Wednesday, March 23, 2005
Monday, March 21, 2005
Navigating Open Source Licensing
By Blane Warrene
March 9th 2005
Reader Rating: 7.3
The decision to choose an open source license can mean different things to different people. Those considering the issue from an end-user perspective may feel that the decision is irrelevant: the equivalent of a commercial click-wrap license that generally also goes unread. For this kind of user, the software simply represents a more economical or more productive path to complete a task or obtain functionality.
Licensing is more critical for developers. The beauty of the open source license is its assignment of copyright (and patents, if held by the author) to the end user and re-distributor without compensation. Thus, for example, the Web professional can leverage an application at no cost, use it in the course of commercial business, and profit by it in interactions with their customers.
Often, in the course of their work, developers discover that the software doesn't quite meet their needs: it lacks a given capability. To resolve the problem, the developers may decide to build new functionality. This is the epitome of the open source license: there are no strings attached! The new, modified solution can be redistributed under the original license (or separate from it, as we will see shortly) depending on the license selection.
The result of this exercise is that hundreds of new open source software packages are available at large. The bad news is that some of these packages may run the risk of infringing upon patents of which the software authors were perhaps not aware.
This possibility, coupled with concern over evolving intellectual property (IP) issues and liability, has become a recipe for developer confusion, especially since a broad list of different open source licenses exists. The process for choosing a license, reviewing code and launching a product without liability concerns becomes more vexing as the open source atmosphere expands.
The Licensing Conundrum
When a developer is considering his or her options for open-source licenses, the first stop should be the Open Source Initiative (OSI) [1]. The group maintains the definition of open source software and certifies licenses that adhere to it. Drop by the site and you will find descriptions of more than 50 licenses.
Recently, questions have arisen as to whether some licenses should be consolidated, though some, such as the Academic Free License, serve niches. Eric Raymond, cofounder and president-emeritus of the OSI, suggests that many of the licenses the OSI lists are essentially individual or corporate vanity projects.
"Only about half a dozen are in any wide use," Raymond told LinuxInsider. "We are mulling ways to push back against further proliferation, but up to now it's been our policy not to reject licenses that fit the OSD even if they are duplicative. That may soon change."
Before we go further, let's step back and see just how a license becomes, well, a license.
How is a License Born?
Raymond's organization vets proposed new open source licenses with a battery of reviews and discussions.
"We look for conformance to the ten points of the Open Source Definition [2]. We have lawyers, and legally savvy non-lawyers, chew over the license on license-discuss. The board considers their recommendations and votes," he said.
Most recently, Sun Microsystems contributed the Common Development and Distribution License (CDDL), through which the company released its Open Solaris. Sun officials have said they chose to opt out of existing licenses so they could build in patent protection for users of the new Solaris platform.
For his part, Raymond does not always believe there is good argument to release new licenses, even if the company is big.
"Most new licenses are exercises in monument-building by corporate legal departments with too much time on their hands," he said. "Occasionally you'll get a license that addresses the underlying legal issues in a genuinely new or interesting way. But that was never common and is now extremely rare."
The Licensing Lowdown
While no formal public tally exists, recent research measuring open source license use has been completed independently and shows that an overwhelming two-thirds majority of open source projects utilize the GNU General Public License (GPL). Following the GPL is the Limited GPL (LGPL), the Berkeley Software Distribution (BSD) and Mozilla licenses.
In distilling the many licenses, a recent book, Open Source Licensing [3], by legal expert Lawrence Rosen broke down a taxonomy of licenses to help categorize them. This also helps developers reduce the time it takes to research different license types for their software.
The current fifty-plus licenses maintained by the OSI fall into four distinct types:
1. Academic Licenses
Representing the most 'free' of open source licenses, Academic licenses place no requirements whatsoever on the license user -- there's not even a requirement for the user to share modifications or redistribute them. Licenses in this category include the BSD, MIT and Apache licenses.
Academic licenses are designed to provide absolute freedom. The only marked restriction is that these licenses prohibit the leveraging of the original licensor's name as an endorsement in marketing efforts. Other than that, these licenses are truly intended for those who seek complete control over the software, its use, modifications, and subsequent re-releases independently or with another software package.
The BSD, granddaddy of open source licensing, originated within the University of California to grant the free use, modification, and distribution of software built within the institution. It has since become a public license available to open source developers.
The MIT was created by the Massachusetts Institute of Technology as a rewrite of the BSD license. The Apache license differs from the BSD and MIT only in its requirement that a notice be included in either documentation or source code of modified works to identify that the new distribution contains software created by the Apache Software Foundation.
2. Reciprocal Licenses
Like other licenses, Reciprocal licenses grant complete rights to the software's use to the developer and end user. The single difference lies in the requirement that any derivatives of the software be released under the same license, and that the source code must be released. The resulting new software must also be free.
The intent of reciprocity is to ensure that a growing universe of free software emerges, and that original works -- as well as modified and new efforts -- remain free to users. Some of the most popular software available today remains free and accessible due to its use of the GPL including Linux, MySQL, the Bash shell, Mailman, gzip and grep.
The centerpiece of this category is the GPL, which was last updated in 1991, though it is expected to be refreshed this year by original authors Richard Stallman and Eben Moglen, with input from the open source community at large. The Mozilla Public License also resides in this category.
3. Standards Licenses
Standards licenses seek to create a base standard of software and documentation. Modified and redistributed sources usually have to be distributed as patches, so as to not modify the core.
For example, imagine a situation in which a Web application is created to allow importing and exporting between the various popular blog applications. A Web developer grabs the source of this new software and builds in an additional function to migrate and convert specific design elements along with data. Under a standards license, the core app would be distributed with a plug-in to enable the latter new capability.
The goal of a standards license is to preserve an existing code base so that the originating author can come back to it and evolve it without difficulty. In some cases, plug-ins will not be affected. In others, the original author will update documentation to allow third-parties to update their plug-ins (often also called patches).
4. Content Licenses
Finally, Content licenses cover elements aside from code, such as art, copy and audio/video. Those familiar with Creative Commons [4] will recognize this license, although a few are listed at OSI, including the Academic Free License.
One caveat with Creative Commons (CC) licenses is that if a Share-Alike attribute is included in a CC license, it makes the license reciprocal, similar to the GPL.
Intellectual Property Concerns
In understanding the licensing process, it's important to distinguish between copyright, trademark and patents. All of these elements play a role in the software we use every day. In some cases, the freedom from patent risk has been included in the license (as in Sun Microsystems' CDDL and, to some extent, others).
However, as Rosen makes clear in his book, many of the licenses protect users from patent requirements of the original software, but cannot necessarily extend that protection once you modify and redistribute the source code or binary.
That said, simplicity remains the core appeal of open source -- find an application that meets a need, download, install, and start using or developing with it.
Organizations like Sourceforge [5] accelerate that process. Sourceforge could be considered the Creative Commons of open source software projects, hosting more than 90,000 open source projects with over one million registered users. It is a popular destination to which multitudes of open source developers and users go to find software. Sourceforge will only host a project using one of the OSI-approved licenses.
This alone is no threat. However, IP and license considerations become critical if source is being modified, packaged into another solution, and distributed.
A cottage industry is brewing just for this purpose, with companies such as Black Duck Software (see this post in Open Sourcery [6]) hoping to capitalize on developer concerns over the creation, use and distribution of open- and mixed-source code by proposing code review solutions. This can be a costly proposition to some and, according to Raymond, may make complete compliance impossible.
"With as much copyrighted and patented code as there is in the world, positive assurance by review is effectively impossible," he said. "The best you can do is make sure your code doesn't have someone else's explicit copyrights in it, and that's not nearly good enough."
Due Diligence
Reviews are carried out regularly, primarily for the purpose of showing due diligence.
Raymond thinks the only strategy that makes sense in the crazed and toxic environment created by modern IP law (especially patents) is to complete just enough of a pro forma review to have on the record that a review was carried out, then basically ignore your risks until and unless you are sued.
"And this is exactly the advice patent lawyers will give you. You don't 'want' to know what patents you may be infringing in advance -- that makes it 'willful' and trebles the damages," he said.
"Yes, this is crazy," he admitted. "It reflects the fundamental insanity of modern IP law."
In recognition of today's evolving IP issues, the GNU General Public License -- one of the most widespread variations -- will be refreshed for the first time in thirteen years. The revision is expected in 2005. However, Raymond suggests developers need not hold off in selecting a license in order to wait for the new GPL as currently, it is essentially vaporware.
Reducing the Risk
Policy makers, attorneys and judges will end up guiding an archaic set of IP laws into the 21st century. The direction this process takes may depend on individuals' and organizations' understanding of open source.
While the OSI carries out a little advocacy for policy makers on open source and the state of intellectual property, according to Raymond, "Our main focus has been on selling the idea to businesses in the belief that they would then sell it to government. There are more politically focused groups we cooperate with, such as OSIA (Open Source Industry Alliance)."
In the meantime, developers are left to pore over licenses and select one on their own. While expensive legal advice can help, others may take a gamble when choosing a license on which to stake their code.
It's important to understand the impact of choosing your license. As you have seen, each license category has its own particular purpose, whether it's to ensure end-user freedom, prevent commercial use, or preserve a standard code base.
Users can switch licensing schemes after they've made their selection and distributed software; however, the issue of existing code and license agreements is murky when it comes to making such a change. These unproven waters mean that developers need very carefully to select a license they can live with for the long term.
For example, if a developer foresees only selling support and customization services over the long term, choosing a reciprocal license that may prevent the sale of the software itself would be sufficient. However, if there's a chance that a future application may become partially proprietary while including original or modified open source, an Academic license may be a better route.
Can developers expect a tool that simplifies license selection from the OSI anytime soon?
Raymond would only say, "Not yet. We're working on that."
[1] http://www.opensource.org/[2] http://opensource.org/docs/definition.php
[3] http://www.phptr.com/title/0131487876#
[4] http://www.creativecommons.org
[5] http://www.sourceforge.net
[6] http://www.sitepoint.com/blog-post-view.php?id=170388
Sunday, March 20, 2005
Google Code
Google Code, Google's place for Open Source software. Read the FAQ for more information.
Saturday, March 19, 2005
Alexa
Alexa is a subsidiary of Amazon.com which ranks web sites based upon actual user traffic to those sites.
Saturday, March 12, 2005
Hollerith's Punched Cards
http://www.eingang.org/Lecture/hollerith.html
Other related links
http://www.history.rochester.edu/steam/hollerith/cards.htm
http://www.maxmon.com/punch1.htm
Wednesday, March 09, 2005
This is pretty cool! Almost like what windows have. I haven't looked at it fully, but I think there are some functions that are better than windows already :D
Well, I have to admit windows does have a pretty good design for their powerpoint. But there's always room for improvement and i think open office managed to do that!
Monday, March 07, 2005
http://business.newsforge.com/business/05/02/28/2212207.shtml?tid=110
Date 2005.03.04 13:00
Author Jay Lyman
Topic
http://business.newsforge.com/article.pl?sid=05/02/28/2212207
By offering free SSL certificates to open source projects, domain registrar GoDaddy.com is asking, "Will the real open source please stand up?"
We thought it might be interesting to see what kind of response GoDaddy got, what it is doing to filter out the open source noise from the truly open source projects, and what it really takes to cash in on open source authenticity to score a free Turbo SSL Certificate from the Arizona company. Conversely, what must open source projects do to take advantage of this kind of free support -- whether it be SSL certs, hosting, or other services that can put more time and energy back on the code -- without compromising any control?
Open source Daddy
GoDaddy president and founder Bob Parsons told NewsForge that after a week of being online, the free SSL cert offer had brought in 80 responses, and not all of them open source.
"We've had some interesting applications," Parsons said. "We've had some applications from companies that do not qualify, some e-commerce sites or personal sites that have used open source, but are not themselves open source, but I'd say they've been the minority."
Among the legitimate applicants have been prominent open source projects including Mambo, Perl, Stunnel, and others, according to Parsons.
He said his company, which competes in the domain game against the entrenched and larger VeriSign, confirms that a project is truly open source largely by using the main FOSS repositories: SourceForge, freshmeat, and OSI.
In addition, Parsons said, GoDaddy digs for the right open source licenses, and the company's people talk to the free SSL applicants. GoDaddy, which promises certs "within minutes," also issues its certifications in connection with a registered and valid domain name that matches official whois registration via email, Parsons said.
While Parsons blogged about the open source movement as "one of the very best things to happen for personal computer users worldwide," the GoDaddy chief said he viewed the SSL cert offer as support and a form of "giving back," considering all of the open source software his company uses.
"We use open source in our own systems for Linux hosting, value applications, and open source security tools like Nessus and Sniffer," he said. "We believe that open source developers are truly contributing to innovation, and we want to contribute to that."
While he would not provide details on his mention of "a little more later" from GoDaddy on open source, Parsons did volunteer that the free Turbo SSL Certificates for open source projects would come with free renewal for the life of the project, provided that life remains open source.
"Our intention is to renew them [for free] as long as the project continues," he said.
It all comes down to the code
Well-known PHP Web applications framework binarycloud was among the first takers of the free SSL certs from GoDaddy, and the open source project's founder and president, Alex Black, said its need for a wildcard certification was quickly and easily addressed with the freebee.
Black, whose project also takes advantage of donated hosting from Aktiom Networks, said it is fairly simple what qualifies an open source project.
"In general, you need to make sure the code exists," Black told NewsForge. "Where's the public CVS? It's really about the code and the community around it. Where is it?"
Although Black highlighted the value of the main open source repositories -- SourceForge, Tigris, and others -- he also indicated the value of a project earning its own domain and overall presence while maintaining some presence on the traditional networks. Black said in putting together the puzzle of mailing list, bug tracking, wiki, security, and other pieces, open source projects face a maze of "shit software or bad policies."
"It's really about flexibility," he said. "The services are out there, but they really don't properly solve [a complete solution], yet," he said.
Black pointed out that when free and open source software projects are receiving free support from corporations, they must be wary of the strings that are sometimes attached.
GoDaddy, for example, wanted to put up a logo that was "more like an ad" on the binarycloud Web site, Black said. But GoDaddy proved flexible, because it agreed to scale back the logo to an actual logo.
"GoDaddy was fast to respond and they were cool about it," he said, adding that other support opportunities he has pursued were not as gracious, asking the open source developer, "What's in it for us?"
Nevertheless, Black said there are ample opportunities for open source projects to take their attention off the machines and back on the code. On the whole, he said, most open source projects are aware of such support and take advantage of it. Black said it was the providers of such free support that typically bear more burden than the projects which take advantage of them.
"We can go elsewhere," he said. "For them, they're taking something semi-commercial and offering it for free."
Links
1. "free SSL certificates" - https://www.godaddy.com/gdshop/ssl/ssl_opensource.asp?se=%2B
2. "Mambo" - http://mamboserver.com/
3. "Perl" - http://www.perl.org/
4. "Stunnel" - http://stunnel.mirt.net/
5. "SourceForge" - http://sourceforge.net/index.php
6. "freshmeat" - http://freshmeat.net/
7. "OSI." - http://www.opensource.org/
8. "blogged" - http://bobparsons.com/FreeAntiSpywareGoDaddyProvidesFreeSSLCertsToOpenSourceProjectst.html
9. "binarycloud" - http://www.binarycloud.com/
10. "Aktiom Networks" - http://www.aktiom.net/
11. "Tigris" - http://www.tigris.org/
Sunday, March 06, 2005
Open source getting APLAWs in the UK
eclipsewiki
The purpose of this site is to provide the community with a place to share information about Eclipse and its sub-projects. This wiki works in association with the eclipse-plugins.info web site.
The kind of information to share is whatever you want about Eclipse, but especially :
- Faqs
- Code snippets
- Cheat sheets
- Useful articles
- Examples
Saturday, March 05, 2005
Friday, March 04, 2005
Interesting application - Active@ UNDELETE
Active@ UNDELETE is a powerful data recovery software that helps you to recover lost, deleted and formatted data from Hard Drives, Floppy Disks, Basic and Dynamic Volumes, Hardware or Software RAID's. Compressed, encrypted and fragmented files are supported. Besides hard disk drives and floppies program supports recovery from removable devices like Secure Digital, Compact Flash, SmartMedia, SONY Memory Stick, ZIP drives, USB Hard drives etc ...
Active@ UNDELETE will help you to restore data residing on the hard drives formatted in FAT12, FAT16, FAT32, NTFS, NTFS5, NTFS+EFS file systems and it works under all Windows family operating systems: Windows 95, Windows 98, Windows ME, Windows NT, Windows 2000, Windows 2003 Server and Windows XP.
Active@ UNDELETE incorporates many Wizards, that gives expert users full control over the process of data restoration. You can even perform manual data recovery via virtual editing of any drive parameters and using of Hex/Text Viewer and Editor. To get a better understanding of the product, you can download free evaluation version. While having full functionality of the product, it has a limitation on maximum size of the file being restored.
Active@ UNDELETE Enterprise Edition has advanced capabilities to access and perform data recovery on remote machines, as well as supports data recovery from Hardware and Software RAIDs: Spanned, Mirrored (RAID-1), Stripped (RAID-0) and RAID-5 Volumes.