EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

01.27.08

Selling Services Without Selling Fear of Licences

Posted in Free/Libre Software, FUD, GPL, HP, Rumour, Security at 2:29 am by Dr. Roy Schestowitz

Accusations against H-P and Palamida seem baseless

It wasn’t long ago that McAfee and InformationWeek were both harshly (and rightly) accused for spreading GPL fear [1, 2, 3]. This was not appreciated. It is actually worth reminding ourselves of speculations and predictions of a McAfee-Novell tie-up because Novell too was caught using FUD to market itself.

“Empty allegations are used against Hewlett Packard (H-P) and Palamida and we wish to present them here in order to make some clarifications.”On the other hand, some baseless accusations are flying about at the moment. Having been in touch with some of the parties involved, we wish to debunk FUD (or just lies) about FUD that never was. Empty allegations are used against Hewlett Packard (H-P) and Palamida and we wish to present them here in order to make some clarifications.

Let us start with H-P. Just the other day, when H-P introduced a set of services and tools that assist tracking of software and licensing, Dana Blankenhorn accused rather than thanked.

The Hewlett-Packard open source strategy is becoming clear.

Fear the source.

I’m certain HP officials will disagree with that. But when your press release is headlined, ” HP Promotes Open Source Software Governance with New Initiative,” there is no other conclusion to draw.

Your big company can’t go into open source alone. It’s dangerous out there. Here, hold our hand.

PJ disagrees with this, as do I. “HP is trying to do something very good with Flossology. I totally support it,” she says.

Why would anyone try to show just the negative side-effect (and yes, we’re sometimes accused of doing this as well)? Maybe because it stands out from the crowd and because ZDNet bloggers can be rewarded for provocations. Regardless of the issue at hand, H-P did make either an observation or a complaint back in 2005 (maybe 2006) when it said there were too many open source licences. But coversely, In this newer case, there is an attempt to address the issue, not just raise it. We should be happy. We should be thankful. And here were have the latest report from Palamida (published on Friday) which heralds to the world that GPLv3 finds love. This is good news, not bad news. Project evolve successfully.

The GPL v3 growth for this week is consistent with our average growth rate. As of January 25th, the GPL v3 count is at 1579 GPL v3 projects, up 44 projects over the past week. The LGPL v3 list is growing slowly but steadily and is currently at 150 LGPL v3 projects, as compared to last weeks number of 148 LGPL v3 projects.

At least one person claimed to have found flaws in Palamida’s work. Here is what one of our readers had to tell to us before we heard from Palamida (it’s reverse-chronological):


[Anonymised:]

I have been visiting Palamida GPLv3 site and I think they are doing a great job at tracking the license adoption, and their statistics can be very useful to counter the established proprietary software oligopolies’ and the mainstream tech media’s FUD machine.

But today I have been warned by Pieter Hitjens about the following: I copy-paste the conversation about recent statements made in the palamida gplv3 site (gplv3.palamida.com -which redirects to –> gplv3.blogspot.com)

[Pieter:]

http://gpl3.blogspot.com/

This site looks like it’s promoting GPLv3 but in fact it looks like subtle anti-GPLv3 FUD. E.g.:

“In the case of putting a GPL v3 project under a commercial license as well, there is high potential to violate the terms of the GPL v3. This is not to say that any of the aforementioned projects are or are not
in violation of the license, since our analysis of the terms are not yet complete, but caution should be used if a project is under both the GPL v3 and a commercial license.”

What they are saying, I think, is that GPL projects that do not have a clear copyright centralization cannot easily be re-licensed. However they don’t state this clearly, and they are not publishing my comments on the blog.

-Pieter

[Anonymised:]

as somebody who has gotten note of Palamida very early after GPLv3 was released and I’ve got a bit of contact with actual GPLv2->v3 conversions, I can say this:

Palamida, the owner of this blog (it’s advertized in the banner on the top of the blog) is a company who’s business is software risk management, so it’s the business of marketing at this company to show what risks may be there and that risk is increasing.

It is increasing, because GPLv3 makes things indeed a bit more complicated by the simple fact that it is a successor of GPLv2.

The only long-term solution to that which I see is to convince as many free software developers that licensing under “GPL v2 only” is a __very__ bad idea.

I think you guessed right that they may suggest that companies might want to buy services from Palamida, to improve legal security in software distribution.

What I see, rather looks like research which gives great information of the GPLv3 adoption, and no clear FUD.

[Anonymised:]

I see clear FUD, in this respect.

Dual-licensing is in fact a very strong argument for using GPLv3 but it depends on clear centralization of copyright. Projects like 0MQ – see www.zeromq.org – are careful to demand copyright assignments and/or MIT licensing from all contributors. For these projects, dual licensing is essential. This statement:

“This is not to say that any of the aforementioned projects are or are not in violation of the license, since our analysis of the terms are not yet complete, but caution should be used if a project is under both the GPL v3 and a commercial license.”

Is really bad. It suggests that we have to wait for Palamida to give the green light on whether it’s safe to use 0MQ. That’s very misleading and designed to create business for Palamida by exaggerating the complexity of the GPLv3 and ignoring the key role of copyright ownership.

If a company owns its code, how can it be in violation of the GPLv3 by dual-licensing its own code? That’s pure FUD, and worse, it brings into question one of the key business models for new smart FOSS businesses.

[Anonymised:]

Care if I forward your message to Pamela Jones (groklaw) and Roy Schestowitz (boycottnovell) so they alert about the issue. Think the palamida guys, who are doing a great tracking of projects adopting the GPLv3 should be aware as well. And of course the FSF/FSFE

[Pieter:]

Forward away, of course. Tracking GPLv3 usage is fine. Throwing fear and uncertainty onto other businesses to try to create extra business is not fine.

-Pieter


Shared with implicit permission, the above is intended to at least show the arguments that were thrown into this debate, which we believe is resolved by several factors.

For starters, PJ says: “I don’t agree they are doing that [spreading fear]“. Further: “They want business, so they highlight problems without telling you the solution, because they want business, but that isn’t, to me, exactly the same thing as FUD, although it can have a similar effect.”

Our reader adds: “Up to now, their work at tracking GPLv3 project has proven nice and useful to counter quite a lot of FUD [...] I think Palamida at least should publish Pieter’s comments. If they don´t do it after a while, “someone” should be pointing at the problem. Of course making clear that the tracking of GPLv3 projects is nice and useful.”

We received a response from Palamida quite quickly and it was very convincing. Judge for yourselves however:


I can say with 100% honesty that no, Palamida does not resort to FUD to sell our services. However, we do point out what can happen if you don’t know what you’ve got in your code base, which is a reality, and it’s what drives a lot of lawsuits and insecure apps. It’s just something people want to avoid and we’re here to help organizations figure it out so they can get it right. There is a subset of folks (including you) that know what the heck is going on and would vet and check you code, versions, and licenses ahead of time. Funny though that very large organizations often do not, or possibly can not, because of their size and geographically dispersed team of developers. These are the folks who have the Top 5 Most Overlooked OS vulnerabilities (and many more but let’s stick with 5) and don’t know it.

So in general, our message and mantra has always been “Know What’s In Your Code.” It’s a message that shouldn’t be considered FUD, because not knowing has very real consequences (can anyone say Busybox?).


Since H-P came under similar unjustified scrutiny we brought up this issue, which quite expectedly revealed sympathy:


In general, we like HP but here’s something to think about. Back at the beginning of Palamida, folks used to ask us, “Why wouldn’t I just use Google Code Search instead of paying for Palamida?” Our response was always that
they certainly could use Google if they only wanted a skim the surface view of what was going on in one single segment (say, JBoss code). However, our expertise coupled with the depth and breadth of our code base (which weighs in at 3 Terabytes) could give you a little more (to put it mildly). So I personally feel the same about FOSSology. This is my singular opinion, it’s a fantastic tool but it answers only one of the many, many questions people need to be asking (take a look at the blog we just posted Friday) about: what code are you using? What version? What license is it under? Is it secure?

How often is the FOSSbazaar updated? What does it include? What are its rates of false positives or irrelevant search matches? How comprehensive is it? Who has tested it? Would you bet your eBanking system security on it?

That sort of thing.


This hopefully resolves the issue, at least for those who were involved in a blame game. Censorship (aka “selective approval”) of comment was probably the main reason for going this far. We never delete comments in this Web site and only a single abusive reader has his comments flagged (still truly visible) for repetitive abuses even against other readers. Transparency brings better answers than censorship, which we last complained about just an hours ago (ODF/OOXML).

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

A Single Comment

  1. ernest park said,

    March 31, 2008 at 8:06 pm

    Gravatar

    I note and appreciate the emotion filled comments regarding Palamida’s involvement in tracking GPLv3 adoption rates.

    I am in charge of the research team and the blog site. We get numerous comments, and ALL are posted. If a comment was left, while I don’t agree with it, it is posted. The nature of the site has NEVER been to spread fear or spin regarding how spooky and scary OSS is. Rather, my team and I are sponsored by Palamida to provide objective information regarding OSS usage of certain licenses.

    The forum is open to debate and public input. I can directly be reached via email with questions, or emails can be sent to rdgroup@palamida.com. Our research and the GPLv3 work should serve more as a barometer of the OSS community as a whole. Since we look at thousands of projects per week for licensing, code changes, updates, my team and I provide an honest perspective on what is currently happening in OSS related to GPLv3 licensing.

    As an aside, our blogs do track adoption rates, but also keep readers informed regarding other issues of OSS relevance. Again, our goal is to honestly track and publish licensing and related trends across OSS, represented at http://gpl3.palamida.com. Our research is available for reuse by analysts, and is routinely used and trusted as an objective source.

    As an aside, our blog regarding dual licensing issues (http://gpl3.blogspot.com/2008/01/gpl-project-watch-list-for-week-of-0118.html) received a number of comments. It was my fault that I edited our information, and in doing so, did not accurately explain our point. We do include all comments received, and I invite comments in the future.

    Ernie

What Else is New


  1. With Stambler v Mastercard, Patent Maximalists Are Hoping to Prop Up Software Patents and Damage PTAB

    The patent 'industry' is hoping to persuade the highest US court to weaken the Patent Trial and Appeal Board (PTAB), for PTAB is making patent lawsuits a lot harder and raises the threshold for patent eligibility



  2. Apple Discovers That Its Patent Disputes Are a Losing Battle Which Only Lawyers Win (Profit From)

    By pouring a lot of money and energy into the 'litigation card' Apple lost focus and it's also losing some key cases, as its patents are simply not strong enough



  3. The Patent Microcosm Takes Berkheimer v HP Out of Context to Pretend PTAB Disregards Fact-Finding Process

    In view or in light of a recent decision (excerpt above), patent maximalists who are afraid of the Patent Trial and Appeal Board (PTAB) try to paint it as inherently unjust and uncaring for facts



  4. Microsoft Has Left RPX, But RPX Now Pays a Microsoft Patent Troll, Intellectual Ventures

    The patent/litigation arms race keeps getting a little more complicated, as the 'arms' are being passed around to new and old entities that do nothing but shake-downs



  5. UPC Has Done Nothing for Europe Except Destruction of the EPO and Imminent Layoffs Due to Lack of Applications and Lowered Value of European Patents

    The Unified Patent Court (UPC) is merely a distant dream or a fantasy for litigators; to everyone else the UPC lobby has done nothing but damage, including potentially irreparable damage to the European Patent Office, which is declining very sharply



  6. Links 17/2/2018: Mesa 17.3.4, Wine 3.2, Go 1.10

    Links for the day



  7. Patent Trolls Are Thwarted by Judges, But Patent Lawyers View Them as a 'Business' Opportunity

    Patent lawyers are salivating over the idea that trolls may be coming to their state/s; owing to courts and the Patent Trial and Appeal Board (PTAB) other trolls' software patents get invalidated



  8. Microsoft's Patent Moves: Dominion Harbor, Intellectual Ventures, Intellectual Discovery, NEC and Uber

    A look at some of the latest moves and twists, as patents change hands and there are still signs of Microsoft's 'hidden hand'



  9. Links 15/2/2018: GNOME 3.28 Beta, Rust 1.24

    Links for the day



  10. Bavarian State Parliament Has Upcoming Debate About Issues Which Can Thwart UPC for Good

    An upcoming debate about Battistelli's attacks on the EPO Boards of Appeal will open an old can of worms, which serves to show why UPC is a non-starter



  11. The EPO is Being Destroyed and There's Nothing Left to Replace It Except National Patent Offices

    It looks like Battistelli is setting up the European Patent Office (EPO) for mass layoffs; in fact, it looks as though he is so certain that the UPC will materialise that he obsesses over "validation" for mass litigation worldwide, departing from a "model office" that used to lead the world in terms of patent quality and workers' welfare/conditions



  12. IBM is Getting Desperate and Now Suing Microsoft Over Lost Staff, Not Just Suing Everyone Using Patents

    IBM's policy when it comes to patents, not to mention its alignment with patent extremists, gives room for thought if not deep concern; the company rapidly becomes more and more like a troll



  13. In Microsoft's Lawsuit Against Corel the Only Winner is the Lawyers

    The outcome of the old Microsoft v Corel lawsuit reaffirms a trend; companies with deep pockets harass their competitors, knowing that the legal bills are more cumbersome to the defendants; there's a similar example today in Cisco v Arista Networks



  14. The Latest Lies About Unitary Patent (UPC) and the EPO

    Lobbying defies facts; we are once again seeing some easily-debunked talking points from those who stand to benefit from the UPC and mass litigation



  15. Speech Deficit and No Freedom of Association at the EPO

    True information cannot be disseminated at the EPO and justice too is beyond elusive; this poses a threat to the EPO's future, not only to its already-damaged reputation



  16. No, Britain is Not Ratifying 'Unitary' Anything, But Team UPC Insinuates It Will (Desperate Effort to Affect Tomorrow's Outcome)

    Contrary to several misleading headlines from Bristows (in its blog and others'), the UPC isn't happening and isn't coming to the UK; it all amounts to lobbying (by setting false expectations)



  17. The EPO's Paid Promotion of Software Patents Gets Patent Maximalists All Excited and Emboldened

    The software patents advocacy from Battistelli (and his cohorts) isn't just a spit in the face of European Parliament but also the EPC; but patent scope seems to no longer exist or matter under his watch, as all he cares about is granting as many patents as possible, irrespective of real quality/legitimacy/merit



  18. Andrei Iancu Begins His USPTO Career While Former USPTO Director (and Now Paid Lobbyist) Keeps Meddling in Office Affairs

    The USPTO, which is supposed to be a government branch (loosely speaking) is being lobbied by former officials, who are now being paid by private corporations to help influence and shape policies; this damages the image of the Office and harms its independence from corporate influence



  19. Links 14/2/2018: Atom 1.24, OSI Joins UNESCO

    Links for the day



  20. The EPO Now Censors the Central Staff Committee Like It Used to Censor SUEPO

    The EPO's Central Staff Committee (CSC) is now being treated as poorly as SUEPO several years ago (when it was threatened to remove publications from its site or face severe action)



  21. Microsoft-Connected Patent Trolls, Xerox, and Andrei Iancu

    A roundup of news pertaining to Microsoft-connected entities and their patent activity this month; Director Iancu is only loosely connected to one of them (he fought against it)



  22. The Campaign to Subvert the US Patent Office by Misrepresenting Its Successes

    Figureheads of the patent microcosm (firms that profit from patent chaos) are still meddling in affairs which they intentionally mis-portray, conflating innovation with number of patents and so on



  23. Almost All Patent Lawsuits in China Are Filed by the Chinese, But IAM (Cherry) Picks the Exception

    China's patent office (SIPO) is a pretty one-sided office where Mandarin patents get filed primarily by local firms and lawsuits too are filed by local firms; IAM, however, found a "man bites dog" slant



  24. Congratulations to Cloudflare on Beating Patent Troll Blackbird Technologies

    After nearly a year in the court (no doubt an expensive exercise for Cloudflare) the Northern District of California finally dismisses the lawsuit, deeming the underlying claims “[a]bstract ideas [which] are not patentable”



  25. Watch Out for Buzzwords That Are Used to Mask Patents on Software, Even in Europe

    The EPO now exploits EPO budget for advocacy of software patents; It's troubling as it was traditionally the 'job' of the patent 'industry' and moreover it reveals an EPO so adrift from law and order that it's a Bavaria-based pariah acting with impunity, posing a threat to software development in the whole of Europe



  26. EPO Opposition to CRISPR Patents Has Wide-Ranging and Far-Reaching Impact, But Mind Not the Lobbyists

    The patent maximalists who strive to bring patent trolls and limitless patents to Europe are losing their battle; this is, for the most part, owing to courageous European examiners who say "no" to patents that aren't justified



  27. Links 13/2/2018: Rise of the Tomb Raider on GNU/Linux, KDE 5.43.0, Qt 5.10.1

    Links for the day



  28. Denialists of Patent Trolls Are at It Again

    The patent trolls' lobby (sites like IAM and Watchtroll or Koch-funded scholars) want us to think that patent trolls are just a myth that can be dismissed and ignored; sadly for these lobbyists, underlying facts are not on their side



  29. Patent Maximalists Won't Get Their Way and UPC Will Likely Never Happen (Even After Battistelli)

    The incautious optimism from the patent 'industry', trying to convince us all that expansion of patent scope and litigation would be a boon to innovation, faces growing resistance; contrary to what the patent microcosm is saying, it's extremely unlikely that the UK and Germany will ratify the Unified Patent Court (UPC), i.e. open the door for patent trolls in Europe



  30. Links 12/2/2018: Linux 4.16 RC1, ZFS Back in Focus

    Links for the day


CoPilotCo

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

CoPilotCo

Recent Posts