False red flags
Summary: Black Duck mentioned in the context of an Initial Public Offering (IPO) as FOSS (Free/Open Source Software) becomes somewhat of an industry standard
Some ‘former’ Microsoft employees saw potential in FOSS FUD and went on to initiate companies that monetise this. One such company is Black Duck and “someone pushing Black Duck,” iophk says, showing an article that speaks of IPO  for this firm.
Black Duck’s main product seems to be proprietary software (with software patents on it) that allegedly helps find GPL violations in proprietary software developed in proprietary software companies. Some FOSS, eh? Surely a friend of FOSS, no? Or just a fiend rather.
In other news that iophk shared with us, the GPL is being upheld again , making the world of software a freer place. As FOSS becomes more prevalent in this world we shall vigilantly track those who try to stand in its way. The most widely used/sold platform, namely Android, is showing how dominant FOSS has become so quickly.
Related/contextual items from the news:
The District Court of Hamburg, Germany, recently had the opportunity to review the conditions governing the use of Open Source software. In a decision that bolsters the enforceability of open source software licenses, the district court confirmed that the defendant had lost its right to use the software licensed under the General Public License (GPLv2) when it failed to fully reveal the underlying source code. The court rejected the defense argument that requiring the defendant company to comply with the conditions of the GPLv2 was unreasonable (decision of 14. June 2013, file no. 308 O 10/13, available in German here).
Send this to a friend
The Software Freedom Conservancy did well
Summary: The fuller story behind Samsung choosing the GPL for a previously-proprietary piece of software that helps Microsoft
A few days ago we wrote about Samsung [1, 2, 3. 4] deciding to make it seem like it never violated the GPL licence, having done so before. Well, the group which years ago told us not to taunt Samsung over it claims to have just played a role. To quote:
Conservancy’s GPL Compliance Project for Linux Developers worked collaboratively with Ibrahim Haddad, the Group Leader for Open Source at Samsung Research America, and fellow community leaders, throughout the process after this code first appeared on GitHub. Conservancy’s primary goal, as always, was to assist and advise toward the best possible resolution to the matter that complied fully with the GPL. Conservancy is delighted that the correct outcome has been reached: a legitimate, full release from Samsung of all relevant source code under the terms of Linux’s license, the GPL, version 2.
The Software Freedom Conservancy has announced that it has helped Samsung to release a version of its exFAT filesystem implementation under the GPL. This filesystem had previously been unofficially released after a copy leaked out of Samsung.
This is good work, but without the leak, would it have happened? Without some public shaming, would Samsung have cared? Sometimes there’s no choice but to be brave (blowing some whistles) and potentially rude/crude. █
Send this to a friend
Microsoft’s hawkish patent extortion possibly jeopardised
Summary: Just like Microsoft after its unintended or secret GPL violations, code is being made GPL-licensed and the violations covered up as though they never happened
Over the past few weeks we have covered the latest noteworthy GPL violation by Samsung [1, 2, 3. 4].
“It looks like Samsung may have fixed the licensing problem,” said iophk. “Now how to put this in a positive light? It’s strange that the big companies act as if they are under no obligations to follow copyright and seem to do so only under duress.”
It seems like pressure and leaks have worked in the same way that Snowden’s leaks led to bogus government and NSA “transparency” (making public what’s already leaked). Based on Michael’s report, Samsung makes the code GPL-licensed all of a sudden.
Back in June, Phoronix was the first to report of a native exFAT file-system implementation for Linux that appeared on GitHub. It later turned out that Samsung accidentally leaked their exFAT source code. The solution has now been corrected with Samsung formally open-sourcing their exFAT source code.
The exFAT driver talked about in June was modified from an accidental Samsung source code leak that the independent developer found on GitHub. It was a confusing situation and he removed references to the original Samsung source code and it led to a confusing situation in the weeks that followed with tons of comments in the forums.
This was reported to GPL-violations and gave Samsung bad publicity, so they released it as Free software. As for what it means to patents on FAT, I am not qualified to say. It’s not GPLv3 though.
“This was reported to GPL-violations and gave Samsung bad publicity, so they released it as Free software.”In the past, GPL violations by Microsoft were also handled in this way. Microsoft decided to pretend the violation was open-sourced to rewrite history. iophk calls it spin, noting that “‘accidentally leaked’ == Samsung got caught ripping off kernel code” (indeed).
iophk quotes: “While Samsung accidentally put out the source code in the first place, they have now formally released the code under the GPL after it was discovered they violated the GPL in the first place. Samsung was shipping this closed-source exFAT driver on a tablet yet they were relying upon GPL-only symbols.”
iophk says that “all that aside, it’s an improvement that they have properly licensed the code finally… too bad it took all that trouble… Their image got tarnished a bit and that could have been avoided if they had just respected copyright from the start. It was also a bit of necessary extra work.”
This resolves the problem/dilemma for the leakers. Without them, this would not have happened. What does all this mean to Tuxera, Paragon, and patents on exFAT in general? Lawyers might tell. █
Send this to a friend
Quick Guide of license compatibility with GPL
Summary: A call for advice on how to handle another Samsung violation of the GPL and betrayal of the community
As a quick reminder, over 6 years ago we called for a boycott of Samsung, which proved that it didn’t care about freedom and actively worked against it. In 2 posts [1, 2] from the past few weeks we covered yet another violation of the GPL by Samsung. This one required a leak to be shown and we spoke to the leaker, who prefers to remain anonymous. We consulted internally to see how this can be dealt with.
“Not enough data to do more than guess,” iophk wrote, “I do recall that the SFLC disapproved of the ‘robin hood’ approach to freeing code that had been ripped off.
“This one required a leak to be shown and we spoke to the leaker, who prefers to remain anonymous.”“I guess it depends on the provenance of the code. If it is ripped off from the kernel then it comes under GPLv2 or later (IIRC). Then it comes down to v2 or v3. I like what v3 accomplishes, but I do not. like mixing copyright with patents in the same license. Can v3 provide any protection if Microsoft starts to claim to have patents on *FAT?”
This is an interesting possibility that we are exploring. Samsung’s GPL violations are in an implementation of exFAT, a very common extortion tool against Linux distributors. “Here is the latest info from the most recent kernel,” writes iophk. “It is v2 only.”
It is v3 which deals with patent provisions. iophk continues: “Linus likes v2 very much but seems to have removed the “or later” clause that I vaguely recollect being there. Can rxrz [the leaker] say which version of the kernel exfat-nofuse came from? If it is a later one, then maybe v2 is the only option. If it is an earlier one, there might be a choice between v2 and v3.”
He later, upon further investigation, adds: “Here’s the oldest commit in Git, which has the same preamble. So I’m not sure under which circumstances v3 could be used. It is certainly a safe bet with v2.”
“We could like to relay the leaker’s question to the wider community.”We spoke with the leaker of this code, who wrote: “I just wanted to do a good thing.
“But now I have decided to put the LICENSE file there, containing GPLv2, since Samsung has stolen that code initially from the Linux kernel tree. (I believe it fits this code the best, v3 may be better though, I don’t know)”
We could like to relay the leaker’s question to the wider community. To quote her, the leaker: “Could you please help the project and make up a LICENSE file content for it? It happens that I’m not too good with legal things myself…”
I promised to work with our community at Techrights or anyone else who reads this to address this issue. Any suggestions of ways forward from here? Or licensing? █
Send this to a friend
Summary: The kernel debate that’s really worth having, not some storm in a teacup over feminism
The other day we wrote about the latest Samsung scandal [1, 2, 3] which looks like another GPL violation (not the first). Just like LG and smaller players such as TomTom, Samsung pays Microsoft for FAT patents. We need to stop this.
“Honestly,” says one person who took action, “I don’t understand how it’s even possible to patent any filesystem. It’s not a concept, it’s a variation of having a structured array of bytes on a block device.”
Here is who’s behind the code leak, which seems to reveal GPL violation and is therefore whistleblowing (protected by law):
A student and programmer using the name “rxrz” has posted a large chunk of a proprietary Microsoft file-system software to GitHub, claiming that she’s liberating it for the open source world. She says that the software was leaked from Samsung, and that it also contains some code from the Linux kernel. That, she argues, makes it de facto open source under the terms of the Gnu General Public License.
“All I’ve done is given the community of open source developers and linux/android users a way to finally share data between all major OS’s without any excessive impact on the performance,” she wrote on GitHub.
In an email interview, rxrz wouldn’t give her name, but said that she was a nineteen year old female student from the European Union.
She posted the code last month, but only gained widespread notice on Linux discussion forums this week.
This debate needs to go mainstream. Instead of debating a gender war on the Linux development lists (no, we won’t entertain this flamebait here) we should speak about GPL violations. It involves a female leaker showing code from a female developer at Samsung and it is about justice, not some self-inflicted offence over ‘rude’ words. Yes, Torvalds needs to tone down his language, but this has already mushroomed to become some distracting storm involving militant feminists (including an employee of a criminal company) and opportunistic misogynists, which just helps discredit Linux in the same way some tried to discredit GNU several years ago. Let’s talk about patents and technical issues, not some distracting gossip. █
Send this to a friend
From a patent with Joosun Hahn on it…
Summary: Samsung and its developers appear to be helping Microsoft’s patent war on Linux and also violating the GNU GPL at the same time
The mischievous role played by Samsung in advancing Microsoft’s Linux tax is nothing new. It turns out to be not only proprietary but quite likely a GPL violation. Companies like Tuxera are working for Microsoft by spreading exFAT to manufacture more victims like TomTom, a FAT scapegoat. Microsoft most routinely uses FAT-related patents to tax users and distributors of GNU/Linux (users are being silently taxed through secret deals). It is hard to work around these traps.
Samsung, a patent friend of Microsoft which we reported for GPL violations in the past, pays Microsoft for FAT and then spreads this patent trap further. We recently wrote about some mysterious code from Korea (more details are in IRC logs) and we studied the author of this code in order to better understand her interests and to find out why she may be promoting exFAT. Now there is clarification. Michael Larabel explains: “Last month there was news of a native Linux driver for Microsoft’s exFAT file-system. It turns out that the driver wasn’t developed through any clean-room reverse-engineering but was rather the apparent rebadging of a Samsung exFAT driver for Linux.
“After being informed via email by a user today with this open-source Linux exFAT driver appearing on GPL-Violations.org, the exFAT Linux driver comes with nefarious intentions.
“A lot of people have berated the alleged leaker, but if it proves GPL violations, then it may as well justify the leak and serve as a case of whistleblowing”“It appears (and evidently its “developer” is admitting it) that the exFAT Linux kernel module was based upon source-code found from a Samsung developer for their exFAT driver. The code likely leaked out of Samsung accidentally by a developer pushing their Linux kernel source tree externally to GitHub when it should have been made private.”
Now, the main question is, was the code modified before being uploaded? If so, whose GPL violation is it (assuming it has not been tampered with)?
The developer, Joosun Hahn, has almost nothing on the Web about her (at least not in English) but has various publications (connected Seongsoo Hong in some publications) in decent journals and also patents like this one. Assuming it’s the same person, a 2009 paper describes her as someone who “received her B.S. degree in Computer Science from Soongsil University, Seoul, Korea, in 1994. She received her M.S. and Ph.D. degrees in Computer Engineering from Seoul National University, Seoul, Korea, in 1996 and 2004, respectively. She is currently a research professor in the Department of Computer Engineering at Hongik University, Seoul, Korea. Her research interests include computer architecture, real-time computing, embedded systems, and wireless sensor networks.”
To quote Phoronix Forums (last page), “This source code is not under GPLv2. This source code cannot be redistributed. This code contains Microsoft’s IP. It cannot even be made publicly available – that’s a direct violation of the law.”
In a later thread someone points out: “I’d rather see exFAT burn in hell with its patents, it’s sad that we see this attempt instead.”
As pointed out here, “I examined exfat_super.c and compared it to fs/fat/misc.c, fs/fat/dir.c, fs/fat/namei_vfat.c, and fs/fat/file.c. I will avoid sharing my conclusions here, but any one else is free to look.”
exFAT needs to be killed at all costs. This is poison and those who develop it, be it a person or a brand (Samsung) needs to find other things to do. Right now it’s helping patent terrorists. GPL violations aside (the guilt cannot be established based only on allegations*, but Samsung has poor history when it comes to GPL compliance), the main issue here should be patents.
A lot of people have berated the alleged leaker, but if it proves GPL violations, then it may as well justify the leak and serve as a case of whistleblowing. We shall wait and see how this story evolves. █
* This page shows:
Send this to a friend
Summary: Microsoft proxies or offshoots are not managing to keep their cover and legitimate figures in the Free software world end up ostracising these
TECHRIGHTS recently wrote about the latest FUD from Black Duck, which has its roots in a person from Microsoft. Bruce Perens said that more people should call out this firm for its dubious claims about the GPL and now we see Simon Phipps, the president of the OSI, speaking about the problem. To quote:
So the real risk is much smaller than the headline numbers suggest. In all this, I can’t help feeling Black Duck want us to be afraid. It’s very important that Github takes its responsibilities seriously, and their new improvements show they are starting to do so. But the headline “60% of open source is dangerous” number from Black Duck, together with the “77% of Github is dangerous” number, seem over stated. Given their business model is to apply reassuring consulting and tools to corporate fears about open source, maybe that’s not surprising. But it’s regrettable.
Open source software is all about developers being able to achieve sufficient certainty to collaborate without the need to spend money on legal advice. OSI’s approved licenses deliver that, and the vast majority of active open source projects have this topic sorted. While Github’s laissez faire attitude to date has led to a good deal of inconvenience identifying the license in use for projects there, as well as pandering to the anti-bureaucratic instincts of the newer generation of developers, it’s now being sorted and it never rose to the level of a crisis for most people.
It must have been frustrating for Black Duck to have the PR spin on their new product thwarted by Github; I just wish they had responded by toning down the “danger, danger” message. Open source has a lower compliance burden than proprietary software and its endless, custom EULAs and developer licenses. Let’s shout that message, for a change.
Not too long ago Phipps also chastised a Microsoft proxy called Microsoft 'Open' Technologies.
After all the GPL fear that was spread by Black Duck it is too hard to believe anything it says. Black Duck was also honouring Microsoft with 'open source' awards (lending legitimacy with mere words and hype), not disclosing that it had a Microsoft business partnership and also a strong Microsoft connection (the firm’s founder) since its inception. The thing to remember about Black Duck is, they’re not selling FOSS or even any valuable information, just FUD and proprietary software. Moreover, they deserve no mercy or the benefit of the doubt (as there is doubt no more and the doubt only ever comes from them, along with fear and uncertainty about using FOSS code).
Yes, how profoundly ‘open source’. As long as the rest is all proprietary, everywhere else inside the stack… █
Send this to a friend
“There’s free software and then there’s open source… there is this thing called the GPL, which we disagree with.”
–Bill Gates, April 2008
“They’ll get sort of addicted, and then we’ll somehow figure out how to collect sometime in the next decade.”
Summary: The ongoing war by Microsoft and its proxies against software freedom, which gives more value to the world’s industry than the FUD would have people believe
There is another reason to abandon the term “Open Source”, which left the term “Free software” more vulnerable to abuse by bad people, makers of proprietary software. Here is Bill Gates’ latest attempt to run over Free/libre software, characterising his trap as “free”. To quote a Romanian site:
Bill Gates had a very interesting opening keynote speech at the Microsoft Research Faculty Summit 2013, explaining that he was grateful for the existence of free software, when asked about patents and their influence on technology.
“Thank God for commercial software. It actually funds salaries, gives people jobs. And thank God for free software, it lets people get things out there, you can play around, build on. The two work very well in an ecosystem,” stated Bill Gates during the Q&A.
This is nonsense, as anybody with a clue knows that commercial means not proprietary and Free/libre can be used commercially, paying wages to users and developers.
A lot of this kind of attacks on Free software usually goes back to Microsoft and its proxies. Right now we have Black Duck, a company created by a marketing guy from Microsoft, throwing around some numbers, looking for sites that will print them. Here is one:
Open source consulting firm BlackDuck says up to $59 billion may be locked up in open source projects with no explicit license. Is that lost revenue for channel partners and software companies?
Here is the press release. What nonsense. Trying to quantify code in terms of revenue is not the only silliness; it is the idea that money is being lost as a result of having no licence. Similar propaganda was previously used to describe FOSS as a jobs destroyer, as if people are writing software with such aims. Some tried to portray FOSS as a cause for losses in the industry, not a saver of money and elevator of productivity (which in turn makes room for more hirings per given budget). This is the type of propaganda we are up against and we keep seeing it brought up also in public talks.
Here is another new example of Black Duck being used to reinforce FUD — namely the idea that Free software is about cost, not freedom, and that it is chosen for price, not other qualities. Watch how the Black Duck-run Future of Open Source survey [1, 2, 3, 4] is being used to spread misconceptions. This new FOSS-hostile article (“The Hidden Cost of Free”) says: “Bottom line, open source may be “eating the software world,” but not all of it. For ISVs and other software development professionals, open source is a no-brainer. We use it in development and in our commercial products wherever and whenever it makes sense. It is free, after all, and the quality is second to none, as this year’s Future of Open Source survey reinforces.”
Black Duck reinforces all sorts of proprietary software talking points. Black Duck is, after all, a proprietary software company.
“This is the type of propaganda we are up against and we keep seeing it brought up also in public talks.”Speaking of FUD against FOSS, the latest Android security fear-mongering comes from a Microsoft partner created and managed by a Microsoft guy (who hopes to turn Android perceptions into Windows perceptions when it comes to security). To quote the company’s description: “He is also a Microsoft Most Valuable Professional (MVP) in Visual Developer Security, a frequent speaker, press resource, and is featured regularly in the Associated Press and global security media.”
“Bluebox was founded in mid-2012,” it says, and it was groomed by the Gartner Group (currently fully dedicated to Android FUD and monetisation attempts, akin to Black Duck).
The war on FOSS is very real and Microsoft partners are trying to remove the F from FOSS or altogether make it proprietary. A few days ago we showed how three Micrososft-controlled entities threw around (or under the bus) and blurred out the FOSS identity of Zimbra (here is more on that); we should also pay attention to the hallmark of effective FOSS FUD because it’s quite consistent. As explained a week ago by Eben Moglen at the EU Parliament, the GPL brought enormous value to the industry, more so than Apple and Microsoft combined. Unfortunately the video is only on YouTube, hence embedded below.
Will politicians ‘get’ it? █
Send this to a friend
« Previous Page — « Previous entries « Previous Page · Next Page » Next entries » — Next Page »