Forgot your password?
typodupeerror

+ - Enforcing the GPL

Submitted by lrosen
lrosen (220835) writes "I am responding to the article in Opensource.com by Aaron Williamson, "Lawsuit threatens to break new ground on the GPL and software licensing issues."

I want to acknowledge Aaron's main points: This lawsuit challenges certain assumptions about GPLv2 licensing, and it also emphasizes the effects of patents on the FOSS (and commercial) software ecosystem. I also want to acknowledge that I have been consulted as an expert by the plaintiff in this litigation (Ximpleware vs. Versata, et al.) and so some of what I say below they may also say in court.

Let's be open about the facts here. Ximpleware worked diligently over many years to create certain valuable software. The author posted his source code on SourceForge. He offered the software under GPLv2. He also offered that software under commercial licenses. And he sought and received and provided notice of United States patent claims related to that software.

Unbeknownst to Ximpleware, Versata took that GPLv2 software and incorporated it into Versata products – without disclosing that GPLv2 software or in any other way honoring the terms of the GPLv2 license. The reason Ximpleware became aware of that GPLv2 breach is because some months ago Versata and one of its customers, Ameriprise, became embroiled in their own litigation. The breach of GPLv2 came out during discovery.

Ximpleware has terminated that license as to Versata. This is exactly what the Software Freedom Conservancy and others do when confronted by GPL breaches.

That earlier litigation is between two (or more) commercial companies; it is not a FOSS problem. These are mature, sophisticated, profitable companies that have the wherewithal to protect themselves. I know that in my own law practice, whether I represent software vendors or their commercial customers, we typically provide for some level of indemnification. Perhaps Ameriprise and the other customer-defendants can count on Versata defending them against Ximpleware. Such a commercial dispute between big companies – even if it involves the GPLv2 software of a small company and separate indemnification for copyright or patent infringement – is between them alone.

But as to Ximpleware and its GPLv2 copyrighted and patented software, there are a few misunderstandings reflected in Aaron Williamson's article:

1. The notion of "implied patent licensing" has no clear legal precedent in any software licensing. While it is true that goods that one purchases include a patent license under what is known as the "exhaustion doctrine," there is no exhaustion of patented software when copies are made (even though copying of the software itself is authorized by GPLv2). For example, a typical commercial patent license nowadays might include a royalty for each Android phone manufactured and sold. Companies that distribute Android phones and its FOSS software acquire patent licenses so that recipients of their phones are indeed free to use those phones. But that isn't because of some implied patent licenses that come with Android software, but because commercial companies that distribute phones pay for those patent rights, directly or indirectly. I think it is entirely reasonable to require that commercial companies get their patent licenses in writing.

2. Versata's customers who received the (in breach!) GPLv2 software all moved to dismiss Ximpleware's infringement claims against them, pointing to Section 0 of GPLv2, which says that "[t]he act of running the Program is not restricted." What that sentence actually means is just what it says: The GPLv2 copyright grant itself (which is all there is in GPLv2) does not restrict the act of running the program. Nor could it; that is a true statement because running a program is not one of the enumerated copyright rights subject to a copyright license (17 USC 106). The authors of the GPL licenses have themselves made that argument repeatedly: The use of software is simply not a copyright issue.

3. Because there are U.S. patent claims on this Ximpleware software, Section 7 of GPLv2 prohibits its distribution under that license in the United States (or any jurisdictions where patent claims restrict its use). If Ameriprise and the other defendants were outside the U.S. where the Ximpleware patents don't apply, then GPLv2 would indeed be sufficient for that use. But inside the U.S. those customers are not authorized and they cannot rely on an assumed patent grant in GPLv2. Otherwise GPLv2 Section 7 would be an irrelevant provision. Reread it carefully if you doubt this.

The Versata customers certainly cannot depend on an implied patent license received indirectly through a vendor who was in breach of GPLv2 since the beginning – and still is! Versata ignored and failed to disclose to its own customers Ximpleware's patent notices concerning that GPLv2 software, but those patents are nevertheless infringed.

Should we forgive commercial companies who fail to undertake honest compliance with the GPL? Should we forgive their customers who aren't diligent in acquiring their software from diligent vendors?

As Aaron Williamson suggests, we shouldn't ignore the implications of this case. After all, the creator of Ximpleware software made his source code freely available under GPLv2 and posted clear notices to potential commercial customers of his U.S. patents and of his commercial licensing options. Lots of small (and large!) open source commercial companies do that. Although it is ultimately up to the courts to decide this case, from a FOSS point of view Ximpleware is the good guy here!

There is rich detail about this matter that will come out during litigation. Please don't criticize until you understand all the facts.

Lawrence Rosen
Rosenlaw & Einschlag (lrosen@rosenlaw.com)"

Comment: Re:Derp (Score 1) 168

by rduke15 (#47485809) Attached to: New Mayhem Malware Targets Linux and UNIX-Like Servers

For Europe at least, you can get RIPE IP blocks from their web site or through their RIPEstat Text Service. I use it for one of my servers to get daily lists for one country, and feed it to ipset. Maybe others like ARIN etc. also publish lists? Or you can get GeoIP databases. Or you could try a (Perl) module like IP::Country?

Comment: Subsidies and lobbying (Score 1) 385

Maybe it could theoretically work (or maybe not), but it's irrelevant because almost impossible to do.

The problem is: how do you take away money (subsidies) from those who have a lot of it (partly precisely from subsidies)?

They can spend a lot for lobbying and public relations in general. The industries which would need to receive these subsidies don't have comparable means for their campaigns, and in part these industries don't even exist yet, because the money is lacking to develop them.

In social movements, many poor can force a few rich to pay more.

But industries are different. How do a few poor convince that the money of many very rich industries (which also feed many workers) should go to them?

Comment: Re:How about a home brew dynamic DNS system? (Score 1) 495

by rduke15 (#47358029) Attached to: Microsoft Takes Down No-IP.com Domains

If you already have a server with a static IP, it's pretty easy to configure bind to accept dynamic updates. See for example Set up your own Dynamic DNS.

I set it up like that, and have short scripts on my Linux and Mac notebooks to do the updates when the network comes up. On Linux, it's a short script in /etc/network/if-up.d/. On Mac, it's a script called by a LaunchDeaemon (a .plist file in /Library/LaunchDaemons).

Comment: Proof (with silly statistics) ... (Score 4, Informative) 283

by rduke15 (#47302157) Attached to: Perl Is Undead

Is it dead? Well, some quick scripting can tell us the truth, using Bash and of course Perl.

On my Ubuntu notebook and main machine:

sudo find /etc /bin /sbin /usr/bin /usr/sbin -type f -executable -exec file -b "{}" \; \
| perl -MData::Dumper -nle '
        next unless /script/;
        if ( /(shell|python|ruby|perl|bash)/i ) {
            $types{$1}++
        }
        else {
            warn "Other: $_\n"
        };
        END {
            print Dumper(\%types);
        }'

Output:

Other: a /usr/bin/make -f script, ASCII text executable
Other: a nickle script, UTF-8 Unicode text executable
Other: awk script, ASCII text executable
$VAR1 = {
                    'perl' => 283,
                    'python' => 104,
                    'bash' => 1,
                    'Ruby' => 3,
                    'ruby' => 9,
                    'shell' => 602
                };

On a server:

Other: a /bin/dash script, ASCII text executable
$VAR1 = {
                    'Python' => 36,
                    'Perl' => 139,
                    'shell' => 267
                };

Looks very much alive. Unless of course, Perl realized what it was calculating and cheated and made it's own numbers up on the fly...

Comment: But LSD must be better (Score 2) 164

by rduke15 (#47158053) Attached to: 'Godfather of Ecstasy,' Chemist Sasha Shulgin Dies Aged 88

Because it's inventor died 14 years older at 102. :-)

And seriously, the one time I tried ecstasy, I didn't like that it seemed to interfere with my emotions.

LSD modifies percepetions and paths of thought, which can be a fantastic experience (or just great fun) if you are in the right mood for it, but I don't remember it ever modifying my emotions.

Ecstasy gave me the impression of creating out of proportion artificial emotions in me. After the fact, I really didn't like that aspect. No wonder it was all the rage during the years of techno music. I guess people dancing to that cold techno music really needed something to still feel human.

But anyway, peace to "Godfather of Ecstasy" and all chemists experimenting with psychoactive drugs. When used right, these all give valuable experiences.

Comment: Start looking for another job? (Score 1) 185

by rduke15 (#47141557) Attached to: Ask Slashdot: Taking a New Tack On Net Neutrality?

You could waste many hours calculating how much it would cost (equipment, maintenance, support calls, unsatisfied customers, risk of legal actions, etc.). After spending a lot of time on this, you could most probably demonstrate it's a bad business idea.

But why bother? I'm sure you have more interesting things to do than writing a memo to explain in detail why a stupid idea is stupid.

It is also pretty obviously a bad idea from an "ethical" point of view. You don't have to spend hours doing boring research to explain that. You can just explain it.

Maybe most of the board will understand it straight away (if they didn't already when one of them suggested it). If not, then you don't want to work for these people.

So after explaining to them why you think it is a bad idea, just say you will not help implement it because you feel it's not ethically acceptable. If most of the board people are smart, they will appreciate your clear point of view. If not, they will show you the door, and you will be grateful for being forced to leave these idiots.

Could it be that a single idiot on the board came up with the idea, and that the rest of the board didn't want to discuss it and just asked you to "write a memo" to get rid of the subject?

Comment: Who tried most of them? (Score 1) 611

by rduke15 (#47136967) Attached to: Which desktop environment do you like the best?

I selected "other", because I can't compare what I have now (Unity) to the others. For the others, I have either not tried them at all, or a long time ago so they may be very different now, or not long enough to have an opinion. For example, Knoppix has some desktop which is neither KDE nor Gnome. But I only needed that Knoppix disk a couple of times, so cannot have an opinion.

But I tend to mostly use a file manager, and applications. So the Desktop environment doesn't matter so much. Windows always have minimize/maximize/close buttons. I don't care much if they are on the left or on the right side of the title bar.

I use Midnight Commander a lot in Terminal. (And on Windows, Total Commander of course).

In Ubuntu, I use Krusader a lot. I don't like it, but it's what comes closest to Total Commander (all the others are just lacking too many features).

I have tried most file managers, but if someone has tried many desktop environments and has a comparison, that would probably interesting. Especially since I need to replace my Ubuntu 12.04 laptop, and have to decide if the next one will still be Ubuntu, or Mint, or plain Debian or something else, and then decide which Desktop environment I want with that.

Comment: Re:The Republicans here... (Score 1) 132

by rduke15 (#46835837) Attached to: Brazil Approves Internet Bill of Rights

I have actually read that "Director's Rules" pdf, and dont' see how it would prevent equipment upgrades to allow faster Internet.

What I see in the pdf, is that working on or installing equipment on public property requires a permit, and it lists what documents must be provided to get the permit (like a plan with street names, etc).

I sure hope every city in the world has similar rules. What is the problem? What did I miss? And what do republicans have to do with that? Aren't they against any rules other than those of The Market?

Comment: OWC? (Score 2) 353

by rduke15 (#46654151) Attached to: An SSD for Your Current Computer May Save the Cost of a New One (Video)

They may have fine SSDs, but the ones I bought to add to 2 mac minis were ridiculously slow for SSDs. Around 80 MBps read/write according to BlackMagic's disk speed test. Not faster than the original normal drive that came with the machines. In one of the Mac minis, I replaced the OWC with a Samsung, and it's much faster (I forgot how much, but certainly over 120 MBps).

So in conclusion, yes, SSD may improve performance, but only if they are fast SSDs. Some aren't and won't make a big difference. (and when they fail, they tend to do so without warning and completely, so be sure to always have backups).

Uncompensated overtime? Just Say No.

Working...