Language Selection

English French German Italian Portuguese Spanish

Legal

Licensing: 'Cloud' Trap, Substrate and Asus Kernel Code

Filed under
OSS
Legal
  • Stormy weather: To stop cloud giants, some open-source software firms limit licenses

    A heated debate has erupted in the open-source software world that’s pitting startups against cloud computing giants.

    The furor concerns, of all things, new licensing terms, which software companies are adopting to thwart what they believe is unfair competition from cloud provider in general and Amazon Web Services Inc. in particular.

    It’s the latest development in the ongoing struggle by open-source developers to come up with sustainable business models built upon software that is essentially free. Open source has transformed the software industry, but only a few companies such as Red Hat Inc. — itself likely to be acquired by IBM Corp. in a recently announced deal — are consistently profitable.

  • Parity Introduces Substrate, a Blockchain Building Tool Suite

    The beta version of Substrate is authorized under the GNU General Public License, but the safe storage of the system will be transferred to an Apache 2.0 license to provide utmost developer independence. Parity will also offer professional help to organizations in view of the development of apps with a substratum.

  • Asus to release encrypted kernel sources for their ZenFone Max Pro M1, Max Pro M2 and Max M2

    The Asus ZenFone Max Pro M1 has been one of the more interesting smartphones from the company, especially in the budget segment in the past few years. The phone ticked a lot of boxes in terms of offering probably the best performance in its segment at that time along with a cleaner look with the stock Android. The Asus ZenFone Max Pro M2 follows the path set down by their predecessor and goes on to compete against the Xiaomi Redmi Note 6 Pro overcoming its predecessor’s shortcomings.

Free Software Licensing and Legal Challenges

Filed under
OSS
Legal
  • Parity Launches Beta Version of Tool Stack for Building Blockchains

    The beta version of Substrate is licensed under the GNU General Public License, but in order to provide maximum developer freedom, the tool’s repository will be moved to an Apache 2.0 license.

  • The Cyclical Theory of Open Source

    But in a world in which appetites for open source software commercially are under threat from – among other areas – proprietary cloud based offerings, it is certainly possible that industry appetites and support for open source could be slowed if public models give way to private alternatives.

    Many of those that have resorted to problematic licenses, however, feel as if they’ve been left with little choice. In their view, they foot the bill for the majority of development on an open source asset, only to see a cloud provider pick up that code and offer it as a competitive service – often without so much as an acknowledgement of the open source codebase it’s derived from.

    The question facing these providers, and the market as a whole, is not whether or not the typical commercial open source vs cloud provider dynamic is optimal – it is clear that, while improving, it is not. The question rather is whether or not a license is an appropriate remedy for the issue.

  • Automated Compliance Tooling project announced, Code California launches, Tor funding, and more news

    When you think of open source projects, the first thing that comes to mind is probably code. There's more to it than that. One vital aspect of open source that doesn't get a lot of attention is license compliance. That could change, thanks to the ACT project that the Linux Foundation is launching.

    Short for Automated Compliance Tooling, ACT brings together four compliance projects: FOSSology, QMSTR, SPDX Tools, and Tern. The goal of ACT, according to the Linux Foundation, is to "consolidate investment in, and increase interoperability and usability of, open source compliance tooling." In the end, this will help users and companies more easily "find up-to-date and current compliance documentation."

  • Startups are taking on Amazon's cloud with a controversial new plan, but experts warn it could undermine the foundations of open source

    In response, three smaller software companies behind some of the open-source software that Amazon and others rely on — Confluent, Redis Labs, and MongoDB — have gone on the defensive. In recent months, they've made changes to their licensing that prevent cloud platforms from profiting from the open-source code that they develop. Open source can't be "free and unsustainable" research and development for tech giants, Confluent CEO Jay Kreps said last week.

  • Radio Gets Ridiculous

    Of course, he’s leveraging the analog conversion in the microcontroller as well as the ability to generate signals in software. You might think that’s going to be an anemic receiver. Granted, it won’t be a high fidelity long-range receiver, but it does interface with GNU Radio!

Freeriders in FOSS

Filed under
GNU
OSS
Legal
  • Confluent joins Redis and MongoDB in restricting its open source licensing for competitors
  • Confluent Creates New 'Open Source' License to Stop Cloud Poaching

    The problem is that such restrictions run afoul of the Open Source Definition used by the Open Source Initiative, the standards organization that decides which licenses qualify as open source. The restriction also means that any code covered by the license probably can't be used within any other open source project.

  • John Sullivan - "Who wants you to think nobody uses the AGPL and why" (FOSDEM, Brussels, Belgium)

    The GNU Affero General Public License (AGPL) is an important tool for protecting user freedom on the network. Detractors have criticized it for being both too weak and too strong/demanding. In 2018, it was in the news more than ever. Are the interests of corporations that are afraid of their free code being turned into network services run by competitors starting to align with users losing their freedom to such services?

    Historically, the AGPL has been the target of criticism from entities that want to extinguish it. Some companies have banned it from their premises, sowed fear about how it operates, and propagated a myth that nobody is using it.

    Others claim that the AGPL is being used primarily by companies seeking to strong-arm downstream users into purchasing a proprietary version of the covered software -- by catching those users being out of compliance with the AGPL, and telling them that they must buy the software under a proprietary license to avoid being taken to court for copyright infringement.

    A third group of companies is now claiming that the AGPL doesn't go far enough to protect their software against being turned into services that deny users freedom -- though freedom may not be their primary concern.

    In fact, the AGPL is being used today by a variety of interesting and important projects, including ones started by governments, nonprofits, and even businesses. I'll highlight some illustrative examples. I'll also do my best to separate understandable concerns that people have about using the AGPL from attacks on user freedom masquerading as concerns, and see if there is any synergy between the concerns of the third group above and those of individual users.

    While not a full solution to the problems raised when users replace software running on their own machines with software running on someone else's machine, the AGPL is a tool that is being embraced and should be embraced even more.

Openwashing and FUD

Filed under
Microsoft
Legal

Confluent 'Closing Down' in the Face of 'Cloud' Exploitation

Filed under
OSS
Legal
  • After Amazon’s cloud encroaches on its turf, a startup is taking a stand: Open source can’t be ‘free and unsustainable R&D’ for tech giants

    In late November, Amazon Web Services announced it would sell a new service on its market-leading cloud called Amazon Managed Streaming for Kafka — a service that provides software that Amazon didn't create itself.

    This new service is based on Apache Kafka, an open source software project for handling large amounts of streaming data. AWS took Kafka and repackaged it as a paid cloud service — something completely legal, as open source software is free for anyone to use as they wish.

    Originally created at LinkedIn, the engineers who started Kafka made their own company around the software, called Confluent. At the time the service was revealed, Confluent CEO Jay Kreps told Business Insider that it wasn't worried about Amazon's move, saying "I don't think this announcement will impact our business."

  • Concerned about cloud providers, Confluent becomes latest open-source company to set new restrictions on usage

    Another open-source enterprise technology company is walling off parts of its software from cloud infrastructure providers.

    Confluent announced Friday morning that it is changing the terms of the licenses around several of the real-time data streaming open-source projects it has developed. Several components will no longer be available under the widely used and very permissible Apache 2.0 license: instead, they will be offered under a new license called Confluent Community License that is very similar to the Apache 2.0 license except for a clear restriction on providing KSQL and several other components as cloud services.

FSF Licensing and Compliance Lab: 2018 and the future

Filed under
GNU
OSS
Legal

I am the current licensing and compliance manager for the FSF, though I've had several roles in my time here. The Lab handles all the free software licensing work for the FSF. Copyleft is the best legal tool we have for protecting the rights of users, and the Lab makes sure that tool is at full power by providing fundamental licensing education. From publishing articles and resources on free software licensing, to doing license compliance work for the GNU Project, to handling our certification programs like Respects Your Freedom, if there is a license involved, the Lab is on the case.

When I started working at the FSF part-time in 2008, the GNU General Public License version 3 (GPLv3) was only a year old. Our Respects Your Freedom certification program didn't yet exist. The Free Software Directory wasn't yet a wiki that could be updated by the community at large. Things have changed a lot over the years, as has our ability to help users to understand and share freely licensed works. I'd like to take just a moment as 2018 draws to a close to look back on some of the great work we accomplished.

Read more

Linux Foundation on Compliance and Openwashing Examples

Filed under
OSS
Legal
  • A new ACT for open source compliance from The Linux Foundation

    What’s new in the world of open source? The Linux Foundation announced that they are launching a new tooling project for improving open source compliance. This new project’s goal is to ensure that when using open source projects, users understand what they are complying with.

    The Linux Foundation continues to be a leading beacon in the FOSS world, with worldwide events and over one million professionals enrolled in their free training courses. Just some of the successful projects that the Linux Foundation hosts include Rook, Node.js, Kubernetes, and Linkerd (which just got a fancy new UI makeover). You don’t have to look far to see names and noteworthy tools that you’re familiar with!

  • The Linux Foundation forms new Automated Compliance Tooling project

    “There are numerous open source compliance tooling projects but the majority are unfunded and have limited scope to build out robust usability or advanced features,” said Kate Stewart, senior director of strategic programs at The Linux Foundation. “We have also heard from many organizations that the tools that do exist do not meet their current needs. Forming a neutral body under The Linux Foundation to work on these issues will allow us to increase funding and support for the compliance tooling development community.”

    As part of the announcement, ACT is also welcoming two new projects that will be hosted at the Linux Foundation: OpenChain, a project that identifies key recommended processes for open-source management; and the Open Compliance Project, which will educate and help developers and companies better understand license requirements.

  • A Closer Look At Tesla's Open-Source Patent Pledge
  • Why Amazon's customer obsession should make it more open source friendly [Ed: What "customer obsession"? Amazon is a surveillance company whose biggest AWS customer is the CIA (with which it shares tons of data from all around the world).]

GPL Licensing: FSF Update Rules Commons Clause Non-Free, Red Hat on Compliance

Filed under
Legal
  • FSF Update Rules Commons Clause Non-Free

    The Free Software Foundation has added the Commons Clause to its list of non-free licenses among a number of recent updates to its licensing materials. Other changes clarify the GNU GPL position on translating code into another language and how to handle projects that combine code under multiple licenses.

  • More companies want fairness to open source license enforcement

    The 16 new companies in this announcement are a diverse set of technology firms whose participation makes evident the worldwide reach of the GPL Cooperation Commitment. They comprise globally-operating companies based on four continents and mark a significant expansion of the initiative into the Asia-Pacific region. They represent various industries and areas of commercial focus, including IT services, software development tools and platforms, social networking, fintech, semiconductors, e-commerce, multimedia software and more.

    The GPL Cooperation Commitment is a means for companies, individual developers and open source projects to provide opportunities for licensees to correct errors in compliance with software licensed under the GPLv2 family of licenses before taking action to terminate the licenses. Version 2 of the GNU General Public License (GPLv2), version 2 of the GNU Library General Public License (LGPLv2), and version 2.1 of the GNU Lesser General Public License (LGPLv2.1) do not contain express “cure” periods to fix noncompliance prior to license termination. Version 3 of the GNU GPL (GPLv3) addressed this by adding an opportunity to correct mistakes in compliance. Those who adopt the GPL Cooperation Commitment extend the cure provisions of GPLv3 to their existing and future GPLv2 and LGPLv2.x-licensed code.

The Latest Relicensing Stories

Filed under
OSS
Legal
  • RISC OS goes Open Source, supports royalty-free Raspberry Pi projects

    As the new owners of Castle Technology Ltd, RISC OS Developments Ltd are proud to announce that RISC OS, the original OS for ARM processors is now available as a fully Open Source operating system (OS), via the Apache 2.0 licence under the continued stewardship of RISC OS Open Ltd.

    A high performance, low footprint OS, incorporating the world-renowned "BBC BASIC" provides a modern desktop interface coupled with easy access to programming, hardware and connectivity. RISC OS was one of the first operating systems to support the massively successful Raspberry Pi, for which it remains an ideal companion. Now truly Open, RISC OS make an ideal choice for royalty-free ARM-based projects.

  • Finally! The Venerable RISC OS is Now Open Source

    It was recently announced that RISC OS was going to be released as open-source. RISC OS has been around for over 30 years. It was the first operating system to run on ARM technology and is still available on modern ARM-powered single-board computers, like the Raspberry Pi.

  • Making the GPL more scary

    For some years now, one has not had to look far to find articles proclaiming the demise of the GNU General Public License. That license, we are told, is too frightening for many businesses, which prefer to use software under the far weaker permissive class of license. But there is a business model that is based on the allegedly scary nature of the GPL, and there are those who would like to make it more lucrative; the only problem is that the GPL isn't quite scary enough yet.

    The business of selling exceptions to the GPL, where one pays the copyright holder for a proprietary license to the code, has been around for a long time; MySQL AB was built on this model, for example. Companies that buy such a license normally do so because they fear that their own code may fall under the requirements of the GPL; vendors tend to take an expansive view of what constitutes a derivative work to feed those fears and encourage sales. It is a model that has been shown to work, and it has generally passed muster even with organizations that are committed to the spread of free software.

MongoDB Becomes Less Affero GPL-Like

Filed under
Server
OSS
Legal
  • Fed up with cloud giants ripping off its database, MongoDB forks new open-source license

    After Redis Labs relicensed the modules it developed to complement its open-source database, from AGPL to Apache v2.0 with a Commons Clause, the free-software community expressed dismay.

    And, inevitably, some responded by forking the affected code.

    Today, the maker of another open source database, MongoDB, plans to introduce a license of its own to deal with the issue cited by Redis: cloud service providers that sell hosted versions of open-source programs – such as Redis and MongoDB database servers – without offering anything in return.

    "Once an open source project becomes interesting or popular, it becomes too easy for the cloud vendors to capture all the value and give nothing back to the community," said Dev Ittycheria, CEO of MongoDB, in a phone interview with The Register.

    Ittycheria pointed to cloud service providers such as Alibaba, Tencent, and Yandex. Those companies, he claims, are testing the boundaries of the AGPL by benefiting from the work of others while failing to share their code.

  • MongoDB switches up its open-source license

    MongoDB is a bit miffed that some cloud providers — especially in Asia — are taking its open-source code and offering a hosted commercial version of its database to their users without playing by the open-source rules. To combat this, MongoDB today announced it has issued a new software license, the Server Side Public License (SSPL), that will apply to all new releases of its MongoDB Community Server, as well as all patch fixes for prior versions.

    Previously, MongoDB used the GNU AGPLv3 license, but it has now submitted the SSPL for approval from the Open Source Initiative.

  • MongoDB license could push open source deeper into cloud: Is this what industry needs?

    Things just got serious in open source land. Despite the occasional Commons Clause or Fair Source licensing attempt to change the meaning of the words "open source" to include "the right for a private company to make money from its open source efforts," we've stuck to the Open Source Definition, and it has served us well. Open source communities have become the center of the innovation universe, giving us exceptional code like Linux, Kubernetes, Apache Kafka, and more.

  • It's MongoDB's turn to change its open source license

    The old maxim that the nice thing about standards is that there are so many to choose from could well apply to open source licensing. While now nearing a couple years old, the last WhiteSource Software survey of the top 10 open source licenses found close competition between the GPL, MIT, and Apache licenses. While the commercial-friendly Apache license has dominated the world of big data platforms and AI frameworks, MIT and GPL (which has "copyleft" provisions requiring developers to contribute back all modifications and enhancements) continues to be popular. GPL and variants such as the AGPL have been popular amongst vendors that seek to control their own open source projects, like MongoDB.

  • Matthew Garrett: Initial thoughts on MongoDB's new Server Side Public License

    MongoDB just announced that they were relicensing under their new Server Side Public License. This is basically the Affero GPL except with section 13 largely replaced with new text, as follows:

    "If you make the functionality of the Program or a modified version available to third parties as a service, you must make the Service Source Code available via network download to everyone at no charge, under the terms of this License. Making the functionality of the Program or modified version available to third parties as a service includes, without limitation, enabling third parties to interact with the functionality of the Program or modified version remotely through a computer network, offering a service the value of which entirely or primarily derives from the value of the Program or modified version, or offering a service that accomplishes for users the primary purpose of the Software or modified version.

    “Service Source Code” means the Corresponding Source for the Program or the modified version, and the Corresponding Source for all programs that you use to make the Program or modified version available as a service, including, without limitation, management software, user interfaces, application program interfaces, automation software, monitoring software, backup software, storage software and hosting software, all such that a user could run an instance of the service using the Service Source Code you make available."

    MongoDB admit that this license is not currently open source in the sense of being approved by the Open Source Initiative, but say:"We believe that the SSPL meets the standards for an open source license and are working to have it approved by the OSI."

    At the broadest level, AGPL requires you to distribute the source code to the AGPLed work[1] while the SSPL requires you to distribute the source code to everything involved in providing the service. Having a license place requirements around things that aren't derived works of the covered code is unusual but not entirely unheard of - the GPL requires you to provide build scripts even if they're not strictly derived works, and you could probably make an argument that the anti-Tivoisation provisions of GPL3 fall into this category.

Syndicate content

More in Tux Machines

Firefox 69 Beta On Linux Bringing Better Performance

With the recent release of Mozilla Firefox 68 there are some nice WebRender performance improvements that Linux users can enjoy. But with Firefox 69 now in beta there is even better performance, including when enabling WebRender on Linux. Given the recent Firefox 68.0 release and Firefox 69.0 being promoted to beta, I ran some fresh browser benchmarks for checking out the current state of Mozilla's Linux performance from the Ubuntu desktop. The official Mozilla Firefox binaries for Linux x86_64 67.0.4, 68.0, and 69.0b3 were tested on the same system in a variety of browser benchmarks. Read more

today's leftovers

  • Btrfs Gets Cleaned Up & Code Refactoring For Linux 5.3

    David Sterba sent in the Btrfs file-system updates on Monday for the Linux 5.3 kernel. Btrfs for Linux 5.3 doesn't present any shiny new features but is mostly focused on bug fixes and low-level code improvements. One of the internal changes worth pointing out for Btrfs is changing its CRC32C usage so that it can be hardware-assisted on more architectures where native instructions or optimized code paths are available. More Btrfs code has also been positioned for more checksum algorithms moving forward.

  • g_array_binary_search in GLib 2.61.2

    The final API so far in this mini-series on new APIs in the GLib 2.62 series is g_array_binary_search(), put together by Emmanuel Fleury and based on code by Christian Hergert. It’s due to be released in 2.61.2 soon. But first, a reminder about GLib version numbering. Like the rest of GNOME’s official module set, GLib follows an odd/even versioning scheme, where every odd minor version number, like 2.61.x, is an unstable release building up to an even minor version number, like 2.62.x, which is stable. APIs may be added in unstable releases. They may be modified or even removed (if they haven’t been in a stable release yet). So all of the APIs I’ve blogged about recently still have a chance to be tweaked or dropped if people find problems with them. So if you see a problem or think that one of these APIs would be awkward to use in some way, please say, sooner rather than later! They need fixing before they’re in a stable release.

  • Rabimba: ARCore and Arkit: What is under the hood : Anchors and World Mapping (Part 1)

    Some of you know I have been recently experimenting a bit more with WebXR than a WebVR and when we talk about mobile Mixed Reality, ARkit and ARCore is something which plays a pivotal role to map and understand the environment inside our applications. I am planning to write a series of blog posts on how you can start developing WebXR applications now and play with them starting with the basics and then going on to using different features of it. But before that, I planned to pen down this series of how actually the "world mapping" works in arcore and arkit. So that we have a better understanding of the Mixed Reality capabilities of the devices we will be working with.

  • 10 Best Automated Backup Plugins for WordPress in 2019

    As an online business owner and/or site administrator it is important that you are always ahead of probable data damage by having a data contingency plan. On WordPress, this process has been simplified for all levels of users in the form of backup plugins that can enable you to automate full or partial backups which you can easily restore from later on. Today, we bring you a list of the 10 best plugins for backing up your WordPress site. They all feature a clean modern UI, in active development with millions of downloads, and most of them are 100% free!

today's howtos and software bits

Security: Windows, Books, Apple and More

  • Windows 7 Enters the Last Six Months of Support [Ed: Microsoft propagandist (for ages) Bogdan Popa won't advise people to hop over to GNU/Linux (which he lies about, saying Microsoft "loves Linux")]

    According to third-party data provided by NetMarketShare, Windows 7 continues to be one of the most popular choices for desktop users.

  • Security bootcamp: 8 must-read books for leaders

    The threat of cybercrime constantly looms over business leaders – and it becomes more urgent as cyber attacks become more sophisticated. In 2019, security breaches happen more frequently, and the associated financial hit has increased, according to research from Accenture. Notably, the report points out that hackers increasingly target humans – the “weakest link in cyber defenses” – at all levels of organizations, through tactics like ransomware and phishing. (Witness the recent wave of ransomware attacks against U.S. cities, large and small.) That’s why it’s becoming essential for everyone – not just security professionals – to be well-versed in risk and their organization’s security efforts.

  • Security scanning your DevOps pipeline

    Security is one of the most important considerations for running in any environment, and using open source software is a great way to handle security without going over budget in your corporate environment or for your home setup. It is easy to talk about the concepts of security, but it's another thing to understand the tools that will get you there. This tutorial explains how to set up security using Jenkins with Anchore. There are many ways to run Kubernetes. Using Minikube, a prepackaged virtual machine (VM) environment designed for local testing, reduces the complexity of running an environment.

  • This Is Why We Have Betas. iOS 13 Beta Shows Saved Passwords

    There’s a reason we have beta versions of software: all the kinks need to be worked out. This is also why using beta versions always come with warnings and disclaimers that you’re using the software at your own risk. Users of the iOS 13 beta have discovered that there’s a bug that makes it easy to access the data in “Website & App Passwords” in the Settings app. Certainly, this is something Apple needs to get fixed before the official release, expected for September.

  • Hackers breached Bulgaria’s tax agency and leaked the data of 5M people

    Bulgaria has suffered what has been described as the biggest data leak in its history. The stolen data, which hackers emailed to local media on July 15, originates from the country’s tax reporting service – the National Revenue Agency (NRA). The breach contains the personal data of 5 million citizens, local outlet Capital reports. To put that into perspective, Bulgaria has a population of 7 million. Among other things, the trove includes personal identifiable numbers, addresses, and even income data.