Language Selection

English French German Italian Portuguese Spanish

Legal

Ubuntu and ZFS: Possibly Illegal, Definitely Exciting

Filed under
Ubuntu
Legal

The project originally known as the Zettabyte File System was born the same year that Windows XP began shipping. Conceived and originally written by Bill Moore, Jeff Bonwick and Matthew Ahrens among others, it was a true next generation project – designed for needs that could not be imagined at the time. It was a filesystem built for the future.

Fifteen years later, it’s the future. Though it’s a teenager now, ZFS’s features remain attractive enough that Canonical – the company behind the Ubuntu distribution – wants to ship ZFS as a default. Which wouldn’t seem terribly controversial as it’s an open source project, except for the issue of its licensing.

Read more

Is Canonical about to violate the GNU GPLv2?

Filed under
Ubuntu
Legal

Canonical's decision to offer the ZFS filesystem as default in the forthcoming April release of its Ubuntu GNU/Linux distribution has put others in the free software and open source community offside.

The company is being accused of violating the GNU General Public Licence version 2, the licence under which the Linux kernel is released.

This is not the first time that Canonical and its founder Mark Shuttleworth have ended up on other side of the table as others in the community. This has been going on regularly since Ubuntu was first released in 2004.

Read more

BMW Australia and GPL

Filed under
GNU
OSS
Legal

The VMware Hearing and the Long Road Ahead

Filed under
GNU
Legal

On last Thursday, Christoph Hellwig and his legal counsel attended a hearing in Hellwig's VMware case that Conservancy currently funds. Harald Welte, world famous for his GPL enforcement work in the early 2000s, also attended as an observer and wrote an excellent summary. I'd like to highlight a few parts of his summary, in the context of Conservancy's past litigation experience regarding the GPL.

First of all, in great contrast to the cases here in the USA, the Court acknowledged fully the level of public interest and importance of the case. Judges who have presided over Conservancy's GPL enforcement cases USA federal court take all matters before them quite seriously. However, in our hearings, the federal judges preferred to ignore entirely the public policy implications regarding copyleft; they focused only on the copyright infringement and claims related to it. Usually, appeals courts in the USA are the first to broadly consider larger policy questions. There are definitely some advantages to the first Court showing interest in the public policy concerns.

Read more

SCO vs. IBM looks like it's over for good

Filed under
Linux
Legal

The long-running SCO vs. IBM case looks like it might just be over.

A new filing (PDF) scooped up by the good folks at Groklaw sees both SCO and IBM agree to sign off on two recent decisions in which SCO's arguments advancing its claims to own parts of Unix were slapped down by the US District Court.

As The Register reads the PDF we've linked to above, and our informal legal counsel concurs, the new document describes IBM and SCO both signing off on the recent court orders. Those orders left SCO without a legal argument to stand on.

The new filing also points out that SCO remains bankrupt and has “has de minimis financial resources beyond the value of the claims on which the Court has granted summary judgment for IBM.”

Or in plain English, SCO is broke and the only asset it possess of any value is its claims against IBM, and now it doesn't even have those because it just lost a court case about them. That leaves SCO in no position to carry on.

“Accordingly,” the new filing continues, “the disposition of SCO’s appeal is the practical course most likely to conserve both judicial and private resources.” That's the legal sense of “disposition”, by the way, so what the document's saying is that SCO giving up its appeal is most likely to stop the courts spending any more time or energy on this matter. Courts don't like wasting resources. So this is both parties explaining that wrapping things up now is a desirable thing.

Read more

Is SFLC Shooting Open Source in the Foot?

Filed under
OSS
Legal

The academic article by SFLC about ZFS is troubling and may unintentionally shoot free software licensing in the foot.

When I was at Sun (as part of the team that released the Java Programming Language by starting the OpenJDK project) I often heard community concerns about the CDDL license. At the time the big complaint was about the "Choice of Venue" clause.

I got involved because Sun had developed many essential Java libraries and distributed them under CDDL. The community requested a more permissive license and I was able to convince internal project leaders (and Sun's lawyers) to make a licensing change for a handful of these projects. And there was much rejoicing.

Based on my experience in helping Java to become open source I came to appreciate the legal hacks on copyright which make open source possible. It's the free software license which uses copyright to enable sharing (vs. the default of disabling sharing).

Read more

The Linux Kernel, CDDL and Related Issues

Filed under
Linux
Legal

The license terms on the Linux kernel are those of GPLv2. This is the unanimous consensus of the extensive community of copyright holders. No other terms, or modifications of those terms, are represented in any document as the consensus position of the relevant parties.

Read more

Also: SFC: GPL Violations Related to Combining ZFS and Linux

Winning the copyleft fight

Linux GPL Enforcement

Filed under
Linux
Legal
  • I’m Part of SFConservancy’s GPL Compliance Project for Linux

    I believe GPL enforcement in general, and specifically around the Linux kernel, is a good thing. Because of this, I am one of the Linux copyright holders who has signed an agreement for the Software Freedom Conservancy to enforce the GPL on my behalf. I’m also a financial supporter of Conservancy.

  • Report from the VMware GPL court hearing

    Today, I took some time off to attend the court hearing in the GPL violation/infringement case that Christoph Hellwig has brought against VMware.

    I am not in any way legally involved in the lawsuit. However, as a fellow (former) Linux kernel developer myself, and a long-term Free Software community member who strongly believes in the copyleft model, I of course am very interested in this case - and of course in an outcome in favor of the plaintiff. Nevertheless, the below report tries to provide an un-biased account of what happened at the hearing today, and does not contain my own opinions on the matter. I can always write another blog post about that Smile

    I blogged about this case before briefly, and there is a lot of information publicly discussed about the case, including the information published by the Software Freedom Conservancy (see the link above, the announcement and the associated FAQ.

  • I bought some awful light bulbs so you don't have to

    Anyway. Next step was to start playing with the protocol, which meant finding the device on my network. I checked anything that had picked up a DHCP lease recently and nmapped them. The OS detection reported Linux, which wasn't hugely surprising - there was no GPL notice or source code included with the box, but I'm way past the point of shock at that. It also reported that there was a telnet daemon running. I connected and got a login prompt. And then I typed admin as the username and admin as the password and got a root prompt. So, there's that. The copy of Busybox included even came with tftp, so it was easy to get copies of tcpdump and strace on there to see what was up.

  • SFC: GPL Violations Related to Combining ZFS and Linux

The U.S. Copyright Office requiring proprietary software in DMCA anti-circumvention study

Filed under
OSS
Legal

In Digital Millennium Copyright Act (DMCA) anti-circumvention study, the U.S. Copyright Office extends comment period and asserts that proprietary software is required for comment submission.

Read more

Canonical accused of violating GPL with ZFS-in-Ubuntu 16.04 plan

Filed under
Ubuntu
Legal

The Software Freedom Conservancy (SFC) thinks Canonical, the curator of Ubuntu, has breached the Gnu Public Licence (GPL).

As the Conservancy explains, Canonical recently announced that Ubuntu 16.04 will “make OpenZFS available on every Ubuntu system. Canonical reckons that adding OpenZFS represents “one of the most exciting new features Linux has seen in a very long time.”

Read more

Syndicate content

More in Tux Machines

Proxmox VE 4.3 released

Proxmox Server Solutions GmbH today announced the general availability of Proxmox Virtual Environment 4.3. The hyper-converged open source server virtualization solution enables users to create and manage LXC containers and KVM virtual machines on the same host, and makes it easy to set up highly available clusters as well as to manage network and storage via an integrated web-based management interface. The new version of Proxmox VE 4.3 comes with a completely new comprehensive reference documentation. The new docu framework allows a global as well as contextual help function. Proxmox users can access and download the technical documentation via the central help-button (available in various formats like html, pdf and epub). A main asset of the new documentation is that it is always version specific to the current user’s software version. Opposed to the global help, the contextual help-button shows the user the documentation part he currently needs. Read more

Games for GNU/Linux

Security News

  • Tuesday's security updates
  • New Open Source Linux Ransomware Divides Infosec Community
    Following our investigation into this matter, and seeing the vitriol-filled reaction from some people in the infosec community, Zaitsev has told Softpedia that he decided to remove the project from GitHub, shortly after this article's publication. The original, unedited article is below.
  • Fax machines' custom Linux allows dial-up hack
    Party like it's 1999, phreakers: a bug in Epson multifunction printer firmware creates a vector to networks that don't have their own Internet connection. The exploit requirements are that an attacker can trick the victim into installing malicious firmware, and that the victim is using the device's fax line. The firmware is custom Linux, giving the printers a familiar networking environment for bad actors looking to exploit the fax line as an attack vector. Once they're in that ancient environment, it's possible to then move onto the network to which the the printer's connected. Yves-Noel Weweler, Ralf Spenneberg and Hendrik Schwartke of Open Source Training in Germany discovered the bug, which occurs because Epson WorkForce multifunction printers don't demand signed firmware images.
  • Google just saved the journalist who was hit by a 'record' cyberattack
    Google just stepped in with its massive server infrastructure to run interference for journalist Brian Krebs. Last week, Krebs' site, Krebs On Security, was hit by a massive distributed denial-of-service (DDoS) attack that took it offline, the likes of which was a "record" that was nearly double the traffic his host Akamai had previously seen in cyberattacks. Now just days later, Krebs is back online behind the protection of Google, which offers a little-known program called Project Shield to help protect independent journalists and activists' websites from censorship. And in the case of Krebs, the DDoS attack was certainly that: The attempt to take his site down was in response to his recent reporting on a website called vDOS, a service allegedly created by two Israeli men that would carry out cyberattacks on behalf of paying customers.
  • Krebs DDoS aftermath: industry in shock at size, depth and complexity of attack
    “This attack didn’t stop, it came in wave after wave, hundreds of millions of packets per second,” says Josh Shaul, Akamai’s vice president of product management, when Techworld spoke to him. “This was different from anything we’ve ever seen before in our history of DDoS attacks. They hit our systems pretty hard.” Clearly still a bit stunned, Shaul describes the Krebs DDoS as unprecedented. Unlike previous large DDoS attacks such as the infamous one carried out on cyber-campaign group Spamhaus in 2013, this one did not use fancy amplification or reflection to muster its traffic. It was straight packet assault from the old school.
  • iOS 10 makes it easier to crack iPhone back-ups, says security firm
    INSECURITY FIRM Elcomsoft has measured the security of iOS 10 and found that the software is easier to hack than ever before. Elcomsoft is not doing Apple any favours here. The fruity firm has just launched the iPhone 7, which has as many problems as it has good things. Of course, there are no circumstances when vulnerable software is a good thing, but when you have just launched that version of the software, it is really bad timing. Don't hate the player, though, as this is what Elcomsoft, and what Apple, are supposed to be doing right. "We discovered a major security flaw in the iOS 10 back-up protection mechanism. This security flaw allowed us to develop a new attack that is able to bypass certain security checks when enumerating passwords protecting local (iTunes) back-ups made by iOS 10 devices," said Elcomsoft's Oleg Afonin in a blog post.
  • After Tesla: why cybersecurity is central to the car industry's future
    The news that a Tesla car was hacked from 12 miles away tells us that the explosive growth in automotive connectivity may be rapidly outpacing automotive security. This story is illustrative of two persistent problems afflicting many connected industries: the continuing proliferation of vulnerabilities in new software, and the misguided view that cybersecurity is separate from concept, design, engineering and production. This leads to a ‘fire brigade approach’ to cybersecurity where security is not baked in at the design stage for either hardware or software but added in after vulnerabilities are discovered by cybersecurity specialists once the product is already on the market.

Ofcom blesses Linux-powered, open source DIY radio ‘revolution’

Small scale DAB radio was (quite literally) conceived in an Ofcom engineer’s garden shed in Brighton, on a Raspberry Pi, running a full open source stack, in his spare time. Four years later, Ofcom has given the thumbs up to small scale DAB after concluding that trials in 10 UK cities were judged to be a hit. We gave you an exclusive glimpse into the trials last year, where you could compare the specialised proprietary encoders with the Raspberry Pi-powered encoders. “We believe that there is a significant level of demand from smaller radio stations for small scale DAB, and that a wider roll-out of additional small scale services into more geographic areas would be both technically possible and commercially sustainable,” notes Ofcom. Read more