Legal aspects of UEFI
Summary: Some GPL- and UEFI-related news
THE company which emanated from a Microsoft marketing exec to FUD the GPL (amongst other things) claims to have released a new thing, this time less on the propaganda side and more on the products side:
Black Duck Software announced new code analytics services to produce the new Black Duck Code Quality Audit (CQA) report.
Black Duck Software has announced the availability of expanded audit services with the addition of new code analytics that can help organizations acquiring new technology better track the code in their environments.
By tracking code they are able to issue reports with bias against GPL-type licences (they signed a deal with Microsoft before they started doing this). Meanwhile, Microsoft is putting the knife to the GPLv3-licensed GRUB 2, using its predatory UEFI plot [1, 2, 3, 4, 5, 6, 7]. Just as it arrives Canonical is left with little choice but to drop it (responses to UEFI varied from protest to abandonment of GRUB at Canonical and cowardly acts from Red Hat [1, 2, 3, 4]), due to Microsoft’s anti-competitive behaviour. The UEFI mess spreads further now:
Early support for UEFI SecureBoot is now available via qemu-kvm for messing with this troublesome technology in a virtualized world.
Before running for the hills thinking this is another attempt to thwart Linux by pushing UEFI SecureBoot into virtualized environments, this isn’t the case. This early SecureBoot support in qemu-kvm comes from the Linux kernel community. In fact it’s from James Bottomley, a well known kernel developer working in conjunction with the Linux Foundation.
The Linux Foundation Technical Advisory Board has been trying to get UEFI SecureBoot in qemu-kvm since real hardware relying upon this “secure” technology is still difficult to find until Windows 8 begins shipping. Bottomley built an Intel Tianocore boot system with the openSUSE Build System, discovered a gnu-efi bug, and made some other SecureBoot-related accomplishments for the benefit of Linux.
And that, with the demise of particular software, leads to the weakening of GPL along with freedom in computing. Microsoft knows what it’s doing here. Anything that harms copyleft licences is good for Microsoft.
As a side note, the above is part of a trend. Many journalists like to pick on Richard Stallman. Commonly enough they point to the fact that he does not browse the Web directly with a browser; Stallman sets an example and strives to be role model in some sense by drawing attention to the fact that the NSA et al. spy on Web surfers and he responds to this threat to human rights (he is, after all, an activist in this area) by one of the more reasonable actions, as not many options are left when sites do not support encrypted or anonymous routes in. Those who ignore this are either apathetic or pretend to not know this; the former is a case of ignorance and the latter is malicious — a strategy intended to daemonise Stallman and those who seek to highlight a real problem, maybe even address it or at least take it into account. Likewise, we have been seeing a daemonisation of the FSF, GNU. and the GPL, courtesy at times of Microsoft proxies. A lot of the time writers pretend not to understand “freedom” and use all sorts of straw man arguments. That could very well be seen when Stallman agreed to go on the Linux Action Show (we tried to ignore it so as not to give them attention because they are longtime FSF bashers). █
Send this to a friend
Summary: The firm people cite when alleging that the GPL declines is not telling the whole story
Proprietary firm Black Duck is being criticised by Jose R Rodriguez, who tells us that their results are “highly unscientific”, citing this blog post which states: “At FOSDEM, John Sullivan delivered an interesting talk titled Is copyleft being framed? to verify alleged claims on the decline of GPL-d software. (Slides are available.) The crux of the talk is the analysis he performed on the Debian archive to discover the amount of software we distribute that is covered by GPL, LGPL, or AGPL (“GPL-d” for short in the remainder).
“John’s talk steps in an interesting and long running debate (a recent summary of which is available in this ITWire article). The most interesting part is the discrepancy among John’s results and Blackduck’s, which are often use to argue how the popularity of the GPL license is declining. That might be the case. Or not. The more analyses we do to find it out, the better.
“The underlying assumption on John’s work is that Debian is a representative sample of the Free Software out there, which I think is a reasonable assumption. I find the analysis presented in the talk completely satisfactorily from a purely scientific point of view. The same cannot be said by Blackduck’s result: both their methods and data are secret, making it impossible for anyhow to reproduce their experiments. Highly unscientific.
“Still, John’s results are surprising: as much as 87 percent of Lenny’s packages and 93 percent of Squeeze’s are GPL-d. That seems a lot. Puzzled about that, John discussed with me the issue before his talk, in search for pitfalls in his methods or data. Finding none, I pointed him to the almighty DktrKranz for some extra review; who found nothing either. To stay on the safe side, even during his talk John called for independent reviews of his results. What could be wrong?”
Centrify, another friend of Microsoft’s sphere of influence, rears its head again. We are going to try to keep track of those sorts of firms. They usually have strong Microsoft connections, but those who cite them neglect to say so. █
Send this to a friend
Ducking Black Duck
Summary: New scepticism about data from Black Duck and its implications
THE noise that’s coming from GPL-hostile parties will never stop.
The non-ending propaganda against the GPL is typically coming from Microsoft brainchildren and companies created by former Microsoft staff, including for example Black Duck. Someone famous from Red Hat responds with this bit of scepticism:
The impression gained from this is that the probability of you using one of the GPL licenses is influenced by the community that you’re part of. And it’s not a huge leap to believe that an increasing number of developers are targeting the web, and the web development community has never been especially attached to the GPL. It’s not hard to see why – the benefits of the GPL vanish pretty much entirely when you’re never actually obliged to distribute the code, and while Affero attempts to compensate from that it also constrains your UI and deployment model. No matter how strong a believer in Copyleft you are, the web makes it difficult for users to take any advantage of the freedoms you’d want to offer. It’s as easy not to bother.
So it’s pretty unsurprising that an increase in web development would be associated with a decrease in the proportion of projects licensed under the GPL.
This obviously isn’t a rigorous analysis. I have very little hard evidence to back up my assumptions. But nor does anyone who claims that the change is because the FSF alienated the community during GPLv3 development. I’d be fascinated to see someone spend some time comparing project type with license use and trying to come up with a more convincing argument.
For those who cannot recall it anymore, Black Duck made an agreement with Microsoft to funnel in Microsoft-associated projects, which helps Microsoft game the numbers a bit. That was in 2009 when a lot of death predictions for GPL started to rear their heads, almost always backed by Black Duck data.
The other day we saw Cade Metz from Wired flinging filth at open source. He does this again with an article titled “Open Sourcers Drop Software Religion for Common Sense” (perhaps Cade Metz thinks that Wired should adopt Register-style headlines, having come from there) and Захария Стургин remarks: “I wouldn’t attribute “fear of GPL” a prime reason for the rise in Apache/MIT licensing. Can you “infect” IP with freedom and call it bad?”
“Also,” he writes, “has Oracle actually built anything on open source software? All that they got from Sun and are working to close it up…”
As Will put it:
He also tries to give Olsen credit for doing GPL before GPL in his first, very misleading paragraph. Mostly the article is a long smear of the GPL.
Perhaps there’s a bigger story than meets the eye here. Is it that GPL projects are moving to business exploitation licenses like Apache or is it that non free software companies are moving that way? One thing is sure, we don’t see the emergence of non free software companies any more. All the growth has been in free software exploitation of one sort or another. Companies like Microsoft are stagnant or failing.
The war against the GPL is one that Microsoft fought for a long time. It’s testament to its effectiveness in weakening vicious monopolies. █
Update: Here is another new article on this topic, one that says: “Since August of 2009, the GPL is down around 8%, according to data from Black Duck.”
Can one really just rely on data from a Microsoft partner, established by a former Microsoft manager whose expertise was marketing?
Send this to a friend
Building an “open” stack with proprietary Microsoft?
Summary: Another look at the OpenStack situation, why Microsoft should not be allowed to enter, and more about patent and copyright complications
SOME days ago we wrote about OpenStack's situation when it comes to Microsoft. Later we showed what Microsoft boosters were doing to spin it as good news. Well, according to this new article:
OpenStack is supposed to be a vendor agnostic open community for building an open source cloud stack. And it is, unless you don’t pull your own weight- or if you’re Microsoft.
I know there is plenty of vitriol in the open source world towards Microsoft and certainly some of that has now surfaced in the OpenStack community.
OpenStack is now removing the Hyper-V capabilities from its stack, after Microsoft didn’t maintain the code. That happens in projects all the time, just think about the Linux kernel where Microsoft has had similar challenges and hey for that matter so has Google.
The hostility towards Microsoft has a lot to do with this monopolist’s continued attacks on Open Source projects. We need not whitewash Microsoft here or claim the above to be an irrational move of irrational hatred. Never mind the fact that Hyper-V is proprietary and not open. Microsoft continues to attack Linux with all sorts of proxies like SCO as well as patent trolls. There are those who wish to just abolish it all, especially patents. Realising the idiocy of many patents, there are some who speak about the harms of patents as a whole, not just software patents. To quote:
“Is this Patent full of crap?”
The ideas are those of patent lawyer Andrew Schulman, but the story is full of insight on a patent lawyer’s thinking and offers real clues into why the patent system is such a mess–complexity compounded, full of precedents that ordinary humans will find puzzling at best.
Earlier we wrote about many patents becoming just junk. Even Oracle seems to be moving further away from patents and is now trying to use copyrights against Android. Quoting Groklaw:
Today is the due date for Dr. Cockburn’s third attempt at a damages report on behalf of Oracle, and just to make sure Oracle knows what needs to be submitted, Judge Alsup has issue a reminder order. (709 [PDF; Text]) The judge wants to see not only the report but also all of the related reports and studies that support it.
Let’s remember that Microsoft has put code with its copyrights inside Linux and the same goes for Mono. They try to make those things more adaptable to Microsoft’s proprietary software. In the case of Mono, there is lawsuit risk too. Anything with Microsoft in it tends to be tainted. Just see what happened with FAT. █
Send this to a friend
Pretending to be the bazaar, too
Summary: The alter-ego of Microsoft Corporation as seen in the news and in new “official” reports
THERE is a set of companies we sort of specialise in here at Techrights because they have a commonality. While pretending to serve FOSS they usually do the opposite.
Black Duck, a firm with Microsoft roots, gradually becomes the ‘expert’ in GPL (telling us it is declining) while joined by OpenLogic, a company with management from Microsoft, which reinforces the same message. If they control information, they will control minds. In this case, they can capture and control perception that FOSS developers have. GPL FUD is just on example and OpenLogic, the firm that reinforces the same message as Black Duck, now seeks to become the authority in what FOSS to use and what not to. As one article puts it:
The report ranks hot open-source projects in three key categories: Web and application servers; application frameworks; and databases and big data.
Too bad the source of the report is a company founded and control by a former Microsoft guy, eh? They always neglect to say this. Ohloh is another one (now owned by Black Duck).
Speaking of Microsoft talking heads/points, Ed Bott is at it again with his PR lies. Pogson responds by writings:
Ed knows better. He wrote, “Windows 7 has shipped a half-billion copies” since October 2009, 9 quarters, 55 million a quarter. IDC reports 80-90 million PCs per quarter produced. M$ is no longer getting a free ride, Ed. Get used to it. There are businesses that do give M$ a free ride but there are many governments, organizations and businesses that have seen the light and choose to avoid monopoly. Shopping around is the right way to do IT.
This lie goes back to Microsoft’s PR people and is echoed by their shills/MVPs. We need to be careful in the face of Microsoft’s Big Lies that it spreads via its allies. They are all just a matter of “perception management” as Microsoft calls it. We tackled those lies before. █
“Mind Control: To control mental output you have to control mental input. Take control of the channels by which developers receive information, then they can only think about the things you tell them. Thus, you control mindshare!”
–Microsoft, internal document
Send this to a friend
Summary: Tuxera makes the news again, even in light of potential GPL violations, not just taxing Linux and Android on behalf of Microsoft (like SUSE does)
THE OpenSUSE project is relatively quiet these days, but some people are still on vacation. We’ll touch on that separately quite soon.
In order to keep abreast of things, Phoronix notes some Plymouth developments:
While Plymouth is now quite mature and didn’t see too much new activity in 2011, it may be finding its way into another Linux distribution. The openSUSE developers are debating to use Plymouth as a replacement to bootsplash.
OpenSUSE is behind some of the competition here. There’s no good reason to choose OpenSUSE these days. Phoronix proceeds from the little OpenSUSE news that exists [1, 2] and criticises Microsoft’s exFAT, which other than SUSE is one of Microsoft’s main patent extortion cash cows (another is Android “licensing”). Michael writes:
Microsoft’s exFAT Is Still Crap On Linux
For those very serious about exFAT on Linux, Tuxera — the same company that claims NTFS is the fastest Linux file-system — does have exFAT Embedded (product page). This is a legal implementation of exFAT on Linux with Tuxera having gone through the proper licensing channels to receive the file-system documentation and construct this Linux kernel module. Tuxera also offers exFAT for Android devices.
The debate resulting from this article is quite large and Tuxera is at the centre of it all. Ryan spoke quite a lot about it in IRC (even last night). And recently he also approached some developers. Among the things he wrote (see recent IRC logs, especially from yesterday and the day before that): “I also believe the Microsoft Gold Partner Tuxera is a GPL violator that has stolen GPL licensed source code for XFS for Linux and made it into a proprietary IFS for Windows (both violate the GPL. I doubt they used the FreeBSD implementation since it is not only crap, it is read only. The only version of XFS with any maturity and completeness that has any source code available is under the GPL, and Tuxera won’t answer my email when I ask them where they got “Tuxera XFS” from. I have notified several of the copyright holders on XFS of Tuxera’s activity. They can pursue legal remedies if it does turn out to be the case that Tuxera XFS violates the GPL, which is more likely than not.
“Microsoft sits back and lets Tuxera violate the GPL on their behalf”
–Ryan“Alex Elder has told me that he is suspicious that they have stolen GPL licensed XFS code from SGI’s git repository, due to the reason I brought up about the GPL version being the only usable and full featured public implementation with any maturity… he said that he is unaware of SGI licensing XFS to them, and if they did, it would not cover anything that has been added to XFS for Linux, which has spanned the last 12 years, for which SGI doesn’t require copyright assignment, so if SGI were to license the code, it would be the code from IRIX, not the considerably more advanced version from Linux [...] the version from IRIX hasn’t seen any major development since around 2000. IRIX itself has been in End Of Life extended support since 2006, which is due to end within the next couple of years [...] an IFS for Windows implementing XFS out of GPL licensed source code would be a GPL violation on two fronts: 1. Since it is under a proprietary license from Tuxera, which is not allowed under the GPL. 2. When added as an IFS, it runs inside the Windows kernel, which violates the linking requirements of the GPL, unless Microsoft was to relicense Windows under the GPL [...] Microsoft sits back and lets Tuxera violate the GPL on their behalf [...]that way they can claim compatibility with Linux file systems without being sued for it [...] if it blows up on anyone, it will be Tuxera.”
iophk responds with: “That’s usual. They mostly work through proxies”
This gives them GPL FUD to be used later, too. They get device makers stuck with Microsoft tax and also GPL violations, assuming the above conviction is true.
“[T]he only Ext2 IFS for Windows which is proprietary freeware and doesn’t violate the GPL,” writes Ryan, “is a from scratch implementation that used no GPL source codewhich was written by a college student as part of a thesis.”
The discussion was very long and on it goes in IRC. This is still work in progress for us. We may write about it again when conclusions are reached. █
Send this to a friend
Summary: Another roundup of dubious incursions inside the FOSS community/ies
Friends of Microsoft, such as the 'Microsoft press', are still trashing Free/open source licences and firms that are headed by former Microsoft managers are making new announcements about ‘fogification’ (cloud) of software and the relevance of licences. We are talking about OpenLogic, which just like Black Duck is a proprietary software company whose products are pimped under “open source” banner in the news. The main business model is getting rich by trashing FOSS licences or creating a scare around FOSS. Here is the press release [1, 2] which openwashes this product. Microsoft is trying to buy itself a voice inside the “Open Source” community also by pushing press releases that are said to be giving us a survey. So, Microsoft is now conducting Open Source surveys too? On whose behalf? This is the recipe for controlling one’s opposition. Mind the latest extortion from Acacia, which is also manned by former Microsoft staff (see our wiki page about Acacia).
It was only days ago that we warned about GPL FUD coming from Microsoft circles. Watch out and stay alert. Black Duck is placeboware — something to check a box with and spend money on for alleged fear of “non compliance” (excepting code search for other FUD like common security issues). As Microsoft MVP Miguel de Icaza put it a few weeks ago:
Koders is part of Black Duck, and searching for the term renders a bunch of matches. Not a single one of the results displayed actually contain a single use of the kSecReturnData constant. And not a single one of the snippets actually show the kSecReturnData constant. It is as useful as configuring your browser to use StumbleUpon as your search engine
We urge people to be suspicious of firms that were created by former Microsoft marketing managers. They know how to make money by deceiving people. It’s what they are professionally trained to do with a straight face. █
Send this to a friend
Summary: The latest badmouthing of the GPL and where it is really coming from
SLASHDOT is lending some space to the latest FUD from Black Duck. For the uninitiated, Black Duck came from Microsoft.
The 451 Group seeks to validate the claims from Black Duck, but upon a close look at comments it is possible to see the flaws.
NB: I am relying on the current set of figures published by Black Duck Software for this post, combined with our previous posts on the topic. I am aware that some people are distrustful of Black Duck’s figures given the lack of transparency on the methodology for collecting them. Since I previously went to a lot of effort to analyze data collected and published by FLOSSmole to find that it confirmed the trend suggested by Black Duck’s figures, I am confident that the trends are an accurate reflection of the situation.
There are already rebuttals to this, so we won’t make more. Another similar company that came from Microsoft, called OpenLogic, is spreading some more FOSS FUD to sell its products. Remember that the company is run by a former Microsoft guy. These are the companies that push nonsense like “Intellectual Property” in the FOSS world (like the GPL-hostile CDDL*),
which smells a bit like this thing too:
Today I presented about the complicated relationship between FLOSS and Intellectual Property at the Technical University of Berlin. The presentation was part of a lecture about Intellectual Property management, targeting students in an international master’s program in business administration. This setup guaranteed for a kind of culture clash, since the motivation for students to attend this lecture is to learn about how to increase the value of their companies by building IP assets. Openness, sharing and collaborative development is usually not the focus.
Clarification (5/1/2012): the above turns out to actually be a talk from a FOSS proponent who educates people on the subject. He does not really promote “Intellectual Property” as a concept.
Watch out for another of Microsoft’s proxies for ‘open source’ infiltration. It is “squar[ing] off against the GPL” as one would expect:
I am consistently amazed by the lengths people will go to to try to succeed in the marketplace.
Actually, that’s not true. Having been around fellow humans for 45 years, I would have to say that such destructive behavior doesn’t really surprise me. What does surprise me, though, is the repeated use of the same, tired memes when it’s been proven time and again that they don’t work.
So it was with sad dismay that I read a DotNetNuke blog entry this morning that took unabashed aim at the GNU Public License (GPL) used by DotNetNuke’s (DNN) primary (and more successful) competing content management systems, WordPress, Joomla!, and Drupal.
Microsoft’s front group CodePlex/OuterCurve is accommodated by this company. Surprise, surprise. Loyalty. █
* Quoting Wikipedia, “In the words of Danese Cooper, who is no longer with Sun, one of the reasons for basing the CDDL on the Mozilla license was that the Mozilla license is GPL-incompatible.” Cooper now works for Bill Gates based on her LinkedIn page.
Send this to a friend
« Previous Page — « Previous entries « Previous Page · Next Page » Next entries » — Next Page »