Language Selection

English French German Italian Portuguese Spanish

Legal

Licensing and Development: Patrick McHardy, React's Open Source [sic] Licence, Programming Success

Filed under
Development
Legal
  • Patrick McHardy and copyright profiteering

    Many in the open source community have expressed concern about the activities of Patrick McHardy in enforcing the GNU General Public License (GPL) against Linux distributors. Below are answers to common questions, based on public information related to his activities, and some of the legal principles that underlie open source compliance enforcement.

    Who is Patrick McHardy? McHardy is the former chair of the Netfilter core development team. Netfilter is a utility in the Linux kernel that performs various network functions, such as facilitating Network Address Translation (NAT)—the process of converting an Internet protocol address into another IP address. Controlling network traffic is important to maintain the security of a Linux system.

  • Facebook Refuses to Alter React's Open Source License

    The Apache Foundation recently announced that Facebook's BSD+Patents open source license has been disallowed for inclusion with Apache products. The resulting fallout has caused gnashed teeth and much soul searching for React developers and Facebook has so far refused to reconsider.

  • Users as Co Developers OR The Secret of Programming Success

    And so I inherited popclient. Just as importantly, I inherited popclient’s user base. Users are wonderful things to have, and not just because they demonstrate that you’re serving a need, that you’ve done something right. Properly cultivated, they can become co-developers.

    Another strength of the Unix tradition, one that Linux pushes to a happy extreme, is that a lot of users are hackers too. Because source code is available, they can be effective hackers. This can be tremendously useful for shortening debugging time. Given a bit of encouragement, your users will diagnose problems, suggest fixes, and help improve the code far more quickly than you could unaided.

  • Oracle to open source Java Enterprise Edition (JAVA EE)

    They say that you can never expect a favor from the corporate world without them getting some profit. Oracle seems to be shutting shop on Java Enterprise Edition (Java EE) and has now decided to open source it.  After earning millions from Java EE, now Oracle seems to have realized that it needs to move on.

Facebook won't change React.js license despite Apache developer pain

Filed under
Legal

Facebook's decided to stick with its preferred version of the BSD license despite the Apache Foundation sin-binning it for any future projects.

The Foundation barred use of Facebook's BSD-plus-Patents license in July, placing it in the “Category X” it reserves for “disallowed licenses”.

Facebook's BSD+Patents license earned that black mark because the Foundation felt it “includes a specification of a PATENTS file that passes along risk to downstream consumers of our software imbalanced in favor of the licensor, not the licensee, thereby violating our Apache legal policy of being a universal donor.”

Read more

Mixing Free/Open Source Licenses and Changes at Mir

Filed under
OSS
Legal
  • A Realistic Approach to Mixing Open Source Licenses

    At the upcoming Open Source Summit in Los Angeles, Lars Kurth, director of Open Source Solutions at Citrix and chair of the Advisory Board of the Xen Project at The Linux Foundation, will be delivering a wealth of practical advice in two conference talks.

    The first talk is “Mixed License FOSS Projects: Unintended Consequences, Worked Examples, Best Practices” and the second talk is “Live Patching, Virtual Machine Introspection and Vulnerability Management: A Primer and Practical Guide.”

    Here, Kurth explains more about what he will be covering in these presentations.

  • Mir Relicensed To GPLv2 Or GPLv3

    While we await the Mir 1.0 release with its new target of supporting Wayland clients directly, we noticed there was a re-licensing change this week for the Mir code-base.

    Previously the Mir code was licensed under the GPLv3 for the Mir server and LGPLv3 for the client code. The license has now been updated to reflect GPLv2 or GPLv3 for the Mir server code and LGPLv2 or LGPLv3 for the Mir client code.

Man jailed for role in spreading Linux malware

Filed under
Linux
Legal

A man who helped spread malware that exploited the OpenSSH software to steal login credentials has been jailed for 46 months and will be deported after serving his term.

Read more

Marcus Hutchins and Bruce Perens Sued

Filed under
Security
Legal
  • Slayer of WCry worm charged with creating unrelated banking malware

    Marcus Hutchins, the 23-year-old security professional who accidentally stopped the spread of the virulent WCry ransomware worm in May, has been named in a federal indictment that alleges he was part of a conspiracy that created and distributed a piece of unrelated malware that steals banking credentials from unsuspecting computer users.

    According to the eight-page indictment, the conspiracy involved Hutchins and two other individuals whose names still have not been made public. After Hutchins allegedly created the banking trojan dubbed "Kronos," a video circulated in July 2014 on a publicly available website that demonstrated how the malware worked. A month later, one of the unnamed co-conspirators put the malware up for sale at a price of $3,000. Hutchins and one of the co-conspirators allegedly updated Kronos around February 2015.

  • Linux kernel hardeners Grsecurity sue open source's Bruce Perens

    "As a customer, it’s my opinion that you would be subject to both contributory infringement and breach of contract by employing this product in conjunction with the Linux kernel under the no-redistribution policy currently employed by Grsecurity," Perens wrote on his blog.

    The following month, Perens was invited to court. Grsecurity sued the open-source doyen, his web host, and as-yet-unidentified defendants who may helped him draft that post, for defamation and business interference.

    [...]

    Linus Torvalds, who oversees the Linux kernel, has called Grsecurity's patches "garbage."

    Grsecurity used to allow others to redistribute its patches, but the biz ended that practice for stable releases two years ago and for test patches in April this year. It offers its GPLv2 licensed software through a subscription agreement. The agreement says that customers who redistribute the code – a right under the GPLv2 license – will no longer be customers and will lose the right to distribute subsequent versions of the software.

Simon Phipps on Public Domain and Facebook’s React Licence

Filed under
OSS
Legal
  • Public Domain Is Not Open Source

    Open Source and Public Domain are frequently confused. Here’s why it’s a mistake to treat the two terms as synonyms.

    Plenty of people assume that public domain software must be open source. While it may be free software within your specific context, it is incorrect to treat public domain software as open source or indeed as globally free software. That’s not a legal opinion (I’m not a lawyer so only entitled to layman’s opinions) but rather an observation that an open source user or developer cannot safely include public domain source code in a project.

  • 5 Reasons Facebook’s React License Was A Mistake

    In July 2017, the Apache Software Foundation effectively banned the license combination Facebook has been applying to all the projects it has been releasing as open source. They are using the 3-clause BSD license (BSD-3), a widely-used OSI-approved non-reciprocal license, combined with a broad, non-reciprocal patent grant but with equally broad termination rules to frustrate aggressors.

    The combination represents a new open source license, which I’ve termed the “Facebook BSD Plus Patent License” (FB+PL), and to my eyes it bears the hallmarks of an attempt to be compatible with both the GPL v2 and the Apache License v2 at the same time, in circumvention of the alleged imcompatibility of those licenses.

If you were on a desert island, which license would you take with you?

Filed under
OSS
Legal

If I were on a desert island, I probably would not need a license, but let's say I did. I'd stuff the MIT license in one pocket, put the GPLv3 in my backpack, and find a place to tuck the Apache license.

Read more

Apache discontinues use of Facebook code libraries

Filed under
OSS
Legal
  • Apache discontinues use of Facebook code libraries

    San Francisco, July 18 (IANS) US-based open-source community Apache Foundation has said it will not use Facebook’s ‘BSD-licensed’ code for any of its new software projects for legal reasons.

    The foundation banned the use of libraries, frameworks and tools covered by Facebook’s open-source ‘BSD-plus-Patents’ license in any new projects, The Register reported on Tuesday.

    “No new project, sub-project or codebase, which has not used Facebook’s ‘BSD-plus-Patents’ licensed jars are allowed to use them,” Chris Mattmann, Legal Affairs Director, Apache Foundation, was quoted as saying.

  • Apache says 'no' to Facebook code libraries

    The Apache Foundation has declared that none of its new software projects can include Facebook's booby-trapped BSD-licensed code.

    The foundation's legal affairs director, Chris Mattmann, said over the weekend that libraries, frameworks and tools covered by Facebook's open-source-ish BSD-plus-Patents license should not be absorbed into any new projects.

    "No new project, sub-project or codebase, which has not used Facebook BSD+Patents licensed jars (or similar), are allowed to use them," Mattmann wrote. "In other words, if you haven't been using them, you aren't allowed to start. It is Cat‑X."

  • Apache Bans Facebook’s License Combo

Why OSI License Approval Matters

Filed under
OSS
Legal

Does it really matter if a copyright license is OSI Approved or not? Surely if it looks like it meets the benchmark that’s all that matters? I think that’s the wrong answer, and that OSI license approval is the crucial innovation that’s driven the open source revolution.

“Open Source” describes a subset of free software that is made available under a copyright license approved by the Open Source Initiative as conforming with the Open Source Definition. Having a standards body for licenses — one which ratifies the consensus of an open community of license reviewers — saves individuals from needing to each seek out a legal advisor to tell them whether a given license does in fact give them the rights they need to build or deploy the software they want. By providing easy certainty, open source gives people permission in advance to meet their own needs and innovate with technology.

Read more

Defending GPL, Bashing GPL

Filed under
GNU
OSS
BSD
Legal
  • Permissive and Copyleft Are Not Antonyms

    Using the term “permissive” as an antonym to “copyleft” – or “restrictive” as its synonym – are unhelpful framing. Describe license reciprocity instead.

    Some open source licenses implement a clever hack invented by Richard Stallman where, as a condition of the copyright license, anyone creating derived versions has to agree they will license the new version the same way as the original. In a play on words, this concept is called “copyleft” and many open source licenses implement this hack.

    In its strongest form, the “copyleft” idea can place a condition on the licensing of all the other code compiled together to make the eventual binary executable program. Complying with this requirement can prevent use of business models that deny software freedom to the end user; as a consequence, many commercial software developers avoid the strongest forms of copyleft licensing.

    There are less stringent forms of copyleft. Licenses like the MPL (Mozilla Public License) only require individual files that are modified to be licensed under the same license as the original and don’t extend that requirement to other files used to build the executable. The Eclipse Public License (EPL) has a copyleft provision that’s triggered by distribution of the source code. These scope-restricted variants are all described as “weak copyleft.”

    In discussing these licensing approaches with clients, I’ve often found that these terms “strong copyleft” and “weak copyleft” lead to misunderstandings. In particular, developers can incorrectly apply the compliance steps applicable to one “weak” license to code under another license, believing that all such licenses are the same. As a consequence, I prefer to use different terms.

  • Should the Fair License Replace the GPL?

    Read the full license, and if you find yourself thinking, “That sounds impossible to enforce,” you aren’t alone. To me, the Fair Source License looks like another one of the many attempts I’ve seen to come up with something that looks like a free or open source license, but really isn’t.

Syndicate content

More in Tux Machines

today's leftovers

  • Blockchain Moves Beyond its 'Moonshot' Phase
  • Some reading
    I've complained previously about disliking benchmarking. More generally, I'm not really a fan of performance analysis. I always feel like I get stuck at coming up with an approach to "it's going slower, why" beyond the basics. I watched a video of Brendan Gregg's talk from kernel recipes, and ended up going down the black hole1 of reading his well written blog. He does a fantastic job of explaining performance analysis concepts as well as the practical tools to do the analysis. He wrote a book several years ago and I happily ordered it. The book explains how to apply the USE method to performance problems across the system. This was helpful to me because it provides a way to generate a list of things to check and how to check them. It addresses the "stuck" feeling I get when dealing with performance problems. The book also provides a good high level overview of operating systems concepts. I'm always looking for references for people who are interested in kernels but don't know where to start and I think this book could fill a certain niche. Even if this book has been out for several years now, I was very excited to discover it.
  • Introducing container-diff, a tool for quickly comparing container images
    The Google Container Tools team originally built container-diff, a new project to help uncover differences between container images, to aid our own development with containers. We think it can be useful for anyone building containerized software, so we’re excited to release it as open source to the development community.
  • NATTT – A Modern Multi-Platform Time Conscious Tracker App
    It’s not that there aren’t already a lot of time tracker apps but my conscience wouldn’t let me sleep if I didn’t tell you about NATTT. So grab your cup of whatever you’re probably drinking as we delve into this app a little. NATTT is an acronym for “Not Another Time Tracking Tool”; a free and multi-platform app with which you can keep track of your work and how much you have spent at it.
  • Running Bitcoin node and ElectrumX server
  • todo.txt done
  • GNOME's Calendar & TODO Applications Are Looking Better For v3.28
    Adding to the growing list of changes for GNOME 3.28 are improvements to the Calendar and To Do applications by Georges Stavracas. Stavracas has been reworking the month view of GNOME Calendar and it's looking much better, some applications for Calendar via libdazzle, and more.
  • Compact DAQ systems offer a choice of 12- or 16-bit I/Os
    Advantech’s Linux-ready “MIC-1810” and “MIC-1816” DAQ computers offer 12- and 16-bit analog I/O, respectively, plus 24x DIOs, Intel CPUs, and 4x USB ports. Advantech’s MIC-1810 and MIC-1816 are digital acquisition computers that run Linux or Windows 7/8/10 on Intel 3rd Gen “Ivy Bridge” processors. If the aging CPU is a turn-off, keep in mind that many DAQ applications don’t require that much processing power, and perhaps Advantech’s “entry-level” label for the systems extends to the price, as well. The 165 x 130 x 59mm, DIN-rail mountable systems should also prove useful for environments with limited space.

Security: New Release of HardenedBSD, Windows Leaks Details of Windows Back Doors

  • Stable release: HardenedBSD-stable 11-STABLE v1100054
  • Kaspersky blames NSA hack on infected Microsoft software
    Embattled computer security firm Kaspersky Lab said Thursday that malware-infected Microsoft Office software and not its own was to blame for the hacking theft of top-secret US intelligence materials. Adding tantalizing new details to the cyber-espionage mystery that has rocked the US intelligence community, Kaspersky also said there was a China link to the hack.
  • Investigation Report for the September 2014 Equation malware detection incident in the US
    In early October, a story was published by the Wall Street Journal alleging Kaspersky Lab software was used to siphon classified data from an NSA employee’s home computer system. Given that Kaspersky Lab has been at the forefront of fighting cyberespionage and cybercriminal activities on the Internet for over 20 years now, these allegations were treated very seriously. To assist any independent investigators and all the people who have been asking us questions whether those allegations were true, we decided to conduct an internal investigation to attempt to answer a few questions we had related to the article and some others that followed it:
  • Kaspersky: Clumsy NSA leak snoop's PC was packed with malware
    Kaspersky Lab, the US government's least favorite computer security outfit, has published its full technical report into claims Russian intelligence used its antivirus tools to steal NSA secrets. Last month, anonymous sources alleged that in 2015, an NSA engineer took home a big bunch of the agency's cyber-weapons to work on them on his home Windows PC, which was running the Russian biz's antimalware software – kind of a compliment when you think about it. The classified exploit code and associated documents on the personal system were then slurped by Kremlin spies via his copy of Kaspersky antivirus, it was claimed.

OSS Leftovers

  • Open Source Networking Days: Think Globally, Collaborate Locally
    Something that we’ve learned at The Linux Foundation over the years is that there is just no substitute for periodic, in-person, face-to-face collaboration around the open source technologies that are rapidly changing our world. It’s no different for the open networking projects I work with as end users and their ecosystem partners grapple with the challenges and opportunities of unifying various open source components and finding solutions to accelerate network transformation. This fall, we decided to take The Linux Foundation networking projects (OpenDaylight, ONAP, OPNFV, and others) on the road to Europe and Japan by working with local site hosts and network operators to host Open Source Networking Days in Paris, Milan, Stockholm, London, Tel Aviv, and Yokohama.
  • The Open-Source Driving Simulator That Trains Autonomous Vehicles
    Self-driving cars are set to revolutionize transport systems the world over. If the hype is to be believed, entirely autonomous vehicles are about to hit the open road. The truth is more complex. The most advanced self-driving technologies work only in an extremely limited set of environments and weather conditions. And while most new cars will have some form of driver assistance in the coming years, autonomous cars that drive in all conditions without human oversight are still many years away. One of the main problems is that it is hard to train vehicles to cope in all situations. And the most challenging situations are often the rarest. There is a huge variety of tricky circumstances that drivers rarely come across: a child running into the road, a vehicle driving on the wrong side of the street, an accident immediately ahead, and so on.
  • Fun with Le Potato
    At Linux Plumbers, I ended up with a Le Potato SBC. I hadn't really had time to actually boot it up until now. They support a couple of distributions which seem to work fine if you flash them on. I mostly like SBCs for having actual hardware to test on so my interest tends to be how easily can I get my own kernel running. Most of the support is not upstream right now but it's headed there. The good folks at BayLibre have been working on getting the kernel support upstream and have a tree available for use until then.
  • PyConf Hyderabad 2017
    In the beginning of October, I attended a new PyCon in India, PyConf Hyderabad (no worries, they are working on the name for the next year). I was super excited about this conference, the main reason is being able to meet more Python developers from India. We are a large country, and we certainly need more local conferences :)
  • First Basilisk version released!
    This is the first public version of the Basilisk web browser, building on the new platform in development: UXP (code-named Möbius).
  • Pale Moon Project Rolls Out The Basilisk Browser Project
    The developers behind the Pale Moon web-browser that's been a long standing fork of Firefox have rolled out their first public beta release of their new "Basilisk" browser technology. Basilisk is their new development platform based on their (Gecko-forked) Goanna layout engine and the Unified UXL Platform (UXP) that is a fork of the Mozilla code-base pre-Servo/Rust... Basically for those not liking the direction of Firefox with v57 rolling out the Quantum changes, etc.
  • Best word processor for Mac [iophk: "whole article fails to mention OpenDocument Format"]
  • WordPress 4.9: This one's for you, developers!
    WordPress 4.9 has debuted, and this time the world's most popular content management system has given developers plenty to like. Some of the changes are arguably overdue: syntax highlighting and error checking for CSS editing and cutting custom HTML are neither scarce nor innovative. They'll be welcomed arrival will likely be welcomed anyway, as will newly-granular roles and permissions for developers. The new release has also added version 4.2.6 of MediaElement.js, an upgrade that WordPress.org's release notes stated has removed dependency on jQuery, improves accessibility, modernizes the UI, and fixes many bugs.”
  • New projects on Hosted Weblate
  • Cilk Plus Is Being Dropped From GCC
    Intel deprecated Cilk Plus multi-threading support with GCC 7 and now for GCC 8 they are looking to abandon this support entirely. Cilk Plus only had full support introduced in GCC 5 while now for the GCC 8 release early next year it's looking like it will be dropped entirely.
  • Software Freedom Law Center vs. Software Freedom Conservancy

    On November 3rd, the Software Freedom Conservancy (SFC) wrote a blog post to let people know that the Software Freedom Law Center (SFLC) had begun legal action against them (the SFC) over the trademark for their name.

  • What Is Teletype For Atom? How To Code With Fellow Developers In Real Time?
    In a short period of three years, GitHub’s open source code editor has become one of the most popular options around. In our list of top text editors for Linux, Atom was featured at #2. From time to time, GitHub keeps adding new features to this tool to make it even better. Just recently, with the help of Facebook, GitHub turned Atom into a full-fledged IDE. As GitHub is known to host some of the world’s biggest open source collaborative projects, it makes perfect sense to add the collaborative coding ability to Atom. To make this possible, “Teletype for Atom” has just been announced.
  • Microsoft Is Trying To Make Windows Subsystem For Linux Faster (WSL)
  • Microsoft and GitHub team up to take Git virtual file system to macOS, Linux

Ubuntu: New Users, Unity Remix, 18.04 LTS News

  • How to Get Started With the Ubuntu Linux Distro
    The Linux operating system has evolved from a niche audience to widespread popularity since its creation in the mid 1990s, and with good reason. Once upon a time, that installation process was a challenge, even for those who had plenty of experience with such tasks. The modern day Linux, however, has come a very long way. To that end, the installation of most Linux distributions is about as easy as installing an application. If you can install Microsoft Office or Adobe Photoshop, you can install Linux. Here, we’ll walk you through the process of installing Ubuntu Linux 17.04, which is widely considered one of the most user-friendly distributions. (A distribution is a variation of Linux, and there are hundreds and hundreds to choose from.)
  • An ‘Ubuntu Unity Remix’ Might Be on the Way…
    A new Ubuntu flavor that uses the Unity 7 desktop by default is under discussion. The plans have already won backing from a former Unity developer.
  • Ubuntu News: Get Firefox Quantum Update Now; Ubuntu 18.04 New Icon Theme Confirmed
    Earlier this week, Mozilla earned big praises in the tech world for launching its next-generation Firefox Quantum 57.0 web browser. The browser claims to be faster and better than market leader Google Chrome. Now, Firefox Quantum is available for all supported Ubuntu versions from the official repositories. The Firefox Quantum Update is also now available.
  • New Icon Theme Confirmed for Ubuntu 18.04 LTS
    ‘Suru’ is (apparently) going to be the default icon theme in Ubuntu 18.04 LTS. That’s Suru, the rebooted community icon theme and not Suru, the Canonical-created icon theme that shipped on the Ubuntu Phone (and was created by Matthieu James, who recently left Canonical).