Quicksilver Goes Open
I don’t know how I missed it, maybe due to an overloaded feed reader, but the folks behind Quicksilver have posted their code up on the GoogleCode project called blacktree-alchemy.
As a Mac homer, I have to say Quicksilver is one of those apps that I cannot imagine living without. To see it go to the Apache License 2.0 puts a big fat smile on my face, that’s for sure!
Not only is this post about one of my favorite utilities for the Mac, but it also includes one of my favorite licenses. The venerable Wikipedia has a great write-up on the Apache License and how it fits into the jigsaw of open source software licenses.
Right on Blacktree! Now we gotta start working on all the other great tools on the Mac (giggle).
XOOPS Has Left the Building
I was just pointed to this forum thread over in the land of XOOPS.
(As a side note, at a previous Joomla core summit Jean Marie-Simonet and I were joking about how all the open source content management systems named themselves after noises. Take the following sentence:
(NAME)! I just slipped and stepped in some (NAME)!
You can do this for about any FOSS CMS out there and it is absolutely hysterical.
Joomla! I just slipped and stepped in some joomla!
Or maybe…
XOOPS! I just slipped and stepped in some XOOPS!
Ok, back to the topic at hand)
The forum thread in question has a pretty alarming tone, as well as overall meaning. Without getting drawn into the fight, can someone explain what is going on over there?
BSD->GPL Relicense Follow Up 1
In a previous article I mentioned a spat between some BSD developers and some GPL developers, with the SFLC getting pulled in to find a resolution.
It does appear that a resolution has been found, and it looks like the right thing was done.
Logic Prevailed.
In an excellent follow-up article at Linux-Watch by Steven J. Vaughan-Nichols, the SFLC asked for a quiet period to finish their research and analysis of the situation.
This of course allowed tempers to cool off (I’ve seen Eben do that before, because it was me and it worked) and provided minimal distraction for the SFLC to investigate and collect the data needed for their findings:
There the matter has sat until now. According to the SFLC, “All the copyright holders of the Linux ath5k-driver code, derived from ar5k, have been contacted and have agreed to license their changes under the ISC license, thus allowing improvements to be re-incorporated into OpenBSD. One of the three historical branches of the code reviewed by SFLC, however, included portions that are only licensed under the GPL, and SFLC has determined that it would be very difficult to re-incorporate that code into OpenBSD.”
You can read the analysys of the wireless driver’s development history at the SFLC site directly. Talk about transparency!
Ath5k-driver (discussed in Section 2) currently carried by Linville represents a clear and documented line of descent from ar5k to an ath5k driver for Linux. In addition, all new copyright holders in ath5k-driver code have been contacted and have agreed to license their changes to the ar5k-derived files under the ISC license.9 SFLC has provided a patch to Linville that provides correct attributions for all copyright holders in question. Therefore, SFLC recommends that development under the ISC license continue from what is currently in Linville’s commit c1928199c27de433d1e81b78e3178be4f0e978d2 in his ath5k branch of the wireless-legacy git repository.
I was unsure if the SFLC would take this course, and it is a pleasant read for me, as the SFLC demonstrates an understanding and cooperative approach to non-GPL projects.
Perhaps the most useful of this all is their article about originality requirements which discusses what they believe are reasonable and logical guidelines for determining the copyright status of software.
As well, they have published a guideline for developers who wish to maintain permissive-licensed files in a GPL project.
These last two documents are of great importance to the open source developer community, and I recommend every single one of you take the time to read these. They have thoughtfully been provided in PDF and PS formats for reading offline or printing.
Excellent, excellent work done by the SFLC.
SFLC on the Offensive
Monsoon Media has been caught in clear violation of the restrictions of the GPL license with one of their products, which appears to be running Linux and other GPL software, and Monsoon not making the source available to customers at their request.
The Software Freedom Law Center(SFLC) was called in to get these knuckleheads to play fair ball, and at that point Monsoon threw in the towel and sent out press releases that they would come into compliance.
So far, so good. So what?
Well, the SFLC isn’t happy with that. They are going to take them to court anyway.
As reported by C|Net:
“Simply coming into compliance now is not sufficient to settle the matter, because that would mean anyone can violate the license until caught, because the only punishment would be to come into compliance,” Ravicher said, though he declined to say what other actions the SFLC is seeking.
And the SFLC doesn’t want to be a pushover. “If you start getting a reputation for being a pansy, then people are going to conclude they don’t have to do anything,” he said.
On a personal note: There is absolutely no possibility of pansies in the SFLC offices. When you get instructed by an attorney how to reset your DHCP client from the command line, you better know your GNU, punk! Shoulders up! Get that stomach in, boy!
Let me get it clear that I agree 100% that the GPL must be taken for real by everyone, even those that don’t agree with some of the restrictions of the GPL. Whether you like the GPL or not, whether you agree with the tenets of the GPL or not, it is still a license, and must be complied with and respected. Without someone like the SFLC willing to bring litigation on those unwilling to comply with the license, the GPL is lost.
And in that case, where does that leave us with all the other open/free/libre licenses? Oops.
On the flipside, the SFLC is now on the offensive. To me this is curious as the whole purpose (I thought, at least) was to protect open source projects. That would be defense.
Sometimes Offense is the Best Defense
This is the approach the SFLC is taking, and I sure hope it works out for them. Because it would be a pretty ugly loss if it didn’t, and they already made their point IMHO.
If you violate the GPL and we are made aware, we’ll come to you and make sure you comply. That is what the message should be. However this is taking it one step further, which of course raises the bar.
Glass Houses
The approach Monsoon took is a common one: Continue until someone actually bothers to haul you into court, because 999 times out of 1,000 nobody will.
Some of the projects that the SFLC represents are practicing that same philosophy, by willingly violating copyright in some instances. It is the assumption that nobody wants to fight the SFLC in court over a copyright violation (me included, as I simply don’t have the resources).
So bullying the bully is okay, until you are outed as another bully. Then bully on you. It may only be a matter of time before one of the bullied parties decides to help one of the parties on the receiving end of the bullying, as long as the SFLC is the eventual target.
This puts the SFLC in the crosshairs of some folks. Maybe that is the intent behind the SFLC, as they plan on the legal enforcement of the GPL and so expect to have some folks that aren’t exactly fans.
I sincerely wish them luck, and watch from the sidelines on this one.
BSD-to-GPL Relicense Stirs Controversy Between F/OSS Camps 2
I read an article on Slashdot (ok, actually a RSS feed) about a public spat about a wireless driver getting relicensed without respecting the original copyright or license. Basically the argument is brought public by a mailing list post by Theo de Raadt, founder and leader of the OpenBSD and OpenSSH efforts. There’s also a public request for an explanation by the original writer (and copyright holder), Reyk Floeter.
I’m not sure where to start on this one. There are both legal and ethical issues involved here, and I’m personally more intrigued by the ethical ones. Since I’m not an attorney I’ll leave the legal debate to folks that, well, know a heck of a lot more about copyright law than I.
However, that leaves the ethical issues as fair game.
Summary
Reyk wrote the driver for OpenBSD and ported it to several operating systems, and released it under the BSD license. It was clearly his desire to port his driver to work for linux, and release it under the BSD license for that platform as well.
The developers working on the port to linux allegedly took Reyk’s work, removed the BSD license in the header, added their names, and wrapped the code in the GPL license.
Problem: Copyright Violation
The act of taking someone else’s work, making minimal modifications and adding your names above the original authors is illegal. It is called copyright violation, and has become part of a growing, disturbing trend in F/OSS circles.
If you want to place your name on someone else’s software, you at least have to make significant contributions to it – and you cannot take the name of the creator away, as it will always be considered a derivative work. You can, however, release the additions that you made separately under your own copyright and license. This apparently was not done.
Another example is Joomla, a frequent topic on this site :-) As a co-founder, my name used to be in the COPYRIGHT.php file distributed with the work. I contributed to this software for a three-year period, and was much more active early – as when we rebranded from Mambo to Joomla I became busy with legal and administrative issues; and also focused my time on evangelism of the technology to both developers and enterprises.
Now, however, you will not find my name in there anywhere. Nor will you find the name of the guy that came up with the name “Joomla”. When I asked about this happening, the excuse was more or less “we’re removing the names of people that didn’t contribute directly to the 1.5 effort, which you didn’t really do that much work on.” Technically, they are correct in saying I wasn’t an active 1.5 contributor; but they completely failed to accept the fact that I was a copyright holder of the first release of that work, called Joomla 1.0. As such, my name should always be there if that work is called Joomla, as it will always be a derivative work, even if it is completely refactored – the name is the same, the terminology is the same, even the API calls are there for the most part.
Call it Open Source or Free Software, whatever – but the whole impetus behind this is sharing. And I never knew that sharing would turn into taking, and violating people’s copyright by removing their names sure sounds like taking to me.
Finally, let me remind everyone that the only currency in open source development is recognition for your efforts. I put three years of my life into this project, including a lot of code, and a lot of design; and having that erased invalidates all of my efforts, and completely devalues my involvement in the development of that software.
If you’re a young, budding developer and would like to get involved then take these words to heart: There are folks out there that are happy to take your contributions and intentionally fail to give you proper credit or attribution. Think carefully about the project that you are going to donate your energy and time to, as an unpaid volunteer you at least deserve credit for your efforts.
Problem: License Change Without Permission
There’s a legal angle to this – the developers took a BSD work and relicensed it as GPL, without the permission of the copyright holder. This is a simple no-no and shouldn’t require an attorney to understand.
The ethical issue here is best stated by Reyk, who points out that by releasing their modifications in a license that is incompatible with the BSD license, he cannot incorporate their changes; but they were able to take all his work, which is the basis for their work.
“Some time ago, I got repeated requests to change the license of the code to GPL or to dual-license it but I always rejected these requests. I clearly explained my reasons against dual-licensing in the past. It needed some time, but it had seemed to me that the involved people had finally accepted my decision.
I do like to idea to port the free Atheros driver to other operating systems in addition to OpenBSD, because it is a clear sign against hardware companies attacking the free software “community” by releasing binary-only driver objects instead of free code or hardware documentation. I used to cooperate with the people working on the madwifi port of “OpenHAL”; we exchanged ideas, bug fixes, and small code snippets. They sent me some bug reports and I also looked at their changes and reported some functional problems. This was possible because they kept the license in place.
But now the Linux code is almost ready and somebody wants to cancel any options to cooperate by locking me out with a prepended GPL and an invalid copyright on top of it. I hope that this was not caused by the same people.”
When he says locking me out, he’s talking about the GPL stuff being off-limits to the upstream developer (himself). So the changes made and released under the GPL will never make their way back to the original work, which fundamentally goes against the base tenets of open source and free software.
If something is released under an open source license, and you make modifications to it, and the license it was originally under is compatible with the license that you want to use, then why do you even need to change it in the first place? If you feel that strongly about the differences in licenses then you need to take the initiative to write your own software and license it as you wish.
The BSD license doesn’t mean you can take someone’s work and insert your name, change the license and pretend like this is your version of the work. The BSD license means you can use and redistribute the software as you see fit, as long as you respect the copyright and license header. So the developers were not acting in good faith by taking an open source work and relicensing it under another open source license – especially without a clear explanation as to why they were doing it, despite Theo’s accusations that the developers were being counseled by attorneys that should know better in the first place. He clearly requested that the changes be made to the original work, or at least be released under a compatible license so there wouldn’t be forks confusing everybody.
This is a tough subject for me to cover as I know quite a lot of people on the GPL side of the fence, and also many people on the non-GPL side of the fence (that would be MIT, BSD and many others). And I don’t want to be beating up on individuals, either.
But to take software that someone else wrote, and released under an OSI-approved license, and then change the license to one that is incompatible (knowing full well that the original author cannot accept your contributions), and add your name to something when your contributions are less-than-significant, this is just wrong.
Conclusion
It looks like things are going to get cleared up, however for some time the software was released with an incorrect license and improper attribution to copyright. Something tells me this is more about developers not realizing that committing to their repositories makes their software available immediately to the general public, and less about malicious intent to harm the original author.
However it’s bizarre to see one developer’s software get slightly modified and released under a different license without his permission. And I will tee off on the removing the names of copyright holders issue in another article (which needs more work).
Hopefully this issue gets resolved to Reyk’s satisfaction, and I don’t find myself writing similar articles :-)
Thumbs Up for Plone 1
Here’s a really refreshing take on the GPL license from the Plone CMS, as quoted from their License FAQ:
You suck! The GPL sucks! The contract is unacceptable! Everything should be license X! Et cetera.
Blind ideological wars are tiresome and will simply damage Plone. We have chosen the GPL as our license, and are sticking with that for now.
Since the majority of the blind ideological wars usually come from GPL extremists, this is a really fresh take on the use of the GPL. They basically say “We’re using the GPL because that’s our choice, that is all.”
Yes, normal people use the GPL too! ;-)
How Do You Protect Your Copyright? 3
Matt Mullenweg, founding developer of WordPress, posted an interesting article called Price of Freedom. The main thrust of the article is the thorny problem of open source software protecting itself from people that simply remove all original references and copyright notice and pretend they created the software.
Being someone that just recently had their own copyright violated (article on that one soon), I can relate. Matt states:
“Though the freedom intrinsic in the GPL that has allowed people to abuse WordPress it has allowed even more people to do amazing things and over time the good far, far outweighs the bad. Most importantly I feel like WordPress would have never gotten off the ground if it hadn’t been open from the beginning. (In fact there were several more functional blogging programs started around the same time that have since withered away.)
Ultimately I know our software isn’t going to change anyone’s spots. Good people will do good things with it, and bad people will do bad things with it — regardless of any protections I put in place. Windows Vista, a multi-billion dollar enterprise, was cracked within days. Does any piddling encoding I can do in PHP really matter? If protection like that isn’t broken it’s a statement of popularity, not security. I suppose could harass the bad guys, shut down their host, send them scary letters, but it’s just going to stress me out and like cockroaches they’ll pop up someplace else. I also know that most projects, software, and ideas die from obscurity, not piracy.”
I agree wholeheartedly with Matt on the encryption/obfuscation issue, as it just doesn’t make sense with open source software. I’m also not hip to the idea of encrypting a footer or other such include in order to enforce some sort of copyright notification that the end user has no power to suppress.
For example, on a PHP-based open source CMS project I was once involved in, we were trying to tackle the same issue: Some folks were taking our software, removing all references to us, and rebranding it as their own and selling it as a closed commercial product.
How do you police such behavior?
As an open source volunteer, you’re most likely working with limited resources, so you don’t really have the time to spend 5 hours a day surfing the Internet looking for violations like a miniature RIAA.
On this particular project, it was decided to include a META tag in all output, identifying the platform that was powering the site. (For the record, I was aghast at the notion and fought the idea as it was not really any better than the encrypted copyright notice. But I was outnumbered. C’est la vie.)
Of course, one of the first things all clients asked me to do was remove the META output, but not because they were wanting to violate copyright, but avoid a storm of corporate issues – angry vendors when they learned the corporate site was not on their platform, competing vendors who claim favoritism, and such. My biggest gripe was that it made it easy for less-virtuous people to hunt down websites with a vulnerable version of that software if a major exploit was ever found.
It looks like Matt’s perspective is one I endorse at the end of the discussion though; as to me it’s totally uncool and un-FOSS-like to encrypt a copyright notice or spit out unwanted META output. The only thing we can do is continue to innovate, express ourselves in our craft, and know that the bad guys always end up with a burning paper bag of dog droppings on their front porch.
Not that I’m suggesting anyone take any action. (cough)