from a pure upstream OpenStack installation.

Meanwhile, in other areas, projects struggle for meager resources to compete with the largest proprietary behemoths. Large user-facing, server-based applications of the Service as a Software Substitute variety, along with massive social media sites like Twitter and Facebook that actively work against federated social network systems, are the two classes of most difficult culprits on this point. Even worse, most traditional web sites have now become a mix of mundane content (i.e., HTML) and proprietary Javascript programs, which are installed on-demand into the users' browser all day long, even while most of those servers run a primarily Free Software operating system.

Read more

Syndicate content

More in Tux Machines

Meltdown and Spectre Linux Kernel Status - Update

I keep getting a lot of private emails about my previous post previous post about the latest status of the Linux kernel patches to resolve both the Meltdown and Spectre issues. These questions all seem to break down into two different categories, “What is the state of the Spectre kernel patches?”, and “Is my machine vunlerable?” Read more

today's leftovers

OSS: Jio, VMware Openwashing, and Testing Jobs

  • Jio is committed to use open source technology: Akash Ambani
    Speaking at the India Digital Open Summit 2018, Akash Ambani, Director of Reliance Jio Infocomm, said that open source is very important for his company. “The year 2017 was the tipping point for AR and VR globally. In India, AR and VR are in the initial stages of adoption but at Jio, we believe it will grow at a 50 percent compounded rate for the next five years,” Akash said. He also spoke on the evolution of artificial intelligence and blockchain.
  • VMware and Pivotal’s PKS Distribution Marries Kubernetes with BOSH [Ed: It looks like the author has been reduced to Microsoft propaganda and other openwashing puff pieces sponsored by proprietary software giants. We have given up on several writers who used to support GNU/Linux. Seeing their activity, it seems as though they ended up with neither gigs nor credibility (used to get far more writing assignments from LF, often for Microsoft openwashing).]
  • Hehe, still writing code for a living? It's 2018. You could be earning x3 as a bug bounty hunter
    Ethical hacking to find security flaws appears to pay better, albeit less regularly, than general software engineering. And while payment remains one of the top rationales for breaking code, hackers have begun citing more civic-minded reasons for their activities. A survey of 1,700 bug bounty hunters from more than 195 countries and territories by security biz HackerOne, augmented by the company's data on 900 bug bounty programs, has found that white-hat hackers earn a median salary that's 2.7 times that of typical software engineers in their home countries. In some places, the gap is far more pronounced. In India, for example, hackers make as much as 16 times the median programmer salary. In the US, they earn 2.4 times the median.

Security: Spectre and Meltdown, Industrial System Sabotage, VDP, Windows in Healthcare

  • Some thoughts on Spectre and Meltdown
     

    Contrast that with what happened this time around. Google discovered a problem and reported it to Intel, AMD, and ARM on June 1st. Did they then go around contacting all of the operating systems which would need to work on fixes for this? Not even close. FreeBSD was notified the week before Christmas, over six months after the vulnerabilities were discovered. Now, FreeBSD can occasionally respond very quickly to security vulnerabilities, even when they arise at inconvenient times — on November 30th 2009 a vulnerability was reported at 22:12 UTC, and on December 1st I provided a patch at 01:20 UTC, barely over 3 hours later — but that was an extremely simple bug which needed only a few lines of code to fix; the Spectre and Meltdown issues are orders of magnitude more complex.  

  • Menacing Malware Shows the Dangers of Industrial System Sabotage
     

    At the S4 security conference on Thursday, researchers from the industrial control company Schneider Electric, whose equipment Triton targeted, presented deep analysis of the malware—only the third recorded cyberattack against industrial equipment. Hackers [sic] were initially able to introduce malware into the plant because of flaws in its security procedures that allowed access to some of its stations, as well as its safety control network.

  • 25 per cent of hackers don't report bugs due to lack of disclosure policies
     

    One of the standout discoveries was that almost 25 per cent of respondents said they were unable to disclose a security flaw because the bug-ridden company in question lacked a vulnerability disclosure policy (VDP).

  • 'Professional' hack [sic] on Norwegian health authority compromises data of three million patients [iophk: "Windows TCO"]