Forgot your password?
typodupeerror

+ - Enforcing the GPL

Submitted by lrosen
lrosen (220835) writes "I am responding to the article in Opensource.com by Aaron Williamson, "Lawsuit threatens to break new ground on the GPL and software licensing issues."

I want to acknowledge Aaron's main points: This lawsuit challenges certain assumptions about GPLv2 licensing, and it also emphasizes the effects of patents on the FOSS (and commercial) software ecosystem. I also want to acknowledge that I have been consulted as an expert by the plaintiff in this litigation (Ximpleware vs. Versata, et al.) and so some of what I say below they may also say in court.

Let's be open about the facts here. Ximpleware worked diligently over many years to create certain valuable software. The author posted his source code on SourceForge. He offered the software under GPLv2. He also offered that software under commercial licenses. And he sought and received and provided notice of United States patent claims related to that software.

Unbeknownst to Ximpleware, Versata took that GPLv2 software and incorporated it into Versata products – without disclosing that GPLv2 software or in any other way honoring the terms of the GPLv2 license. The reason Ximpleware became aware of that GPLv2 breach is because some months ago Versata and one of its customers, Ameriprise, became embroiled in their own litigation. The breach of GPLv2 came out during discovery.

Ximpleware has terminated that license as to Versata. This is exactly what the Software Freedom Conservancy and others do when confronted by GPL breaches.

That earlier litigation is between two (or more) commercial companies; it is not a FOSS problem. These are mature, sophisticated, profitable companies that have the wherewithal to protect themselves. I know that in my own law practice, whether I represent software vendors or their commercial customers, we typically provide for some level of indemnification. Perhaps Ameriprise and the other customer-defendants can count on Versata defending them against Ximpleware. Such a commercial dispute between big companies – even if it involves the GPLv2 software of a small company and separate indemnification for copyright or patent infringement – is between them alone.

But as to Ximpleware and its GPLv2 copyrighted and patented software, there are a few misunderstandings reflected in Aaron Williamson's article:

1. The notion of "implied patent licensing" has no clear legal precedent in any software licensing. While it is true that goods that one purchases include a patent license under what is known as the "exhaustion doctrine," there is no exhaustion of patented software when copies are made (even though copying of the software itself is authorized by GPLv2). For example, a typical commercial patent license nowadays might include a royalty for each Android phone manufactured and sold. Companies that distribute Android phones and its FOSS software acquire patent licenses so that recipients of their phones are indeed free to use those phones. But that isn't because of some implied patent licenses that come with Android software, but because commercial companies that distribute phones pay for those patent rights, directly or indirectly. I think it is entirely reasonable to require that commercial companies get their patent licenses in writing.

2. Versata's customers who received the (in breach!) GPLv2 software all moved to dismiss Ximpleware's infringement claims against them, pointing to Section 0 of GPLv2, which says that "[t]he act of running the Program is not restricted." What that sentence actually means is just what it says: The GPLv2 copyright grant itself (which is all there is in GPLv2) does not restrict the act of running the program. Nor could it; that is a true statement because running a program is not one of the enumerated copyright rights subject to a copyright license (17 USC 106). The authors of the GPL licenses have themselves made that argument repeatedly: The use of software is simply not a copyright issue.

3. Because there are U.S. patent claims on this Ximpleware software, Section 7 of GPLv2 prohibits its distribution under that license in the United States (or any jurisdictions where patent claims restrict its use). If Ameriprise and the other defendants were outside the U.S. where the Ximpleware patents don't apply, then GPLv2 would indeed be sufficient for that use. But inside the U.S. those customers are not authorized and they cannot rely on an assumed patent grant in GPLv2. Otherwise GPLv2 Section 7 would be an irrelevant provision. Reread it carefully if you doubt this.

The Versata customers certainly cannot depend on an implied patent license received indirectly through a vendor who was in breach of GPLv2 since the beginning – and still is! Versata ignored and failed to disclose to its own customers Ximpleware's patent notices concerning that GPLv2 software, but those patents are nevertheless infringed.

Should we forgive commercial companies who fail to undertake honest compliance with the GPL? Should we forgive their customers who aren't diligent in acquiring their software from diligent vendors?

As Aaron Williamson suggests, we shouldn't ignore the implications of this case. After all, the creator of Ximpleware software made his source code freely available under GPLv2 and posted clear notices to potential commercial customers of his U.S. patents and of his commercial licensing options. Lots of small (and large!) open source commercial companies do that. Although it is ultimately up to the courts to decide this case, from a FOSS point of view Ximpleware is the good guy here!

There is rich detail about this matter that will come out during litigation. Please don't criticize until you understand all the facts.

Lawrence Rosen
Rosenlaw & Einschlag (lrosen@rosenlaw.com)"

+ - Sickest email scam yet->

Submitted by Martin S.
Martin S. (98249) writes "The BBC is reports how emails purporting to come from NICE (UK's National Institute for Health and Care Excellence) are informing people they have cancer and must open an attachment to find out how to proceed.

However the attachment contains malware.

Sir Andrew Dillon, NICE Chief Executive: “A spam email purporting to come from NICE is being sent to members of the public regarding cancer test results. This email is likely to cause distress to recipients since it advises that ‘test results' indicate they may have cancer. This malicious email is not from NICE and we are currently investigating its origin. We take this matter very seriously and have reported it to the police.” NICE is advising people who have received the email — the subject line of which is important blood analysis result — to delete it without opening it and not to click on any links."

Link to Original Source

+ - Happy Pi Day!->

Submitted by mikejuk
mikejuk (1801200) writes "Yes it is Pi day again, but this year it feels as though we aren't celebrating alone. For the first time it looks as if the momentum has built up to the point were a few people have heard about pi day and there are even attempts to sell you Pi connected items — as if it was a real holiday.
But there is always some one to spoil the party so what ever you do to celebrate don't miss Vi Hart's Anti-Pi Rant video."

Link to Original Source

Comment: The nature of responsibility (Score 2) 104

by Martin Spamer (#46431905) Attached to: BPAS Appeals £200,000 Fine Over Hacked Website

If fact the negligence in this case was the fault of an external IT contractor who stored the captured data on the website CMS, after the requirements has been change to specifically exclude this feature because of security concerns. However the DPA doesn't take this into account. Data loss is an absolute offence, no negligence is necessary. If the organisation loses the data they are guilty.

The size of the fine is not a reflection of the degree of negligence but a result of the damage done . In this case very serious damage because the extremely sensitive nature of the data and who was able to access it.

+ - AT&T Invented A Way To Charge You Twice For The Same Internet->

Submitted by redletterdave
redletterdave (2493036) writes "In the midst of a raging debate over whether carriers should be allowed to charge more for certain types of data, or let favored developers offer users apps that don’t count against their data caps, AT&T has applied for a patent on a credit system that would let it discriminate between 'permissible' and 'non-permissible' traffic on its network. According to the application, AT&T would be allowed to decide what other content is 'non-permissible'—movies and file-sharing files are just examples—and the carrier could also levy additional fees or terminate the user’s access if they tried to access unauthorized content or exceeded their 'credit allotment.'"
Link to Original Source

+ - Leaked: The European Police Plan To Remotely Stop Cars?!

Submitted by cartechboy
cartechboy (2660665) writes "We've read about the idea of electromagnetic pulse guns and EMPs being used and or tested to help the police stop cars during a chase. But apparently that stuff is old news already, as a leaked document has revealed that the European Union is working on a plan that could allow police to remotely shut down a vehicle. People, we aren't talking about shutting down a car from the comfort of a squad car, no, we are talking about the idea of shutting down a vehicle from a control room somewhere overseeing the streets via closed-circuit television cameras. According to the leaked document, the technological solution would be a built in standard for all cars that are sold in the European market by the end of the decade. It would allow police to simply power down a vehicle under certain scenarios. The idea behind all this is the fact that it would eliminate dangerous pursuit situations. Of course, this the point where everyone starts discussing whether this invades civil liberties. What's to stop the government from misusing this system?"

Another megabytes the dust.

Working...