Open Source Archive

Bash-5.0 released

This release fixes several outstanding bugs in bash-4.4 and introduces several new features. The most significant bug fixes are an overhaul of hownameref variables resolve and a number of potential out-of-bounds memory errors discovered via fuzzing. There are a number of changes to the expansion of $@ and $* in various contexts where word splitting is not performed to conform to a Posix standard interpretation, and additional changes to resolve corner cases for Posix conformance. The most notable new features are several new shell variables: BASH_ARGV0, EPOCHSECONDS, and EPOCHREALTIME. The ‘history’ builtin can remove ranges of history entries and understands negative arguments as offsets from the end of the history list. There is an option to allow local variables to inherit the value of a variable with the same name at a preceding scope. There is a new shell option that, when enabled, causes the shell to attempt to expand associative array subscripts only once (this is an issue when they are used in arithmetic expressions). The ‘globasciiranges’ shell option is now enabled by default; it can be set to off by default at configuration time.

Making the GPL more scary

For some years now, one has not had to look far to find articles proclaiming the demise of the GNU General Public License. That license, we are told, is too frightening for many businesses, which prefer to use software under the far weaker permissive class of license. But there is a business model that is based on the allegedly scary nature of the GPL, and there are those who would like to make it more lucrative; the only problem is that the GPL isn't quite scary enough yet.

I'm sure we can have a civil discussion about the merits and demerits of the GPL.

FSFE: publicly funded software has to be open source

Digital services offered and used by public administrations are the critical infrastructure of 21st-century democratic nations. To establish trustworthy systems, government agencies must ensure they have full control over systems at the core of our digital infrastructure. This is rarely the case today due to restrictive software licences.

Today, 31 organisations are publishing an open letter in which they call for lawmakers to advance legislation requiring publicly financed software developed for the public sector be made available under a Free and Open Source Software licence.

Good initiative, and a complete and utter no-brainer. Public money, public code.

VMware becomes gold member of Linux Foundation

As we can read in recent news, VMware has become a gold member of the Linux foundation. That causes - to say the least - very mixed feelings to me.

One thing to keep in mind: The Linux Foundation is an industry association, it exists to act in the joint interest of it's paying members. It is not a charity, and it does not act for the public good. I know and respect that, while some people sometimes appear to be confused about its function.

However, allowing an entity like VMware to join, despite their many years long disrespect for the most basic principles of the FOSS Community (such as: Following the GPL and its copyleft principle), really is hard to understand and accept.

Richard Stallman receives ACM Software System Award

Richard Stallman, recipient of the ACM Software System Award for the development and leadership of GCC (GNU Compiler Collection), which has enabled extensive software and hardware innovation, and has been a lynchpin of the free software movement. A compiler is a computer program that takes the source code of another program and translates it into machine code that a computer can run directly. GCC compiles code in various programming languages, including Ada, C, C++, Cobol, Java, and FORTRAN. It produces machine code for many kinds of computers, and can run on Unix and GNU/Linux systems as well as others.

GCC was developed for the GNU operating system, which includes thousands of programs from various projects, including applications, libraries, tools such as GCC, and even games. Most importantly, the GNU system is entirely free (libre) software, which means users are free to run all these programs, to study and change their source code, and to redistribute copies with or without changes. GNU is usually used with the kernel, Linux. Stallman has previously been recognized with ACM's Grace Murray Hopper Award.

Well-deserved.

Ubuntu may ship ZFS as a module… Or not?

Ubuntu's announcement about inclusion of ZFS support in upcoming 16.04 LTS started an important discussion in opensource community: the license incompatibility between GPL and CDDL licenses may be an issue. Being a copyleft license, GPL requires that all works that are derived from GPL-licensed work are also distributed under terms of GPL. CDDL, the license of ZFS code, is also a copyleft license, and as such requires CDDL-licensed work be distributed "only under the terms of ." Although Ubuntu's ZFS code comes from OpenZFS project, Oracle is still one of the major copyright holders of the code base, and it does not seem likely to relicense its assets under GPL any time soon.

Dustin Kirkland of Ubuntu, the author of the announcement, explained Canonical's position, albeit light on details:

The CDDL cannot apply to the Linux kernel because zfs.ko is a self-contained file system module -- the kernel itself is quite obviously not a derivative work of this new file system. And zfs.ko, as a self-contained file system module, is clearly not a derivative work of the Linux kernel but rather quite obviously a derivative work of OpenZFS and OpenSolaris. Equivalent exceptions have existed for many years, for various other stand alone, self-contained, non-GPL kernel modules.

Software Freedom Conservancy (SFC), a non-profit with self-assigned mission of carrying on a crusade against GPL violations, quickly pointed out that the "obvious" conclusions of Canonical are not really all that obvious:

f ZFS were statically linked with Linux and shipped as a single work, few would argue it was not a "work based on the Program" under GPLv2. And, if we believe there is no legal difference when we change that linking from static to dynamic, we conclude easily that binary distribution of ZFS plus Linux - even with ZFS in a .ko file - constitutes distribution of a combined work.

Another non-profit organization - Software Freedom Law Center (SFLC) - provides yet another opinion on the matter. Eben Moglen points out that CDDL permits distribution of binaries under other licenses, so in case of Linux module GPL's requirements in case of binary module may be fullfilled by distributing it under GPL. Admittedly, this does not solve the issue of the license incompatibility of the code bases. The proposed solution is basically to ignore the wording of GPL's viral clause:

In this specific sense, then, the conduct which falls outside the words of GPLv2 falls within the "equity of the license," or its "spirit." As all Western legal systems have known since Aristotle, literal interpretation of any legal material will sometimes produce unintended unjust results, which can and should be corrected by the invocation of "equity." This present issue is evidently an example in which the tension between literal and equitable interpretation is raised, and it is the consensus of the kernel copyright holders' intention which determines which mode of interpretation is to be employed.

The issue of GPL compatibility and kernel modules' licensing arised before. For example, Linus Torvalds already noted that kernel modules are in "gray area" when it comes to the issue of derived worked. Using an example of Andrew filesystem he stated that external code base that was designed on different system and only required minimal porting effort due to interface similarities, in his opinion, was not a derived work of Linux. Even more appropriate example is Nvidia's infamous proprietary Linux driver, which interfaces the kernel via specially-crafted module that abstracts away Linux kernel implementation details, so that Nvidia's binary blob may still considered to be a self-contained work targetting module's interface, not the interfaces of Linux. This driver is widely used and generally tolerated by distributions.

The differences in these two positions reveal the two conflicting opinions on Linux copyright situation. SFLC is more concerned about the ability of opensource ecosystem to survive in face of fanatic GPL enforcement: their statements goes into painful details about difficulties that projects with permissive licenses are facing when they need to maintain the ports of their code in GPLed projects. If stictly enforced, GPL could hinder such projects to the point when whole ecosystem comes to net loss. Such situation could be particularly painful in cases like this, when the goals of GPL are met, but the legal mechanism that was chosen by opensource Foundation prevents both Linux and OpenZFS from cross-polination.

But on the other hand, making such excuses would open gates for projects that don't really contribute to the opensource, but only use it to their own benefit. While proponents of permissive licenses (myself included) don't find anything wrong with such outcome, GPL was specifically designed to prevent it, and that is why it is one of the most popular opensource licenses out there. Obviously, every concession weakens the position of those seeking GPL enforcement, including SFC, whose mission right now is endangered by both SFLC's and Canonical's views on ZFS integration into Linux. Being a self-styled GPL crusader with several battles already fought, SFC knows that the ZFS inclusion in Ubuntu may come at a price of legal actions lost, and potentially tolanted hackers driven out of opensource by frustration and disappointment.

There is another interesting angle to this situation: by now it is common knowledge that Sun Microsystems specifically designed CDDL to be incompatible with GPL, so that ZFS, while being opensource, could not be included with Linux. Shipping ZFS with Ubuntu would defeat this tactics and potentially remove motivation for such unfortunate choice of license for companies like Sun or Oracle, to benefit of all involved sides.

And yet another thing to consider: some (most?) jurisdictions explicitly require sticking with literal meanings of laws and contracts. This means that even if SFLC's position is defendable in United States, it might be dismissed in other parts of the world, giving Linux copyright holders ability to sue Canonical over copyright infringement. Given that Oracle holds copyright in both Linux and OpenZFS, and that it already demonstrated willingness to take legal actions against opensource projects, Canonical might still be under significant risk.

At any rate, the outcome of this discussion, if any, have potential to settle a long-standing issue in opensource community, and to make legal implications of using GPL more transparent and clear.

The GNU Manifesto turns thirty

Stallman expanded and formalized his ideas in the GNU Manifesto, which he published in the March, 1985, issue of Dr. Dobb's Journal of Software Tools, thirty years ago this month. "So that I can continue to use computers without dishonor," he wrote, "I have decided to put together a sufficient body of free software so that I will be able to get along without any software that is not free. I have resigned from the AI Lab to deny MIT any legal excuse to prevent me from giving GNU away." The nearly forty-five-hundred-word text called for collaborators to help build a freely shareable Unix-like operating system, and set forth an innovative method to insure its legal protection.

Stallman is one of the greatest technology visionaries. He will never achieve the popularity status of businessmen like Jobs and Gates, but his contributions to technology - directly and indirectly - are immeasurable.

And he was right all along.

The GNU GPL to be tested in court

The GNU General Public License (version 2) is one of the most widely used open source licenses in the world. The GNU GPLv2 is commonly used in Linux distributions and open source applications. Yet, despite being widely used for decades, the GPLv2 has not been tested much in the legal system. Most GPL violations do not result in a trial and so the power of the license has remained largely untested. That is about to change. As OpenSource.com posted,

This lack of court decisions is about to change due to the five interrelated cases arising from a dispute between Versata Software, Inc. ("Versata") (its parent company, Trilogy Development Corporation, is also involved, but Versata is taking the lead) and Ameriprise Financial, Inc. ("Ameriprise")

It is expected the court cases will help define what qualifies as a derivative work and how the GPL affects software patents along with other details of how the license is interpreted.

GNU Hurd 0.5 released

It is the GNU project's 30th birthday, and we are pleased to announce version 0.5 of the GNU Hurd.

The GNU Hurd is the GNU project's replacement for the Unix kernel. It is a collection of servers that run on the Mach microkernel to implement file systems, network protocols, file access control, and other features that are implemented by the Unix kernel or similar kernels (such as Linux).

A bit late, but there you have it. Does anyone here actually use Hurd?

Would You Like To Attend OSCON?

OSNews is a sponsor of this year's O'Reilly OSCON in Portland, Oregon, USA. A lucky OSNews reader will win a free three-day pass, including two tutorials days. To win the pass, post a comment on this story saying something about Open Source Software or OSCON. We'll pick a winner at random next week. If you don't have an OSNews account, you may email us your entry. Part of the conference is the 9th annual Open Source Awards, and today the 16th is the deadline for nominations. If you'd like to nominate an outstanding open source contributor, do it here. Read on for more information about OSCON. Update: The 20% discount code for OSNews readers is "OSN."

Enforcing the GPL: kernel hackers join the fight

"The Samba Team and seven kernel hackers have come together with Software Freedom Conservancy to help efforts to ensure compliance with the GPL by those who implement Linux and other GPL software. Richard Hillesley talked to Bradley Kuhn of Software Freedom Conservancy, Jeremy Allison of Samba, and Matthew Garrett, who works in his spare time with the GPL Compliance Project for Linux Developers."

FSF statement on jury’s partial verdict in Oracle v Google

John Sullivan, executive director of the Free Software Foundation: "Were it grounded in reality, Oracle's claim that copyright law gives them proprietary control over any software that uses a particular functional API would be terrible for free software and programmers everywhere. It is an unethical and greedy interpretation created with the express purpose of subjugating as many computer users as possible, and is particularly bad in this context because it comes at a time when the sun has barely set on the free software community's celebration of Java as a language newly suitable for use in the free world. Fortunately, the claim is not yet reality, and we hope Judge Alsup will keep it that way." Couldn't agree more.

Interview: Richard Stallman

It's been a while since we caught up with Stallman. But a couple months ago we took a look around at what's happening with law, politics and technology and realized that he maybe perhaps his extremism and paranoia were warranted all along. So when we were contacted by an Iranian Linux publication and asked if we would like to publish an English translation of a recent interview they had done with Stallman, I thought that it was a particularly rich opportunity.

Building Bridges: Open source according to Microsoft

The Dutch LinuxMagazine translated an interview (direct PDF link) from their magazine with Gianugo Rabellino, Senior Director Open Source Communities at Microsoft into English. Many of your readers are probably wondering, is Microsoft really involved in open source these days, or is there more to it? Fabrice Mous started his conversation with Mr. Rabellino to get to know him better, but also to ask him some pressing questions about Microsoft's policies towards open source and open standards. It turned out to be an interesting, but certainly quite critical conversation, that will probably lead to some discussion.

We would very much like to hear your opinion on the open source policy of Microsoft.

Richard Stallman Was Right All Along

Late last year, president Obama signed a law that makes it possible to indefinitely detain terrorist suspects without any form of trial or due process. Peaceful protesters in Occupy movements all over the world have been labelled as terrorists by the authorities. Initiatives like SOPA promote diligent monitoring of communication channels. Thirty years ago, when Richard Stallman launched the GNU project, and during the three decades that followed, his sometimes extreme views and peculiar antics were ridiculed and disregarded as paranoia - but here we are, 2012, and his once paranoid what-ifs have become reality.

FSF Warns About the Danger of Secure Boot

"The Free Software Foundation released a statement open for public signing, titled 'Stand up for your freedom to install free software'. The statement is a response to Microsoft's announcement that if computer makers wish to distribute machines with the Windows 8 compatibility logo, they must implement a system called 'Secure Boot'. The FSF statement warns against the danger that, if done wrong, this system would have to be called Restricted Boot, because it could make computers incapable of running anything but Windows." Signed.

Rapid7 Commits $100,000 to Open Source Security Projects

Rapid7 created a $100,000 investment fund to support up to seven promising open source projects in the security industry. The "Magnificent7" projects will be identified and supported through the remainder of 2011 and into 2012. Any security-related open source project - with a preference for BSD-compatible licensing - is applicable and encouraged to submit a "Magnificent7" application.

Android Is Not Open Source And Why That’s Good

Google has finally acknowledged that its characterization of Android as open source is false and, in the end, this can only make the mobile platform stronger, InfoWorld's Galen Gruman argues. 'It's hard for believers to accept that open source brings with it difficulties, but look at the consistent failure of the other open source mobile platforms -- Moblin, Maemo, and MeeGo -- that all devolved into grad-student-like thought experiments and personal pet projects. Users don't want that, and ultimately products are sold to users.' Instead, Google has been quietly taking parts of Android back in house to develop them purposefully and deeply, and as Google has asserted more control over Android, it's improved.

A New Way of Measuring Openness: The Open Governance Index

"Much has been said about open source projects - and open source platforms are now powering an ever-increasing share of the mobile market. But what is 'open' and how can you measure openness? As part of our new research report, VisionMobile Research Partner Liz Laffan introduces the Open Governance Index - a new approach to measuring the 'openness' of software projects, from Android to WebKit."