Tag Archives: Business

SCALE 8x Highlights

Post Syndicated from Bradley M. Kuhn original http://ebb.org/bkuhn/blog/2010/02/22/scale-8x.html

I just returned today (unfortunately on an overnight flight, which
always causes me to mostly lose the next day to sleep problems) from
SCALE 8x.
I spoke
about GPL enforcement efforts
, and also was glad to spend all day
Saturday and Sunday at the event.

These are my highlights of SCALE 8x:

Karsten
Wade’s keynote
was particularly good. It’s true that some of his
talk was the typical messaging we hear from Corporate Open Source PR
people (which are usually called “Community Managers”,
although Karsten calls himself a “Senior Community
Gardener” instead). Nevertheless, I was persuaded that Karsten
does seek to educate Red Hat internally to have the right attitude
about FLOSS contribution. In particular, he opened
with a
an illuminating literary analogy (from Chris Grams) about Tom Sawyer
manipulating his acquaintances into paying him to do his
work
. I hadn’t seen Chris’ article when it was published back in
September, and found this (“new to me”) analogy quite
compelling. This is precisely the kind of activity that I see
happening
with problematic
copyright assignments
. I think the Tom Sawyer analogy fits aptly
to that situation, because a contributor first does some work without
compensation (the original patch), and then is manipulated even
further into giving up something of value (signing away copyrights for
nothing in return) for the mere honor of being able to do someone
else’s work. It was no surprised that after Karsten’s keynote, jokes
abounded in the SCALE 8x hallways all weekend that we should nickname
Canonical’s new COO, Matt Asay, the “Tom Sawyer of Open
Source”. I am sure Red Hat will be happy that their keynote
inspired some anti-Canonical jokes.

Another Red Hat employee (who is also my good friend and former
cow-orker), Richard Fontana, also
gave an
excellent talk
that many missed, as it was scheduled in the very
final session slot. Fontana put forward more details about his theory
of the “Lex Mercatoria” of FLOSS and how it works in
resolving licensing conflicts and incompatibility inside the community.
He contrasted it specifically against the kinds
of disputes
that happen in normal GPL violations, which are primarily perpetrated by
those outside the FLOSS world
). I agreed with Fontana’s
conclusions, but his argument seemed to assume that these in-community
licensing issues were destabilizing. I asked him about
this, pointing out that the
community is really good at solving these issues before they destabilize
anything
. Fontana agreed that they do get easily resolved, and
revised his point to say that the main problem is that distribution
projects (like Debian and Fedora) hold the majority of responsibility
for resolving these issues, and
that upstreams need to take
more responsibility on this
. (BTW, Karsten was also in the audience
for Fontana’s talk,
has written
a more detailed blog post about it
.) Fontana noted to me after his
talk that he thought I wasn’t paying attention, as I was using my
Android phone a lot during the talk. I was
actually dent’ing various
points from his
talk. I realized when Fontana expressed this concern that perhaps we as
speakers have to change our views about what it means when people seem
focused on computing devices during a talk. (I probably would have
thought the same as Fontana in the situation.) The online conversation
during a talk is a useful part of the
interaction. Stormy Peters
even once suggested before a talk at Linux World that we should have a
way to put dents up on the screen as people comment during a talk. I
may actually try to find a way to do this next time I give a talk.
I also
saw Brian
Aker
‘s presentation about
Drizzle, which is
a fork of the MySQL codebase
that he began inside Sun and now
maintains further (having left Sun before the Oracle merger
completed). I was impressed to see how much Drizzle has grown in just
a few years, and how big its user base is. (Being a database
developer, Brian thinks user numbers in the tens of thousands
is just a start, but there are many FLOSS projects that would
be elated even to max out at tens of thousands users. While I admire
his goals of larger user bases, I think they’ve already accomplished a
lot.) I talked with Brian for an hour after his talk all about the
GPL and the danger of single-copyright-held business models. He’s
avoided this for Drizzle, and it sounds like none of the consulting
companies spouting up around the user community has too much power
over the project. (Brian also
blogged a summary of
some of the points in the discussion we had
.)

Because it directly time-conflicted Brian’s talk, I missed my friend
and
colleague’s Karen
Sandler’s talk about trademarks
, but I hear it went well. Karen
told me not to attend anyway since she said I already knew everything it
contained, and that she would have went to Brian’s talk too if my talk
was against it. She did however make a brief appearance at my talk, so
I feel bad my post-talk chat with Brian made it impossible for me to do
the same for her talk.

I spoke extensively with Matt Kraai
in the Debian booth. It
was great to meet Matt for the first time, as he had previously
volunteered on the
Free Software Directory project
when I was at FSF, and he’s also contributed a lot of development effort to
BusyBox. It’s always strange but great
to finally meet someone in person you’ve occasionally been in touch with
for nearly a decade online.

Don Armstrong was also in
the Debian booth. I got to know Don when we served
on one of the GPLv3
discussion committees
together, and I hadn’t been in touch with him
regularly since the GPLv3 process ended. He’s continuing to do massive
amounts of volunteer work for Debian, including being in charge of the bug
tracking system! I asked him for some ideas in how to help Debian more,
and he immediately mentioned
the Debian/GNOME Bug
Weekend
coming up this weekend. I’m planning to get involved this
weekend, and I hope others will too.

Finally, I had a number of important meetings with lots of people in
the FLOSS world, such as Tarus
Balog
, Michael
Dexter
, Bob
Gobeille
, Deb Nicholson,
Rob Savoye
and Randal Schwartz.
Ok, enough name-dropping. (BTW, Tarus
has written about his
trip as well, and mentioned our ongoing copyright assignment debate
.
Tarus argues that he can do non-promise copyright assignment in OpenNMS
and still avoid
the normal
Open Core shareware-like outcomes
, which he dubs
“fauxpen source” for “fake open source”. Time will
tell.)

SCALE is really the gold standard of community-run, local FLOSS
conferences. It is the inspiration for many of the other regional
events such as OLF, SELF, and the like. A major benefit of these
regional events is that while they draw speakers from all over the
country, the average attendee is a local who usually cannot travel to
the better-known events like OSCON.

The New Era of Big Company Forks

Post Syndicated from Bradley M. Kuhn original http://ebb.org/bkuhn/blog/2010/02/08/android-linux-google.html

I was intrigued to
read Greg
Kroah-Hartman’s analysis of what’s gone wrong with the Android fork of
Linux
, and the discussion
that followed on lwn.net
. Like Greg, I am hopeful that the Android
platform has a future that will work closely with upstream developers.
I also have my own agenda: I believe Android/Linux is the closest thing
we have to a viable fully FaiF phone operating system platform to take on the
proprietary alternatives like the BlackBerry and the iPhone.

I believe Greg’s comments hint at a “new era” problem that
the FLOSS community hasn’t yet learned to solve. In the “old
days”, we had only big proprietary companies like Apple and
Microsoft that had little interest in ever touching copylefted software.
They didn’t want to make improvements and share them. Back then (and
today too) they prefer to consume all the permissively licensed Free
Software they can, and release/maintain proprietary forks for years.

I’m often critical of Google, but I must admit Google is (at least
sometimes) not afraid of dumping code on a regular basis to the
public, at least when it behooves them to do
it0. A
source-available Android/Linux helps Google, because Google executives
know the profit can be found in pushing proprietary user-space Android
application programs that link to Google’s advertising. They don’t want
to fight with Apple or Research in Motion to get their ads onto those
platforms; they’ll instead use Free Software to shift the underlying
platform.

So, in this case, the interests of software freedom align a bit with
Google’s for-profit motive. We want a fully FaiF phone operating
system, that also has a vibrant group of Free Software applications for
that operating system. While Google doesn’t care a bit about Free
Software applications on the phone, they need a readily available phone
operating system so that many hardware phone manufacturers will adopt
it. The FLOSS community and Google thus can work together here, in much
the same way various companies have always helped improve GNU/Linux on
the desktop because they thought it would foil their competitors (i.e.,
Microsoft and Apple).

Yet, the problematic spot for FLOSS developers is Google doesn’t
actually need our development help. Sure, Google needs the FLOSS
licenses we developed, and they need to get access to the upstream. But
they have that by default; all that knowledge and code is public.
Meanwhile, they can easily afford to have their engineers maintain
Android’s Linux fork indefinitely, and can more or less ignore Greg’s
suggestions for shepherding the code upstream. A small company with
limited resources would have to listen to Greg, lest the endeavor run
out of steam. But Google has plenty of steam.

We’re thus left appealing to Google’s sense of decency, goodwill,
collaboration and other software freedom principles that don’t necessarily
make an impact on their business. This can be a losing battle when
communicating with a for-profit company (particularly a publicly traded
one). They don’t have any self-interest nor for-profit reason to work
with upstream; they can hire as many good Linux hackers as they need to
keep their fork going.

This new era problem is actually harder than the old problem. In other
words, I can’t simply write an anti-Google blog post here like I’d write
an anti-Apple one. Google is releasing their changes, making them
available. They even have a public git repository for (at least) the
HTC Dream platform. True, I can and do criticize both Google and HTC
for making some hardware interface
libraries1
proprietary, but that makes them akin to NVidia, not Microsoft and
Apple.

I don’t have an answer for this problem; I suggest only that our
community get serious about volunteer development and improvement of
Android/Linux. When Free Software started, we needed people to spend
their nights and weekends writing Free Software because there weren’t
any companies and for-profit business models to pay them yet. The
community even donated to Free Software charitable non-profits to
sponsor development that served the public. The need for that hasn’t
diminished; it’s actually increased. Now, there is more code
than ever available under FaiF licenses, but even more limited
not-for-profit community resources to shepherd that code in a
community-oriented direction. For-profit employers are beginning to
control the destiny of more community developers, and this will lead to
more scenarios like the one Greg describes. We need people to step
forward and say: I want to do what’s right with this code for this
particular userbase, not what’s right for one company. I hope someone
will see the value in this community-directed type of development and
fund it, but for the meantime, it has my nights and weekends. Just
about every famous FLOSS hacker today started with that attitude. We
need a bit more of that to go around.

(I don’t think I can end a blog post on this topic without giving a
little bit of kudos to a company whom I rarely agree with: Novell. As
near as I can tell, despite the many negative things Novell does, they
have created a position for Greg that allows him to do what’s right for
Linux with what (appears to be) minimal interference. They deserve
credit for this, and I think more companies that benefit from FLOSS
should create more positions like this. Or, even better, create such
positions through non-profit intermediaries, as the companies that fund
Linux Foundation do for Linus Torvalds.)

0Compare
this to Apple, which is so allergic to copyleft licenses that
they will do bizarre things that are clearly against their own
interest and more or less a waste of time merely to avoid GPL’d
codebases.

1Updated:
I originally wrote drivers here,
but Greg
pointed out
that there aren’t actually Linux drivers that
are proprietary. I am not sure what to
call these
various .so files which are clearly designed to interface with
the HTC hardware in some way
, so I just called
them hardware interface libraries.

“Open Core” Is the New Shareware

Post Syndicated from Bradley M. Kuhn original http://ebb.org/bkuhn/blog/2009/10/16/open-core-shareware.html

[ I originally wrote this essay below centered around the term
“Open Core”. Despite that even say below that the terms is
somewhat
meaningless, I
later realized this term was so problematic that it should be
abandoned entirely
, for use instead of the clearer term
“proprietary relicensing”. However, since this blog post was widely
linked to, I’ve nevertheless left the text as it originally was in
October 2009. ]

There has been some debate recently about so-called “Open
Core” business models. Throughout the history of Free Software,
companies have loved to come up with “innovative”
proprietary-like ways to use the FLOSS licensing structures.
Proprietary relicensing, a practice that I believe has proved itself to
have serious drawbacks, was probably the first of these, and now Open
Core is the next step in this direction. I believe the users embracing
these codebases may be ignoring a past they’re condemned to repeat.

Like most buzzwords, Open Core has no real agreed-upon meaning. I’m
using it to describe a business model whereby some middleware-ish system
is released by a single, for-profit entity copyright holder, who
requires copyright-assigned changes back to the company, and that
company sells proprietary add-ons and applications that use the
framework. Often, the model further uses the GPL to forbid anyone but
the copyright-holding company to make such proprietary add-on
applications (i.e., everyone else would have to GPL their applications).
In the current debate, some have proposed that a permissive license
structure can be used for the core instead.

Ultimately, “Open Core” is a glorified shareware situation.
As a user, you get some subset of functionality, and may even get the
four freedoms
with regard to that subset. But, when you want the “good
stuff”, you’ve got to take a proprietary license. And, this is
true whether the Core is GPL’d or permissively licensed. In both cases,
the final story is the same: take a proprietary license or be stuck with
cripple-ware.

This fact remains true whether the Open Core is under a copyleft
license or a permissive one. However, I must admit that a permissive
license is more intellectually honest to the users. When users
encounter a permissive license, they know what they are in for: they may
indeed encounter proprietary add-ons and improvements, either from the
original distributor or a third party. For example, Apple users sadly
know this all too well; Apple loves to build on a permissively licensed
core and proprietarize away. Yet, everyone knows what they’re getting
when they buy Apple’s locked down, unmodifiable, and
programmer-unfriendly products.

Meanwhile, in more typical “Open Core” scenarios, the use
of the GPL is actually somewhat insidious. I’ve written before
about how
the copyleft is a tool, not an end in itself
. Like any tool, it can
be misused or abused. I think using the GPL as a tool for corporate
control over users, while legally permissible, is ignoring the spirit of
the license. It creates two classes of users: those precious few that
can proprietarize and subjugate others, and those that can’t.1

This (ab)use of GPL has
led folks
like Matt Aslett to suggest that the permissive licensing solution

would serve this model better. While I’ve admitted such a change would
have some level of increased intellectually honesty, I don’t think it’s
the solution we should strive for to solve the problem. I think Aslett’s
completely right when he argues that GPL’d “Open Core”
became popular because it’s Venture Capitalists’ way of making peace
with freely licensed copyrights. However, heading to an Apple-like
permissive only structure only serves to make more Apple-like companies,
and that’s surely not good for software freedom either. In fact, the
problem is mostly orthogonal to licensing. It’s a community building
problem.

The first move we have to make is simply give up the idea that the best
technology companies are created by VC money. This may be true if your
goal is to create proprietary companies, but the best Free Software
companies are the small ones, 5-10 employees, that do consulting work
and license all their improvements back to a shared codebase. From
low-level technology like Linux and GCC to higher-level technology like
Joomla all show that this project structure yields popular and vibrant
codebases. The GPL was created to inspire business and community models
like these examples. The VC-controlled proprietary relicensing and
“Open Core” models are manipulations of the licensing
system. (For more on this part of my argument, I suggest my discussions
on
Episode
0x14 of the (defunct) Software Freedom Law Show
.)

I realize that it’s challenging for a community to create these sort of
codebases. The best way to start, if you’re a small business, is to
find a codebase that gets you 40% or so toward your goal and start
contributing to the code with your own copyrights, licensed
under GPL. Having something that gets you somewhere will make it easier
to start your business on a consulting basis without VC, and allow you
to be part of one of these communities instead of trying to create an
“Open Core” community you can exploit with proprietary
licensing. Furthermore, the fact that you hold copyright alongside
others will give you a voice that must be heard in decision-making
processes.

Finally, if you find an otherwise useful
single-corporate-copyright-controlled GPL’d codebase from one of these
“Open Core” companies, there is something simple you can
do:

Fork! In essence, don’t give into pressure by these
companies to assign copyright to them. Get a group of community
developers together and maintain a fork of the codebase. Don’t be mean
about it, and use git or another DVCS to keep tracking branches of the
company’s releases. If enough key users do this and refuse to assign
copyright, the good version will eventually become community one rather
than the company-controlled one.

My colleague Carlo
Piana points
out a flaw in this plan, saying the ant cannot drive the
elephant
. While I agree with Carlo generally, I also think that
software freedom has historically been a little bit about ants driving
elephants. These semi-proprietary business models are thriving on the
fundamental principle of a proprietary model: keep users from
cooperating to improve the code on which they all depend. It’s a
prisoner’s dilemma that makes each customer afraid to cooperate with the
other for fear that the other will yield to pressure not to cooperate.
As the fictional computer Joshua points out, this is a strange game.
The only winning move is not to play.

The software freedom world is more complex than it once was. Ten years
ago, we advocates could tell people to look for the GPL label and
know that the software would automatically be part of a
freedom-friendly, software sharing community. Not all GPL’d software is
created equal anymore, and while the right to fork remains firmly in
tact, the realities of whether such forks will survive, and whether the
entity controlling the canonical version can be trusted is another
question entirely. The new advice is: judge the freedom of your
codebase not only on its license, but also on the diversity of the
community that contributes to it.

1I must
put a fine point here that the only way
companies can manipulate the GPL in this example is by
demanding full copyright assignment back to the corporate
entity. The GPL itself protects each individual contributor
from such treatment by other contributors, but when there is
only one contributor, those protections evaporate. I must
further note that for-profit corporate assignment differs
greatly from assignment to a non-profit, as non-profit
copyright assignment paperwork typically includes broad legal
assurances that the software will never be proprietarized, and
furthermore, the non-profit’s very corporate existence hinges
on engaging only in activity that promotes the public
good.

Support Your Friendly Neighborhood FLOSS Charities

Post Syndicated from Bradley M. Kuhn original http://ebb.org/bkuhn/blog/2009/05/12/start-giving.html

I don’t think we talk enough in the FLOSS community about the importance of individual support of FLOSS-related charitable organizations.
On a
recent podcast episode, Karen and I discuss
with Stormy Peters how
important it is for geeks — who may well often give lots of code
to many FLOSS projects — also should consider giving a little bit
of financial funding to FLOSS organizations as well.

Of course, it’s essential that people give their time to the charities
and the causes that they care about. In the FLOSS world, we typically
do that by giving code or documentation to our favorite FLOSS project.
I think that’s led us all into the classic “I gave at the
office” feeling. Indeed, I know that I too have fallen into this
rut at times myself.

I suppose I could easily claim that, more than most people, I’ve given
enough at the office. Working at various non-profit organizations since
the 1990s, I’ve always made substantially less in salary than I would in
the for-profit industry for similar work. I also have always
volunteered my time in addition to my weekly work schedule. For
example, I currently get paid for my 40 hour/week job at the SFLC, but I
also donate about 20 hours of work for
the Software
Freedom Conservancy
each week.

Still, I don’t believe that this is enough. There
are many,
many FLOSS non-profits
that deserve support — more than I have time to give. Meanwhile, very small
amounts of money, aggregated over many people giving, makes a world of
difference in a number of ways to these organizations.

Non-profits that are funded by a broad base of supporters are much more
stable and have greater longevity than other types of non-profits that
are funded primarily by corporate donations. This is because one donor
or even a few disappearing is not disaster. Also, through these donations, organizations
build a constituency of supporters that truly represent the people
that the non-profit seeks to serve.

Traditionally (with a few notable exceptions), non-profits in the FLOSS
world have relied primarily on corporate donations. I generally think
this is not ideal for a community that wishes to be fully represented by
the non-profits that embody the projects we care about. We want these
projects to represent the interest of developers and users, not
necessarily the for-profit corporate interests. Plus, we want the
organizations to survive even when companies stop supporting FLOSS or
just simply go out of business.

If we all contribute, it doesn’t take that much for each individual to
be a part of making a real difference. I believe that if each person
who has benefited seriously from FLOSS gave $200/year, we’d make a
substantial change and a wonderful positive impact on the non-profit
organizations that shepherd and keep these FLOSS projects alive. I’m
not suggesting giving to any specific organization: just to take
$200/year and divide in the way you think is best across 2-4 different
FLOSS non-profits that sponsor project you personally care about or
benefit from.

Think about it: $200/year breaks down to $16/month. For me (and likely
for most people in a major city), $16/month means one fewer dinner at a
restaurant each month. Can’t we all eat at home one more time per
month, and share that savings to help FLOSS non-profits?

If you are looking for a list of non-profits that could use your
support,
the FLOSS
Foundations Directory
is a good place to start. FWIW, in addition
to my volunteer work
with Conservancy,
here’s the list of non-profits that I’m supporting with a total of $200
this year (in
alphabetical order): The Free
Software Foundation
, GNOME
Foundation
, The Parrot
Foundation
,
and The
Twisted Project
. Which ones will you give to this year?

TomTom/Microsoft: A Wake-Up Call for GPLv3 Migration

Post Syndicated from Bradley M. Kuhn original http://ebb.org/bkuhn/blog/2009/04/16/tomtom-microsoft.html

There has been a lot of press coverage about the Microsoft/TomTom
settlement. Unfortunately, so far, I have seen no one speak directly
about the dangers that this deal could pose to software freedom, and
what our community should consider in its wake. Karen and I discussed
some of these
details on
our podcast
, but I thought it would be useful to have a blog post
about this issue as well.

Most settlement agreements are sealed. This means that we won’t ever
actually know what TomTom agreed to and whether or not it violates
GPLv2. The violation, if one exists, would likely be of GPLv2’s §
7. The problem has always been that it’s difficult to actually witness
a v2§7 violation occurring (due in large part to less than perfect
wording of that section). To find a violation v2§7, you have to
discover that there were conditions imposed on [TomTom] … that
contradict the conditions of [GPLv2]. So, we won’t actually know if
this agreement violates GPLv2 unless we read the agreement itself, or if
we observe some behavior by Microsoft or TomTom that shows that the
agreement must be in violation.

To clarify the last statement, consider the hypothetical options. For
TomTom to have agreed to something GPLv2-compliant with Microsoft, the
agreement would have needed to either (a) not grant a patent license at
all (perhaps, for example, Microsoft conceded in the sealed agreement
that the patents aren’t actually enforceable on the GPLv2’d components),
or (b) give a patent license that was royalty-free and permitted all
GPLv2-protected activities by all recipients of patent-practicing
GPLv2’d code from TomTom, or downstream from TomTom.

It’s certainly possible Microsoft either capitulated regarding the
unenforceability (or irrelevancy) of its patents on the GPLv2’d software
in question, or granted some sort of license. We won’t know directly
without seeing the agreement, or by observing a later action by
Microsoft. If, for example, Microsoft later is observed enforcing the
FAT patent against a Linux distributor, one might successfully argue
that the user must have the right to practice those
Microsoft patents in the GPLv2 code, because otherwise, how was TomTom
able to distribute under GPLv2? (Note, BTW, that any
redistributor of Linux could make themselves downstream from TomTom,
since TomTom distributes source on their website.) If no such
permission existed, TomTom would then be caught in a violation —
at least in my (perhaps minority) reading of GPLv2.0

Many have argued that GPLv2 § 7 isn’t worded well enough to
verify this line of thinking. I and a few other key GPL thinkers
disagree, mainly because this reading is clearly the intent of GPLv2
when you read the Preamble. But, there are multiple interpretations of
GPLv2’s wording on this issue, and, the wording was written before the
drafters really knew exactly how patents would be used to hurt Free
Software. We’ll thus probably never really have complete certainty that
such patent deals violate GPLv2.

This TomTom/Microsoft deal (and indeed, probably dozens of others like
it whose existence is not public, because lawsuits aren’t involved)
almost surely plays into this interpretation ambiguity. Microsoft
likely convinced TomTom that the deal is GPLv2-compliant, and that’s why
there are so many statements in the press opining about its likely GPLv2
compliance. I, Jeremy Allison, and others might be in the minority in
our belief of the strength of GPLv2 § 7, but no one can disagree
with the intent of the section, as stated in the Preamble. Microsoft is
manipulating the interpretation disagreements to convince smaller
companies like Novell, TomTom, and probably others into believing that
these complicated patent licensing deals and/or covenants are
GPLv2-compliant. Since most of them are about the kernel named Linux,
and the Linux copyright holders are the only ones with power to enforce,
Microsoft is winning on this front.

Fortunately, the GPLv3 clarifies this issue, and improves the
situation. Therefore, this is a great moment in our community to
reflect on the importance of GPLv3 migration. The drafters of GPLv3, responding to the Microsoft/Novell deal,
considered carefully how to address these sorts of agreements.
Specifically, we have these two paragraphs in GPLv3:

If, pursuant to or in connection with a single transaction or
arrangement, you convey, or propagate by procuring conveyance of, a
covered work, and grant a patent license to some of the parties
receiving the covered work authorizing them to use, propagate, modify
or convey a specific copy of the covered work, then the patent license
you grant is automatically extended to all recipients of the covered
work and works based on it.

A patent license is “discriminatory” if it does not include
within the scope of its coverage, prohibits the exercise of, or is
conditioned on the non-exercise of one or more of the rights that are
specifically granted under this License. You may not convey a covered
work if you are a party to an arrangement with a third party that is in
the business of distributing software, under which you make payment to the
third party based on the extent of your activity of conveying the work,
and under which the third party grants, to any of the parties who would
receive the covered work from you, a discriminatory patent license (a) in
connection with copies of the covered work conveyed by you (or copies made
from those copies), or (b) primarily for and in connection with specific
products or compilations that contain the covered work, unless you entered
into that arrangement, or that patent license was granted, prior to 28
March 2007.

Were Linux under GPLv3 (but not GPLv2), these terms, particularly those
in the second paragraph, would clearly and unequivocally prohibit TomTom
from entering into any arrangement with Microsoft that doesn’t grant a
license to any Microsoft patent that reads on Linux. Indeed, even what
has been publicly said about this agreement seems to indicate strongly
that this deal would violate GPLv3. While the Novell/Microsoft deal was
grandfathered in (via the date above), this new agreement is not. Yet,
the most frustrating aspect of the press coverage of this deal is that
few have taken the opportunity to advocate for GPLv3 adoption by more
projects. I hope now that we’re a few weeks out from the coverage,
project leaders will begin again to consider adding this additional
patent protection for their users and redistributors.

Toward the goal of convincing GPLv2 users to switch to GPLv3, I should
explain a bit why special patent licensing deals like this are bad for
software freedom; it’s not completely obvious. To do so, we can look
specifically at what TomTom and Microsoft said in the press coverage of
their deal: The agreement protects TomTom’s customers under the
patents …, the companies said
(Microsoft,
TomTom Settle Patent Dispute
, Ina Fried).

Thus, according to Microsoft and TomTom, the agreement gives some sort
of “patent protection” to TomTom customers,
and presumably no one else. This means that if someone buys a
GNU/Linux-based TomTom product, they have greater protection from
Microsoft’s patents than if they don’t. It creates two unequal classes of
users: those who pay TomTom and those who don’t. The ones who don’t pay
TomTom will have to worry if they will be the next ones sued or attacked
in some other way by Microsoft over patent infringement.

Creating haves and have-nots in the software licensing space is
precisely what all versions of the GPL seek to prevent. This is why the
Preamble of GPLv2 said: any free program is threatened constantly by
software patents. We wish to avoid the danger that redistributors of a
free program will individually obtain patent licenses, in effect making
the program proprietary.

Further to this point, in
the Rationale
Document for the Third Discussion Draft of GPLv3
, a similar
argument is given in more detail:

The basic harm that such an agreement can do is to make the free
software subject to it effectively proprietary. This result occurs to the
extent that users feel compelled, by the threat of the patent, to get
their copies in this way. So far, the Microsoft/Novell deal does not seem
to have had this result, or at least not very much: users do not seem to
be choosing Novell for this reason. But we cannot take for granted that
such threats will always fail to harm the community. We take the threat
seriously, and we have decided to act to block such threats, and to reduce
their potential to do harm. Such deals also offer patent holders a crack
through which to split the community. Offering commercial users the chance
to buy limited promises of patent safety in effect invites each of them to
make a separate peace with patent aggressors, and abandon the rest of our
community to its fate.

It’s true that one can blissfully use, redistribute, sell and modify
some patent-covered software for years without ever facing a patent
enforcement action. But, particularly in situations where known patents
have been asserted, those without a patent license often live in fear of
copying, modifying and sharing code that exercises the teachings of the
patent. We saw this throughout the 1990s with RSA, and today most
commonly with audio and video codecs. Microsoft and other anti-Free
Software companies have enough patents to attack if we let them. The
first steps in stopping it are to (a) adopt GPLv3, LGPLv3 and AGPLv3
with the improved patent provisions, and (b) condemning GPLv2-only deals
that solve a patent problem for some users but leave the rest out in the
cold, and (c) pointing out that the purported certainty that such deals
are GPLv2-compliant is definitely in question.

Patents always remain a serious threat, and, while the protection under
GPLv2 has probably been underestimated, we cannot overestimate the
additional protection that GPLv3 gives us in this regard. Microsoft
clearly knows that the GPLv3 terms will kill their patent aggression
business model, and have therefore focused their attacks on
GPLv2-licensed code. Shouldn’t we start to flank them by making less
GPLv2 code available for these sorts of deals?

Finally, I would like to draw specific attention the fact that TomTom,
as a company, is not necessarily an ally of software freedom. They are
like most for-profit companies; they use FLOSS when it is convenient for
them, and give back when the licenses obligate them to do so, or when it
behooves them in some way. As a for-profit company, they made this deal
to please their shareholders, not the Free Software community. Admittedly, their use of the FLOSS in their
products was done legitimately (that
is, once
their GPLv2 non-compliance was corrected by Harald Welte in 2004
).
However, I do not think we should look upon TomTom as a particularly
helpful member of the community. Indeed, most of the patents that
Microsoft asserted against TomTom were on their proprietary components,
not their FLOSS ones. Thus, most of this dispute was a proprietary
software company arguing with another proprietary software company over
patents that read on proprietary software. Our community should tell
TomTom that if they want to join and support the FLOSS world, they
should release their software under a FLOSS license — including
software that they aren’t obligated to do so by the licenses. Wouldn’t it be quite interesting if TomTom’s mapping display software were available under, say, GPLv3?

(Added later): Even if TomTom fails to release their mapping applications as Free Software, our minimal demand should be a license to their patents for use in Free Software. Recall that TomTom countersued Microsoft, also alleging patent infringement on TomTom’s patents. TomTom has still yet to offer a public license on those patents for use by the Free Software community. If they are actually not hostile to software freedom, wouldn’t they allow us to at least practice the teachings of their patents in GPL’d software?

0Update:
Andrew Tridgell pointed out that my verb tenses in my hypothetical example
made the text sound more broadly worded than I intended. I’ve thus
corrected the text in the hypothetical example to be clearer. Thanks for
the clarification, Tridge!

LGPL’ing of Qt Will Encourage More Software Freedom

Post Syndicated from Bradley M. Kuhn original http://ebb.org/bkuhn/blog/2009/01/14/qt-lgpl.html

The decision between the GPL or LGPL for a library is a complex one,
particularly when that library solves a new problem or an old problem in
a new way. TrollTech faced this decision for the Qt library, and Nokia
(who acquired Trolltech last year) has now reconsidered the question and
come to a different conclusion. Having followed this situation since
even before Qt was GPL’d, I was glad that we have successfully
encouraged the reconsideration of this decision.

Years ago, RMS wrote what many consider the definitive essay on this
subject,
entitled Why
you shouldn’t use the Lesser GPL for your next library
. A
few times a year, I find myself rereading that essay because I believe
it puts forward some good points to think about when making this
decision.

Nevertheless, there is a strong case for the LGPL in many situations.
Sometimes, pure copyleft negatively impacts the goal of maximal software
freedom. The canonical example, of course, is the GNU C Library (which
was probably the first program ever LGPL’d).

Glibc was LGPL’d, in part, because it was unlikely at the time that
anyone would adopt a fully FaiF (Free as in Freedom) operating system
that didn’t allow any proprietary applications. Almost every program on
a Unix-like system combines with the C library, and if it were GPL’d,
all applications would be covered by the GPL. Users of the system
would have freedom, but encouraging the switch would be painful because
they’d have to give up all proprietary software all at once.

The GNU authors knew that there would be proprietary software for quite
some time, as our community slowly replaced each application with
freedom-respecting implementations. In the meantime, better that
proprietary software users have a FaiF C library and a FaiF operating
system to use (even with proprietary applications) while work
continued.

We now face a similar situation in the mobile device space. Most
mobile devices used today are locked down, top to bottom. It makes
sense to implement the approach we know works from our two decades of
experience — liberate the operating system first and the
applications will slowly follow.

This argument informs the decision about Qt’s licensing. Qt and its
derivatives are widely used as graphics toolkits in mobile devices.
Until now, Qt was licensed under GPL (and before that various semi-Free
licenses). Not only did the GPL create a “best is the enemy of
the good” situation, but those companies that rejected the GPL
could simply license a proprietary copy from TrollTech, which further
ghettoized the GPL’d versions. All that is now changing.

Beyond encouraging FaiF mobile operating systems, this change to LGPL
yields an important side benefit. While the proprietary relicensing
business is a common and legitimate business model to fund further
development, it also has some negative social side effects. The
codebase often lives in a silo, discouraging contributions from those
who don’t receive funding from the company who controls the canonical
upstream.

A change to LGPL sends a loud and clear message — the proprietary
relicensing business for Qt is over. Developers who have previously
rejected Qt because it was not community-developed might want to
reconsider that position in light of this news. We don’t know yet how
the new Qt community will be structured, but it’s now clear that Nokia,
Qt’s new copyright holder, no longer has a vested interest in
proprietary relicensing. The opportunity for a true software freedom
community around Qt’s code base has maximum potential at this moment. A
GUI programmer I am not; but I hope those who are will take a look and
see how to create the software freedom development community that Qt
needs.

It’s a Wonderful FLOSS!

Post Syndicated from Bradley M. Kuhn original http://ebb.org/bkuhn/blog/2008/12/24/capra-free-software.html

I suppose it’s time for me to confess. For a regular humbug who was
actually memory-leak-hunting libxml2 at the office until 21:30 on December
24th, I’m still quite a sucker for Frank Capra movies. Most people
haven’t seen any of them except It’s a Wonderful Life. Like
a lot of people, I see that film annually one way or the other, too.
Fifteen years ago, I wrote a college paper on Capra’s vision and
worldview; it’s not surprising someone who has devoted his life to Free
Software might find resonance in it. Capra’s core theme is simple (some
even call it simplistic): An honest, hard-working idealist will always
overcome if he never loses sight of community and simply refuses any
temptation of corruption.

I don’t miss the opportunity to watch It’s a Wonderful
Life when it inevitably airs each year. (Meet John
Doe sometimes can be found as well around this time of year
— catch that one too if you can.) I usually perceive something
new in each viewing.

(There are It’s a Wonderful Life spoilers below here; if
you actually haven’t seen it, stop here.)

This year, what jumped out at me was the second of the three key
speeches that George Bailey gives in the film. This occurs during the
bank run, when Building and Loan investors are going to give up on the
organization and sell their shares immediately at half their worth. I
quote the speech in its entirety:

You’re thinking of this place all wrong. As if I had the money back in a
safe. The money’s not here. Your money’s in Joe’s house; that’s right
next to yours. And in the Kennedy house, and Mrs. Macklin’s house, and a
hundred others. Why, you’re lending them the money to build, and then,
they’re going to pay it back to you as best they can. Now what are you
going to do? Foreclose on them?

[Shareholders decide to go to Potter and
sell. Bailey stops the mob.]

Now wait; now listen. Now listen to me. I
beg of you not to do this thing. If Potter gets hold of this Building and
Loan there’ll never be another decent house built in this town. He’s
already got charge of the bank. He’s got the bus line. He got the
department stores. And now he’s after us. Why?

Well, it’s very simple. Because we’re cutting in on his business,
that’s why, and because he wants to keep you living in his slums and
paying the kind of rent he decides. Joe, you had one of those Potter
houses, didn’t you? Well, have you forgotten? Have you forgotten what he
charged you for that broken-down shack?

Ed, you know! You remember last year when things weren’t going so well,
and you couldn’t make your payments? You didn’t lose your house, did you?
Do you think Potter would have let you keep it?

Can’t you understand what’s happening here? Don’t you see what’s
happening? Potter isn’t selling. Potter’s buying! And why? Because
we’re panicking and he’s not. That’s why. He’s picking up some bargains.
Now, we can get through this thing all right. We’ve got to stick
together, though. We’ve got to have faith in each other.

Perhaps this quote jumped out on me because all the bank run jokes made
this year. However, that wasn’t the first thing that came to mind.
Instead, I thought immediately of Microsoft’s presence at OSCON this
year and the launch of their campaign to pretend they haven’t spent the
last ten years trying destroy all of Free Software and Open Source.

In the film, Potter eventually convinces George to come by his office
for a meeting, offers him some fine cigars, and tells him
that George’s ship has come in because Potter is ready to give
him a high paying job. George worries that the Building and Loan will fail
if he takes the job. Potter’s (non)response is: Confounded, man, are
you afraid of success!?

It’s going to get more tempting to make deals with Microsoft. We’re
going to feel like their sudden (seemingly) positive interest in us
— like Potter’s sudden interest in George — is something to
make us proud. It is, actually, but not for the obvious reason. We’re
finally a viable threat to the future of proprietary software. They’ve
reached the stage where they know they can’t kill us. They are going to
try to buy us, try to corrupt us, try to do anything they can to
convince us to give up our principles just to make our software a little
better or a little more successful. But we can do those things anyway, on our own, in the fullness of time.

Never forget why they are making the offer. Microsoft is unique
among proprietary software companies: they are the only ones who have
actively tried to kill Open Source and Free Software. It’s not
often someone wants to be your friend after trying to kill you for ten
years, but such change is cause for suspicion. George was smart enough
to see this and storm out of Potter’s office, saying: You sit around here and spin your little webs and think the whole world revolves
around you and your money! Well, it doesn’t, Mr. Potter!. To
Microsoft, I’d say: and that goes for you, too!

When your apt-mirror is always downloading

Post Syndicated from Bradley M. Kuhn original http://ebb.org/bkuhn/blog/2008/01/24/apt-mirror-2.html

When I started building our apt-mirror, I ran into a problem: the
machine was throttled against ubuntu.com’s servers, but I had completed
much of the download (which took weeks to get multiple distributions).
I really wanted to roll out the solution quickly, particularly because
the service from the remote servers was worse than ever due to the
throttling that the mirroring created. But, with the mirror incomplete,
I couldn’t so easily make available incomplete repositories.

The solution was to simply let apache redirect users on to the real
servers if the mirror doesn’t have the file. The first order of
business for that is to rewrite and redirect URLs when files aren’t
found. This is a straightforward Apache configuration:

RewriteEngine on
RewriteLogLevel 0
RewriteCond %{REQUEST_FILENAME} !^/cgi/
RewriteCond /var/spool/apt-mirror/mirror/archive.ubuntu.com%{REQUEST_FILENAME} !-F
RewriteCond /var/spool/apt-mirror/mirror/archive.ubuntu.com%{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !(Packages|Sources).bz2$
RewriteCond %{REQUEST_URI} !/index.[^/]*$ [NC]
RewriteRule ^(http://%{HTTP_HOST})?/(.*) http://91.189.88.45/$2 [P]

Note a few things there:

I have to hard-code an IP number, because as I mentioned in
the last
post on this subject
, I’ve faked out DNS
for archive.ubuntu.com and other sites I’m mirroring. (Note:
this has the unfortunate side-effect that I can’t easily take advantage
of round-robin DNS on the other side.)

I avoid taking Packages.bz2 from the other site, because
apt-mirror actually doesn’t mirror the bz2 files (although I’ve
submitted a patch to it so it will eventually).

I make sure that index files get built by my Apache and not
redirected.

I am using Apache proxying, which gives me Yet Another type of
cache temporarily while I’m still downloading the other packages. (I
should actually work out a way to have these caches used by apt-mirror
itself in case a user has already requested a new package while waiting
for apt-mirror to get it.)

Once I do a rewrite like this for each of the hosts I’m replacing with
a mirror, I’m almost done. The problem is that if for any reason my
site needs to give a 403 to the clients, I would actually like to
double-check to be sure that the URL doesn’t happen to work at the place
I’m mirroring from.

My hope was that I could write a RewriteRule based on what the
HTTP return code would be when the request completed. This was
really hard to do, it seemed, and perhaps undoable. The quickest
solution I found was to write a CGI script to do the redirect. So, in
the Apache config I have:

ErrorDocument 403 /cgi/redirect-forbidden.cgi

And, the CGI script looks like this:

#!/usr/bin/perl

use strict;
use CGI qw(:standard);

my $val = $ENV{REDIRECT_SCRIPT_URI};

$val =~ s%^http://(S+).sflc.info(/.*)$%$2%;
if ($1 eq “ubuntu-security”) {
$val = “http://91.189.88.37$val”;
} else {
$val = “http://91.189.88.45$val”;
}

print redirect($val);

With these changes, the user will be redirected to the original when
the files aren’t available on the mirror, and as the mirror gets more
accurate, they’ll get more files from the mirror.

I still have problems if for any reason the user gets a Packages or
Sources file from the original site before the mirror is synchronized,
but this rarely happens since apt-mirror is pretty careful. The only
time it might happen is if the user did an apt-get update when
not connected to our VPN and only a short time later did one while
connected.

Unique Eyebrows

Post Syndicated from Lennart Poettering original http://0pointer.net/blog/photos/unique-eyebrows.html

Dear American People,

I guess you’ll find businesses selling unique eyebrow
designs only in god’s own country:

Unique Eyebrows

And what does “unique” mean? Do their customers get two
different designs for their two eyebrows? – What a bargain!

Groucho Marx’ greasepaint eyebrows are unique, in a way. Maybe that’s what they are selling?

Confused,
     Lennart (a worried European)

Unique Eyebrows

Post Syndicated from Lennart Poettering original http://0pointer.net/blog/photos/unique-eyebrows.html

Dear American People,

I guess you’ll find businesses selling unique eyebrow
designs
only in god’s own country:

Unique Eyebrows

And what does “unique” mean? Do their customers get two
different designs for their two eyebrows? – What a bargain!

Groucho Marx’ greasepaint eyebrows are unique, in a way. Maybe that’s what they are selling?

Confused,
     Lennart (a worried European)

Launchpad is Evil

Post Syndicated from Lennart Poettering original http://0pointer.net/blog/projects/launchpad-stole-my-name.html

I always think twice before entering my name in any web form or posting to a
mailing list. Is the web site/list respectable? Do the owners of the web site
have any commercial interest in my name (spam, marketing, …)? Would I ever
regret that my name can be found with Google in context with this web
site/mailing list? If I enter my name is it used for collecting data about me?
Is there any reasonable privacy policy?

Often enough I refrain from entering my name after deciding that the answers
to these questions are unsatisfactory. I like to be in control of my name. If I
am not confident that I remain in control I don’t enter my name to any
service.

Recently it came to my attention that Canonical decided to create an account (!) for me in their
commercial, proprietary bug tracker called “Launchpad”. I never asked for one!
I never even considered having one, because their service clearly is nothing
that would pass the tests mentioned above. They are a commercial service, my
account data is apparently “content” for them, they don’t seem to have any
privacy policy. (At least I couldn’t find any, the navigation is pretty
crappy.)

Canonical’s nimbus of being “the good guys” doesn’t hinder them to
incorporate data from free sources (apparently they got my data from the Debian
BTS) and make a commercial service of it, without even asking the original
contributors if that would be OK with them, or if it is OK to incorporate their
name or personal profile in the service. Apparently Canonical is not much
better than a common spam harvester: generating personal profiles for
business, without consent of the “victim”.

If anyone from Canonical reads this: It is not OK for me to use my name as
“content” for your commercial, proprietary service. Please remove any
reference to my name from your “account” database. I don’t want to have a
Launchpad account. I don’t plan to use Launchpad. Let me decide if I ever want to
join! Thank you very much.

Update: I especially dislike the fact that they created an account for me in
a service where Hitler apparently already has six (!) accounts. I am very sure
that I don’t want to be part of that community.

Launchpad is Evil

Post Syndicated from Lennart Poettering original http://0pointer.net/blog/projects/launchpad-stole-my-name.html

I always think twice before entering my name in any web form or posting to a
mailing list. Is the web site/list respectable? Do the owners of the web site
have any commercial interest in my name (spam, marketing, …)? Would I ever
regret that my name can be found with Google in context with this web
site/mailing list? If I enter my name is it used for collecting data about me?
Is there any reasonable privacy policy?

Often enough I refrain from entering my name after deciding that the answers
to these questions are unsatisfactory. I like to be in control of my name. If I
am not confident that I remain in control I don’t enter my name to any
service.

Recently it came to my attention that Canonical decided to create an account (!) for me in their
commercial, proprietary bug tracker called “Launchpad”. I never asked for one!
I never even considered having one, because their service clearly is nothing
that would pass the tests mentioned above. They are a commercial service, my
account data is apparently “content” for them, they don’t seem to have any
privacy policy. (At least I couldn’t find any, the navigation is pretty
crappy.)

Canonical’s nimbus of being “the good guys” doesn’t hinder them to
incorporate data from free sources (apparently they got my data from the Debian
BTS) and make a commercial service of it, without even asking the original
contributors if that would be OK with them, or if it is OK to incorporate their
name or personal profile in the service. Apparently Canonical is not much
better than a common spam harvester: generating personal profiles for
business, without consent of the “victim”.

If anyone from Canonical reads this: It is not OK for me to use my name as
“content” for your commercial, proprietary service. Please remove any
reference to my name from your “account” database. I don’t want to have a
Launchpad account. I don’t plan to use Launchpad. Let me decide if I ever want to
join! Thank you very much.

Update: I especially dislike the fact that they created an account for me in
a service where Hitler apparently already has six (!) accounts. I am very sure
that I don’t want to be part of that community.

The GNU GPL and the American Dream

Post Syndicated from Bradley M. Kuhn original http://ebb.org/bkuhn/blog/2001/02/21/american-dream.html

[ This essay
was originally
published on gnu.org
. ]

When I was in grade school, right here in the United States of America,
I was taught that our country was the “land of opportunity”. My teachers
told me that my country was special, because anyone with a good idea and a
drive to do good work could make a living, and be successful too. They
called it the “American Dream”.

What was the cornerstone to the “American Dream”? It was
equality — everyone had the same chance in our society to choose
their own way. I could have any career I wanted, and if I worked hard, I
would be successful.

It turned out that I had some talent for working with computers —
in particular, computer software. Indoctrinated with the “American
Dream”, I learned as much as I could about computer software. I
wanted my chance at success.

I quickly discovered though, that in many cases, not all the players in
the field of computer software were equal. By the time I entered the
field, large companies like Microsoft tended to control much of the
technology. And, that technology was available to me under licensing
agreements that forbid me to study and learn from it. I was completely
prohibited from viewing the program source code of the software.

I found out, too, that those with lots of money could negotiate
different licenses. If they paid enough, they could get permission to
study and learn from the source code. Typically, such licenses cost many
thousands of dollars, and being young and relatively poor, I was out of
luck.

After spending my early years in the software business a bit
downtrodden by my inability to learn more, I eventually discovered another
body of software that did allow me to study and learn. This software was
released under a license called the GNU General Public License (GNU
GPL). Instead of restricting my freedom to study and learn from it, this
license was specifically designed to allow me to learn. The license
ensured that no matter what happened to the public versions of the
software, I’d always be able to study its source code.

I quickly built my career around this software. I got lots of work
configuring, installing, administering, and teaching about that
software. Thanks to the GNU GPL, I always knew that I could stay
competitive in my business, because I would always be able to learn easily
about new innovations as soon as they were made. This gave me a unique
ability to innovate myself. I could innovate quickly, and impress my
employers. I was even able to start my own consulting business. My own
business! The pinnacle of the American Dream!

Thus, I was quite surprised last week
when Jim Allchin, a
vice president at
Microsoft hinted
that
the
GNU GPL
contradicted
the
American Way.

The GNU GPL is specifically designed to make sure that all
technological innovators, programmers, and software users are given equal
footing. Each high school student, independent contractor, small business,
and large corporation are given an equal chance to innovate. We all start
the race from the same point. Those people with deep understanding of the
software and an ability to make it work well for others are most likely to
succeed, and they do succeed.

That is exactly what the American Way is about, at least the way I
learned it in grade school. I hope that we won’t let Microsoft and
others change the definition.