Advocacy Prompts Reconsideration of Anti-GPL Letter 272
As far as I can tell, it started with this Newsforge story (Newsforge is also part of OSDN, Slashdot's corporate parent). The Newsforge story was excerpted and copied by an Australian newspaper, and from there, it was off and spreading. The headline chosen, "Washington State Congressman attempts to outlaw GPL", is not particularly accurate, but it did a great job at stirring up outrage. Outlaw the GPL! Over my dead keyboard!
From there it really started making the rounds. It was repeatedly submitted to Slashdot with all sorts of flaming, incorrect commentary - in fact, after reading a dozen different submissions, I didn't think any of them were even close to accurate. I picked one and posted it, trying to do my best to a) provide an accurate headline and b) provide an accurate summary of the issue at stake in a few sentences. To recap again: when the Federal government creates computer code (or any copyrightable work) directly, it gets no copyright whatsoever and the work is true public domain (quirk of the U.S. copyright laws - the 50 states, corporations, individuals, and other legal entities all get copyrights automatically, but the Federal government does not). If you want to copy, reproduce, or sell an .mp3 of the U.S. Congress singing "God Bless America" after September 11, go right ahead: there is no copyright on it whatsoever. (Actually, the song itself is still under copyright, but Congress' performance of it wouldn't be...)
However, when the Federal government hires a non-employee to create code or copyrighted works, there is no clear rule regarding the copyright status of the work. Sometimes the contract calls for rights to the work to be assigned to the Federal government (the Feds don't get original copyrights, but if someone else gets an original copyright, the Feds can acquire it). Sometimes the contractor keeps the copyright and gets to do whatever they want with it. Sometimes the contract doesn't specify. Note that this is NOT a BSD-vs.-GPL dispute, not by a long shot. Very little code financed by the Federal government is ever licensed under either of these two licenses - the choice is basically agency-proprietary (the Federal agency asked for the rights in the contract, and kept them) or company-proprietary (the agency didn't ask for the rights, and the contractor kept them).
And most of the time it doesn't matter. I've written code for the Federal government as both a contractor and an employee, and 99% of it was so specific and customized that it would be of use to no one else, regardless of its licensing or copyright status. Probably the majority of code written for the Federal government falls into that category - internal use software for very specific needs.
But some of it is undoubtedly useful. Some major projects funded by the government in conjunction with academia have escaped from licensing purgatory, typically through the efforts of the researchers working on them who approach the issue from an academic freedom viewpoint and want to see their work widely adopted. GRASS is one major one that I know of. A commenter pointed out ADA as an example. For code which is useful to others, either a BSD-like or GPL-like license would be truly beneficial and easily defensible as a public policy choice. In the non-code world, the government makes choices like that all the time - it might choose to purchase a particular piece of land and commit to making it available to everyone forever by declaring it a National Park and committing to maintain it, a GPL-like philosophy; alternately, it might choose to just dump a particular piece of property on the market, putting it up for auction and letting the purchaser do what he wills with it, a BSD-like philosophy.[1] Either of these two options might be optimal; but paying for code which ends up remaining proprietary is like buying a new stadium to benefit a very specific corporation which owns a very specific sports team: the type of use of public funds which is generally seen as sleazy and the opposite of good governance.
Either of the first two choices can be appropriate in certain situations. What does not seem appropriate is paying for proprietary code, although this is generally what happens when the government contracts for code. Since the government has the ability to provide a benefit to the public (open code) at essentially zero cost, it should do so. An example which has struck me several times over the past few years: every airport in the world has the same problem, coordinating planes taking off and landing and keeping them from running into each other. Yet each nation (and often each airport) solves the problem over and over, paying heavily for custom-designed, one-shot software development. Imagine if the world's airports could simply install GNU-AirTrafficControl 2.7, and have a complete, working, bug-free and cost-free air traffic control system. It would cost every nation less to do it this way, but it would also make a lot less money for the consultants retained to develop these systems.
But leave off the advocacy for moment - I was following the story itself. As noted above, the outcry has prompted many of the other Representatives who originally signed the letter to reconsider. The AP story even suggests that some of the signatories were actively misled - that the letter they thought they were signing didn't mention the GPL at all. However it actually played out, some good has been done.
That's good. What's not so good is that much of the outcry was probably generated by stories titled "Washington State Congressman attempts to outlaw GPL". The right outcome occurred, but for the wrong reasons and in the wrong manner. I am left wondering whether the community would have made the same sort of response on this issue if every story that had been posted about it was 100% accurate and non-inflammatory.
[1] If you're not familiar with the BSD-like and GPL-like classes of software licenses, this won't make a lot of sense to you, so please read up if necessary.
BSD Should Be Used (Score:5, Insightful)
If we want a GPL'ed SuperFoomatic, we just take that code and release it under the GPL license. No point in having it release originally under the GPL as the released code can be GPL'ed "retroactively".
The only addiition I can think of is that perhaps it should be dual licensed, so that corporations have to pay for its use, with those monies paying for additional governmental software research.
Re:BSD Should Be Used (Score:3, Insightful)
Re:BSD Should Be Used (Score:3, Insightful)
Re:BSD Should Be Used (Score:5, Interesting)
1) A company invests a lot of research and spends 3 years writing supersoftware X, and sells it under a proprietary license.
2) A company finds an agency that needs supersoftware X, spends 3 years writing it on contract, and then sells it under a proprietary license.
Case 1 is the typical copyrighted software situation; collectively we gave up the rights to make copies of that code, so that the company would have the incentive to write it in the first place. Then we pay. We pay 2 times: once with our right to copy it, whether we use it or not, and once with our money, if we actually use it.
Case 2 is also unfortunately typical. In this case we pay for our software 3 times: once when we paid to have it written, once when we gave up our rights to copy it, and once when we bought it.
How many times do I have to pay for what is essentially MY SOFTWARE since MY MONEY paid to create it ?
I want tax-funded software under the GPL, so that I will never face a copy of MY OWN CODE wrapped up in a new interface being sold to me for $500 under an oppressive EULA.
There is another issue in this:
Copyright is only constitutional in the US as long as it creates an incentive to create more works. Since software written for a government contract is going to be written whether there is coyright or not, there is no new incentive created. Therefore, prosecuting someone for copying and selling software written under government contract is unconstitutional.
Now, since as a society we seem to have collectively decided to ignore that document, maybe constitutionality has no bearing. But if you buy into that constitution stuff, the government can't release it under the GPL because that's a copyrighted license; they can only simply release it. However, including any part of it into a proprietary work, or making a derived work from it, may also place that work outside the scope of copyrightable material.
Re:BSD Should Be Used (Score:4, Informative)
Re:BSD Should Be Used (Score:3, Insightful)
the problem is:
people pay most of the taxes
and
corporations give most of the campaign contributions
what a fair system.
Same logic applies to corps. (Score:2, Insightful)
Say IBM gets a 100million $ contract to write a killler database for
So Oracle (& MySQL AB) gets to help pay for code for a competitor?
Seems more fair & logical to release all publically funded code under an open license so that all the folks who have supported the writing of the code can use it.
Re:BSD Should Be Used (Score:3, Informative)
This is less and less true every day.
You are aware that many companies, including General Motors (one of the biggest companies in the world) haven't paid corporate "income" taxes for years? There are some very juicy corporate tax laws which allow corporations to reduce and in some cases eliminate most of their taxes by using such tricks as funelling it to their employees under certain guises. Interesting stuff.
It's a great time to be a corporation.
Re:BSD Should Be Used (Score:5, Informative)
If it's BSD licensed, not only can a company get the code but YOU can get the code with all the rights the company had. Ergo, the company has NOT taken the code away or restricted your rights to the code "you" (more likely, people wealthier than you, paying a larger percentage) paid for. What you AREN'T necessarily getting is exactly what you DID NOT pay for (even if you're in the highest tax bracket...) -- the additional work done by the company.
Now, considering that this incredibly obvious and correct point has been made before, you're either deliberately trolling or not reading any responses in order to maintain your pro-GPL ignorance.
GPLed Software that already exists (Score:5, Insightful)
I don't feel that the government should GPL all its code on principle. But should the government be forbidden to make modifications to a mature GPL software project if that software fills the requirements of some particular project? Imagine that the government wants to use Linux for a particular application, because they feel it's the best tool for the job-- should they be forbidden from adapting it to suit their particular needs (as companies like Tivo have), or even releasing bug-fixes?
It strikes me that in many cases the public and the government can both benefit from this sort of transaction. It's certainly far more efficient than the typical "pay a contractor to develop something and then let them retain the copyright" scenario.
Re:BSD Should Be Used (Score:3, Interesting)
Do you complain if the waitress whom you tipped buys crack with your tip money? Or something else that you're offended by? After all, it was your money that paid for it....
The federal government's funds are not "your money" or "my money." They're "our money," and we elect a president, two senators and a representative to see that OUR MONEY gets spent in the way that best helps "us."
Copyright is only constitutional in the US as long as it creates an incentive to create more works. Since software written for a government contract is going to be written whether there is coyright or not, there is no new incentive created. Therefore, prosecuting someone for copying and selling software written under government contract is unconstitutional.
Hardly. Copyright creates a general state where creative works are profitable. There's no compelling reason why government-funded projects cannot create copyright; if there were, the national endowment for the arts would be unconstitional in its very idea.
Now, since as a society we seem to have collectively decided to ignore that document, maybe constitutionality has no bearing.
No, we haven't. We don't recite it every morning or study it every sunday, but we do keep it in mind as the defining element of the federal government.
But if you buy into that constitution stuff, the government can't release it under the GPL because that's a copyrighted license; they can only simply release it. However, including any part of it into a proprietary work, or making a derived work from it, may also place that work outside the scope of copyrightable material.
If a work cannot be copywritten, then any derivitive work made from that is evalutated on its owm merits.
As far as the law goes, a translation of "Dantes Inferno" might as well be an original work.
Re:BSD Should Be Used (Score:2)
Case 1 is the typical copyrighted software situation; collectively we gave up the rights to make copies of that code, so that the company would have the incentive to write it in the first place. Then we pay. We pay 2 times: once with our right to copy it, whether we use it or not, and once with our money, if we actually use it.
No, you pay only once. Suppose that this system wasn't in place. The software would probably not have been written (or at least not at the same speed/quality, by a focused, 40hr/week group of developers). I don't see how you can give up the right to copy code that hasn't been written. So you simply pay once for software with certain restrictions. That doesn't differ much with physical products actually. I cannot start producing and selling Dells. Buying one doesn't give me the right to distribute copies. Do you also feel that you pay twice for a Dell computer?
BTW, you don't give up the right to copy, but to distribute copies. Fair use allows me to copy stuff without being sued.
2) A company finds an agency that needs supersoftware X, spends 3 years writing it on contract, and then sells it under a proprietary license.
Case 2 is also unfortunately typical. In this case we pay for our software 3 times: once when we paid to have it written, once when we gave up our rights to copy it, and once when we bought it.
If the company wouldn't get to sell the software it must ask more for writing the software initially. The costs of development will be taxed differently, but the total amount of money you will have to pay will not automatically increase.
I want tax-funded software under the GPL, so that I will never face a copy of MY OWN CODE wrapped up in a new interface being sold to me for $500 under an oppressive EULA.
Why can't I use MY OWN CODE as the basis of a new product that I want to sell? Why can't the government reduce my taxes by selling publicly funded software on my behalf? Valid arguments that can also be expressed in irate sentences.
Copyright is only constitutional in the US as long as it creates an incentive to create more works. Since software written for a government contract is going to be written whether there is coyright or not, there is no new incentive created. Therefore, prosecuting someone for copying and selling software written under government contract is unconstitutional.
If this lowers the price of having the software written, the government is able to afford more software or other copyrighted stuff. More works can thus be created.
Now, since as a society we seem to have collectively decided to ignore that document, maybe constitutionality has no bearing.
That is one possible conclusion. Another is that you don't understand the law.
Nu Uh (Score:3, Informative)
Re:Nu Uh (Score:3, Informative)
You are correct, you don't own the copyright, and you must comply with the BSD in acknologeding the copyright holder, but that doesn't prevent you from taking every piece of BSD code out there and distributing it under whatever license you want.
Re:Nu Uh (Score:2)
Maybe I am misunderstanding the BSD license...in which case I would amend my first post to say "public domain" instead of BSD.
Re:BSD Should Be Used (Score:2)
Now, I know that quite a number of slashdotters choose operating systems based on the governing license, but sometimes other considerations must apply.
If a a governemnt agency wants to reduce the vulnerability of existing Windows machines, its modifications might be governed by a Microsoft shared source licence. If it wants to experiment with Linux kernel research, its actions might be governed by the GPL.
Re:BSD Should Be Used (Score:2, Insightful)
An irrelevency.
Firstly, Kerberos wasn't BSDL'd. Pedantry, I admit, but accurate.
Secondly, IIRC, Microsoft didn't actually use the free code - which would take a lot of work to get talking to Windows - but rewrote it from scratch anyway. A common mis-conception.
Regardless of that, that's what they'd do if they couldn't take the original code-base. So you're still no better off if someone's determined to create a broken version.
The GPL can not and does not prevent this.
Licenses cannot enforce standards. Microsoft can create broken protocols no matter what. That's the advantage of being an 800lb gorilla in the marketplace.
The GPL would hinder this. Proprietary products would need ground-up rewrites that may not be completely compatible.
What the BSDL does is promote quality implementations for those who *WANT* to play by the rules and use existing standards. It ensures they get a version that is fully inter-operatble with the existing versions.
Going back to Kerberos, the users still have a choice -- use the M$ "extended" version, or stick with something that follows the original standard.
See, freedom of choice.
GPL is anticompetitive in this case (Score:4, Insightful)
So turn the code loose with no strings at all, and let the best licensing system win!
Public Domain - YES! (Score:2)
This is by far this best solution, and shows how public domain is a great way to disseminate knowledge and ideas. Since the public funded government commissioned it, let the public get some value for their money, by letting everyone have equal access to it.
Re:GPL is anticompetitive in this case (Score:5, Insightful)
Perhaps it does stifle some competition, but only competition that may be destructive to the purposes the government created the software in the first place. The big functional difference between the GPL and BSD or public domain is that the GPL is robust to "embrace, extend, and extinguish".
If the public finances the creation of software, it seems grossly unfair to allow proprietary extensions to that software that break compatibility. The GPL offers a quid-pro-quo that seems clearly in the public interest. It says: we the people created this IP -- you can use it, modify it, distribute it, etc... but any IP that you create that piggy-backs off of this work must be accessable by the public. The payment for using the GPL code is not monetary, it is IP. This way, the public gets not just the IP they funded, but a continuing return on their investment in the form of IP extensions to the original code.
Contrast this with the BSD or public domain licences. Let's say the public creates an email app by hiring a contractor. That app has a nice open mailbox format. A private entity could take the app, convert the mailbox format to a proprietary format and actually compete against the original app by leveraging the things it does well. That is wrong. Yet it is exactly the model that pervades many software companies.
Re:GPL is anticompetitive in this case (Score:2)
If the only software to survive this free choice by users is incompatable proprietary junk, blame the consumer!
By making all software GPL, it is entirely likely (actually, it is quite factual with existing PD software) that most of the software won't be used by anyone, because typical PD software is not packaged or portable or polished enough for all but the most determined to use, or for those in *exactly* the same environment as those who originally developed it.
GPL, BSD and proprietary all can extend that software. But sometimes the only people willing to do it are those who need or demand property rights in the results (i.e. capital investment often requires closed source to be recouped).
If the software is so useful to the public, GPL or BSD efforts are perfectly free to also adapt it and keep it open.
I simply am advocating competition. If GPL can't stand up to the competition in a particular case, then why use it?
Re:GPL is anticompetitive in this case (Score:2)
If a behemoth company is able to break compatibility, it means that customers are still choosing to buy it in spite of that. This is called freedom.
Freedom doesn't produce optimal results in the short term. But I have yet to see a workable alternative.
GPL works in some areas. To advocate that publicly produced software carry restrictive licensing (GPL for example) is wrong. Even the evil big M pays taxes, after all.
Re:GPL is anticompetitive in this case - NOT! (Score:2)
Unless you mean that it removes the possibility that a large corporation could squeeze out it's competitors.
Otherwise, having the code released under GPL would encourage enhancements by various parties, that would/could result in more competitive products. No one entity can out-market their version of the code with a large war chest. Their version of said software will have it's fate decided by the quality of the software.
The Unitied States of America was formed on the basis of freedom. It is necessary that the principle of freedom be given to the software that the U.S. creates with taxpayer money.
Re:GPL is anticompetitive in this case - NOT! (Score:2)
If a big corporation can convince people to take its proprietary version of the software, is that so bad? Do you think that consumers are idiots and that *you* know what is in their best interests more than they do? Mos timportantly, it does not prevent anyone else from creating GPL versions of the original public domain software.
As far as the principle of freedom, what is more free than an open source license? GPL is *less* free!
This is easily proven:
Definition: freedom is that licensing system which allows the most people or entities to distribute and modify the software.
Freedom measure of GPL:
The only people or organizations which can improve the software are those with the time and/or resources to do so *without* the renumeration provided by a proprietary interest in the results.
Freedom measure of public domain:
All of the same people and organizations covered under GPL
-and-
Any organization which wants to adopt other licensing schemes, with alternate investment and renumeration potential.
The latter is clearly more than the former, therefore GPL is less freedom oriented (less free) than public domain.
*case closed*
Re:GPL is anticompetitive in this case - NOT! (Score:2)
The third paragraph SHOULD HAVE READ:
As far as the principle of freedom, what is more free than a public domain license? GPL is *less* free!
oops
Re:GPL is anticompetitive in this case (Score:4, Insightful)
The GPL does nothing but prevent vendor lockin. It removes bad (read: abusing the idea ownership system) competition and allows good (service, support, distribution, update speed) competition among vendors, as evidenced by the strong competition evident among linux companies today.
Far from removing competition, the GPL removes lockin barriers that prevent entrance in to the market in the firstplace.
Or have you forgotten that "intellectual property" is a government-granted monopoly, which is the diametrical opposite of competition?
Re:GPL is anticompetitive in this case (Score:3, Insightful)
Public domain *does not prohibit GPL*!
As far as the government granted monopoly, it is also called for in the US constitution, and exists for a specific purpose. The fact that it is often abused does not mean it is wrong. FURTHERMORE, public domain does not create such a monopoly. It only allows someone to sell software that they have created or modified that way. It DOES NOT prohibit anyone else from taking the same fruits of the public work and using it for free or modifying it and release it for free or even with a restrictive license like GPL.
Those who imagine that GPL == freedom don't understand freedom.
You are confusing the means and the ends. The means I propose are freer than the means you propose. The ends may or may not be better, but I would argue that in most cases the results will be. In any case, the principle of freedom in this case trumps the principle of socially engineered results like the GPL attempts to achieve.
Re:GPL is anticompetitive in this case (Score:3, Insightful)
Your commentary on freedom is oversimplified. BSD style licenses guarantee the freedom to take away freedoms, the GPL does not- that is the only meaningful difference between them.
That means if ten people use the BSD license, the first one to act can lop off a branch of inquiry that extends from the original BSD work by taking an extension proprietary, leaving 9 people with a diminished set of possible extensions to make. In other words, BSD license guarantees one person's right to take away the freedoms of the other nine.
In a GPL world, the first person is constrained against proprietary extensions, so she may use and extend the software, but may not restrict the 9 others from using it.
So in our hypothetical 10-person society, the BSD license preserves the right of one person to limit the freedoms of the other 9, the GPL prevents one person from acting maliciously to preserve that freedom for the other nine.
Since these two sets of freedoms are mutually exclusive and we must choose, it's clear that the GPL society has more *net* freedom since actors are constrained only against acting in ways that constrain the others, and free to act in any other way they like.
Re:GPL is anticompetitive in this case (Score:2)
I was advocating government release as public domain. After that, any licensing can be done. NOBODY can take away your rights to use that initial release. And anybody can license derivatives with GPL if that tickles their toes.
GPL is both more restrictive and more free (Score:2)
Even if I have a piece of code that I hold the copyright exclusively, I would consider releasing a version under GPL, but not BSD. The reason is simple, I can still create derivitive works under whatever license I choose, but if I choose BSD, then my competiters can do the same thing.
It is clear that a lot of people just don't get this. Yes, GPL is more restrictive, but that is a good thing and it protects the original owner of the copyright as well by keeping derivitives free and open.
Re:GPL is both more restrictive and more free (Score:2)
But it is not your choice. It is the choice of the government, and they should make the choice that maximizes freedom and opportunity. THEY own the copyright, not you.
That choice is public domain.
As far a software that you hold the copyright to, you are free to do with it as you wish. I have no argument with you releasing it under GPL. That is your choice, and may be a noble thing for you to do, or it may be totally selfish - it depends on the circumstance.
I have proprietary software. I don't release it to anyone at all at the request of a customer of mine, who considers it a competitive advantage.
At the moment I am extending a GPL'd assembler. That work will benefit my customer also (which is why I am doing it), but it will also benefit the GPL world.
All of these models are valid.
Re:GPL is both more restrictive and more free (Score:2)
The government is theoreticaly my representative and/or agent, so this is my choice, or more properly all of ours. You have a right to think that public domain is more free than GPL, but by my reasoning, this is wrong.
The real question is about whether it is a right for the public to be able to exploit government work for their own benefit. Ok, I accept that this is often how it works, but I think it is a better principle to make them pay a reasonable licensing fee if they want to take it private in a derivitive work. The government has given away far to many things to private interests whose idea of paying for it is to buy polititions. All of this is a corruption of the nation and its political system.
I find GPL and LGPL terms for software to be more free in most situations than BSD style licensing. You may disagree, but simply stating your position isn't an argument.
Re:GPL is anticompetitive in this case (Score:2)
I fail to see how the gov't releasing code under the GPL is different from end-users releasing code under the GPL. It doesn't remove competition from the market any more than RedHat does by providing its own ISOs for download.
Re:GPL is anticompetitive in this case (Score:2)
In the case of GPL, it does not "remove futile cycles" in all cases, any more than proprietary software produces the best result in all cases.
GPL can produce futile cycles too - look at all the variants of Linux that are out there.
And since public domain allows programmers to use the GPL model if they want, I have no idea why you think the freedom oriented approach of public domain "ties all the programmers of the world" to anything at all!
Re:GPL means freedom present and future (Score:2)
But public domain allows many Red Hat's, and also other companies.
There are a number of specialized research tools that were released public domain and have since been picked up and made into proprietary products. If that had not been done, it is likely that most of those tools would now only work in some long obsolete computer running against non-portable libraries.
Let's look at your claims for GPL:
anyone can take it and improve it. Yep, same with public domain.
Guarantee's code freedom. Since when was code a human being? What is "code freedom?" Do you mean that it guarantees that nobody can take the code, invest huge amounts of effort in it, and then recoup their investment by selling it as proprietary? Yep - it PREFVENTS that. In other words, it reduces the ways in which that code can benefit users!
GPL means reduced options! Otherwise it wouldn't preclude some of them in the license!
GPL is good for some things, but to assert it is good for all is equivalent to asserting that capitalism in software never produces anything of value!
Big, Sticky Issue (Score:3, Insightful)
True, but... I assume in this model anyone, anywhere could see the source codebase... with any of its bugs and exploits.... Do we want this for these kinds of software implementations (of which there are many done by/for the U.S. government)?
From what I can tell from the various sources (some good, some bad), the crux of the argument here is to avoid Smith et. al., making GPL or BSD licenses for government-produced/contracted code illegal. And that's only right. However, as far as I'm concerned, this simply starts the sticky discussion on what kinds of licenses/protection should be applied to what kind of projects. That's likely to be a lot more work.
Anyway, one can only hope that this news gets replayed as "X tries to restrict freedom", and these guys don't get re-elected.
Re:Big, Sticky Issue (Score:2, Flamebait)
This is a particuarly stupid form of the security through obscurity argument.
One may as well argue that the source code for a proprietary system should not be checked for bugs because the person doing so could find something and sell on the information to a terrorist. One has to assume that there are more good guys than bad guys in the world, and the larger the number of people looking at the code, the greater the chance that any problems are found and fixed rather than found and exploited. This would be true even if there were many potential problems that do not need some evil person deliberately trying to exploit it.
Re:Big, Sticky Issue (Score:2)
What I have been thinking about, is the possibility of freeing systems like hydroelectric plant control software and gas and oil software. Here in Norway, we have tons of both. I've been in the control room of a major hydroelectric plant, and they did certainly run UNIX. Probably, it would be quite easy to port this software to a completely free (as in speech) platform.
Well, Peru has some hydroelectric plants (seen them with my own eyes...), and Venezuela has oil, just freeing the software rich Norway have may help these countries, I figure.
This goes more to the crux of the issue too, as how government should license code. In this case, GPL would be appropriate, as the intention was to share it most widely, not create the basis for MS HydroElectricController XP... There are good arguments for BSD or Public Domain, but GPL is a good choice. I think it is actually something that should be decided on a political level.
Re:Big, Sticky Issue (Score:2)
Flawed analogy (Score:5, Informative)
I think this analogy is completely flawed. Under the BSD license, the original piece of code will always remain free for everyone to use. When the government sells a piece of property, it's no longer available to the public. FreeBSD didn't go away when Apple incorporated pieces of the code into OS X.
Both the BSDL and GPL keep the original code free for all, the difference is in the derived works - the GPL stipulates that they, too, must remain free, wheras the BSDL doesn't. I think a more appropriate analogy would be: the BSD license would allow a photographer to take a picture of the sunset in a national park, and retain all rights to it. Under the GPL, the photographer could still make and sell the photograph, but he couldn't stop people who bought the photograph from making copies and giving them away, or selling them.
Re:What? (Score:2)
Hmm, I think you may have a point. The photograph wasn't meant to be under the BSDL, though, just the original landscape :)
Let me adjust things slightly: If the park was under the BSD license, the photographer would be able to sell copies of his photograph without giving away exclusive rights to it's distribution. Of course, if he wanted to, he could let people share it in turn. If the park was GPL'd, he wouldn't have this choice: he would have to let people share the picture in turn.
You're right on the second point, of course. Everyone, please read the licenses instead of relying on twisted analogies!
Naive? (Score:3, Insightful)
Where the hell have you been for the past 50 years?! This is how all policy is decided by governments. Pretty simple equasion:
BribeH^H^H^H^H^Corporate funding + politician = new policy.
Interesting notes (Score:5, Insightful)
Re:Interesting notes (Score:2, Insightful)
You should put things in context instead of rushing to flame (although rushing to flame is a great way to get +4 or +5 posts on Slashdot). In this specific case the question is whether the government GPLing a piece of software discriminates against proprietary software vendors who want to protect their intellectual property (i.e. their changes) yet want to use the code created by the tax dollars of the corporation and its employees.
As many have pointed out, the GPL is a discriminatory licence in this situation while the BSDL is not. The BSDL isn't much more than putting it in public domain except for the requirement to retain copyright notices. With a putting software in the public domain or licensing it under the GPL then both Open Source and Proprietary software developers can benefit from the software.
Re:Interesting notes (Score:2)
The government GPLing a piece of software doesn't distriminate against anyone. Corporations can still use it, just as we all can; it is not distriminatory. The only restriction is that corporations (nor anyone else) can't modify it, distribute those modifications, and not release hte modifications under the GPL as well. This is not discriminatory towards "corporate America". They have to play by the same rules as the rest of us. We can't do that either.
Re:Interesting notes (Score:2)
I think it makes sense for the Feds to use a BSD license for original software creations, as one of their goals is to allow businesses to profit from the research. This is so much better than selling the research to one corporation because it allows the public-at-large the same rights to their software. If one of the citizenry runs with the project, and turns it into something new, and GPLs it, all the better. Then the corps can decide whether they want to use the better GPLd version or the worse one under the BSD.
What doesn't make sense? This has been discussed to death the last couple of days. The BSDL is a better fit, given the Feds' stated interests in preserving business and public exploitations of funded research.
What would be nice is to see more government projects start from a GPL software base, like the still-very-much-alive-and-well SELinux [nsa.gov] project. I wish this had more support from the community, as right now it's only the wizards that are touching it. If more people got sucked into it, they probably would, in typical Linux fashion, start making it more accessible to the power user with less than several days to devote to moving over his existing setup to an SELinux box. The curve right now is pretty steep.
I got side-tracked. My point was that if more government projects started from a GPL base, then all the work they did on top of it would automatically be available to us, and Mr. Smith's parent corporation wouldn't be involved at that point.
BSDL for new work, GPL for modifying existing projects. The public benefits most.
Re:Interesting notes (Score:2, Insightful)
What hogwash
No, it is 100% accurate. The reporter is simply reporting what microsoft is claiming. The claims themselves might be completely off, but the story isn't reporting on their validity, just their existence. Microsoft IS claiming this, so this part of the story is 0% hogwash.
Re:Interesting notes (Score:3, Insightful)
Red Hat general counsel Mark Webbink speculated that some members of Congress may have signed the anti-GPL note without fully realizing what they were doing. "I think they were probably hastened into something that most of them would now recognize as not being that well advised," he said.
How often do we hear this explanation for some dumb move by politicians? Is it fair to expect them to even read letters or legislation before endorsing them? How many have claimed surprise at what they found out was in the DMCA, or the Patriot Act? Will they do it now with Smith's letter? I don't think I'm as forgiving as Mr. Webbink...
In other words, as we all know, Smith is bought and paid for and owned by MS
For $22,900? They got him cheap. Talk about a depressed economy - even the government boys are feeling the pinch. ; )
Christ at those rates I could afford my own Congressman... I hear it's the best investment you can make. Maybe I can send him back to Washington pushing the schlach agenda. Wow, my own pet Congressman... I'd play with him and feed him everyday... =p
Re:Interesting notes (Score:2)
Microsoft is also a major source of jobs and tax revenue in his state. If they didn't give him a nickel, he'd still be practically duty bound to look after their interests, so long as this isn't clearly at the expense of the public as a whole (yes I understand this is a big proviso).
It doesn't serve any purpose to poison the well in a case like this when the politician has a perfectly reasonable motivation to take a certain position. Far better to attack the position itself, and the tactics he uses to advance that position.
Re:Interesting notes (Score:2)
You're correct, except that you totally missed what the lie was. First, even if MS says that open-source hurts businesses, that's their informed opinion - it's not something that's easily provable as objective fact, so therefore it can't be a lie. The real lie (partly due to MS's confusing PR) is that MS is anti open source. In reality, they are anti GPL, or any other "viral" license. The GPL DOES prevent a company from protecting their intellectual property _only if they choose to use GPL code_. However, a BSDish license is truely free, hence why MS has used code from BSD licensed software.
I'm not agree within MS's anti-GPL stance, however, let's not sound like zealots by stating things like "saying GPL is bad for business is a lie". No matter how educated your opinion, it's just that, an opinion.
Re:Interesting notes (Score:3, Informative)
Saying that the GPL is bad for business is a incorrect assertion of fact. In fact, it is not. My GPLing software doesn't hurt any businesses. If businesses want to use GPL'ed software to base their code on, that's their choice, but they have to release the modification under the GPL; they made an informed decision, weighing out the advantages and disadvantages. If companies only have "one line" of GPL'ed code, it should be no problem to come up with an original replacement. In short, its not bad for them, but can only (in some cases) help them. This is not preventing them from protecting their intellectual property, as you assert; if they want to license their IP under a EULA, they can simply find a replacement for the GPL'ed code, or code a replacement themselves.
Yes, MS likes the BSD license. Of course they like a license which allows them to take but not give back. MS is a parasite to OSS and FS communities.
I also disagree with your implied assertion that the GPL'ed license isn't truely free. In the real world, Freedom does not mean "no restrictions". In the real world, without any restrictions at all (anarchy), there is no freedom; I don't see why restrictions automatically make something unfree in the software world. The GPL was designed to gaurantee the end-user freedom, and to ensure that that freedom isn't taken away by modificatioins to free software which are themselves licensed under non-free licenses.
Lets do a real-world analogy to help you understand. First, an analogy to the BSD license. A city has a well in the middle with a chalice from which to obtain water from the well; the only rules are that anyone may use the chalice to obtain water from that well, so long as they put it back. Anyone can add onto the well and make it better; but the person adding on can impose a fee for others to use that enhancement. Hence, a public resource -- originally free -- may over time be transformed into something divided up among private owners.
Now, compare that to the GPL. In this case, anyone can add on to the well also; but they must not put any more restrictions on the usage of their addition than were on the usage of the original well. Hence, a public resource is free and will always remain free.
That's the difference between the BSD and GPL licenses. The GPL license is truely free -- perhaps more so than the BSD license, since it gaurantees freedom in the future for any modifications, so a proprietary modification of a GPL'ed program cannot replace that GPL'ed program and take away the users freedoms.
In short, the BSD philosophy regarding freedom seems to be that "freedom means the freedom to take away other people's freedom (i.e., add a EULA to modifications of BSD-code)". The GPL philosophy regarding freedom seems to be that "freedom means the freedom to do whatever you want, so long as you don't take away other's freedom".
Re:Interesting notes (Score:3, Insightful)
There are sufficient license zealots and poor people who can't afford software for this scenario to never fully play out. Also Microsoft Office exists and does a whole lot of things but that doesn't stop the development of OpenOffice.
Never said it did.
I read this as "I will now ignore your point about the restrictions added by the GPL by posting a bunch of URLs which will take you to documents by other people who will also ignore your point."
I never said it wasn't widely considered to be free software; I said that BSD is more free than GPL. On one hand all BSD guarantees is that you can get THIS version of the software for nothing and do whatever you want with it, so you could perhaps craft an argument that it was less free because of its lack of guarantees. On the other hand, GPL requires you to take certain actions if you take other actions, namely releasing the source which you wrote if you want to give other people the benefit of your changes, but charge them for it. BSD does not place this requirement which, it could be argued (and I am,) devalues your work.
Irony (Score:4, Funny)
Totally unfair analogy!! (Score:3, Insightful)
However, that is not the case with GPL vs. BSD. I can freely use and modify any code under the GPL or the BSD. It's not like some company can just take over BSD code and never let me use it. They are both free.
The difference is that with GPL if I write a commercial application and 99% of the code is mine and 1% is GPL I am forced to give out my 99% of code. With BSD I don't.
Now this is fair if it is just some Joe Programmer on his own time who wrote the 1% of GPL code. He can let people use (or not use) it as he feels. It is *NOT* fair if that Joe Programmer is being paid to write that code with MY tax dollars! That code should be freely given to the taxpayers to do with it whatever they want, including using it in their closed-source programs and selling it.
It is not "corporate welfare" because it benefits everyone equally! Corporations can use it, individual taxpayers can use it, universities can use it, etc. Corporate welfare is if they give something to corporations that only corporations will benefit from.
Brian Ellenberger
Re:Totally unfair analogy!! (Score:3, Interesting)
Your example doesn't seem particularly strong to me. If a programmer includes *any* GPL'd code, then "paying" the "price" of respecting the GPL is "fair". Let the programmer find a cheaper/better source if they can't afford the GPL.
I agree that the National Park analogy wasn't so good, either. Maybe something like a perpetual land grant would have been better, but the underlying problem is the nature of licensing, code, and ideas. As has been requoted so often,
"If I have an apple, and give you the apple, I
have no apples. If I have an idea, and give
it to you, we both have the idea."
I don't remember the source of this quote, nor do I know if the source is truly known.
-Paul Komarek
Re:Totally unfair analogy!! (Score:2)
I like the GPL for "infrastructure". For instance, I think some of our telephone should be publically maintained; that is, Covad wouldn't have to go through Verizon to get access to the central office when installing ADSL equipment. There is a lot to think about here, and I'd want people to think about this very carefully.
For "technology", I would prefer public domain.
-Paul Komarek
Re:Totally unfair analogy!! (Score:2)
Therefore, if the FSF is lobbying for a limited term for copyright, they are by definition lobbying for a matching limited term for the GPL. Therefore it is physically impossible for them to be hyprocrites on this subject, despite your claims.
Re:Totally unfair analogy!! (Score:3, Insightful)
However, if I read the GNU regex code, study the relevant automata literature, and then write my own regex parser, I do not believe my work would be considered derivative so long as I don't effectively cut-n-paste the GNU code. In this case I'm writing code from scratch using other sources as reference.
I would very much like to know which copyright cases provided precedence for this issue. Otherwise, I think the definition of "derivative" is probably up to the Librarian of Congress or similar.
Perhaps your complaint is about my use of the word "rewrite". By "rewrite" I mean write again, not fiddle with variable names and hope nobody notices.
-Paul Komarek
Re:Totally unfair analogy!! (Score:3, Insightful)
I have a better analogy to counter to bad analogy:
Since software can be infinitely copied and distributed with no loss, think of it as an infinite stretch of arable land. Proprietary guys come along and fence off a section with a sign saying "keep out". GPL guys come along and fence off a section saying "free for everyone". BSD guys come along and notice that fences are utterly irrelevant...
gpl like encryption (Score:4, Insightful)
relatively recently, encryption has undergone a complete turn-around in ideology. now, most every cryptologist believes that the algorithm should not only be simple but also VERY OPEN. the more eyes that look at it, the more errors can be spotted, and as time has told, today's crypto systems, for example RSA, are much more secure than the enigma. everyone and their dog knows how it works, and still no one can break it.
the same thing goes for software. the whole "falls into the wrong hands" argument works exactly the same as crypto-systems. if a crypto-system falls into the wrong hands (as someone else noted), it will also fall into the right hands, and errors will be fixed.
licensing government software under the gpl opens it up, and in the long run reduces the error rate and effectively, it's security, etc. people still think that if they hide the source to the software, it will be more secure. PLEASE look at what happened to cryptology in recent times and act accordingly.
Re:gpl like encryption (Score:2)
licensing government software under the gpl opens it up, and in the long run reduces the error rate and effectively, it's security, etc. people still think that if they hide the source to the software, it will be more secure. PLEASE look at what happened to cryptology in recent times and act accordingly.
In theory, this is very sound practice. But in reality, how many people will actually look at the government's code and help them? If they have a very specific program to monitor conditions on a missile (or other use that 99.999% of regular programs wouldn't have a use for and couldn't understand with a lot of background knowledge), how many people are actually going to look at it and make any helpful suggestions? Very, very few. While at the same time, every other government and "evil doer" on earth can look at the code and search for flaws in it. The theory of open source is great, but it has to be something that many programmers will actually look at, which doesn't apply to most cases of very specialized program.
Open source works great for Linux and Gnome and KDE, because there are many people who are interested in making it better and using it. It doesn't work nearly as well for little programs that most people don't care about, because you cannot get enough eyes (especially enough knowledgable eyes) to make it worthwhile.
You seem a little confused. (Score:2)
Also your argument applies to BSD or Public Domain code, which most people here assumme are the only alternatives to GPL for the government-produced code. All the options are open to examination.
From what I have heard, the federal goverment must BSD or public domain any code it produces itself entirely. This is because it is not allowed to copyright anything it produces, and the lack of copyright makes the GPL irrelevant (since it simply grants a few exceptions to the copyright but less than making there be no copyright).
However the government should be allowed to use GPL code and modify it. The result is then GPL, because that is part of the rules of the GPL, which even the government cannot break (the government is also allowed to use Windows in their solution but that does not make Windows suddenly free). For that reason I very much oppose this idea, as it's entire purpose is to outlaw the use of GPL software in government.
Re:gpl like encryption (Score:4, Insightful)
Well yes, a cryptosystem being open or closed does not change how well it functions. You can know everything about how a one time pad functions, for example, and as long as there is sufficient randomness in the key generation knowing it all won't help you. If you know how the key is generated, and it's not random enough, then THAT can be a weakness. But you cannot assume that someone may not learn what you're up to, so the weakness isn't having the process be open, it's the process.
Having a cryptosystem which depends on obscurity is nothing more than a fancy puzzle box. Enough monkeying around by someone who knows what to look for will open the box, because various operations always leave telltale signs, and there happens to be a vast number of shortcuts out there which is why repeatedly encrypting something with the same cryptosystem, even using different keys, can result in no more security than a single pass.
On the other hand, hiding the source to the software DOES make it more secure. It does not make it secure but it does make it more secure. Consider the case of someone wanting to reprogram a missile, something I know dick about but about which I can craft a fairly plausible scenario due to what (little) I know about programming. Let's say the basic control software is running on a hardened 80186 CPU. You would like to replace this software with your own ingredients and send the missile to a different target.
Now, you can either download and disassemble the software when you get there and muck around in x86 assembler trying to figure out what they're doing, and why, and how to make it do what you want, or you can have the source ahead of time and have the code ready to install when you get there.
Not to mention the fucking comments. Have you ever disassembled some software and taken a look at it? Figuring out what it does can be as confusing as being a snake in a hose factory. You might have just a hundred lines of code with no calls and still spend hours trying to decide what it's really accomplishing, especially if the programmer is clued. With decent comments, you'll be able to tell at a glance.
This comment should not be taken as indicating that security through obscurity is effective, only that it is more effective than no security. Hence, saying that obscurity doesn't help is incorrect.
GPL v. BSD v. some other license (Score:4, Insightful)
I don't think we should be saying "BSD should be used" or "GPL everything" -- the issue as I understand it is whether it should be illegal for government-funded software to be released under the GPL. I think it's pretty clear that passing such a law is a bad idea. The people running a project should have the ability to choose which license is the most appropriate.
Steve
That's what LGPL is for (Score:2)
Even in the case of ready-to-run apps, there is a case to be made for releasing some sub-systems or interface libraries under LGPL, even if RMS depricates this practice. If it's your code, choose the license you feel is best.
Re:GPL v. BSD v. some other license (Score:2)
Write the Congressman (Score:3, Insightful)
I sent emails to Congressmen Davis and Turner thanking them for setting the record straight-- that they weren't endorsing or criticizing the GPL or any other licensing arrangement. (I will post the letter to my journal forthwith.)
I think michael raises an important point, though: if a lot of the software contracts the government writes are proprietary, but could have some potential widespread public use, they should not be closed. Software contracts should not be a bonanza for a large corporation to be able to patent the results of their work, especially if they benefit from federal R&D spending. I dislike the notion that Microsoft, IBM, Oracle, etc. could benefit from federal research and turn around and patent the results of the work. That should be banned outright.
Next stop for the letter writing campaign: members of the New Democrat coalition http://www.ndol.org [ndol.org] --and it's not just congressmen I'll write; it will be local officials, too. They need to know that people are paying attention to this issue.
Good commentary (Score:3, Interesting)
Interesting
Analogy with data from NSF funded projects (Score:3, Insightful)
Define "very little" (Score:5, Informative)
NASA uses and produces software under the GPL license.
Any [splint.org] number [umd.edu] of [dlese.org] of [ukans.edu] projects [sourceforge.net] funded by NSF, and other Governmental Agency, grants end up licensing software under the GPL.
There is an aspect to this discussion that I don't think gets enough play. The GPL is a great boon to academics who don't have to purchase costly software, and risk throwing obstacles in the way of those who would reproduce their work, or reinvent wheels. This boon comes with the very small cost that the software so produced should be shared with others. I think that this is in harmony with the spirit of Scientific Research, the "standing on the shoulders of Giants" as Newton said.
Define "very little", OK, that's easy. (Score:3, Interesting)
Now consider how tiny the NSF and NASA are in the grand scheme of things. Consider all the software written for a much larger agency like the US Navy [essential.org]. Think you will ever see any chunk of the Yorktown's propulsion system software? Not m a chance, but think of how huge a project that was. Now consider all the Navy's work from design to implementiation. Now consider that the Navy is just one branch of the enormous US Military, which literally supports whole cities of people on land and at sea. Then consider that the US Military only accounts for one fourth of the US Federal Budget and realize how much software goes to the federal government each year that you will never see, but will pay for again and again.
Very little can be thought of as vast but visible next to the incomprehsibly large.
Darn those academicians who seek to educate and otherwise benifit the public by frank and honest publications! Public libraries, hurt publishers. Free software hurts software vendors who would sell us the same crap forever. Yep, they love the GPL. So should the rest of us.
Re:Define "very little", OK, that's easy. (Score:3, Insightful)
I suppose it is very little compared to the total amount of software written for the Military.
I was, however, excluding from consideration all software that would not normally be licensed or otherwise released, like software that is not released to entities outside of the US Military or software that could contain State Secrets, etc.
The Yorktown's propulsion system software would only be released to those who had Yorktown class ships. Inspection of said software could aid people in sabotage of Yorktown class ships or might contain operational details that would be of benefit to someone engaging a Yorktown class ship in battle.
I think you're talking about software here that was never intended for any kind of release.
I suppose there are probably some software tools and business software programs, like in the areas of logistics, task management and office tools that the Military might develop that could get widespread release, but I can't imagine that this would be a terribly large body of software.
Re:Define "very little" (Score:3, Insightful)
What is bad about the GPL for releasing software in the scientific community?
I'd like to understand your problem. Is it that people are not required to provide changes unless they provide binaries? Interesting. So, would you say that the GPL is not restrictive enough for scientific researchers?
If this is your problem, I think you'd find a more restrictive license difficult to draft. You'd have to carefully define 'research' and 'publish' for purposes of such a license.
The GPL removes much of the motivation for keeping source changes secret, but not the one where people want to keep their changes a secret for purposes of academic competition. I would think that this motivation would be counter-balanced by the desire of researchers to have their results duplicated. This would require that the mechanisms of their research be made public, which I think would include their source code.
One case where researchers are likely to keep their methods secret is their hope to commercialize some aspect of the research. The GPL addresses this well, I would think.
Reading the letter was enough (Score:3, Interesting)
-Paul Komarek
BSD vs. GPL vs. Public Domain (Score:5, Insightful)
If you release it under the GPL, all derived code must itself be released under the GPL. Like it or not, this *does* interfere with commercialization of the software, nobody is going to spend millions of dollars writing code they'll have to give away, under most circumstances.
On the other hand, BSD or Public domain carries no such strings. Someone can pick up the BSD or PD code, alter and adapt it, and make the result proprietary, *and* someone else can take the same original PD/BSD code, alter and adapt it, and release it under the GPL or a similar required open-source liscense. The best of all possible worlds, if making something government-generated generally useful requires a lot of up-front investment, in ways that don't appeal to OSS communities, someone can take that opportunity and make an investment with reasonable hope of return. And if something of benefit can be derived in ways that "scratch an itch", the result can be released or recreated under the GPL and kept available.
The problem is that some systems should never be made public. I don't want the command computer source code for the ICBM system running around loose, "many eyes" security methods are a bad thing when intrusion impacts are measured in megatons. So, like it or not, some code will have to remain forever closed.
--Dave
Re:BSD vs. GPL vs. Public Domain (Score:5, Insightful)
You are performing one of the great fallacies of free software discussions, and these issues are subtle so I can see how you'd confuse the following:
this *does* interfere with commercialization of the software
this *does* interfere with making the software proprietary
The distinction is very important. You can commercialize GPL'd software, it's right there in the license. You can not make proprietary extensions to that software.
It's like bottled water. You can get water for free from public drinking fountains everywhere, the chemical code for it is known by elementary school children, but people still buy the stuff in very profitable bottles. I think there are two lessons here:
1. never underestimate the power of marketing, even (especially?) in absurdly commodified markets
2. the public availability does not make something commercially unfriendly, it just changes the terms under which vendors must operate to be more consumer-friendly.
Vendor lockin is very, very bad for business. Many projects have been killed or not started out of the fear that Microsoft will include similar functionality in a later release of their operating system that replaces or possibly outright breaks their implementation. In a level playing field (a gpl-frienly environment) Microsoft would be foolish to extinguish rather than interoperate with other vendors. Bottom line: GPL allows non-lockin commercialization, true capitalist-style competition instead of government-sponsored monopolies.
Not quite (Score:3, Insightful)
In the case of GPLing a BSD licensed piece of code, it would have to be a modified version of the GPL to take into account the original requirements of the BSD license - that attribution must be given in the documentation and that the BSD copyright notices must not be removed from the source. The BSD license allows you to add restrictions, but you may not remove the ones that were there.
So far as I know, more lawsuits have been filed in defense of the BSD license than the GPL so far. :-)
Re:BSD vs. GPL vs. Public Domain (Score:3, Insightful)
Only one problem with your GPL analysis. First off, if it's only their property, there's no GPL issue. If they wrote all the code, they can release it under any license they like. And if they included GPL'd code, it isn't their property. In that case, why should their desire to commercialize the code give them the right to ignore the license the owner of the GPL'd code put on it? In short, what gives them the right to use someone else's property any way they like regardless of the license terms on it?
Re:BSD vs. GPL vs. Public Domain (Score:3, Insightful)
If a CIA spy sends a secret message to Langley, that message is in the public domain. The prohibition on its dissemination arises not out of copyright, but out of a need for national security in a First Amendment context.
No one is arguing against that, although I hope that eventually this stuff will get declassified when it's no longer important to keep it a secret.
Re:SETHROB (Score:4, Informative)
The relationship between security and obscurity is a complex one. Naive people often equate them, slightly more educated people make more complex errors, but errors they remain.
The fact is that obscurity can be a valuable impediment to potential attackers, but only if adequate effort can be applied to make sure that the underlying security is good. Most companies, for example, do not have the resources required to adequately ensure the security of complex systems (i.e. pretty much anything running on a computer), which means that they're far better off publishing and allowing the public security community to find their holes for them.
However, public scrutiny is not a magic bullet, because it's not uncommon that something gets published but it doesn't get that much attention. In the case of an organization like the U.S. Government, the resources are available to hire teams of top analytical talent and have them focus 100% on a particular system for years on end, or even in perpetuity. No published code gets that kind of scrutiny.
For example, the NSA practices obscurity but have you ever met a cryptographer who thinks they'd be better off publishing their cipher designs for the community to pound on? The NSA has a huge pool of very talented people and is perfectly capable of doing thorough security reviews completely internally. Adding a layer of obscurity on top of that has all sorts of bonuses for them, such as allowing them to avoid revealing their capability in cipher design (which would imply things about their capabilities in cryptanalysis, for example).
I think the case of the ICBM C&C system is comparable. The DoD can afford to have extensive review by talented people, and then keeping the software secret adds an additional layer of complexity for any would-be attacker. Even more important, of course, are the policies, procedures, clearances, vault doors and armed guards that stand between a potential attacker and the system, and various security and obscurity mechanisms applied to those.
I work a great deal with another class of systems in which obscurity is important. Obscurity slows the defect-discovery process for both white and black hats, and that's usually a bad thing because when white hats find a problem, even though the black hats also find out about it, it gets fixed and is no longer a problem. But what about when you know in advance that if someone finds a defect it will not be *possible* to correct it? White hat security research will essentially hand the keys to the system to the black hats because we can't update the system to correct the problem.
So the logical approach in this case is to (1) do as good a job on the security as you can, (2) keep the software secret, to slow the inevitable discovery of defects, (3) keep an internal team of security analysts working continually to find defects (they can see the code and are more efficient than the black hats, even though they're probably vastly outnumbered) and (4) devise and integrate audit procedures into the initial system security design so that if a bad guy does break it (a) you will find out, so you can try to respond and (b) you have an evidentiary trail that can lead to arrest and prosecution of the attacker.
Wow, a good /. editor (Score:5, Insightful)
And for the record, if there were a GNU-AirTraffic piece of software, it would take about 10 years to get to anything resembling 2.7; it would probably spend most of that ten years at version 0.9.x or whatever. What is up with OS projects being totally unwilling to actually go up in versions? Sheesh.
Re:Wow, a good /. editor (Score:2)
Re:Wow, a good /. editor (Score:3, Insightful)
You have major.minor.small.tiny or something similar. The way it USED to work was major 0 was for prerelease and then major 1 was your release. You then only incremented your major number for a complete start-from-scratch return-to-formula rewrite. Increments in minor were for added features, small was for modified features or bug fixes, and tiny (which didn't come along until much later) was for minor bug fixes (forgot to twiddle a bit or something.)
Now the major is a marketing number, the minor is for minor changes, small is for patches, and tiny seems to track how many files have been edited, or how many bites the packager took to eat a candy bar, or some kind of checksum. Take your pick.
Internet Explorer has no reason to be on version six, for example. I don't even remember ever seeing version 1, but it must have existed. I doubt it's EVER been completely rewritten but it seems to have changed considerably between 2 and 3, and between 3 and 5 (But not 4) and not much between 5 and 6. Assuming it changed a lot between 1 and 2 it could justifiably be on version 3 now.
Most people want their software to actually work reliably and not crash before they make it 1.0. This explains why versions increment so slowly. If you take a look at the versions applied to most linux distributions, they're artificially inflated as well... especially redhat. There's not enough difference between 7.x and 8.x to justify incrementing the minor but they overhauled the look and smell so they had to bump it up or no one would notice it had changed and go buy it at Fry's again.
Public Domain (Score:2)
Copyright exists SOLELY to promote the progress of the arts by providing creators with an incentive to create in the form of a limitation on everyone else in what they can do with the work for a certain period, the general idea being that this satisfies quickly the public's desire for new works, and then will later satisfy the public's equal desire for freedom to do stuff with those works, including making new works from them. (phew)
The government needs no such incentive. Their incentive is proper governance. It is improper for them to get copyrights. And as long as they're spending our tax dollars on software, it should be of the greatest public benefit possible. This means the public domain.
Then anyone can use that software to do anything. Some people may create closed software, some open, but that's okay. Because it is FREE TO ALL.
If you want government to promote openess, which I agree with (I am a GPL supporter, though it is wholly inappropriate wrt government), a better way would be to require openess as a prerequisite for copyrighting a work! I.e. that MS could not get a copyright on the next Windows unless the source and enough comments to make it useful to people later, were put on file at the Library of Congress.
You couldn't immediately use that -- it is copyrighted -- but at least you could look at it and learn from it, in the same way that you can look and learn from a novel, or pretty much anything else that is copyrighted.
If even further openess is required, this would require even more significant changes to copyright law, but I think that it is generally acceptable for there to be an area of closedness if it doesn't present too significant an impairment to the promotion of the arts and sciences.
not BSD, not GPL, but wxLicense (Score:2, Informative)
It basically consists of full GPL protection for source code, but with the freedom of use any licensing in binaries, that is, permiting commercial use of it. Developers happy, and companies happy.
As in everything, all extremes are evil, and for me the RMS/GPL is just the other extreme of MS EULAs. Any good and usefull license should be somewhere in the middle of them both. Of course the devil is in the details, but that's what lawyers are for.
election (Score:3, Funny)
Re:hmmm (Score:5, Insightful)
Re:hmmm (Score:2)
Re:hmmm (Score:2)
There a books containing all the laws for your town/county/state/country. How many people have really read them?
Re:hmmm (Score:5, Funny)
Security through obscurity doesn't work. Ask Microsoft.
Re:hmmm (Score:2)
Security through obscurity doesn't work. Ask Microsoft.
But obscurity can help security. Ask the NSA.
Security through openness also only works when defects can be corrected in a timely manner. This is the case with most systems, but not all, and systems for which it is known in advance that modifications to fielded units will not be possible should use obscurity as an added layer of protection (on top of well-designed and implemented security).
Re:hmmm (Score:5, Insightful)
Software doesn't kill people, people kill people.
Okay, maybe that's too glib, but the song remains the same. Anything that would be considered a serious security threat would be classified as such; The mechanisms to do this with governmental data already exist.
I would hate for something as artistic as software to fall into an anti-terrorist mantra, because there's a forest-for-the-trees problem. Sometimes a cigar is just a cigar, and sometimes an MTA application is just an MTA application, even though it could be used to deliver mail with contents that aren't in the best interests of the commonwealth.
The problem with the 'wrong hands' argument is that we need to trust whomever is entrusted with the definition of 'wrong hands.' If that is a large, bureaucratic judicial system, it's probably inefficient, if it's an efficient corporation, the chances of ever seeing the code is nearly non-existent. :)
Emmett Plant
CEO, Xiph.org Foundation
Re:hmmm (Score:3, Insightful)
This is a non-issue, surely. Not letting dangerous government information (ie classified information) into the public's hands is covered by secrecy laws that have nothing to do with copyright law, which exists to secure the "rights" (whether you believe them too many, too few, or just right) of IP holders.
If you come across a classified military report, you can't spread it around, regardless of what licence it is under. I'm pretty sure it would be completely uncopyrighted, if it was produced by the government - once they become unclassified, you can copy them as much as you like.
Re:hmmm (Score:4, Interesting)
Re:hmmm (Score:2)
Actually the issue is that if your government contracts to have some code developed the GPL should be an allowable licence.
Re:GNU Is Like a Disease (Score:3, Insightful)
Let me give an example, say the government funds an email server. I create a plugin that expands on the functionality of the email server and create a small business around this consulting other companies on its use.
You are a large company that markets the email server. If we use the GPL, you can not close me out with proprietary extensions. Same thing would work in reverse, but you would not care that much. If it was a BSD or Public Domain, you could make proprietary extensions that would disallow my plugin from working. What makes you more important than me? Both of our tax money went to this hypothetical project.
By your reasoning it would be ok to leave trash or campfires burning. The parks are GPLed. We don't let companies come in and strip mine Yellow Stone. If we were to use your analogy, we would let loggers cut down the Redwood forest.
The GPL says share and share alike. you want to keep something to yourself, then do all the work yourself. No way are you takeing what is mine. By definition, anything of the Government is partially mine.
GPL==Vaccine, GPL!=Virus (Score:3, Interesting)
1. GPL is a vaccine against proprietary vendor lock-in. It ensures that once code has been released for public use, it is not extinguished by proprietary extensions that render the original obsolete. This benefits all players, from free software purveyors to large commercial companies. Ask IBM.
2. The BSD license allows you to do whatever you like, for good or for ill. It is, as my
The more people who are vaccinated against a contagious disease, the fewer people will catch it. GPL is definitely a vaccine rather than a virus.
Re:Why are the States different from the Feds? (Score:2)
Welcome to the United States. For hysterical raisins, our government is divided into many parts: there is the Federal government, and there are 50 state governments, and you're probably covered by a county and a municipality, too. They are all separate entities. There is no particular requirement for their policies to be similar.
Re:Slashdot hysteria (Score:3, Interesting)
not be "poisoned" such that businesses and individual programmers would lose their own work, and the rewards from it, if
they used it.
BZZZT! Wrong! You have just stated that the government has the ability to violate copyright law and public-domain something that was copyrighted. This is not true.
You have to realize that the GPL is a granting of additional rights. It lets you do more than you normally can with a copyrighted work. Therefore somebody cannot take GPL code and turn it into BSD code because they are violating copyright and not using one of the exceptions the GPL allows.
Also for this reason I think any code produced by the government must be BSD, becasue apparently the government cannot copyright anything, therefore they do not have the ability to put any of the restrictions on the code allowed by copyright but not by the GPL. However if the government uses GPL code and modifies it, the result must be GPL, since doing that is the only right they have to use the GPL code. They could also go to the original author and ask for the right to BSD it.
Re:Slashdot hysteria (Score:3, Interesting)
Regarding your first point, the OSD reads, "The license must not discriminate against any person or group of persons." Any person or company can make use of GPL'ed software according to the terms of the GPL. In that way, it's completely non-discriminatory. You're complaining that the GPL doesn't allow commercial software creators to use the code in any way they see fit, which is a misinterpretation of the real intent.
Now, if the license expressly stated, "Microsoft cannot use this code for any purpose," or "This code may only be used by the Church of Scientology," then such a license would fail to meet the OSD.
On the second point, the OSD reads, "The license must not restrict anyone from making use of the program in a specific field of endeavor. For example, it may not restrict the program from being used in a business, or from being used for genetic research." Again, you misinterpret the OSD. For one thing, the restriction is talking about "making use of a program," not redistributing a program. Which means that Adobe could run their development on CVS and GCC, but couldn't sell their own versions without complying with the GPL. For another thing, in order to bring the GPL into compliance with your interpretation of the OSD, they would have to be granted special exemptions.
IOW, proprietary software developers aren't being being discriminated against.