EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS


Selling Services Without Selling Fear of Licences

Posted in Free/Libre Software, FUD, GPL, HP, Rumour, Security at 2:29 am by Dr. Roy Schestowitz

Accusations against H-P and Palamida seem baseless

It wasn’t long ago that McAfee and InformationWeek were both harshly (and rightly) accused for spreading GPL fear [1, 2, 3]. This was not appreciated. It is actually worth reminding ourselves of speculations and predictions of a McAfee-Novell tie-up because Novell too was caught using FUD to market itself.

“Empty allegations are used against Hewlett Packard (H-P) and Palamida and we wish to present them here in order to make some clarifications.”On the other hand, some baseless accusations are flying about at the moment. Having been in touch with some of the parties involved, we wish to debunk FUD (or just lies) about FUD that never was. Empty allegations are used against Hewlett Packard (H-P) and Palamida and we wish to present them here in order to make some clarifications.

Let us start with H-P. Just the other day, when H-P introduced a set of services and tools that assist tracking of software and licensing, Dana Blankenhorn accused rather than thanked.

The Hewlett-Packard open source strategy is becoming clear.

Fear the source.

I’m certain HP officials will disagree with that. But when your press release is headlined, ” HP Promotes Open Source Software Governance with New Initiative,” there is no other conclusion to draw.

Your big company can’t go into open source alone. It’s dangerous out there. Here, hold our hand.

PJ disagrees with this, as do I. “HP is trying to do something very good with Flossology. I totally support it,” she says.

Why would anyone try to show just the negative side-effect (and yes, we’re sometimes accused of doing this as well)? Maybe because it stands out from the crowd and because ZDNet bloggers can be rewarded for provocations. Regardless of the issue at hand, H-P did make either an observation or a complaint back in 2005 (maybe 2006) when it said there were too many open source licences. But coversely, In this newer case, there is an attempt to address the issue, not just raise it. We should be happy. We should be thankful. And here were have the latest report from Palamida (published on Friday) which heralds to the world that GPLv3 finds love. This is good news, not bad news. Project evolve successfully.

The GPL v3 growth for this week is consistent with our average growth rate. As of January 25th, the GPL v3 count is at 1579 GPL v3 projects, up 44 projects over the past week. The LGPL v3 list is growing slowly but steadily and is currently at 150 LGPL v3 projects, as compared to last weeks number of 148 LGPL v3 projects.

At least one person claimed to have found flaws in Palamida’s work. Here is what one of our readers had to tell to us before we heard from Palamida (it’s reverse-chronological):


I have been visiting Palamida GPLv3 site and I think they are doing a great job at tracking the license adoption, and their statistics can be very useful to counter the established proprietary software oligopolies’ and the mainstream tech media’s FUD machine.

But today I have been warned by Pieter Hitjens about the following: I copy-paste the conversation about recent statements made in the palamida gplv3 site (gplv3.palamida.com -which redirects to –> gplv3.blogspot.com)



This site looks like it’s promoting GPLv3 but in fact it looks like subtle anti-GPLv3 FUD. E.g.:

“In the case of putting a GPL v3 project under a commercial license as well, there is high potential to violate the terms of the GPL v3. This is not to say that any of the aforementioned projects are or are not
in violation of the license, since our analysis of the terms are not yet complete, but caution should be used if a project is under both the GPL v3 and a commercial license.”

What they are saying, I think, is that GPL projects that do not have a clear copyright centralization cannot easily be re-licensed. However they don’t state this clearly, and they are not publishing my comments on the blog.



as somebody who has gotten note of Palamida very early after GPLv3 was released and I’ve got a bit of contact with actual GPLv2->v3 conversions, I can say this:

Palamida, the owner of this blog (it’s advertized in the banner on the top of the blog) is a company who’s business is software risk management, so it’s the business of marketing at this company to show what risks may be there and that risk is increasing.

It is increasing, because GPLv3 makes things indeed a bit more complicated by the simple fact that it is a successor of GPLv2.

The only long-term solution to that which I see is to convince as many free software developers that licensing under “GPL v2 only” is a __very__ bad idea.

I think you guessed right that they may suggest that companies might want to buy services from Palamida, to improve legal security in software distribution.

What I see, rather looks like research which gives great information of the GPLv3 adoption, and no clear FUD.


I see clear FUD, in this respect.

Dual-licensing is in fact a very strong argument for using GPLv3 but it depends on clear centralization of copyright. Projects like 0MQ – see www.zeromq.org – are careful to demand copyright assignments and/or MIT licensing from all contributors. For these projects, dual licensing is essential. This statement:

“This is not to say that any of the aforementioned projects are or are not in violation of the license, since our analysis of the terms are not yet complete, but caution should be used if a project is under both the GPL v3 and a commercial license.”

Is really bad. It suggests that we have to wait for Palamida to give the green light on whether it’s safe to use 0MQ. That’s very misleading and designed to create business for Palamida by exaggerating the complexity of the GPLv3 and ignoring the key role of copyright ownership.

If a company owns its code, how can it be in violation of the GPLv3 by dual-licensing its own code? That’s pure FUD, and worse, it brings into question one of the key business models for new smart FOSS businesses.


Care if I forward your message to Pamela Jones (groklaw) and Roy Schestowitz (boycottnovell) so they alert about the issue. Think the palamida guys, who are doing a great tracking of projects adopting the GPLv3 should be aware as well. And of course the FSF/FSFE


Forward away, of course. Tracking GPLv3 usage is fine. Throwing fear and uncertainty onto other businesses to try to create extra business is not fine.


Shared with implicit permission, the above is intended to at least show the arguments that were thrown into this debate, which we believe is resolved by several factors.

For starters, PJ says: “I don’t agree they are doing that [spreading fear]“. Further: “They want business, so they highlight problems without telling you the solution, because they want business, but that isn’t, to me, exactly the same thing as FUD, although it can have a similar effect.”

Our reader adds: “Up to now, their work at tracking GPLv3 project has proven nice and useful to counter quite a lot of FUD [...] I think Palamida at least should publish Pieter’s comments. If they don´t do it after a while, “someone” should be pointing at the problem. Of course making clear that the tracking of GPLv3 projects is nice and useful.”

We received a response from Palamida quite quickly and it was very convincing. Judge for yourselves however:

I can say with 100% honesty that no, Palamida does not resort to FUD to sell our services. However, we do point out what can happen if you don’t know what you’ve got in your code base, which is a reality, and it’s what drives a lot of lawsuits and insecure apps. It’s just something people want to avoid and we’re here to help organizations figure it out so they can get it right. There is a subset of folks (including you) that know what the heck is going on and would vet and check you code, versions, and licenses ahead of time. Funny though that very large organizations often do not, or possibly can not, because of their size and geographically dispersed team of developers. These are the folks who have the Top 5 Most Overlooked OS vulnerabilities (and many more but let’s stick with 5) and don’t know it.

So in general, our message and mantra has always been “Know What’s In Your Code.” It’s a message that shouldn’t be considered FUD, because not knowing has very real consequences (can anyone say Busybox?).

Since H-P came under similar unjustified scrutiny we brought up this issue, which quite expectedly revealed sympathy:

In general, we like HP but here’s something to think about. Back at the beginning of Palamida, folks used to ask us, “Why wouldn’t I just use Google Code Search instead of paying for Palamida?” Our response was always that
they certainly could use Google if they only wanted a skim the surface view of what was going on in one single segment (say, JBoss code). However, our expertise coupled with the depth and breadth of our code base (which weighs in at 3 Terabytes) could give you a little more (to put it mildly). So I personally feel the same about FOSSology. This is my singular opinion, it’s a fantastic tool but it answers only one of the many, many questions people need to be asking (take a look at the blog we just posted Friday) about: what code are you using? What version? What license is it under? Is it secure?

How often is the FOSSbazaar updated? What does it include? What are its rates of false positives or irrelevant search matches? How comprehensive is it? Who has tested it? Would you bet your eBanking system security on it?

That sort of thing.

This hopefully resolves the issue, at least for those who were involved in a blame game. Censorship (aka “selective approval”) of comment was probably the main reason for going this far. We never delete comments in this Web site and only a single abusive reader has his comments flagged (still truly visible) for repetitive abuses even against other readers. Transparency brings better answers than censorship, which we last complained about just an hours ago (ODF/OOXML).

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

A Single Comment

  1. ernest park said,

    March 31, 2008 at 8:06 pm


    I note and appreciate the emotion filled comments regarding Palamida’s involvement in tracking GPLv3 adoption rates.

    I am in charge of the research team and the blog site. We get numerous comments, and ALL are posted. If a comment was left, while I don’t agree with it, it is posted. The nature of the site has NEVER been to spread fear or spin regarding how spooky and scary OSS is. Rather, my team and I are sponsored by Palamida to provide objective information regarding OSS usage of certain licenses.

    The forum is open to debate and public input. I can directly be reached via email with questions, or emails can be sent to rdgroup@palamida.com. Our research and the GPLv3 work should serve more as a barometer of the OSS community as a whole. Since we look at thousands of projects per week for licensing, code changes, updates, my team and I provide an honest perspective on what is currently happening in OSS related to GPLv3 licensing.

    As an aside, our blogs do track adoption rates, but also keep readers informed regarding other issues of OSS relevance. Again, our goal is to honestly track and publish licensing and related trends across OSS, represented at http://gpl3.palamida.com. Our research is available for reuse by analysts, and is routinely used and trusted as an objective source.

    As an aside, our blog regarding dual licensing issues (http://gpl3.blogspot.com/2008/01/gpl-project-watch-list-for-week-of-0118.html) received a number of comments. It was my fault that I edited our information, and in doing so, did not accurately explain our point. We do include all comments received, and I invite comments in the future.


What Else is New

  1. Team Battistelli and Team UPC Are Both Very Deep in Denial

    The perpetrators of a terrible patent system that permits patents on abstract ideas (which sometimes aren't novel, either) and litigation as a priority refuse to let go of their dream -- a distant, runaway fantasy which may soon cost over a thousand examiners their careers

  2. Guest Post: Battistelli's Former “Padrone” Facing Corruption Charges in France

    Battistelli's former "padrone" made the headlines this week when he was taken into police custody in France and charged with corruption and other breaches of law

  3. Links 23/3/2018: Fedora 28 Beta Delayed, Mintbox Mini 2 is Out

    Links for the day

  4. The Enemies of the Patent System Are Patent Maximalists, Not Those Pursuing Saner Patent Policy

    Taking stock of some recent news and remarking (yet again) on the danger the patent system faces if it allows patent lawyers rather than inventors to steer/influence policy (as seen in Europe with the failed UPC bid)

  5. The European Patent Office’s (EPO) Declining Patent Quality 'Tackled' by Making Appeals/Oppositions Harder and More Expensive

    The so-called 'System Battistelli' is proving to be a disaster which makes both examiners and patents obsolete; Making applications cheaper while making appeals/oppositions harder and more expensive is a recipe for disaster, assuring nothing but more litigation and more workloads for courts, where fees rise to extraordinary levels (in effect externalising the costs/toll of EPO to the public, primarily for gains of patent law firms)

  6. Ericsson, Acting Directly Rather Than Via the Patent Trolls It Habitually Uses, in a Patent War Against Linux/Android

    LG is the latest company to be sued by Ericsson, which doesn't just harass the competition (which actually sells something) through patent trolls but also directly, having won a case in the notorious Eastern District of Texas (EDTX/TXED)

  7. The Federation of International Civil Servants' Association: Frenchman “Campinos is Known for Having Close Ties to Mr. Battistelli Who Strongly Supported His Candidacy.”

    Readers find little or no room for optimism as Battistelli's final day at the Office approaches; FICSA is not optimistic either and the general consensus is that Battistelli's so-called 'reforms' will soon yield layoffs

  8. Links 22/3/2018: Mesa 17.3.7, Mesa 18.0.0 RC5, RawTherapee 5.4, Krita 4

    Links for the day

  9. Japan is Becoming Firmer on Patents, Whereas China Goes in the Opposite Direction

    Japan has become less tolerant of patent aggressors and more conscious/concerned about patent quality, which is why the patent microcosm would rather hail China as a role model (even when China's overall share of patents in Europe, for example, is about the same as tiny South Korea and a lot smaller than Japan's)

  10. Aggressive New Activities of Microsoft-Connected Patent Trolls: Finjan, Intellectual Ventures, and Dominion Harbor

    The extensive group of Microsoft-connected patent trolls is still very much active; Microsoft funds them, arms them, and gives them instructions while offering people 'protection' from them (if and only if they choose Azure)

  11. Battistelli's Ongoing Attacks on the Boards Are Helping Unitary Patent (UPC), Which in Turn Helps French Patent Trolls

    Battistelli will likely be remembered not only as the man who attacked justice (and judges) but also rendered staff redundant, issued a lot of highly controversial patents, and by doing so helped the insurgence of patent trolls in Europe

  12. Links 21/3/2018: Cutelyst 2, More on webOS

    Links for the day

  13. SUEPO: “Today May Be Your Last Chance to Demonstrate Against the Seriously Flawed Reforms That Mr Battistelli Has Imposed” on EPO Staff

    Benoît Battistelli will likely remain involved in EPO affairs for a long time to come (even through a fellow Frenchman, Campinos, whom he swaps two chairs with at the Office and CEIPI), but today is the last opportunity for EPO staff to march in protest against the Battistelli regime, which for the first time ever will result in major staff cuts and growing irrelevance for the Office

  14. Links 20/3/2018: GStreamer 1.14.0, Freespire 3.0, Endless OS 3.3.13

    Links for the day

  15. BIO, MDMA and PhRMA Are Pushing the PTAB-Hostile STRONGER Patents Act While IAM and Patently-O Continue to Bash PTAB

    The patent microcosm, which compares the Board to the above (crude analogy from Judge Rader and other patent extremists), is still trying to kill inter partes reviews (IPRs), in effect overlooking its own hypocrisy on the matter (they don’t want patent justice, they just want to metaphorically ‘shoot down’ the judges)

  16. 35 U.S.C. § 101 is Still Effectively Tackling Software Patents in the US, But Patent Law Firms Lie/Distort to 'Sell' These Anyway

    The assertion that software patents are still worth pursuing in 2018 is based on carefully-constructed spin which mis-frames several court decisions and underplays/downplays/ignores pretty much everything that does not suit the narrative

  17. Battistelli's EPO Became Extremely Reliant on China for Distraction and on Endless Supply of Applications (Supply Which Doesn't Exist)

    Discussion about the EPO granting machine (or patent-printing machine) and figures the way EPO management would rather the public won't ever see them; the concept that China means redemption for this patent system is as laughable as always

  18. The US International Trade Commission (USITC) Against Comcast, Courtesy of the Intellectual Ventures-Connected Rovi

    The USITC/ITC, which mostly serves to impose embargoes (sometimes in shocking defiance of PTAB decisions), is being invoked by a firm connected to the world’s largest patent troll, Intellectual Ventures

  19. Tinder/Match Group Uses Software Patents to Sue a Rival, Obviously Choosing to Sue in Texas

    Software patents are being used for leverage, but only those which were likely granted before Alice and only in courts at districts somewhere around Texas

  20. Links 19/3/2018: Linux 4.16 RC6, Atom 1.25, antiX 17.1, GNU Mcron 1.1

    Links for the day

  21. From PTAB Bashing to Federal Circuit (CAFC) Bashing: How the Patent 'Industry' Sells Software Patents

    The latest tactics of the patent microcosm are just about as distasteful as last month's (or last year's), with focus shifting to the courts and few broadly-misinterpreted patent cases (mainly Finjan, Berkheimer, and Aatrix)

  22. Patent Maximalists Keep Coming Up With New Terms and Buzzwords to Bypass the Practical Ban on Software Patents

    The fightback against Section 101 and the US Supreme Court (notably Alice) seems to concentrate on old and new buzzwords, such as "Software as a Medical Device" ("SaMD") or "Fourth Industrial Revolution" ("4IR"), which the EPO recently paid European media to spread and promote

  23. News About Patents is Often Just Advertisements Composed Directly or Indirectly by Companies That Sell Patents and Patent Services

    Infomercials are still dominant among news about patents, in effect drowning out the signal (real journalism) and instead pushing agenda that is detached from reality, pertinent facts, objective assessment, public interest and so on

  24. Blocks and Paywalls Won't Protect the Patent Trolls' Lobby From Scrutiny/Fact-Checking

    Joff Wild and Benoît Battistelli have much in common, including patent maximalism and chronic resistance to facts (or fact-checking)

  25. China Has Become Very Aggressive With Patents

    China now targets other Asian countries/firms -- more so than Western firms -- with patent lawsuits; we expect this to get worse in years to come

  26. UPC/Battistelli Booster IAM Blames Brexit Rather Than EPO Abuses

    While the EPO is collapsing due to mismanagement the boosters of Team Battistelli would rather deflect and speak about Brexit, which is itself partly motivated by such mismanagement

  27. European Commission Again Urged to Tackle Abuses at the European Patent Office (EPO)

    Rina Ronja Kari is the latest MEP attempting to compel the Commission to actually do something about the EPO other than turning a blind eye

  28. Links 18/3/2018: Wine 3.4, Wine-Staging 3.4, KDE Connect 1.8 for Android

    Links for the day

  29. TXED Courts Are Causing Businesses to Leave the District, Notably For Fear That Having Any Operations Based There is a Legal Liability

    A discussion about the infamous abundance of patent cases in the Eastern District of Texas (TXED/EDTX) and what this will mean for businesses that have branches or any form of operations there (making them subjected to lawsuits in that district even after TC Heartland)

  30. PTAB Hatred is So Intense Among the Patent 'Industry' That Even Scammers Are Hailed as Champions If They Target PTAB

    The patent microcosm is so eager to stop the Patent Trial and Appeal Board (PTAB) that it's supporting sham deals (or "scams") and exploits/distorts the voice of the new USPTO Director to come up with PTAB-hostile catchphrases


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time


Recent Posts