Name:
Location: United Kingdom

Tuesday, February 14, 2006

How to fud Open Source

How to avoid open source licensing pitfalls



The current issue of Computerweekly has an article by lawyer Matthew Harris on how to avoid open source licensing pitfalls. In it he makes a number of observations and what can only be described as vague generalities and numerous what if's.



[The] "creation of specific open source compliance insurance .. is recognition of the existence of such risk"



Compliance Insurance had to be created in response to certain vested interests attempts to create Fear Uncertainty and Doubt in the minds of potential adopters. It's also an attempt to up the cost of Open Source through the forced adoption of Fear of Litigation Fees.



"Such risk .. is often perceived to be greater in such a case because of the dispersed nature and larger number of contributions to its underlying code."

Then how come there are not a plethora of such cases. Remember the Source is out there for anyone to audit for such breeches. Why have no such violations been found up to now. Can you produce any such cases. Apart from the SCO case that is?



Ah, I only now notice the first half of that testimony "The risk of third-party intellectual property rights infringement, specifically in relation to copyright material and/or patents"



So it's not about Open Source, per say, but fear of copyright and patent violation. Providence of Open Source copyright can easily be proved. All the litigant's has to do is point out the infringing code. Where are the vast array of such cases?



As for patents that, if you don't mind me saying so, is a bit of a subject shuffle. You see up to recently it was possible to *copyright* code but not possible to patent a particular method or algorithm. The change in the (US) law that allowed for this is what has lead to the current nonsense where some people have patented such obvious things as the "IsNoT" operator or a method for calling an external application from a web browser or combining e-mail with mobile phone technology.

They then wait for some real technology company to go and actually invent the thing and then attempt to extort 'licenses' out of them under threat of litigation. A lot of the time big companies pay up rather then wait it out and see their customer base erode. Of course this only pays off against the big corporations as what's the point in sueing some one man business. It also means that the sueing comapay has deep enough pockets to wait it out.

So for most/all small to medium sized business the need for such 'compliance insurance' is non existent. Indeed a name for such activity exists and is refered to as the Submarine patent.

Given the collaborative nature of any kind of intellectual endeavour if the current situation existed in the mid twentieth century then Crick and Watson could not have worked on the discovery of DNA as any kind of x-ray diffraction used would have violated someone else's "method". You see any "intellectual property" garnered would have invariably stuck to the patent holders x-ray diffraction method.



"some open source software licences seek to impose a contractual obligation on the end-user who bundles open source software with their own proprietary software to distribute the source code of both pieces of software on open source terms, thus "infecting" the proprietary software"

This is very ambiguous and misleading statement coming from a lawyer. There are a plethora of licenses that specifically do not require you to publish your own source code. The Lesser GPL for one. These were specifically designed to guard from such situations. The point is the end-users have a choice. The only restriction is that they do not hinder other developers in what they can do with the code.



Again you talk in vague generalities. How about some real cases. The only protection Sun's new open source license the CDDL, seems to confer is a mutually beneficial agreement between them and Microsoft not to sue each other for patent violations and , here's the rub, this restriction extends to downstream developer who uses the CDDL.



So just who is protecting whom from patent "infringement". Incidentally both of the above parties bought "licenses" from the SCO group. And in the case of AutoZone and DaimlerChrysler they ended up getting sued by their own suppliers - a commercial software house.



"The fact that no proprietary software has been mixed with open source software does not necessarily avoid the infection risk problem"

I don't know exactly what that means but a number of commercial companies are happy to collaborate with the Open Source community. Silicon Graphics and Weta Digital to name two.



"Another disadvantage of open source software is that it is provided without warranty protection as to its compliance with a particular standard"

What warranty exactly do you get with a non-open source license - apart from not getting sued by our own suppliers that is. The Microsoft EULA states:



''Manufacturer's .. entire liability .. is .. return of the price paid; or (b) repair or replacement of the SOFTWARE ..''

What warranty did the suppliers provide to CardSystems Solutions when details of over 40 million accounts were exposed. What indemnification did the suppliers of the software give the company that installed the radio system for Southern California's air traffic control. The one that left 800 planes without radio contact and five cases of near air collisions. Or more recently the crash of the Russian Stock Exchange.



"The manner in which open source material is produced and distributed also means that it is not possible to address these ambiguities through negotiation"

It's the manner in which it is produced that gives it its greatest strength. Disputes about the provenance of code can be quickly brought to a resolution. For instance in the case of Fortinet and Linksys. Curiously enough in both cases it was found that the companies knowingly including GPL code without abiding by the license. In the case of Fortinet they even took steps to obfuscate the code.



"As a consequence of the ease with which open source can be downloaded from the Internet, it can be in operation throughout an organisation without any detailed record of where and how."

"Therefore, the first step must be to conduct an audit of current and past open source use across the organisation .."

BIG HINT :)


"There may be other software available on less onerous open source terms"

One solution is to use exclusively Open Source solution, not do an audit and make a donation to the fsf.org. That way I can sleep sound at night and not worry about any potential associated risks.



REF:

ComputerWeekly Feb 07 2006
How to avoid open source licensing pitfalls

Other Reading ...



Patent Questions About the CDDL Groklaw Jan 28 2005

Credit card suit now seeks damages News.com.com July 07 2005

NZ open source group hires 'big dog' to fight SCO Linuxworld.com.au Aug 25 2003

Microsoft server crash nearly causes 800-plane pile-up Techworld.com Sep 21 2004

Fortinet in court for hiding Linux in its code Vnunet.com April 15 2005

gpl-violations.org

Organizations not worried about using Open Source er .. Linux in a lot of cases :]



Amazon.com, Boscov's Department Stores, Bristol-Meyers Squibb Co, Canara Bank of India, Citigroup, Deutsche Bank, Digital Domain, E-Trade Financial Corp, Ernie Ball, First Boston, First National Bank of Omaha, Industrial Light and Magic, KeyWest Bank, Los Alamos, MainConcept, Pixar , Royal Sun Alliance, Schwab , SunGard, T-online, The BBC News website, The City of Largo, Florida, UBS Investment Bank, Weta Digital ..

Key Words:



ambiguities, ambiguous, breaching, claims, compliance, concern, contractual, disadvantage, impose, , incompatible, indemnity, infecting, infection, infringement, issues , obligation, onerous, patents, problem, problems, protection, risk, terms, uncertain, warranty ...

And Finally ...



Dear Abbey,
My employees use infectious and ambigous software, is there a legitimate software house that will license their intellectual property to me so as I can sleep soundly at night. A lawyer friend of mine has advised me never to trust my own staff, especially if they have ever used the word Linux.

Signed: A perturbed businessman"

:)

0 Comments:

Post a Comment

Links to this post:

Create a Link

<< Home